From b2d6ff1ac983b1a71929d4829286f8c46ef6d892 Mon Sep 17 00:00:00 2001
From: tianya <tianya@benshar.com>
Date: Mon, 14 Mar 2022 20:21:48 +0800
Subject: [PATCH] bump 6.1.0

---
 README.md                                     |  8 +++----
 docs/changelog.md                             |  7 ++++--
 src/a/.dedekeep                               |  0
 src/admin/diy_add.php                         | 12 +++++++---
 src/admin/diy_edit.php                        |  4 ++--
 src/admin/diy_field_add.php                   |  4 ++--
 src/admin/diy_field_edit.php                  |  4 ++--
 src/admin/diy_list.php                        |  6 ++---
 src/admin/makehtml_homepage.php               |  4 ----
 src/admin/mychannel_edit.php                  |  2 +-
 src/admin/mychannel_field_add.php             |  2 +-
 src/admin/mychannel_field_edit.php            |  2 +-
 src/admin/templets/album_add.htm              |  2 +-
 src/admin/templets/album_edit.htm             |  2 +-
 src/admin/templets/archives_add.htm           |  2 +-
 src/admin/templets/archives_edit.htm          |  2 +-
 src/admin/templets/archives_sg_add.htm        |  2 +-
 src/admin/templets/archives_sg_edit.htm       |  2 +-
 src/admin/templets/article_add.htm            |  2 +-
 src/admin/templets/article_edit.htm           |  2 +-
 src/admin/templets/diy_edit.htm               |  2 +-
 src/admin/templets/mychannel_edit.htm         |  4 ++--
 src/admin/templets/soft_add.htm               |  2 +-
 src/admin/templets/soft_edit.htm              |  2 +-
 src/admin/templets/spec_add.htm               |  2 +-
 src/admin/templets/spec_edit.htm              |  2 +-
 src/admin/templets/sys_sql_query.htm          | 10 ++++++--
 src/apps/diy.php                              |  2 +-
 src/data/admin/ver.txt                        |  2 +-
 src/data/admin/verifies.txt                   |  2 +-
 src/system/common.func.php                    | 14 +++++++----
 src/system/common.inc.php                     |  9 +++++++
 src/system/database/dedesqli.class.php        | 24 ++++++++-----------
 src/system/database/dedesqlite.class.php      |  8 +++----
 .../{diyform.cls.php => diyform.class.php}    |  6 ++---
 src/user/album_add.php                        |  2 +-
 src/user/album_edit.php                       |  2 +-
 src/user/archives_add.php                     |  2 +-
 src/user/archives_edit.php                    |  2 +-
 src/user/archives_sg_add.php                  |  2 +-
 src/user/archives_sg_edit.php                 |  2 +-
 src/user/article_add.php                      |  2 +-
 src/user/article_edit.php                     |  2 +-
 src/user/soft_add.php                         |  2 +-
 src/user/soft_edit.php                        |  2 +-
 src/user/templets/album_add.htm               |  2 +-
 src/user/templets/archives_add.htm            |  2 +-
 src/user/templets/archives_edit.htm           |  2 +-
 src/user/templets/archives_sg_add.htm         |  2 +-
 src/user/templets/archives_sg_edit.htm        |  2 +-
 src/user/templets/article_add.htm             |  2 +-
 src/user/templets/soft_add.htm                |  2 +-
 src/user/templets/soft_edit.htm               |  2 +-
 53 files changed, 110 insertions(+), 88 deletions(-)
 create mode 100644 src/a/.dedekeep
 rename src/system/{diyform.cls.php => diyform.class.php} (92%)

diff --git a/README.md b/README.md
index efed34bb..bd58a7a7 100644
--- a/README.md
+++ b/README.md
@@ -1,16 +1,16 @@
-## DedeBIZ
+## DedeCMSV6
 
-国内流行的内容管理系统（CMS）多端全媒体解决方案，DedeBIZ系统基于PHP7.X开发，具有很强的可扩展性，并且完全开放源代码DedeBIZ商业支持采用现流行的Go语言设计开发，让DedeCMS系统拥有简单易用、灵活扩展特性之外更安全、高效模板设计制作简单一直是系统的一大特点，全新的版本延续了之前标签引擎，同时采用响应式模板引擎Bootstrap作为系统模板渲染引擎，让搭建跨终端（移动、PC）全媒体站点更简单
+国内流行的内容管理系统（CMS）多端全媒体解决方案，DedeCMSV6系统基于PHP7.X开发，同时兼容PHP8，具有很强的可扩展性，并且完全开放源代码DedeBIZ商业支持采用现流行的Go语言设计开发，让系统拥有简单易用、灵活扩展特性之外更安全、高效，模板设计制作简单一直是系统的一大特点，全新的版本延续了之前标签引擎，同时采用响应式模板引擎Bootstrap作为系统模板渲染引擎，让搭建跨终端（移动、PC）全媒体站点更简单。
 
 ## 版本说明
 
-DedeBIZ.x是一个LTS版本，支持将到2022年10月截止，目前DedeBIZ已经发布，可以[点击下载](https://www.dedebiz.com/download)获取
+DedeCMSV6.x是一个LTS版本，支持将到2022年10月截止，目前DedeCMSV6已经发布，可以[点击下载](https://www.dedebiz.com/download)获取
 
 ## 参与开源
 
 访问[代码托管](https://www.dedebiz.com/git)，可以看到我们已经将代码托管在几个知名代码托管平台，可以通过提交Pull requests的方式来贡献您的力量
 
-## v6.1 Roadmap
+## v6.2 Roadmap
 
 我们将会收集、整理新的功能需求制定新的Roadmap
 
diff --git a/docs/changelog.md b/docs/changelog.md
index f73952d1..10c88bde 100644
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -6,6 +6,9 @@
 - 修正已知存在的安全问题；
 - 优化系统管理后台界面；
 - 修正sqlite3下的错误；
+- 系统结构调整，更合理规范；
+- 增加编辑器多图上传插件；
+- 修正自定义表单相关错误；
 
 # v6.0.0
 - 调整DedeCMS目录结构，将原有include中外部访问的内容迁移出去；
@@ -19,8 +22,8 @@
 - 调整会员中心UI，移除对文件上传的支持，增加系统安全性；
 - 移除对Flash的依赖支持，今后版本采用HTML5相关特性；
 - 调整v6版本程序升级相关功能；
-- 兼容PHP7.4，DedeCMS未来的版本以PHP7.X为主，实验性支持PHP8.X；
+- 兼容PHP7.4，未来的版本以PHP7.X为主，实验性支持PHP8.X；
 - 系统支持HTTPS；
 - 默认模板重新设计制作，采用响应式布局；
 - 官方网站页面调整，调整部分内容以适应未来的版本更新；
-- 增加DedeBIZ商业支持，构建更安全、稳定的DedeCMS生态；
\ No newline at end of file
+- 增加DedeBIZ商业支持，构建更安全、稳定的织梦生态；
\ No newline at end of file
diff --git a/src/a/.dedekeep b/src/a/.dedekeep
new file mode 100644
index 00000000..e69de29b
diff --git a/src/admin/diy_add.php b/src/admin/diy_add.php
index 0c37396d..346f17be 100644
--- a/src/admin/diy_add.php
+++ b/src/admin/diy_add.php
@@ -34,10 +34,16 @@ if (empty($action)) {
         ShowMsg("可能自定义表单的‘diyid’、‘名称’在数据库中已存在，不能重复使用", "-1");
         exit();
     }
-    $query = "SHOW TABLES FROM {$dsql->dbName} ";
+    if ($cfg_dbtype=="sqlite") {
+        $query = " SELECT name FROM sqlite_master WHERE type='table' ORDER BY name;";
+    } else {
+        $query = "SHOW TABLES";
+    }
+    
     $dsql->SetQuery($query);
-    $dsql->Execute();
-    while ($row = $dsql->getarray()) {
+    $dsql->Execute("biz");
+
+    while ($row = $dsql->GetArray("biz")) {
         if (empty($row[0])) $row[0] = '';
         if ($table == $row[0]) {
             showmsg('指定的表在数据库中重复', '-1');
diff --git a/src/admin/diy_edit.php b/src/admin/diy_edit.php
index 297c0af1..3c8aecfc 100644
--- a/src/admin/diy_edit.php
+++ b/src/admin/diy_edit.php
@@ -31,7 +31,7 @@ function __Delete()
 else if ($dopost == "delete") {
     @set_time_limit(0);
     CheckPurview('c_Del');
-    $row = $dsql->GetOne("SELECT * FROM #@__diyforms WHERE diyid='$diyid'");
+    $row = $dsql->GetOne("SELECT * FROM `#@__diyforms` WHERE diyid='$diyid'");
     if (empty($job)) $job = "";
     //确认提示
     if ($job == "") {
@@ -65,5 +65,5 @@ else if ($dopost == "delete") {
 /*----------------
 function edit()
 -----------------*/
-$row = $dsql->GetOne("Select * From #@__diyforms where diyid='$diyid'");
+$row = $dsql->GetOne("SELECT * FROM `#@__diyforms` WHERE diyid='$diyid'");
 include DEDEADMIN."/templets/diy_edit.htm";
\ No newline at end of file
diff --git a/src/admin/diy_field_add.php b/src/admin/diy_field_add.php
index c3121946..decfa6a2 100644
--- a/src/admin/diy_field_add.php
+++ b/src/admin/diy_field_add.php
@@ -21,8 +21,8 @@ function Save()
 if ($action == 'save') {
     //模型信息
     $fieldname = strtolower($fieldname);
-    $row = $dsql->GetOne("SELECT `table`,`info` FROM #@__diyforms WHERE diyid='$diyid'");
-    $fieldset = $row['info'];
+    $row = $dsql->GetOne("SELECT `table`,`info` FROM `#@__diyforms` WHERE diyid='$diyid'");
+    $fieldset = stripslashes($row['info']);
     require_once(DEDEINC."/dedetag.class.php");
     $dtp = new DedeTagParse();
     $dtp->SetNameSpace("field", "<", ">");
diff --git a/src/admin/diy_field_edit.php b/src/admin/diy_field_edit.php
index 4e957e49..35d0acc6 100644
--- a/src/admin/diy_field_edit.php
+++ b/src/admin/diy_field_edit.php
@@ -17,8 +17,8 @@ if (empty($action)) $action = '';
 $mysql_version = $dsql->GetVersion();
 $mysql_versions = explode(".", trim($mysql_version));
 $mysql_version = $mysql_versions[0].".".$mysql_versions[1];
-$row = $dsql->GetOne("SELECT `table`,`info` FROM #@__diyforms WHERE diyid='$diyid'");
-$fieldset = $row['info'];
+$row = $dsql->GetOne("SELECT `table`,`info` FROM `#@__diyforms` WHERE diyid='$diyid'");
+$fieldset = stripslashes($row['info']);
 $trueTable = $row['table'];
 $dtp = new DedeTagParse();
 $dtp->SetNameSpace("field", "<", ">");
diff --git a/src/admin/diy_list.php b/src/admin/diy_list.php
index 9583c2e2..37ddf820 100644
--- a/src/admin/diy_list.php
+++ b/src/admin/diy_list.php
@@ -16,7 +16,7 @@ if (empty($diyid)) {
     showMsg("非法操作!", 'javascript:;');
     exit();
 }
-require_once DEDEINC.'/diyform.cls.php';
+require_once DEDEINC.'/diyform.class.php';
 $diy = new diyform($diyid);
 if ($action == 'post') {
     if (empty($do)) {
@@ -31,7 +31,7 @@ if ($action == 'post') {
                 exit();
             }
         }
-        $diyform = $dsql->getOne("SELECT * FROM #@__diyforms WHERE diyid=$diyid");
+        $diyform = $dsql->getOne("SELECT * FROM `#@__diyforms` WHERE diyid=$diyid");
         if (!is_array($diyform)) {
             showmsg("自定义表单不存在", '-1');
             exit();
@@ -96,7 +96,7 @@ if ($action == 'post') {
         include DEDEADMIN.'/templets/diy_edit_content.htm';
     } else if ($do == 2) {
         $dede_fields = empty($dede_fields) ? '' : trim($dede_fields);
-        $diyform = $dsql->GetOne("SELECT * FROM #@__diyforms WHERE diyid=$diyid");
+        $diyform = $dsql->GetOne("SELECT * FROM `#@__diyforms` WHERE diyid=$diyid");
         $diyco = $dsql->GetOne("SELECT * FROM `$diy->table` WHERE id='$id'");
         if (!is_array($diyform)) {
             showmsg("自定义表单不存在", '-1');
diff --git a/src/admin/makehtml_homepage.php b/src/admin/makehtml_homepage.php
index 31cbc7bf..62996ab2 100644
--- a/src/admin/makehtml_homepage.php
+++ b/src/admin/makehtml_homepage.php
@@ -12,10 +12,6 @@ require_once(dirname(__FILE__)."/config.php");
 CheckPurview('sys_MakeHtml');
 require_once(DEDEINC."/archive/partview.class.php");
 if (empty($dopost)) $dopost = '';
-if (!preg_match('#\.htm$#i', trim($templet))) {
-    ShowMsg("不是合法的模板文件，后缀必须为.htm", "javascript:;");
-    exit();
-}
 if ($dopost == "view") {
     $pv = new PartView();
     $templet = str_replace("{style}", $cfg_df_style, $templet);
diff --git a/src/admin/mychannel_edit.php b/src/admin/mychannel_edit.php
index 9689030c..21cdbb5c 100644
--- a/src/admin/mychannel_edit.php
+++ b/src/admin/mychannel_edit.php
@@ -524,7 +524,7 @@ else if ($dopost == 'modifysearch') {
         $intarr = array('int', 'float');
         $textarr = array('textdata', 'textchar', 'text', 'htmltext', 'multitext');
         if ($channel['issystem'] < 0) {
-            foreach ($addonfields as $addonfield) {
+            foreach ((array)$addonfields as $addonfield) {
                 if ($addonfield == 'typeid') {
                     require_once(DEDEINC."/typelink/typelink.class.php");
                     $tl = new TypeLink(0);
diff --git a/src/admin/mychannel_field_add.php b/src/admin/mychannel_field_add.php
index 23d8e689..beecd55e 100644
--- a/src/admin/mychannel_field_add.php
+++ b/src/admin/mychannel_field_add.php
@@ -43,7 +43,7 @@ if ($action == 'save') {
 
     //模型信息
     $row = $dsql->GetOne("SELECT fieldset,addtable,issystem FROM `#@__channeltype` WHERE id='$id'");
-    $fieldset = $row['fieldset'];
+    $fieldset = stripslashes($row['fieldset']);
     $dtp = new DedeTagParse();
     $dtp->SetNameSpace("field", "<", ">");
     $dtp->LoadSource($fieldset);
diff --git a/src/admin/mychannel_field_edit.php b/src/admin/mychannel_field_edit.php
index 2228f690..7fa2dd12 100644
--- a/src/admin/mychannel_field_edit.php
+++ b/src/admin/mychannel_field_edit.php
@@ -19,7 +19,7 @@ $mysql_version = $dsql->GetVersion();
 
 //获取模型信息
 $row = $dsql->GetOne("SELECT fieldset,'' as maintable,addtable,issystem FROM `#@__channeltype` WHERE id='$id'");
-$fieldset = $row['fieldset'];
+$fieldset = stripslashes($row['fieldset']);
 $trueTable = $row['addtable'];
 
 $dtp = new DedeTagParse();
diff --git a/src/admin/templets/album_add.htm b/src/admin/templets/album_add.htm
index 81c26832..aeb86e82 100644
--- a/src/admin/templets/album_add.htm
+++ b/src/admin/templets/album_add.htm
@@ -217,7 +217,7 @@ table{border-collapse:separate}
         </td>
       </tr>
       <tr>
-        <td><?php PrintAutoFieldsAdd($cInfos['fieldset'],'autofield'); ?></td>
+        <td><?php PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']),'autofield'); ?></td>
       </tr>
       <tr>
         <td height="26" bgcolor="#F9FCEF" class="bline2">&nbsp;<strong>图集选项：</strong></td>
diff --git a/src/admin/templets/album_edit.htm b/src/admin/templets/album_edit.htm
index f4c1ed2e..92440b8f 100644
--- a/src/admin/templets/album_edit.htm
+++ b/src/admin/templets/album_edit.htm
@@ -208,7 +208,7 @@ if($cfg_need_typeid2=='Y') {
     <?php } ?>
     <tr>
       <td><?php
-        PrintAutoFieldsEdit($cInfos['fieldset'],$addRow,'autofield');
+        PrintAutoFieldsEdit(stripslashes($cInfos['fieldset']),$addRow,'autofield');
       ?></td>
     </tr>
     <tr>
diff --git a/src/admin/templets/archives_add.htm b/src/admin/templets/archives_add.htm
index bc1e3b95..54d6c1a8 100644
--- a/src/admin/templets/archives_add.htm
+++ b/src/admin/templets/archives_add.htm
@@ -201,7 +201,7 @@ table{border-collapse:separate}
       </tr>
       <?php } ?>
       <tr>
-        <td><?php PrintAutoFieldsAdd($cInfos['fieldset']); ?></td>
+        <td><?php PrintAutoFieldsAdd(stripslashes($cInfos['fieldset'])); ?></td>
       </tr>
       <tr>
         <td width="100%" height="26">
diff --git a/src/admin/templets/archives_edit.htm b/src/admin/templets/archives_edit.htm
index b783e188..8ac39233 100644
--- a/src/admin/templets/archives_edit.htm
+++ b/src/admin/templets/archives_edit.htm
@@ -196,7 +196,7 @@ table{border-collapse:separate}
       <tr>
         <td>
         <?php
-        PrintAutoFieldsEdit($cInfos['fieldset'],$addRow);
+        PrintAutoFieldsEdit(stripslashes($cInfos['fieldset']),$addRow);
         ?>
         </td>
       </tr>
diff --git a/src/admin/templets/archives_sg_add.htm b/src/admin/templets/archives_sg_add.htm
index f5432db3..ab96febd 100644
--- a/src/admin/templets/archives_sg_add.htm
+++ b/src/admin/templets/archives_sg_add.htm
@@ -168,7 +168,7 @@ table{border-collapse:separate}
     </tr>
      <?php } ?>
     <tr>
-     <td><?php PrintAutoFieldsAdd($cInfos['fieldset'],'autofield'); ?></td>
+     <td><?php PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']),'autofield'); ?></td>
     </tr>
   </table>
   <table width="98%" border="0" cellspacing="0" cellpadding="0" align="center" bgcolor="#f6f6f6" style="border:1px solid #cfcfcf;border-top:none" class="mb-3">
diff --git a/src/admin/templets/archives_sg_edit.htm b/src/admin/templets/archives_sg_edit.htm
index e3632db4..c93036c9 100644
--- a/src/admin/templets/archives_sg_edit.htm
+++ b/src/admin/templets/archives_sg_edit.htm
@@ -157,7 +157,7 @@ table{border-collapse:separate}
     <tr>
      <td>
       <?php
-        PrintAutoFieldsEdit($cInfos['fieldset'],$addRow,'autofield');
+        PrintAutoFieldsEdit(stripslashes($cInfos['fieldset']),$addRow,'autofield');
       ?>
      </td>
    </tr>
diff --git a/src/admin/templets/article_add.htm b/src/admin/templets/article_add.htm
index 0715b2fe..64c5b59c 100644
--- a/src/admin/templets/article_add.htm
+++ b/src/admin/templets/article_add.htm
@@ -250,7 +250,7 @@ table{border-collapse:separate}
         </td>
       </tr>
       <tr>
-        <td colspan="2"><?php PrintAutoFieldsAdd($cInfos['fieldset'],'autofield'); ?></td>
+        <td colspan="2"><?php PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']),'autofield'); ?></td>
       </tr>
       <tr>
         <td height="26" colspan="2" bgcolor="#F9FCEF" class="bline2">
diff --git a/src/admin/templets/article_edit.htm b/src/admin/templets/article_edit.htm
index 4397a6e2..922366a5 100644
--- a/src/admin/templets/article_edit.htm
+++ b/src/admin/templets/article_edit.htm
@@ -217,7 +217,7 @@ table{border-collapse:separate}
       <tr>
         <td colspan="2">
           <?php
-          PrintAutoFieldsEdit($cInfos['fieldset'],$addRow,'autofield');
+          PrintAutoFieldsEdit(stripslashes($cInfos['fieldset']),$addRow,'autofield');
           ?>
         </td>
       </tr>
diff --git a/src/admin/templets/diy_edit.htm b/src/admin/templets/diy_edit.htm
index bc368907..170a60a7 100644
--- a/src/admin/templets/diy_edit.htm
+++ b/src/admin/templets/diy_edit.htm
@@ -108,7 +108,7 @@ foreach($ds as $d){
 	$dds = explode(',',trim($d));
 	$fieldtypes[$dds[0]] = $dds[1];
 }
-$fieldset = $row['info'];
+$fieldset = stripslashes($row['info']);
 $dtp = new DedeTagParse();
 $dtp->SetNameSpace("field","<",">");
 $dtp->LoadSource($fieldset);
diff --git a/src/admin/templets/mychannel_edit.htm b/src/admin/templets/mychannel_edit.htm
index 1cfcabd8..1f94863b 100644
--- a/src/admin/templets/mychannel_edit.htm
+++ b/src/admin/templets/mychannel_edit.htm
@@ -316,7 +316,7 @@ foreach($ds as $d){
 	$dds = explode(',',trim($d));
 	$fieldtypes[$dds[0]] = $dds[1];
 }
-$fieldset = $row['fieldset'];
+$fieldset = stripslashes($row['fieldset']);
 $dtp = new DedeTagParse();
 $dtp->SetNameSpace("field","<",">");
 $dtp->LoadSource($fieldset);
@@ -385,7 +385,7 @@ else
         </td>
         <td width="65%" bgcolor="#FFFFFF">
           <textarea name="fieldset" style="width:99%;height:300px" rows="10"
-            id="fieldset"><?php echo $row['fieldset']; ?></textarea>
+            id="fieldset"><?php echo stripslashes($row['fieldset']); ?></textarea>
         </td>
       </tr>
     </table>
diff --git a/src/admin/templets/soft_add.htm b/src/admin/templets/soft_add.htm
index c9560676..37c24b6e 100644
--- a/src/admin/templets/soft_add.htm
+++ b/src/admin/templets/soft_add.htm
@@ -321,7 +321,7 @@ table{border-collapse:separate}
         </td>
       </tr>
       <tr>
-        <td><?php PrintAutoFieldsAdd($cInfos['fieldset'],'autofield'); ?></td>
+        <td><?php PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']),'autofield'); ?></td>
       </tr>
       <tr>
         <td height="26" bgcolor="#F9FCEF"" class="bline2"><strong>&nbsp;下载限制：</strong></td>
diff --git a/src/admin/templets/soft_edit.htm b/src/admin/templets/soft_edit.htm
index 141db7e7..4e247eae 100644
--- a/src/admin/templets/soft_edit.htm
+++ b/src/admin/templets/soft_edit.htm
@@ -310,7 +310,7 @@ table{border-collapse:separate}
         </td>
       </tr>
       <tr>
-        <td><?php PrintAutoFieldsEdit($cInfos['fieldset'],$addRow,'autofield'); ?></td>
+        <td><?php PrintAutoFieldsEdit(stripslashes($cInfos['fieldset']),$addRow,'autofield'); ?></td>
       </tr>
       <tr>
         <td height="26" bgcolor="#F9FCEF" class="bline2">&nbsp;<strong>下载限制：</strong></td>
diff --git a/src/admin/templets/spec_add.htm b/src/admin/templets/spec_add.htm
index 1adaf9f7..da7ea442 100644
--- a/src/admin/templets/spec_add.htm
+++ b/src/admin/templets/spec_add.htm
@@ -295,7 +295,7 @@ table{border-collapse:separate}
         </td>
       </tr>
       <tr>
-        <td><?php PrintAutoFieldsAdd($cInfos['fieldset'],'autofield'); ?></td>
+        <td><?php PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']),'autofield'); ?></td>
       </tr>
     </table>
     <table width="98%" border="0" align="center" cellpadding="2" style="border:1px solid #cfcfcf;background:#ffffff;display:none;" cellspacing="2" id="adset">
diff --git a/src/admin/templets/spec_edit.htm b/src/admin/templets/spec_edit.htm
index ba524a6d..e0bf3026 100644
--- a/src/admin/templets/spec_edit.htm
+++ b/src/admin/templets/spec_edit.htm
@@ -317,7 +317,7 @@ table{border-collapse:separate}
       <tr>
         <td>
         <?php
-        PrintAutoFieldsEdit($cInfos['fieldset'],$addRow,'autofield');
+        PrintAutoFieldsEdit(stripslashes($cInfos['fieldset']),$addRow,'autofield');
         ?>
         </td>
       </tr>
diff --git a/src/admin/templets/sys_sql_query.htm b/src/admin/templets/sys_sql_query.htm
index d4c19390..b0b0568e 100644
--- a/src/admin/templets/sys_sql_query.htm
+++ b/src/admin/templets/sys_sql_query.htm
@@ -38,9 +38,15 @@
                   <tr>
                     <td width="35%">
                       <select name="tablename" id="tablename" style="width:100%;height: auto;" size="6">
-                        <?php
-$dsql->SetQuery("Show Tables");
+<?php
+if ($cfg_dbtype=="sqlite") {
+  $query = "SELECT name FROM sqlite_master WHERE type='table' ORDER BY name;";
+} else {
+  $query = "SHOW TABLES FROM {$GLOBALS['cfg_dbname']} ";
+}
+$dsql->SetQuery($query);
 $dsql->Execute('t');
+
 while($row = $dsql->GetArray('t',MYSQL_BOTH))
 {
 	$dsql->SetQuery("Select count(*) From ".$row[0]);
diff --git a/src/apps/diy.php b/src/apps/diy.php
index c1233c6d..e6d3ea05 100755
--- a/src/apps/diy.php
+++ b/src/apps/diy.php
@@ -17,7 +17,7 @@ if (empty($diyid)) {
     showMsg('非法操作!', 'javascript:;');
     exit();
 }
-require_once DEDEINC.'/diyform.cls.php';
+require_once DEDEINC.'/diyform.class.php';
 $diy = new diyform($diyid);
 /*----------------------------
 function Post(){ }
diff --git a/src/data/admin/ver.txt b/src/data/admin/ver.txt
index 9068a635..3ffb0534 100644
--- a/src/data/admin/ver.txt
+++ b/src/data/admin/ver.txt
@@ -1 +1 @@
-20220305
\ No newline at end of file
+20220315
\ No newline at end of file
diff --git a/src/data/admin/verifies.txt b/src/data/admin/verifies.txt
index e2983bed..3ffb0534 100644
--- a/src/data/admin/verifies.txt
+++ b/src/data/admin/verifies.txt
@@ -1 +1 @@
-20201022
\ No newline at end of file
+20220315
\ No newline at end of file
diff --git a/src/system/common.func.php b/src/system/common.func.php
index d091228d..661c5d9f 100755
--- a/src/system/common.func.php
+++ b/src/system/common.func.php
@@ -46,6 +46,12 @@ if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
         }
     }
 }
+// 一个支持在PHP Cli Server打印的方法
+function var_dump_cli($val){
+    ob_start();
+    var_dump($val);
+    error_log(ob_get_clean(), 4);
+}
 function get_mime_type($filename)
 {
     if (! function_exists('finfo_open'))
@@ -290,7 +296,7 @@ if (file_exists(DEDEINC.'/extend.func.php')) {
 function litimgurls($imgid=0)
 {
     global $lit_imglist,$dsql;
-    $row = $dsql->GetOne("SELECT c.addtable FROM #@__archives AS a LEFT JOIN #@__channeltype AS c ON a.channel=c.id where a.id='$imgid'");
+    $row = $dsql->GetOne("SELECT c.addtable FROM `#@__archives` AS a LEFT JOIN `#@__channeltype` AS c ON a.channel=c.id where a.id='$imgid'");
     $addtable = trim($row['addtable']);
     $row = $dsql->GetOne("Select imgurls From `$addtable` where aid='$imgid'");
     $ChannelUnit = new ChannelUnit(2,$imgid);
@@ -322,13 +328,13 @@ function AddFilter($channelid, $type=1, $fieldsnamef=array(), $defaulttid=0, $lo
     $tid = $defaulttid ? $defaulttid : $tid;
     if ($id!="")
     {
-        $tidsq = $dsql->GetOne(" Select typeid From `#@__archives` where id='$id' ");
+        $tidsq = $dsql->GetOne("SELECT typeid FROM `#@__archives` WHERE id='$id' ");
         $tid = $tidsq["typeid"];
     }
     $nofilter = (isset($_REQUEST['TotalResult']) ? "&TotalResult=".$_REQUEST['TotalResult'] : '').(isset($_REQUEST['PageNo']) ? "&PageNo=".$_REQUEST['PageNo'] : '');
     $filterarr = string_filter(stripos($_SERVER['REQUEST_URI'], "list.php?tid=") ? str_replace($nofilter, '', $_SERVER['REQUEST_URI']) : $GLOBALS['cfg_cmsurl']."/apps/list.php?tid=".$tid);
-    $cInfos = $dsql->GetOne(" Select * From  `#@__channeltype` where id='$channelid' ");
-    $fieldset=$cInfos['fieldset'];
+    $cInfos = $dsql->GetOne("SELECT * FROM  `#@__channeltype` WHERE id='$channelid' ");
+    $fieldset=stripslashes($cInfos['fieldset']);
     $dtp = new DedeTagParse();
     $dtp->SetNameSpace('field','<','>');
     $dtp->LoadSource($fieldset);
diff --git a/src/system/common.inc.php b/src/system/common.inc.php
index 05a4ff9f..d468240e 100755
--- a/src/system/common.inc.php
+++ b/src/system/common.inc.php
@@ -257,6 +257,15 @@ $cfg_biz_helpUrl = DEDEBIZURL."/help";
 $cfg_biz_gitUrl = DEDEBIZURL."/git";
 $cfg_biz_dedebizUrl = DEDEBIZURL;
 //引入数据库类
+if (!defined('MYSQL_BOTH')) {
+    define('MYSQL_BOTH', MYSQLI_BOTH);
+}
+if (!defined('MYSQL_ASSOC')) {
+    define('MYSQL_ASSOC', MYSQLI_ASSOC);
+}
+if (!defined('MYSQL_NUM')) {
+    define('MYSQL_NUM', MYSQLI_NUM);
+}
 if ($GLOBALS['cfg_dbtype'] == 'mysql' || $GLOBALS['cfg_dbtype'] == 'mysqli') {
     require_once(DEDEINC.'/database/dedesqli.class.php');
 } else {
diff --git a/src/system/database/dedesqli.class.php b/src/system/database/dedesqli.class.php
index 0850a3b5..6d40039f 100755
--- a/src/system/database/dedesqli.class.php
+++ b/src/system/database/dedesqli.class.php
@@ -31,12 +31,7 @@ $dsql = $dsqli = $db = new DedeSqli(FALSE);
  * @subpackage     DedeBIZ.Libraries
  * @link           https://www.dedebiz.com
  */
-if (!defined('MYSQL_BOTH')) {
-    define('MYSQL_BOTH', MYSQLI_BOTH);
-}
-if (!defined('MYSQL_ASSOC')) {
-    define('MYSQL_ASSOC', MYSQLI_ASSOC);
-}
+
 class DedeSqli
 {
     var $linkID;
@@ -60,6 +55,11 @@ class DedeSqli
         $this->isClose = FALSE;
         $this->safeCheck = TRUE;
         $this->pconnect = $pconnect;
+        $this->dbHost   =  $GLOBALS['cfg_dbhost'];
+        $this->dbUser   =  $GLOBALS['cfg_dbuser'];
+        $this->dbPwd    =  $GLOBALS['cfg_dbpwd'];
+        $this->dbName   =  $GLOBALS['cfg_dbname'];
+        $this->dbPrefix =  $GLOBALS['cfg_dbprefix'];
         if ($nconnect) {
             $this->Init($pconnect);
         }
@@ -73,11 +73,7 @@ class DedeSqli
         $this->linkID = 0;
         //$this->queryString = '';
         //$this->parameters = Array();
-        $this->dbHost   =  $GLOBALS['cfg_dbhost'];
-        $this->dbUser   =  $GLOBALS['cfg_dbuser'];
-        $this->dbPwd    =  $GLOBALS['cfg_dbpwd'];
-        $this->dbName   =  $GLOBALS['cfg_dbname'];
-        $this->dbPrefix =  $GLOBALS['cfg_dbprefix'];
+
         $this->result["me"] = 0;
         $this->Open($pconnect);
     }
@@ -488,9 +484,9 @@ EOT;
     //显示数据链接错误信息
     function DisplayError($msg)
     {
-        $errorTrackFile = dirname(__FILE__).'/../data/mysqli_error_trace.inc';
-        if (file_exists(dirname(__FILE__).'/../data/mysqli_error_trace.php')) {
-            @unlink(dirname(__FILE__).'/../data/mysqli_error_trace.php');
+        $errorTrackFile = dirname(__FILE__).'/../../data/mysqli_error_trace.inc';
+        if (file_exists(dirname(__FILE__).'/../../data/mysqli_error_trace.php')) {
+            @unlink(dirname(__FILE__).'/../../data/mysqli_error_trace.php');
         }
         if ($this->showError) {
             $emsg = '';
diff --git a/src/system/database/dedesqlite.class.php b/src/system/database/dedesqlite.class.php
index 2e3a877e..c6b76df6 100755
--- a/src/system/database/dedesqlite.class.php
+++ b/src/system/database/dedesqlite.class.php
@@ -265,7 +265,7 @@ class DedeSqlite
         $this->Execute($id, $sql);
     }
     //执行一个SQL语句,返回前一条记录或仅返回一条记录
-    function GetOne($sql = '', $acctype = MYSQLI_ASSOC)
+    function GetOne($sql = '', $acctype = SQLITE3_ASSOC)
     {
         global $dsqlite;
         if (!$dsqlite->isInit) {
@@ -495,9 +495,9 @@ EOT;
     //显示数据链接错误信息
     function DisplayError($msg)
     {
-        $errorTrackFile = dirname(__FILE__).'/../data/mysqli_error_trace.inc';
-        if (file_exists(dirname(__FILE__).'/../data/mysqli_error_trace.php')) {
-            @unlink(dirname(__FILE__).'/../data/mysqli_error_trace.php');
+        $errorTrackFile = dirname(__FILE__).'/../../data/mysqli_error_trace.inc';
+        if (file_exists(dirname(__FILE__).'/../../data/mysqli_error_trace.php')) {
+            @unlink(dirname(__FILE__).'/../../data/mysqli_error_trace.php');
         }
         if ($this->showError) {
             $emsg = '';
diff --git a/src/system/diyform.cls.php b/src/system/diyform.class.php
similarity index 92%
rename from src/system/diyform.cls.php
rename to src/system/diyform.class.php
index eebd0406..81c5201f 100755
--- a/src/system/diyform.cls.php
+++ b/src/system/diyform.class.php
@@ -3,7 +3,7 @@ if (!defined('DEDEINC')) exit('dedebiz');
 /**
  * 自定义表单解析类
  *
- * @version        $Id: diyform.cls.php 1 10:31 2010年7月6日Z tianya $
+ * @version        $Id: diyform.class.php 1 10:31 2010年7月6日Z tianya $
  * @package        DedeBIZ.Libraries
  * @copyright      Copyright (c) 2022, DedeBIZ.COM
  * @license        https://www.dedebiz.com/license
@@ -44,13 +44,13 @@ class diyform
     {
         $this->diyid = $diyid;
         $this->db = $GLOBALS['dsql'];
-        $query = "SELECT * FROM #@__diyforms WHERE diyid='{$diyid}'";
+        $query = "SELECT * FROM `#@__diyforms` WHERE diyid='{$diyid}'";
         $diyinfo = $this->db->GetOne($query);
         if (!is_array($diyinfo)) {
             showMsg('参数不正确，该自定义表单不存在', 'javascript:;');
             exit();
         }
-        $this->info = $diyinfo['info'];
+        $this->info = stripslashes($diyinfo['info']);
         $this->name = $diyinfo['name'];
         $this->table = $diyinfo['table'];
         $this->public = $diyinfo['public'];
diff --git a/src/user/album_add.php b/src/user/album_add.php
index 3ccb87dd..e9f98b25 100755
--- a/src/user/album_add.php
+++ b/src/user/album_add.php
@@ -122,7 +122,7 @@ else if ($dopost == 'save') {
         }
 
         //这里对前台提交的附加数据进行一次校验
-        $fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'], 'autofield', FALSE);
+        $fontiterm = PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']), 'autofield', FALSE);
         if ($fontiterm != $inadd_f) {
             ShowMsg("提交表单同系统配置不相符,请重新提交", "-1");
             exit();
diff --git a/src/user/album_edit.php b/src/user/album_edit.php
index 1df48524..03050bf5 100755
--- a/src/user/album_edit.php
+++ b/src/user/album_edit.php
@@ -112,7 +112,7 @@ else if ($dopost == 'save') {
             }
         }
         //这里对前台提交的附加数据进行一次校验
-        $fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'], 'autofield', FALSE);
+        $fontiterm = PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']), 'autofield', FALSE);
         if ($fontiterm != $inadd_m) {
             ShowMsg("提交表单同系统配置不相符,请重新提交", "-1");
             exit();
diff --git a/src/user/archives_add.php b/src/user/archives_add.php
index 401d1600..c06caf7d 100755
--- a/src/user/archives_add.php
+++ b/src/user/archives_add.php
@@ -81,7 +81,7 @@ else if ($dopost == 'save') {
         }
 
         //这里对前台提交的附加数据进行一次校验
-        $fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'], 'autofield', FALSE);
+        $fontiterm = PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']), 'autofield', FALSE);
         if ($fontiterm != $inadd_f) {
             ShowMsg("提交表单同系统配置不相符,请重新提交", "-1");
             exit();
diff --git a/src/user/archives_edit.php b/src/user/archives_edit.php
index 00106e3b..b862b15b 100755
--- a/src/user/archives_edit.php
+++ b/src/user/archives_edit.php
@@ -77,7 +77,7 @@ else if ($dopost == 'save') {
         }
 
         //这里对前台提交的附加数据进行一次校验
-        $fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'], 'autofield', FALSE);
+        $fontiterm = PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']), 'autofield', FALSE);
         if ($fontiterm != $inadd_m) {
             ShowMsg("提交表单同系统配置不相符,请重新提交", "-1");
             exit();
diff --git a/src/user/archives_sg_add.php b/src/user/archives_sg_add.php
index ebc78011..3fdadb84 100755
--- a/src/user/archives_sg_add.php
+++ b/src/user/archives_sg_add.php
@@ -140,7 +140,7 @@ else if ($dopost == 'save') {
         }
 
         //这里对前台提交的附加数据进行一次校验
-        $fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'], 'autofield', FALSE);
+        $fontiterm = PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']), 'autofield', FALSE);
         if ($fontiterm != str_replace('`', '', $inadd_f)) {
             ShowMsg("提交表单同系统配置不相符,请重新提交", "-1");
             exit();
diff --git a/src/user/archives_sg_edit.php b/src/user/archives_sg_edit.php
index 05b0c9e6..d114e651 100755
--- a/src/user/archives_sg_edit.php
+++ b/src/user/archives_sg_edit.php
@@ -118,7 +118,7 @@ else if ($dopost == 'save') {
         }
 
         //这里对前台提交的附加数据进行一次校验
-        $fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'], 'autofield', FALSE);
+        $fontiterm = PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']), 'autofield', FALSE);
         if ($fontiterm != $inadd_m) {
             ShowMsg("提交表单同系统配置不相符,请重新提交", "-1");
             exit();
diff --git a/src/user/article_add.php b/src/user/article_add.php
index c2792361..0b7c3adf 100755
--- a/src/user/article_add.php
+++ b/src/user/article_add.php
@@ -72,7 +72,7 @@ else if ($dopost == 'save') {
     }
 
     //这里对前台提交的附加数据进行一次校验
-    $fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'], 'autofield', FALSE);
+    $fontiterm = PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']), 'autofield', FALSE);
     if ($fontiterm != $inadd_f) {
         ShowMsg("提交表单同系统配置不相符,请重新提交", "-1");
         exit();
diff --git a/src/user/article_edit.php b/src/user/article_edit.php
index cf4180d2..b9fb77b4 100755
--- a/src/user/article_edit.php
+++ b/src/user/article_edit.php
@@ -70,7 +70,7 @@ else if ($dopost == 'save') {
         }
 
         //这里对前台提交的附加数据进行一次校验
-        $fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'], 'autofield', FALSE);
+        $fontiterm = PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']), 'autofield', FALSE);
 
         if ($fontiterm != $inadd_m) {
             ShowMsg("提交表单同系统配置不相符,请重新提交", "-1");
diff --git a/src/user/soft_add.php b/src/user/soft_add.php
index cd2725ab..1cc42b39 100755
--- a/src/user/soft_add.php
+++ b/src/user/soft_add.php
@@ -102,7 +102,7 @@ else if ($dopost == 'save') {
         }
 
         //这里对前台提交的附加数据进行一次校验
-        $fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'], 'autofield', FALSE);
+        $fontiterm = PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']), 'autofield', FALSE);
         if ($fontiterm != $inadd_f) {
             ShowMsg("提交表单同系统配置不相符,请重新提交", "-1");
             exit();
diff --git a/src/user/soft_edit.php b/src/user/soft_edit.php
index 3282980a..b2ec3c8c 100755
--- a/src/user/soft_edit.php
+++ b/src/user/soft_edit.php
@@ -137,7 +137,7 @@ else if ($dopost == 'save') {
         }
 
         //这里对前台提交的附加数据进行一次校验
-        $fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'], 'autofield', FALSE);
+        $fontiterm = PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']), 'autofield', FALSE);
         if ($fontiterm != $inadd_f) {
             ShowMsg("提交表单同系统配置不相符,请重新提交", "-1");
             exit();
diff --git a/src/user/templets/album_add.htm b/src/user/templets/album_add.htm
index 92fb264c..c9918c8f 100755
--- a/src/user/templets/album_add.htm
+++ b/src/user/templets/album_add.htm
@@ -76,7 +76,7 @@
                   </div>
                   <?php
                     //自定义字段
-                    PrintAutoFieldsAdd($cInfos['fieldset'],'autofield');
+                    PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']),'autofield');
                   ?>
                   <!-- 表单操作区域 -->
                   <label>图集内容</label>
diff --git a/src/user/templets/archives_add.htm b/src/user/templets/archives_add.htm
index 535dbc4d..426cba9b 100755
--- a/src/user/templets/archives_add.htm
+++ b/src/user/templets/archives_add.htm
@@ -74,7 +74,7 @@
                   </div>
                   <?php
                     //自定义字段
-                    PrintAutoFieldsAdd($cInfos['fieldset'],'autofield');
+                    PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']),'autofield');
                   ?>
                   <!-- 表单操作区域 -->
                   <div class="contentShow postForm">
diff --git a/src/user/templets/archives_edit.htm b/src/user/templets/archives_edit.htm
index 5e92af22..5a0cdd5c 100755
--- a/src/user/templets/archives_edit.htm
+++ b/src/user/templets/archives_edit.htm
@@ -73,7 +73,7 @@
                   </div>
                   <?php
                     //自定义字段
-                    PrintAutoFieldsEdit($cInfos['fieldset'], $addRow, 'autofield');
+                    PrintAutoFieldsEdit(stripslashes($cInfos['fieldset']), $addRow, 'autofield');
                   ?>
                   <!-- 表单操作区域 -->
                   <div class="contentShow postForm">
diff --git a/src/user/templets/archives_sg_add.htm b/src/user/templets/archives_sg_add.htm
index 2847387c..a65c227b 100755
--- a/src/user/templets/archives_sg_add.htm
+++ b/src/user/templets/archives_sg_add.htm
@@ -74,7 +74,7 @@
                   </div>
                   <?php
                     //自定义字段
-                    PrintAutoFieldsAdd($cInfos['fieldset'],'autofield');
+                    PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']),'autofield');
                   ?>
                   <!-- 表单操作区域 -->
                   <div class="contentShow postForm">
diff --git a/src/user/templets/archives_sg_edit.htm b/src/user/templets/archives_sg_edit.htm
index 8050d8cf..a7d2750c 100755
--- a/src/user/templets/archives_sg_edit.htm
+++ b/src/user/templets/archives_sg_edit.htm
@@ -61,7 +61,7 @@
                   </div>
                   <?php
                     //自定义字段
-                    PrintAutoFieldsEdit($cInfos['fieldset'], $addRow, 'autofield');
+                    PrintAutoFieldsEdit(stripslashes($cInfos['fieldset']), $addRow, 'autofield');
                   ?>
                   <!-- 表单操作区域 -->
                   <div class="contentShow postForm">
diff --git a/src/user/templets/article_add.htm b/src/user/templets/article_add.htm
index 2ed2a4fd..87827bef 100755
--- a/src/user/templets/article_add.htm
+++ b/src/user/templets/article_add.htm
@@ -74,7 +74,7 @@
                   </div>
                   <?php
                     //自定义字段
-                    PrintAutoFieldsAdd($cInfos['fieldset'],'autofield');
+                    PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']),'autofield');
                   ?>
                   <!-- 表单操作区域 -->
                   <label>详细内容</label>
diff --git a/src/user/templets/soft_add.htm b/src/user/templets/soft_add.htm
index 68521563..3e3fc445 100755
--- a/src/user/templets/soft_add.htm
+++ b/src/user/templets/soft_add.htm
@@ -184,7 +184,7 @@
                   </div>
                   <?php
                     //自定义字段
-                    PrintAutoFieldsAdd($cInfos['fieldset'],'autofield');
+                    PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']),'autofield');
                   ?>
                   <!-- 表单操作区域 -->
                   <div class="contentShow postForm">
diff --git a/src/user/templets/soft_edit.htm b/src/user/templets/soft_edit.htm
index f06d31f6..44a5ccfa 100755
--- a/src/user/templets/soft_edit.htm
+++ b/src/user/templets/soft_edit.htm
@@ -186,7 +186,7 @@
                   </div>
                   <?php
                     //自定义字段
-                    PrintAutoFieldsEdit($cInfos['fieldset'],$addRow,'autofield');
+                    PrintAutoFieldsEdit(stripslashes($cInfos['fieldset']),$addRow,'autofield');
                   ?>
                   <!-- 表单操作区域 -->
                   <div class="contentShow postForm">