DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 29 Activity
Browse Source

会员中心文件上传完善

tags/6.2.7
tianya 1 year ago
parent
2e3e5e81f3
commit
8f39805341
12 changed files with 48 additions and 21 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      src/static/web/js/user.album.js
  2. +14
    -2
      src/static/web/js/user.js
  3. +3
    -0
      src/system/inc/inc_fun_funAdmin.php
  4. +1
    -1
      src/user/album_add.php
  5. +2
    -1
      src/user/album_edit.php
  6. +14
    -8
      src/user/api.php
  7. +1
    -0
      src/user/config.php
  8. +2
    -2
      src/user/soft_edit.php
  9. +1
    -0
      src/user/templets/album_add.htm
  10. +3
    -2
      src/user/templets/album_edit.htm
  11. +3
    -2
      src/user/templets/soft_add.htm
  12. +3
    -2
      src/user/templets/soft_edit.htm

+ 1
- 1
src/static/web/js/user.album.js View File

@@ -39,7 +39,7 @@ function MakeUpload(mnum) {
} }
fhtml = ""; fhtml = "";
fhtml += "<div class='mb-3'><label class='mb-0'><input type='checkbox' name='isokcheck" + startNum + "' id='isokcheck" + startNum + "' value='1' "+dsel+" onClick='CheckSelTable(" + startNum + ")'> 显示图片" + startNum + "上传框</label></div>"; fhtml += "<div class='mb-3'><label class='mb-0'><input type='checkbox' name='isokcheck" + startNum + "' id='isokcheck" + startNum + "' value='1' "+dsel+" onClick='CheckSelTable(" + startNum + ")'> 显示图片" + startNum + "上传框</label></div>";
fhtml += "<div id=\"seltb" + startNum + "\" class='form-group' style=\"" + dplay + "\"><label>图片" + startNum + "上传:</label><div class='input-group mb-3'><input type='text' name='imgfile" + startNum + "' class='form-control' placeholder='请输入网址'><div class='input-group-append'><span class='btn btn-success btn-send'>选择</span></div></div><label>图片" + startNum + "简介:</label><textarea name='imgmsg" + startNum + "' class='form-control'></textarea></div>";
fhtml += "<div id=\"seltb" + startNum + "\" class='form-group' style=\"" + dplay + "\"><label>图片" + startNum + "上传:</label><div class='input-group mb-3'><input type='text' name='imgfile" + startNum + "' class='form-control' placeholder='请输入网址'><div class='input-group-append'><span class='btn btn-success btn-send' onClick=\"SelectImage('addcontent.imgfile" + startNum + "', 'big')\">选择</span></div></div><label>图片" + startNum + "简介:</label><textarea name='imgmsg" + startNum + "' class='form-control'></textarea></div>";
upfield.innerHTML += fhtml; upfield.innerHTML += fhtml;
} }
} }


+ 14
- 2
src/static/web/js/user.js View File

@@ -9,7 +9,7 @@ function checkSubmit(t) {
return false; return false;
} }
} }
function SelectImage(sform, stype) {
function SelectFile(sform, stype) {
let s = sform.split("."); let s = sform.split(".");
if (s.length === 2) { if (s.length === 2) {
let frm = document.getElementsByName(s[0]); let frm = document.getElementsByName(s[0]);
@@ -28,7 +28,7 @@ function SelectImage(sform, stype) {
var fileData = f; var fileData = f;
formData.append('file', fileData); formData.append('file', fileData);
$.ajax({ $.ajax({
url: 'api.php?action=upload&type=litpic',
url: 'api.php?action=upload&type='+stype,
type: 'POST', type: 'POST',
data: formData, data: formData,
processData: false, processData: false,
@@ -46,4 +46,16 @@ function SelectImage(sform, stype) {
}); });
}) })
} }
}
function SelectImage(sform, stype) {
if (stype == 'big') {
stype = "litpic";
}
SelectFile(sform, stype);
}
function SelectSoft(sform, stype='soft') {
SelectFile(sform, stype);
}
function SelectMedia(sform, stype='media') {
SelectFile(sform, stype);
} }

+ 3
- 0
src/system/inc/inc_fun_funAdmin.php View File

@@ -152,6 +152,9 @@ function SpGetEditor($fname, $fvalue, $nheight = "350", $etype = "Basic", $gtype
} }
$addConfig = ",{allowedContent:true,pasteFilter:null,filebrowserImageUploadUrl:'./dialog/select_images_post.php',filebrowserUploadUrl:'./dialog/select_media_post.php?ck=1',extraPlugins:'html5video,dedepagebreak,ddfilebrowser,mimage,textindent,codesnippet{$emoji}',codeSnippet_theme: 'default'}"; $addConfig = ",{allowedContent:true,pasteFilter:null,filebrowserImageUploadUrl:'./dialog/select_images_post.php',filebrowserUploadUrl:'./dialog/select_media_post.php?ck=1',extraPlugins:'html5video,dedepagebreak,ddfilebrowser,mimage,textindent,codesnippet{$emoji}',codeSnippet_theme: 'default'}";
} }
if (defined('DEDEUSER')) {
$addConfig = ",{filebrowserImageUploadUrl:'api.php?action=upload&type=litpic&ck=1',filebrowserUploadUrl:'api.php?action=upload&type=media&ck=1',extraPlugins:'html5video,textindent'}";
}
$code = <<<EOT $code = <<<EOT
<script src="{$GLOBALS['cfg_static_dir']}/ckeditor/ckeditor.js"></script> <script src="{$GLOBALS['cfg_static_dir']}/ckeditor/ckeditor.js"></script>
<textarea id="{$fname}" name="{$fname}" rows="8" cols="60">{$fvalue}</textarea> <textarea id="{$fname}" name="{$fname}" rows="8" cols="60">{$fvalue}</textarea>


+ 1
- 1
src/user/album_add.php View File

@@ -71,7 +71,7 @@ if (empty($dopost)) {
} }
$f = ${'imgfile'.$i}; $f = ${'imgfile'.$i};
$msg = isset(${'imgmsg'.$i}) ? ${'imgmsg'.$i} : ""; $msg = isset(${'imgmsg'.$i}) ? ${'imgmsg'.$i} : "";
if (!empty($f) && filter_var($f, FILTER_VALIDATE_URL)) {
if (!empty($f)) {
$u = str_replace(array("\"", "'"), "`", $f); $u = str_replace(array("\"", "'"), "`", $f);
$info = str_replace(array("\"", "'"), "`", $msg); $info = str_replace(array("\"", "'"), "`", $msg);
$imgurls .= "{dede:img ddimg='' text='$info'} $u {/dede:img}\r\n"; $imgurls .= "{dede:img ddimg='' text='$info'} $u {/dede:img}\r\n";


+ 2
- 1
src/user/album_edit.php View File

@@ -74,12 +74,13 @@ if (empty($dopost)) {
} }
$f = ${'imgfile'.$i}; $f = ${'imgfile'.$i};
$msg = isset(${'imgmsg'.$i}) ? ${'imgmsg'.$i} : ""; $msg = isset(${'imgmsg'.$i}) ? ${'imgmsg'.$i} : "";
if (!empty($f) && filter_var($f, FILTER_VALIDATE_URL)) {
if (!empty($f)) {
$u = str_replace(array("\"", "'"), "`", $f); $u = str_replace(array("\"", "'"), "`", $f);
$info = str_replace(array("\"", "'"), "`", $msg); $info = str_replace(array("\"", "'"), "`", $msg);
$imgurls .= "{dede:img ddimg='' text='$info'} $u {/dede:img}\r\n"; $imgurls .= "{dede:img ddimg='' text='$info'} $u {/dede:img}\r\n";
} }
} //循环结束 } //循环结束
// var_dump($imgurls);exit;
$imgurls = addslashes($imgurls); $imgurls = addslashes($imgurls);
//分析处理附加表数据 //分析处理附加表数据
$inadd_f = ''; $inadd_f = '';


+ 14
- 8
src/user/api.php View File

@@ -98,7 +98,9 @@ if ($action === 'is_need_check_code') {
)); ));
exit; exit;
} }
$uploadedFile = $_FILES['file']['tmp_name'];
$ff = isset($_FILES['file'])? $_FILES['file'] : $_FILES['imgfile'];
$uploadedFile = $ff['tmp_name'];
$fileType = mime_content_type($uploadedFile); $fileType = mime_content_type($uploadedFile);
if (!in_array($fileType, $allowedTypes)) { if (!in_array($fileType, $allowedTypes)) {
echo json_encode(array( echo json_encode(array(
@@ -137,7 +139,7 @@ if ($action === 'is_need_check_code') {
$nowtme = time(); $nowtme = time();
$rnd = $nowtme.'-'.mt_rand(1000,9999); $rnd = $nowtme.'-'.mt_rand(1000,9999);
$target_file = $cfg_basedir.$cfg_user_dir."/{$cfg_ml->M_ID}/".$rnd.".".$exts; $target_file = $cfg_basedir.$cfg_user_dir."/{$cfg_ml->M_ID}/".$rnd.".".$exts;
$fsize = filesize($_FILES["file"]["tmp_name"]);
$fsize = filesize($ff["tmp_name"]);
$target_url = $cfg_mediasurl.'/userup'."/{$cfg_ml->M_ID}/".$rnd.".".$exts; $target_url = $cfg_mediasurl.'/userup'."/{$cfg_ml->M_ID}/".$rnd.".".$exts;
$row = $dsql->GetOne("SELECT aid,title,url FROM `#@__uploads` WHERE url LIKE '$target_url' AND mid='".$cfg_ml->M_ID."'; "); $row = $dsql->GetOne("SELECT aid,title,url FROM `#@__uploads` WHERE url LIKE '$target_url' AND mid='".$cfg_ml->M_ID."'; ");
$uptime = time(); $uptime = time();
@@ -149,7 +151,9 @@ if ($action === 'is_need_check_code') {
$dsql->ExecuteNoneQuery($inquery); $dsql->ExecuteNoneQuery($inquery);
} }
} }
if (move_uploaded_file($_FILES["file"]["tmp_name"], $target_file)) {
$rkey = $ck == 1? "url" : "data";
if (move_uploaded_file($ff["tmp_name"], $target_file)) {
if ($mediatype === 1) { if ($mediatype === 1) {
//图片自动裁剪 //图片自动裁剪
require_once DEDEINC."/libraries/imageresize.class.php"; require_once DEDEINC."/libraries/imageresize.class.php";
@@ -163,28 +167,30 @@ if ($action === 'is_need_check_code') {
$image->save($target_file); $image->save($target_file);
echo json_encode(array( echo json_encode(array(
"code" => 0, "code" => 0,
"uploaded" => 1,
"msg" => "上传成功", "msg" => "上传成功",
"data" => $target_url,
$rkey => $target_url,
)); ));
} catch (ImageResizeException $e) { } catch (ImageResizeException $e) {
echo json_encode(array( echo json_encode(array(
"code" => -1, "code" => -1,
"msg" => "图片自动裁剪失败", "msg" => "图片自动裁剪失败",
"data" => null,
$rkey => null,
)); ));
} }
} else { } else {
echo json_encode(array( echo json_encode(array(
"code" => 0, "code" => 0,
"uploaded" => 1,
"msg" => "上传成功", "msg" => "上传成功",
"data" => $target_url,
$rkey => $target_url,
)); ));
} }
} else { } else {
echo json_encode(array( echo json_encode(array(
"code" => -1, "code" => -1,
"msg" => "上传失败", "msg" => "上传失败",
"data" => null,
$rkey => null,
)); ));
} }
} else { } else {
@@ -194,7 +200,7 @@ if ($action === 'is_need_check_code') {
echo json_encode(array( echo json_encode(array(
"code" => -1, "code" => -1,
"msg" => "未登录", "msg" => "未登录",
"data" => null,
$rkey => null,
)); ));
} else { } else {
echo ""; echo "";


+ 1
- 0
src/user/config.php View File

@@ -8,6 +8,7 @@
* @license https://www.dedebiz.com/license * @license https://www.dedebiz.com/license
* @link https://www.dedebiz.com * @link https://www.dedebiz.com
*/ */
define('DEDEUSER', true);
//针对会员中心操作进行XSS过滤 //针对会员中心操作进行XSS过滤
function XSSClean($val) function XSSClean($val)
{ {


+ 2
- 2
src/user/soft_edit.php View File

@@ -50,8 +50,8 @@ if (empty($dopost)) {
if (is_array($dtp->CTags)) { if (is_array($dtp->CTags)) {
foreach ($dtp->CTags as $ctag) { foreach ($dtp->CTags as $ctag) {
if ($ctag->GetName() == 'link') { if ($ctag->GetName() == 'link') {
$nForm .= "<p>软件地址".$newRowStart.":<input type='text' name='softurl".$newRowStart."' value='".trim($ctag->GetInnerText())."' class='form-control'></p>
<p>服务器名称:<input type='text' name='servermsg".$newRowStart."' value='".$ctag->GetAtt("text")."' class='form-control'></p>";
$nForm .= "<div class='form-group'><label>下载地址".$newRowStart.":</label><div class='input-group mb-3'><input type='text' name='softurl".$newRowStart."' value='".trim($ctag->GetInnerText())."' class='form-control'><div class='input-group-append'><span class='btn btn-success btn-send' onClick=\"SelectSoft('addcontent.softurl".$newRowStart."')\">选择</span></div></div>
<label>下载名称:</label><input type='text' name='servermsg".$newRowStart."' value='".$ctag->GetAtt("text")."' class='form-control'></div>";
$newRowStart++; $newRowStart++;
} }
} }


+ 1
- 0
src/user/templets/album_add.htm View File

@@ -8,6 +8,7 @@
<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/bootstrap.min.css"> <link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/bootstrap.min.css">
<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css"> <link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css">
<script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script> <script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script>
<script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.js"></script>
<script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.album.js"></script> <script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.album.js"></script>
</head> </head>
<body class="body-bg"> <body class="body-bg">


+ 3
- 2
src/user/templets/album_edit.htm View File

@@ -8,6 +8,7 @@
<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/bootstrap.min.css"> <link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/bootstrap.min.css">
<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css"> <link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css">
<script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script> <script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script>
<script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.js"></script>
<script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.album.js"></script> <script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.album.js"></script>
</head> </head>
<body class="body-bg"> <body class="body-bg">
@@ -102,8 +103,8 @@
<div class="mb-3"><img src="<?php echo trim($ctag->GetInnerText());?>" class="thumbnail-md"></div> <div class="mb-3"><img src="<?php echo trim($ctag->GetInnerText());?>" class="thumbnail-md"></div>
<label>图片<?php echo $j;?>上传:</label> <label>图片<?php echo $j;?>上传:</label>
<div class="input-group mb-3"> <div class="input-group mb-3">
<input type="text" name="imgfile<?php echo $j;?>" class="form-control" placeholder="请输入网址">
<div class="input-group-append"><span class="btn btn-success btn-send">选择</span></div>
<input type="text" name="imgfile<?php echo $j;?>" class="form-control" value="<?php echo trim($ctag->GetInnerText());?>" placeholder="请输入网址">
<div class="input-group-append"><span class="btn btn-success btn-send" onClick="SelectImage('addcontent.imgfile<?php echo $j;?>', 'big')">选择</span></div>
</div> </div>
<label>图片<?php echo $j;?>简介:</label> <label>图片<?php echo $j;?>简介:</label>
<textarea name="imgmsg<?php echo $j;?>" class="form-control"><?php echo trim($ctag->GetAtt('text'))?></textarea> <textarea name="imgmsg<?php echo $j;?>" class="form-control"><?php echo trim($ctag->GetAtt('text'))?></textarea>


+ 3
- 2
src/user/templets/soft_add.htm View File

@@ -8,6 +8,7 @@
<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/bootstrap.min.css"> <link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/bootstrap.min.css">
<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css"> <link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css">
<script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script> <script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script>
<script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.js"></script>
</head> </head>
<body class="body-bg"> <body class="body-bg">
<?php pasterTempletDiy('top.htm');?> <?php pasterTempletDiy('top.htm');?>
@@ -159,7 +160,7 @@
<label>下载地址:</label> <label>下载地址:</label>
<div class="input-group mb-3"> <div class="input-group mb-3">
<input type="text" name="softurl1" id="softurl1" class="form-control d-inline-block w-75"> <input type="text" name="softurl1" id="softurl1" class="form-control d-inline-block w-75">
<div class="input-group-append"><span class="btn btn-success btn-send">选择</span></div>
<div class="input-group-append"><span class="btn btn-success btn-send" onClick="SelectSoft('addcontent.softurl1')">选择</span></div>
</div> </div>
<label>下载名称:</label> <label>下载名称:</label>
<input type="text" name="servermsg1" id="servermsg1" class="form-control" value="本地下载"> <input type="text" name="servermsg1" id="servermsg1" class="form-control" value="本地下载">
@@ -192,7 +193,7 @@
morelinkobj.style.display = "block"; morelinkobj.style.display = "block";
if (endNum > 12) endNum = 12; if (endNum > 12) endNum = 12;
for (startNum; startNum <= endNum; startNum++) { for (startNum; startNum <= endNum; startNum++) {
upfield.innerHTML += "<div class='form-group'><label>下载地址" + startNum + ":</label><div class='input-group mb-3'><input type='text' name='softurl" + startNum + "' value='http://' class='form-control'><div class='input-group-append'><span class='btn btn-success btn-send'>选择</span></div></div><label>下载名称" + startNum + ":</label><input type='text' name='servermsg" + startNum + "' class='form-control'></div>";
upfield.innerHTML += "<div class='form-group'><label>下载地址" + startNum + ":</label><div class='input-group mb-3'><input type='text' name='softurl" + startNum + "' value='http://' class='form-control'><div class='input-group-append'><span class='btn btn-success btn-send' onClick=\"SelectSoft('addcontent.softurl"+startNum+"')\">选择</span></div></div><label>下载名称" + startNum + ":</label><input type='text' name='servermsg" + startNum + "' class='form-control'></div>";
} }
} }
function ShowHideAddr() { function ShowHideAddr() {


+ 3
- 2
src/user/templets/soft_edit.htm View File

@@ -8,6 +8,7 @@
<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/bootstrap.min.css"> <link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/bootstrap.min.css">
<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css"> <link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css">
<script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script> <script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script>
<script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.js"></script>
</head> </head>
<body class="body-bg"> <body class="body-bg">
<?php pasterTempletDiy('top.htm');?> <?php pasterTempletDiy('top.htm');?>
@@ -162,7 +163,7 @@
<label>下载地址:</label> <label>下载地址:</label>
<div class="input-group mb-3"> <div class="input-group mb-3">
<input type="text" name="softurl1" id="softurl1" class="form-control w-50"> <input type="text" name="softurl1" id="softurl1" class="form-control w-50">
<div class="input-group-append"><span class="btn btn-success btn-send">选择</span></div>
<div class="input-group-append"><span class="btn btn-success btn-send" onClick="SelectSoft('addcontent.softurl1')">选择</span></div>
</div> </div>
<label>下载名称:</label> <label>下载名称:</label>
<input type="text" name="servermsg1" id="servermsg1" class="form-control" value="本地下载"> <input type="text" name="servermsg1" id="servermsg1" class="form-control" value="本地下载">
@@ -198,7 +199,7 @@
morelinkobj.style.display = "block"; morelinkobj.style.display = "block";
if (endNum > 12) endNum = 12; if (endNum > 12) endNum = 12;
for (startNum; startNum <= endNum; startNum++) { for (startNum; startNum <= endNum; startNum++) {
upfield.innerHTML += "<div class='form-group'><label>下载地址" + startNum + ":</label><div class='input-group mb-3'><input type='text' name='softurl" + startNum + "' value='http://' class='form-control'><div class='input-group-append'><span class='btn btn-success btn-send'>选择</span></div></div><label>下载名称" + startNum + ":</label><input type='text' name='servermsg" + startNum + "' class='form-control'></div>";
upfield.innerHTML += "<div class='form-group'><label>下载地址" + startNum + ":</label><div class='input-group mb-3'><input type='text' name='softurl" + startNum + "' value='http://' class='form-control'><div class='input-group-append'><span class='btn btn-success btn-send' onClick=\"SelectSoft('addcontent.softurl"+startNum+"')\">选择</span></div></div><label>下载名称" + startNum + ":</label><input type='text' name='servermsg" + startNum + "' class='form-control'></div>";
} }
} }
function ShowHideAddr() { function ShowHideAddr() {


Write Preview
Loading…
Cancel
Save