@@ -46,7 +46,7 @@ if ($action == 'post') { | |||||
} | } | ||||
$fieldinfo = explode(',', $field); | $fieldinfo = explode(',', $field); | ||||
if ($fieldinfo[1] == 'htmltext' || $fieldinfo[1] == 'textdata') { | if ($fieldinfo[1] == 'htmltext' || $fieldinfo[1] == 'textdata') { | ||||
${$fieldinfo[0]} = filterscript(stripslashes(${$fieldinfo[0]})); | |||||
${$fieldinfo[0]} = HtmlReplace(stripslashes(${$fieldinfo[0]}),1); | |||||
${$fieldinfo[0]} = addslashes(${$fieldinfo[0]}); | ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]}); | ||||
${$fieldinfo[0]} = getFieldValue(${$fieldinfo[0]}, $fieldinfo[1], 0, 'add', '', 'member'); | ${$fieldinfo[0]} = getFieldValue(${$fieldinfo[0]}, $fieldinfo[1], 0, 'add', '', 'member'); | ||||
} else { | } else { | ||||
@@ -112,7 +112,7 @@ if ($action == 'post') { | |||||
} | } | ||||
$fieldinfo = explode(',', $field); | $fieldinfo = explode(',', $field); | ||||
if ($fieldinfo[1] == 'htmltext' || $fieldinfo[1] == 'textdata') { | if ($fieldinfo[1] == 'htmltext' || $fieldinfo[1] == 'textdata') { | ||||
${$fieldinfo[0]} = filterscript(stripslashes(${$fieldinfo[0]})); | |||||
${$fieldinfo[0]} = HtmlReplace(stripslashes(${$fieldinfo[0]}),1); | |||||
${$fieldinfo[0]} = addslashes(${$fieldinfo[0]}); | ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]}); | ||||
${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1], 0, 'add', '', 'member'); | ${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1], 0, 'add', '', 'member'); | ||||
${$fieldinfo[0]} = empty(${$fieldinfo[0]}) ? $diyco[$fieldinfo[0]] : ${$fieldinfo[0]}; | ${$fieldinfo[0]} = empty(${$fieldinfo[0]}) ? $diyco[$fieldinfo[0]] : ${$fieldinfo[0]}; | ||||
@@ -134,7 +134,7 @@ if ($action == 'post') { | |||||
} | } | ||||
} | } | ||||
} elseif ($action == 'check') { | } elseif ($action == 'check') { | ||||
if (is_array($id)) { | |||||
if (is_array($id) && is_all_numeric($id)) { | |||||
$ids = implode(',', $id); | $ids = implode(',', $id); | ||||
} else { | } else { | ||||
showmsg('未选中要操作的内容', '-1'); | showmsg('未选中要操作的内容', '-1'); | ||||
@@ -176,7 +176,7 @@ elseif($action == 'excel') { | |||||
header("Content-type:application/vnd.ms-excel"); | header("Content-type:application/vnd.ms-excel"); | ||||
header("Content-Disposition:attachment;filename={$diy->name}_".date("Y-m-d").".xls"); | header("Content-Disposition:attachment;filename={$diy->name}_".date("Y-m-d").".xls"); | ||||
print(chr(0xEF).chr(0xBB).chr(0xBF));//清除bom | print(chr(0xEF).chr(0xBB).chr(0xBF));//清除bom | ||||
$fieldlist = $diy->getFieldList(); | |||||
$fieldlist = (array)$diy->getFieldList(); | |||||
echo "<table><tr>"; | echo "<table><tr>"; | ||||
foreach($fieldlist as $field=>$fielddata) | foreach($fieldlist as $field=>$fielddata) | ||||
{ | { | ||||
@@ -58,8 +58,8 @@ | |||||
<td colspan="3" height="36" bgcolor="#f6f6f6"> | <td colspan="3" height="36" bgcolor="#f6f6f6"> | ||||
<input type="button" name="select" onClick="selAll()" class="btn btn-success btn-sm" value="全选"> | <input type="button" name="select" onClick="selAll()" class="btn btn-success btn-sm" value="全选"> | ||||
<input type="button" name="select" onClick="noSelAll()" class="btn btn-success btn-sm" value="取消"> | <input type="button" name="select" onClick="noSelAll()" class="btn btn-success btn-sm" value="取消"> | ||||
<input type="radio" name="action" value="check"> 审核 | |||||
<input type="radio" name="action" value="delete"> 删除 | |||||
<label><input type="radio" name="action" value="check"> 审核</label> | |||||
<label><input type="radio" name="action" value="delete"> 删除</label> | |||||
<input type="submit" name="submit" class="btn btn-success btn-sm" value="提交"> | <input type="submit" name="submit" class="btn btn-success btn-sm" value="提交"> | ||||
</td> | </td> | ||||
</tr> | </tr> | ||||
@@ -25,7 +25,7 @@ function Post(){ } | |||||
if ($action == 'post') { | if ($action == 'post') { | ||||
if (empty($do)) { | if (empty($do)) { | ||||
$postform = $diy->getForm(true); | $postform = $diy->getForm(true); | ||||
include DEDEROOT."/templets/plus/{$diy->postTemplate}"; | |||||
include DEDEROOT."/theme/plus/{$diy->postTemplate}"; | |||||
exit(); | exit(); | ||||
} elseif ($do == 2) { | } elseif ($do == 2) { | ||||
$dede_fields = empty($dede_fields) ? '' : trim($dede_fields); | $dede_fields = empty($dede_fields) ? '' : trim($dede_fields); | ||||
@@ -103,7 +103,7 @@ else if ($action == 'list') { | |||||
$datalist->pageSize = 10; | $datalist->pageSize = 10; | ||||
$datalist->SetParameter('action', 'list'); | $datalist->SetParameter('action', 'list'); | ||||
$datalist->SetParameter('diyid', $diyid); | $datalist->SetParameter('diyid', $diyid); | ||||
$datalist->SetTemplate(DEDEINC."/../templets/plus/{$diy->listTemplate}"); | |||||
$datalist->SetTemplate(DEDEINC."/../theme/plus/{$diy->listTemplate}"); | |||||
$datalist->SetSource($query); | $datalist->SetSource($query); | ||||
$fieldlist = $diy->getFieldList(); | $fieldlist = $diy->getFieldList(); | ||||
$datalist->Display(); | $datalist->Display(); | ||||
@@ -128,5 +128,5 @@ else if ($action == 'list') { | |||||
exit(); | exit(); | ||||
} | } | ||||
$fieldlist = $diy->getFieldList(); | $fieldlist = $diy->getFieldList(); | ||||
include DEDEROOT."/templets/plus/{$diy->viewTemplate}"; | |||||
include DEDEROOT."/theme/plus/{$diy->viewTemplate}"; | |||||
} | } |
@@ -132,6 +132,7 @@ class ListView | |||||
if(empty($cfg_need_typeid2)) $cfg_need_typeid2 = 'N'; | if(empty($cfg_need_typeid2)) $cfg_need_typeid2 = 'N'; | ||||
//获得附加表的相关信息 | //获得附加表的相关信息 | ||||
$addtable = $this->ChannelUnit->ChannelInfos['addtable']; | $addtable = $this->ChannelUnit->ChannelInfos['addtable']; | ||||
$filtersql = ''; | |||||
if($addtable!="") | if($addtable!="") | ||||
{ | { | ||||
$addJoin = " LEFT JOIN `$addtable` ON arc.id = ".$addtable.'.aid '; | $addJoin = " LEFT JOIN `$addtable` ON arc.id = ".$addtable.'.aid '; | ||||
@@ -655,6 +656,7 @@ class ListView | |||||
} else { | } else { | ||||
$ordersql = " ORDER BY arc.sortrank $orderWay"; | $ordersql = " ORDER BY arc.sortrank $orderWay"; | ||||
} | } | ||||
$filtersql = ''; | |||||
//获得附加表的相关信息 | //获得附加表的相关信息 | ||||
$addtable = $this->ChannelUnit->ChannelInfos['addtable']; | $addtable = $this->ChannelUnit->ChannelInfos['addtable']; | ||||
if($addtable!="") | if($addtable!="") | ||||
@@ -46,6 +46,14 @@ if (version_compare(PHP_VERSION, '7.0.0', '>=')) { | |||||
} | } | ||||
} | } | ||||
} | } | ||||
function is_all_numeric(array $array){ | |||||
foreach($array as $item){ | |||||
if(!is_numeric($item)) return false; | |||||
} | |||||
return true; | |||||
} | |||||
function make_hash() | function make_hash() | ||||
{ | { | ||||
$rand = dede_random_bytes(16); | $rand = dede_random_bytes(16); | ||||