diff --git a/src/admin/archives_do.php b/src/admin/archives_do.php index e1e71b15..0107ac8e 100644 --- a/src/admin/archives_do.php +++ b/src/admin/archives_do.php @@ -624,7 +624,7 @@ else if ($dopost == "makekw") { $title = $row['title']; $description = $row['description']; $body = cn_substr($row['body'], 3000); - $data = $client->Spliteword($title.Html2Text($body)); + $data = $client->Spliteword($title." ".Html2Text($body)); $keywords = $data->data; $description = str_replace(' ', ' ', trim($description)); $description = str_replace('[', ' ', $description); @@ -638,7 +638,7 @@ else if ($dopost == "makekw") { $client->Close(); } else { include_once(DEDEINC.'/libraries/splitword.class.php'); - $sp = new SplitWord($cfg_soft_lang, $cfg_soft_lang); + $sp = new SplitWord(); while ($row = $dsql->GetArray()) { //跳过已经有关键词文档 if (trim($row['keywords']) != '') continue; @@ -647,27 +647,16 @@ else if ($dopost == "makekw") { $title = $row['title']; $description = $row['description']; $body = cn_substr($row['body'], 3000); - $sp->SetSource($title, $cfg_soft_lang, $cfg_soft_lang); + $sp->SetSource($title." ".Html2Text($body)); $sp->StartAnalysis(); - $titleindexs = preg_replace("/#p#|#e#/", '', $sp->GetFinallyIndex()); - $sp->SetSource(Html2Text($body), $cfg_soft_lang, $cfg_soft_lang); - $sp->StartAnalysis(); - $allindexs = preg_replace("/#p#|#e#/", '', $sp->GetFinallyIndex()); - if (is_array($allindexs) && is_array($titleindexs)) { - foreach ($titleindexs as $k => $v) { + $indexs = preg_replace("/#p#|#e#/", '', $sp->GetFinallyIndex()); + if (is_array($indexs)) { + foreach ($indexs as $k => $v) { if (strlen($keywords.$k) >= 60) { break; } else { - if (strlen($k) <= 6) continue; - $keywords .= $k.','; - } - } - foreach ($allindexs as $k => $v) { - if (strlen($keywords.$k) >= 60) { - break; - } else if (!in_array($k, $titleindexs)) { - if (strlen($k) <= 6) continue; - $keywords .= $k.','; + if (strlen($k) < 6) continue; + $keywords .= ($keywords == '' ? "{$k}" : ",{$k}"); } } } diff --git a/src/admin/article_edit.php b/src/admin/article_edit.php index 1f2e7f35..2e96fda5 100644 --- a/src/admin/article_edit.php +++ b/src/admin/article_edit.php @@ -75,7 +75,7 @@ if ($dopost != 'save') { $senddate = GetMkTime($senddate); $sortrank = AddDay($pubdate, $sortup); $ismake = $ishtml == 0 ? -1 : 0; - $autokey = 1; + $title = dede_htmlspecialchars(cn_substrR($title, $cfg_title_maxlen)); $shorttitle = cn_substrR($shorttitle, 255); $color = cn_substrR($color, 7); @@ -83,6 +83,7 @@ if ($dopost != 'save') { $source = cn_substrR($source, 255); $description = cn_substrR($description, 255); $keywords = trim(cn_substrR($keywords, 255)); + if (empty($keywords)) $autokey = 1; $filename = trim(cn_substrR($filename, 50)); $isremote = 0; $serviterm = empty($serviterm) ? "" : $serviterm; diff --git a/src/admin/inc/inc_archives_functions.php b/src/admin/inc/inc_archives_functions.php index 1c2b97e7..9862f5b4 100644 --- a/src/admin/inc/inc_archives_functions.php +++ b/src/admin/inc/inc_archives_functions.php @@ -508,7 +508,7 @@ function PrintAutoFieldsEdit(&$fieldset, &$fieldValues, $loadtype = 'all') */ function AnalyseHtmlBody($body, &$description, &$litpic, &$keywords, $dtype = '') { - global $autolitpic, $remote, $dellink, $autokey, $cfg_basehost, $cfg_auot_description, $id, $title, $cfg_soft_lang, $cfg_bizcore_appid, $cfg_bizcore_key, $cfg_bizcore_hostname, $cfg_bizcore_port; + global $autolitpic, $remote, $dellink, $autokey, $cfg_basehost, $cfg_auot_description, $id, $title, $cfg_bizcore_appid, $cfg_bizcore_key; $autolitpic = (empty($autolitpic) ? '' : $autolitpic); $body = stripslashes($body); //远程图片本地化 @@ -536,7 +536,7 @@ function AnalyseHtmlBody($body, &$description, &$litpic, &$keywords, $dtype = '' } //自动获取关键词 if ($autokey == 1) { - $subject = $title; + $subject = $title." ".Html2Text($body); //采用DedeBIZ Core分词组件分词 if (!empty($cfg_bizcore_appid) && !empty($cfg_bizcore_key)) { $keywords = ''; @@ -550,14 +550,13 @@ function AnalyseHtmlBody($body, &$description, &$litpic, &$keywords, $dtype = '' $sp = new SplitWord(); $sp->SetSource($subject); $sp->StartAnalysis(); - $titleindexs = preg_replace("/#p#|#e#/", '', $sp->GetFinallyIndex()); - $sp->StartAnalysis(); - if (is_array($titleindexs)) { - foreach ($titleindexs as $k => $v) { + $indexs = preg_replace("/#p#|#e#/", '', $sp->GetFinallyIndex()); + if (is_array($indexs)) { + foreach ($indexs as $k => $v) { if (strlen($keywords.$k) >= 60) { break; } else { - if (strlen($k) <= 6) continue; + if (strlen($k) < 6) continue; $keywords .= ($keywords == '' ? "{$k}" : ",{$k}"); } } diff --git a/src/system/archive/listview.class.php b/src/system/archive/listview.class.php index 1dc65624..92c589cd 100755 --- a/src/system/archive/listview.class.php +++ b/src/system/archive/listview.class.php @@ -76,7 +76,7 @@ class ListView if (isset($_REQUEST['tid'])) { foreach($_GET as $key => $value) { if (!in_array($key,$this->_parms)) { - $this->Fields[string_filter($key)] = string_filter(urldecode($value)); + $this->Fields[$key] = RemoveXSS(urldecode($value)); } } } @@ -108,7 +108,7 @@ class ListView exit; } } - $this->Fields['rsslink'] = $GLOBALS['cfg_cmsurl']."/static/rss/".$this->TypeID.".xml"; + $this->Fields['rsslink'] = $GLOBALS['cfg_cmsurl']."static/rss/".$this->TypeID.".xml"; //设置环境变量 SetSysEnv($this->TypeID, $this->Fields['typename'], 0, '', 'list'); $this->Fields['typeid'] = $this->TypeID; @@ -178,7 +178,7 @@ class ListView } if (isset($_REQUEST['tid'])) { foreach ($_GET as $key => $value) { - $filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".string_filter($key)." = '".string_filter(urldecode($value))."'" : ''; + $filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".HtmlReplace($key, -1)." = '".HtmlReplace(urldecode($value), -1)."'" : ''; } } } else { @@ -467,7 +467,7 @@ class ListView if (isset($_REQUEST['tid'])) { foreach($_GET as $key => $value) { - $filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".string_filter($key)." = '".string_filter(urldecode($value))."'" : ''; + $filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".HtmlReplace($key, -1)." = '".HtmlReplace(urldecode($value), -1)."'" : ''; } } } else { @@ -893,7 +893,7 @@ class ListView if (isset($_REQUEST['tid'])) { foreach($_GET as $key => $value) { - $filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".string_filter($key)." = '".string_filter(urldecode($value))."'" : ''; + $filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".HtmlReplace($key, -1)." = '".HtmlReplace(urldecode($value), -1)."'" : ''; } } } else { @@ -1156,7 +1156,7 @@ class ListView //添加联动单筛选 $pageaddurl = ''; foreach($_GET as $key => $value) { - $pageaddurl .= ($key!="tid" && $key!="TotalResult" && $key!="PageNo" && $key!="PageSize" && $key!="mod") ? "&".string_filter($key)."=".string_filter($value) : ''; + $pageaddurl .= ($key!="tid" && $key!="TotalResult" && $key!="PageNo" && $key!="PageSize" && $key!="mod") ? "&".RemoveXSS($key)."=".RemoveXSS($value) : ''; } //获得上页和下页的链接 if ($this->PageNo != 1) { diff --git a/src/system/archive/searchview.class.php b/src/system/archive/searchview.class.php index 17e4b55a..a2338a6a 100755 --- a/src/system/archive/searchview.class.php +++ b/src/system/archive/searchview.class.php @@ -171,8 +171,8 @@ class SearchView $keywords = preg_replace("/[ ]{1,}/", " ", $keywords); $client->Close(); } else { - $sp = new SplitWord($cfg_soft_lang, $cfg_soft_lang); - $sp->SetSource($keyword, $cfg_soft_lang, $cfg_soft_lang); + $sp = new SplitWord(); + $sp->SetSource($keyword); $sp->SetResultType(2); $sp->StartAnalysis(TRUE); $keywords = $sp->GetFinallyResult(); @@ -180,7 +180,7 @@ class SearchView ksort($idx_keywords); $keywords = $keyword.' '; foreach ($idx_keywords as $key => $value) { - if (strlen($key) <= 3) { + if (strlen($key) < 6) { continue; } $keywords .= ' '.$key; @@ -657,6 +657,7 @@ class SearchView $totalpage = ceil($this->SearchMaxRc / $this->pagesize); } $infos = "
  • {$totalpage}页".$this->TotalResult."条
    • "; + $geturl = ""; //$geturl = "keyword=".urlencode($oldkeyword)."&searchtype=".$this->SearchType; //$geturl .= "&channeltype=".$this->ChannelType."&orderby=".$this->OrderBy; //$geturl .= "&kwtype=".$this->KType."&pagesize=".$this->pagesize; diff --git a/src/system/archive/sglistview.class.php b/src/system/archive/sglistview.class.php index d0bb2f3a..a9423141 100755 --- a/src/system/archive/sglistview.class.php +++ b/src/system/archive/sglistview.class.php @@ -367,7 +367,7 @@ class SgListView } else if ($orderby == "senddate") { $ordersql = " ORDER BY arc.senddate $orderWay"; } else if ($orderby == "id") { - $ordersql = " ORDER BY arc.id $orderWay"; + $ordersql = " ORDER BY arc.aid $orderWay"; } else if ($orderby == "hot" || $orderby == "click") { $ordersql = " ORDER BY arc.click $orderWay"; } else if($orderby == "weight") { @@ -724,7 +724,7 @@ class SgListView } else if ($orderby == "senddate") { $ordersql = " ORDER BY arc.senddate $orderWay"; } else if ($orderby == "id") { - $ordersql = " ORDER BY arc.id $orderWay"; + $ordersql = " ORDER BY arc.aid $orderWay"; } else if ($orderby == "hot" || $orderby == "click") { $ordersql = " ORDER BY arc.click $orderWay"; } else if($orderby == "weight") { diff --git a/src/system/extend.func.php b/src/system/extend.func.php index b9521bda..8de2b4f1 100755 --- a/src/system/extend.func.php +++ b/src/system/extend.func.php @@ -85,7 +85,7 @@ function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0, $tid = $toptid==0 ? $tidsq["typeid"] : $tidsq["topid"]; } $nofilter = (isset($_REQUEST['TotalResult']) ? "&TotalResult=".$_REQUEST['TotalResult'] : '').(isset($_REQUEST['PageNo']) ? "&PageNo=".$_REQUEST['PageNo'] : ''); - $filterarr = string_filter(stripos($_SERVER['REQUEST_URI'], "list.php?tid=") ? str_replace($nofilter, '', $_SERVER['REQUEST_URI']) : $GLOBALS['cfg_cmsurl']."/apps/list.php?tid=".$tid); + $filterarr = stripos($_SERVER['REQUEST_URI'], "list.php?tid=") ? str_replace($nofilter, '', $_SERVER['REQUEST_URI']) : $GLOBALS['cfg_cmsurl']."apps/list.php?tid=".$tid; $cInfos = $dsql->GetOne("SELECT * FROM `#@__channeltype` WHERE id='$channelid'"); $fieldset=$cInfos['fieldset']; $dtp = new DedeTagParse(); @@ -152,25 +152,4 @@ function litimgurls($imgid = 0) $lit_imglist = $ChannelUnit->GetlitImgLinks($row['imgurls']); return $lit_imglist; } -//联动单筛选字符过滤函数 -function string_filter($str, $stype = "inject") -{ - if ($stype == "inject") { - $str = str_replace( - array("select", "insert", "update", "delete", "alter", "cas", "union", "into", "load_file", "outfile", "create", "join", "where", "like", "drop", "modify", "rename", "'", "/*", "*", "../", "./"), - array("", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""), - $str - ); - } else if ($stype == "xss") { - $farr = array("/\s+/", "/<(\/?)(script|META|STYLE|HTML|HEAD|BODY|STYLE |i?frame|b|strong|style|html|img|P|o:p|iframe|u|em|strike|BR|div|a|TABLE|TBODY|object|tr|td|st1:chsdate|FONT|span|MARQUEE|body|title|\r\n|link|meta|\?|\%)([^>]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",); - $tarr = array(" ", "", "\\1\\2",); - $str = preg_replace($farr, $tarr, $str); - $str = str_replace( - array("<", ">", "'", "\"", ";", "/*", "*", "../", "./"), - array("<", ">", "", "", "", "", "", "", ""), - $str - ); - } - return $str; -} ?> \ No newline at end of file diff --git a/src/system/libraries/splitword.class.php b/src/system/libraries/splitword.class.php index b5a67a72..69c92e53 100755 --- a/src/system/libraries/splitword.class.php +++ b/src/system/libraries/splitword.class.php @@ -164,7 +164,6 @@ class SplitWord $this->targetCharSet = strtolower($target_charset); $this->simpleResult = array(); $this->finallyResult = array(); - $this->finallyIndex = array(); if ( $source != '' ) { $rs = TRUE; @@ -791,7 +790,7 @@ class SplitWord */ function _sort_finally_result() { - $newarr = array(); + $newarr = array(); $i = 0; foreach($this->simpleResult as $k=>$v) { @@ -815,6 +814,7 @@ class SplitWord $i++; } } + $this->finallyResult = $newarr; $newarr = ''; } diff --git a/src/system/taglib/infolink.lib.php b/src/system/taglib/infolink.lib.php index 32421b49..a0168aa8 100755 --- a/src/system/taglib/infolink.lib.php +++ b/src/system/taglib/infolink.lib.php @@ -32,6 +32,7 @@ function lib_infolink(&$ctag, &$refObj) $cmspath = ((empty($cfg_cmspath) || !preg_match("#\/$#", $cfg_cmspath)) ? $cfg_cmspath.'/' : $cfg_cmspath); $baseurl = preg_replace("#\/$#", '', $cfg_mainsite).$cmspath; $smalltypes = ''; + if($baseurl == "/") $baseurl = ""; if (!empty($refObj->TypeLink->TypeInfos['smalltypes'])) { $smalltypes = explode(',', $refObj->TypeLink->TypeInfos['smalltypes']); }