DedeBIZ
/
DedeV6
关注 2
点赞 0
派生 0
代码 合并请求 0 版本发布 29 动态
浏览代码

关键词调整&&防注入调整

tags/6.5.6
tianya 4 天前
父节点
d569b7628e
当前提交
c10a54f418
共有 9 个文件被更改,包括 32 次插入62 次删除
合并视图
Diff 选项
显示统计 下载 Patch 文件 下载 Diff 文件
  1. +8
    -19
      src/admin/archives_do.php
  2. +2
    -1
      src/admin/article_edit.php
  3. +6
    -7
      src/admin/inc/inc_archives_functions.php
  4. +6
    -6
      src/system/archive/listview.class.php
  5. +4
    -3
      src/system/archive/searchview.class.php
  6. +2
    -2
      src/system/archive/sglistview.class.php
  7. +1
    -22
      src/system/extend.func.php
  8. +2
    -2
      src/system/libraries/splitword.class.php
  9. +1
    -0
      src/system/taglib/infolink.lib.php

+ 8
- 19
src/admin/archives_do.php 查看文件

@@ -624,7 +624,7 @@ else if ($dopost == "makekw") {
$title = $row['title']; $title = $row['title'];
$description = $row['description']; $description = $row['description'];
$body = cn_substr($row['body'], 3000); $body = cn_substr($row['body'], 3000);
$data = $client->Spliteword($title.Html2Text($body));
$data = $client->Spliteword($title." ".Html2Text($body));
$keywords = $data->data; $keywords = $data->data;
$description = str_replace(' ', ' ', trim($description)); $description = str_replace(' ', ' ', trim($description));
$description = str_replace('[', ' ', $description); $description = str_replace('[', ' ', $description);
@@ -638,7 +638,7 @@ else if ($dopost == "makekw") {
$client->Close(); $client->Close();
} else { } else {
include_once(DEDEINC.'/libraries/splitword.class.php'); include_once(DEDEINC.'/libraries/splitword.class.php');
$sp = new SplitWord($cfg_soft_lang, $cfg_soft_lang);
$sp = new SplitWord();
while ($row = $dsql->GetArray()) { while ($row = $dsql->GetArray()) {
//跳过已经有关键词文档 //跳过已经有关键词文档
if (trim($row['keywords']) != '') continue; if (trim($row['keywords']) != '') continue;
@@ -647,27 +647,16 @@ else if ($dopost == "makekw") {
$title = $row['title']; $title = $row['title'];
$description = $row['description']; $description = $row['description'];
$body = cn_substr($row['body'], 3000); $body = cn_substr($row['body'], 3000);
$sp->SetSource($title, $cfg_soft_lang, $cfg_soft_lang);
$sp->SetSource($title." ".Html2Text($body));
$sp->StartAnalysis(); $sp->StartAnalysis();
$titleindexs = preg_replace("/#p#|#e#/", '', $sp->GetFinallyIndex());
$sp->SetSource(Html2Text($body), $cfg_soft_lang, $cfg_soft_lang);
$sp->StartAnalysis();
$allindexs = preg_replace("/#p#|#e#/", '', $sp->GetFinallyIndex());
if (is_array($allindexs) && is_array($titleindexs)) {
foreach ($titleindexs as $k => $v) {
$indexs = preg_replace("/#p#|#e#/", '', $sp->GetFinallyIndex());
if (is_array($indexs)) {
foreach ($indexs as $k => $v) {
if (strlen($keywords.$k) >= 60) { if (strlen($keywords.$k) >= 60) {
break; break;
} else { } else {
if (strlen($k) <= 6) continue;
$keywords .= $k.',';
}
}
foreach ($allindexs as $k => $v) {
if (strlen($keywords.$k) >= 60) {
break;
} else if (!in_array($k, $titleindexs)) {
if (strlen($k) <= 6) continue;
$keywords .= $k.',';
if (strlen($k) < 6) continue;
$keywords .= ($keywords == '' ? "{$k}" : ",{$k}");
} }
} }
} }


+ 2
- 1
src/admin/article_edit.php 查看文件

@@ -75,7 +75,7 @@ if ($dopost != 'save') {
$senddate = GetMkTime($senddate); $senddate = GetMkTime($senddate);
$sortrank = AddDay($pubdate, $sortup); $sortrank = AddDay($pubdate, $sortup);
$ismake = $ishtml == 0 ? -1 : 0; $ismake = $ishtml == 0 ? -1 : 0;
$autokey = 1;
$title = dede_htmlspecialchars(cn_substrR($title, $cfg_title_maxlen)); $title = dede_htmlspecialchars(cn_substrR($title, $cfg_title_maxlen));
$shorttitle = cn_substrR($shorttitle, 255); $shorttitle = cn_substrR($shorttitle, 255);
$color = cn_substrR($color, 7); $color = cn_substrR($color, 7);
@@ -83,6 +83,7 @@ if ($dopost != 'save') {
$source = cn_substrR($source, 255); $source = cn_substrR($source, 255);
$description = cn_substrR($description, 255); $description = cn_substrR($description, 255);
$keywords = trim(cn_substrR($keywords, 255)); $keywords = trim(cn_substrR($keywords, 255));
if (empty($keywords)) $autokey = 1;
$filename = trim(cn_substrR($filename, 50)); $filename = trim(cn_substrR($filename, 50));
$isremote = 0; $isremote = 0;
$serviterm = empty($serviterm) ? "" : $serviterm; $serviterm = empty($serviterm) ? "" : $serviterm;


+ 6
- 7
src/admin/inc/inc_archives_functions.php 查看文件

@@ -508,7 +508,7 @@ function PrintAutoFieldsEdit(&$fieldset, &$fieldValues, $loadtype = 'all')
*/ */
function AnalyseHtmlBody($body, &$description, &$litpic, &$keywords, $dtype = '') function AnalyseHtmlBody($body, &$description, &$litpic, &$keywords, $dtype = '')
{ {
global $autolitpic, $remote, $dellink, $autokey, $cfg_basehost, $cfg_auot_description, $id, $title, $cfg_soft_lang, $cfg_bizcore_appid, $cfg_bizcore_key, $cfg_bizcore_hostname, $cfg_bizcore_port;
global $autolitpic, $remote, $dellink, $autokey, $cfg_basehost, $cfg_auot_description, $id, $title, $cfg_bizcore_appid, $cfg_bizcore_key;
$autolitpic = (empty($autolitpic) ? '' : $autolitpic); $autolitpic = (empty($autolitpic) ? '' : $autolitpic);
$body = stripslashes($body); $body = stripslashes($body);
//远程图片本地化 //远程图片本地化
@@ -536,7 +536,7 @@ function AnalyseHtmlBody($body, &$description, &$litpic, &$keywords, $dtype = ''
} }
//自动获取关键词 //自动获取关键词
if ($autokey == 1) { if ($autokey == 1) {
$subject = $title;
$subject = $title." ".Html2Text($body);
//采用DedeBIZ Core分词组件分词 //采用DedeBIZ Core分词组件分词
if (!empty($cfg_bizcore_appid) && !empty($cfg_bizcore_key)) { if (!empty($cfg_bizcore_appid) && !empty($cfg_bizcore_key)) {
$keywords = ''; $keywords = '';
@@ -550,14 +550,13 @@ function AnalyseHtmlBody($body, &$description, &$litpic, &$keywords, $dtype = ''
$sp = new SplitWord(); $sp = new SplitWord();
$sp->SetSource($subject); $sp->SetSource($subject);
$sp->StartAnalysis(); $sp->StartAnalysis();
$titleindexs = preg_replace("/#p#|#e#/", '', $sp->GetFinallyIndex());
$sp->StartAnalysis();
if (is_array($titleindexs)) {
foreach ($titleindexs as $k => $v) {
$indexs = preg_replace("/#p#|#e#/", '', $sp->GetFinallyIndex());
if (is_array($indexs)) {
foreach ($indexs as $k => $v) {
if (strlen($keywords.$k) >= 60) { if (strlen($keywords.$k) >= 60) {
break; break;
} else { } else {
if (strlen($k) <= 6) continue;
if (strlen($k) < 6) continue;
$keywords .= ($keywords == '' ? "{$k}" : ",{$k}"); $keywords .= ($keywords == '' ? "{$k}" : ",{$k}");
} }
} }


+ 6
- 6
src/system/archive/listview.class.php 查看文件

@@ -76,7 +76,7 @@ class ListView
if (isset($_REQUEST['tid'])) { if (isset($_REQUEST['tid'])) {
foreach($_GET as $key => $value) { foreach($_GET as $key => $value) {
if (!in_array($key,$this->_parms)) { if (!in_array($key,$this->_parms)) {
$this->Fields[string_filter($key)] = string_filter(urldecode($value));
$this->Fields[$key] = RemoveXSS(urldecode($value));
} }
} }
} }
@@ -108,7 +108,7 @@ class ListView
exit; exit;
} }
} }
$this->Fields['rsslink'] = $GLOBALS['cfg_cmsurl']."/static/rss/".$this->TypeID.".xml";
$this->Fields['rsslink'] = $GLOBALS['cfg_cmsurl']."static/rss/".$this->TypeID.".xml";
//设置环境变量 //设置环境变量
SetSysEnv($this->TypeID, $this->Fields['typename'], 0, '', 'list'); SetSysEnv($this->TypeID, $this->Fields['typename'], 0, '', 'list');
$this->Fields['typeid'] = $this->TypeID; $this->Fields['typeid'] = $this->TypeID;
@@ -178,7 +178,7 @@ class ListView
} }
if (isset($_REQUEST['tid'])) { if (isset($_REQUEST['tid'])) {
foreach ($_GET as $key => $value) { foreach ($_GET as $key => $value) {
$filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".string_filter($key)." = '".string_filter(urldecode($value))."'" : '';
$filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".HtmlReplace($key, -1)." = '".HtmlReplace(urldecode($value), -1)."'" : '';
} }
} }
} else { } else {
@@ -467,7 +467,7 @@ class ListView
if (isset($_REQUEST['tid'])) { if (isset($_REQUEST['tid'])) {
foreach($_GET as $key => $value) foreach($_GET as $key => $value)
{ {
$filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".string_filter($key)." = '".string_filter(urldecode($value))."'" : '';
$filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".HtmlReplace($key, -1)." = '".HtmlReplace(urldecode($value), -1)."'" : '';
} }
} }
} else { } else {
@@ -893,7 +893,7 @@ class ListView
if (isset($_REQUEST['tid'])) { if (isset($_REQUEST['tid'])) {
foreach($_GET as $key => $value) foreach($_GET as $key => $value)
{ {
$filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".string_filter($key)." = '".string_filter(urldecode($value))."'" : '';
$filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".HtmlReplace($key, -1)." = '".HtmlReplace(urldecode($value), -1)."'" : '';
} }
} }
} else { } else {
@@ -1156,7 +1156,7 @@ class ListView
//添加联动单筛选 //添加联动单筛选
$pageaddurl = ''; $pageaddurl = '';
foreach($_GET as $key => $value) { foreach($_GET as $key => $value) {
$pageaddurl .= ($key!="tid" && $key!="TotalResult" && $key!="PageNo" && $key!="PageSize" && $key!="mod") ? "&".string_filter($key)."=".string_filter($value) : '';
$pageaddurl .= ($key!="tid" && $key!="TotalResult" && $key!="PageNo" && $key!="PageSize" && $key!="mod") ? "&".RemoveXSS($key)."=".RemoveXSS($value) : '';
} }
//获得上页和下页的链接 //获得上页和下页的链接
if ($this->PageNo != 1) { if ($this->PageNo != 1) {


+ 4
- 3
src/system/archive/searchview.class.php 查看文件

@@ -171,8 +171,8 @@ class SearchView
$keywords = preg_replace("/[ ]{1,}/", " ", $keywords); $keywords = preg_replace("/[ ]{1,}/", " ", $keywords);
$client->Close(); $client->Close();
} else { } else {
$sp = new SplitWord($cfg_soft_lang, $cfg_soft_lang);
$sp->SetSource($keyword, $cfg_soft_lang, $cfg_soft_lang);
$sp = new SplitWord();
$sp->SetSource($keyword);
$sp->SetResultType(2); $sp->SetResultType(2);
$sp->StartAnalysis(TRUE); $sp->StartAnalysis(TRUE);
$keywords = $sp->GetFinallyResult(); $keywords = $sp->GetFinallyResult();
@@ -180,7 +180,7 @@ class SearchView
ksort($idx_keywords); ksort($idx_keywords);
$keywords = $keyword.' '; $keywords = $keyword.' ';
foreach ($idx_keywords as $key => $value) { foreach ($idx_keywords as $key => $value) {
if (strlen($key) <= 3) {
if (strlen($key) < 6) {
continue; continue;
} }
$keywords .= ' '.$key; $keywords .= ' '.$key;
@@ -657,6 +657,7 @@ class SearchView
$totalpage = ceil($this->SearchMaxRc / $this->pagesize); $totalpage = ceil($this->SearchMaxRc / $this->pagesize);
} }
$infos = "<li class='page-item disabled'><span class='page-link'>{$totalpage}页".$this->TotalResult."条</span></li>"; $infos = "<li class='page-item disabled'><span class='page-link'>{$totalpage}页".$this->TotalResult."条</span></li>";
$geturl = "";
//$geturl = "keyword=".urlencode($oldkeyword)."&searchtype=".$this->SearchType; //$geturl = "keyword=".urlencode($oldkeyword)."&searchtype=".$this->SearchType;
//$geturl .= "&channeltype=".$this->ChannelType."&orderby=".$this->OrderBy; //$geturl .= "&channeltype=".$this->ChannelType."&orderby=".$this->OrderBy;
//$geturl .= "&kwtype=".$this->KType."&pagesize=".$this->pagesize; //$geturl .= "&kwtype=".$this->KType."&pagesize=".$this->pagesize;


+ 2
- 2
src/system/archive/sglistview.class.php 查看文件

@@ -367,7 +367,7 @@ class SgListView
} else if ($orderby == "senddate") { } else if ($orderby == "senddate") {
$ordersql = " ORDER BY arc.senddate $orderWay"; $ordersql = " ORDER BY arc.senddate $orderWay";
} else if ($orderby == "id") { } else if ($orderby == "id") {
$ordersql = " ORDER BY arc.id $orderWay";
$ordersql = " ORDER BY arc.aid $orderWay";
} else if ($orderby == "hot" || $orderby == "click") { } else if ($orderby == "hot" || $orderby == "click") {
$ordersql = " ORDER BY arc.click $orderWay"; $ordersql = " ORDER BY arc.click $orderWay";
} else if($orderby == "weight") { } else if($orderby == "weight") {
@@ -724,7 +724,7 @@ class SgListView
} else if ($orderby == "senddate") { } else if ($orderby == "senddate") {
$ordersql = " ORDER BY arc.senddate $orderWay"; $ordersql = " ORDER BY arc.senddate $orderWay";
} else if ($orderby == "id") { } else if ($orderby == "id") {
$ordersql = " ORDER BY arc.id $orderWay";
$ordersql = " ORDER BY arc.aid $orderWay";
} else if ($orderby == "hot" || $orderby == "click") { } else if ($orderby == "hot" || $orderby == "click") {
$ordersql = " ORDER BY arc.click $orderWay"; $ordersql = " ORDER BY arc.click $orderWay";
} else if($orderby == "weight") { } else if($orderby == "weight") {


+ 1
- 22
src/system/extend.func.php 查看文件

@@ -85,7 +85,7 @@ function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0,
$tid = $toptid==0 ? $tidsq["typeid"] : $tidsq["topid"]; $tid = $toptid==0 ? $tidsq["typeid"] : $tidsq["topid"];
} }
$nofilter = (isset($_REQUEST['TotalResult']) ? "&TotalResult=".$_REQUEST['TotalResult'] : '').(isset($_REQUEST['PageNo']) ? "&PageNo=".$_REQUEST['PageNo'] : ''); $nofilter = (isset($_REQUEST['TotalResult']) ? "&TotalResult=".$_REQUEST['TotalResult'] : '').(isset($_REQUEST['PageNo']) ? "&PageNo=".$_REQUEST['PageNo'] : '');
$filterarr = string_filter(stripos($_SERVER['REQUEST_URI'], "list.php?tid=") ? str_replace($nofilter, '', $_SERVER['REQUEST_URI']) : $GLOBALS['cfg_cmsurl']."/apps/list.php?tid=".$tid);
$filterarr = stripos($_SERVER['REQUEST_URI'], "list.php?tid=") ? str_replace($nofilter, '', $_SERVER['REQUEST_URI']) : $GLOBALS['cfg_cmsurl']."apps/list.php?tid=".$tid;
$cInfos = $dsql->GetOne("SELECT * FROM `#@__channeltype` WHERE id='$channelid'"); $cInfos = $dsql->GetOne("SELECT * FROM `#@__channeltype` WHERE id='$channelid'");
$fieldset=$cInfos['fieldset']; $fieldset=$cInfos['fieldset'];
$dtp = new DedeTagParse(); $dtp = new DedeTagParse();
@@ -152,25 +152,4 @@ function litimgurls($imgid = 0)
$lit_imglist = $ChannelUnit->GetlitImgLinks($row['imgurls']); $lit_imglist = $ChannelUnit->GetlitImgLinks($row['imgurls']);
return $lit_imglist; return $lit_imglist;
} }
//联动单筛选字符过滤函数
function string_filter($str, $stype = "inject")
{
if ($stype == "inject") {
$str = str_replace(
array("select", "insert", "update", "delete", "alter", "cas", "union", "into", "load_file", "outfile", "create", "join", "where", "like", "drop", "modify", "rename", "'", "/*", "*", "../", "./"),
array("", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""),
$str
);
} else if ($stype == "xss") {
$farr = array("/\s+/", "/<(\/?)(script|META|STYLE|HTML|HEAD|BODY|STYLE |i?frame|b|strong|style|html|img|P|o:p|iframe|u|em|strike|BR|div|a|TABLE|TBODY|object|tr|td|st1:chsdate|FONT|span|MARQUEE|body|title|\r\n|link|meta|\?|\%)([^>]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",);
$tarr = array(" ", "", "\\1\\2",);
$str = preg_replace($farr, $tarr, $str);
$str = str_replace(
array("<", ">", "'", "\"", ";", "/*", "*", "../", "./"),
array("&lt;", "&gt;", "", "", "", "", "", "", ""),
$str
);
}
return $str;
}
?> ?>

+ 2
- 2
src/system/libraries/splitword.class.php 查看文件

@@ -164,7 +164,6 @@ class SplitWord
$this->targetCharSet = strtolower($target_charset); $this->targetCharSet = strtolower($target_charset);
$this->simpleResult = array(); $this->simpleResult = array();
$this->finallyResult = array(); $this->finallyResult = array();
$this->finallyIndex = array();
if ( $source != '' ) if ( $source != '' )
{ {
$rs = TRUE; $rs = TRUE;
@@ -791,7 +790,7 @@ class SplitWord
*/ */
function _sort_finally_result() function _sort_finally_result()
{ {
$newarr = array();
$newarr = array();
$i = 0; $i = 0;
foreach($this->simpleResult as $k=>$v) foreach($this->simpleResult as $k=>$v)
{ {
@@ -815,6 +814,7 @@ class SplitWord
$i++; $i++;
} }
} }
$this->finallyResult = $newarr; $this->finallyResult = $newarr;
$newarr = ''; $newarr = '';
} }


+ 1
- 0
src/system/taglib/infolink.lib.php 查看文件

@@ -32,6 +32,7 @@ function lib_infolink(&$ctag, &$refObj)
$cmspath = ((empty($cfg_cmspath) || !preg_match("#\/$#", $cfg_cmspath)) ? $cfg_cmspath.'/' : $cfg_cmspath); $cmspath = ((empty($cfg_cmspath) || !preg_match("#\/$#", $cfg_cmspath)) ? $cfg_cmspath.'/' : $cfg_cmspath);
$baseurl = preg_replace("#\/$#", '', $cfg_mainsite).$cmspath; $baseurl = preg_replace("#\/$#", '', $cfg_mainsite).$cmspath;
$smalltypes = ''; $smalltypes = '';
if($baseurl == "/") $baseurl = "";
if (!empty($refObj->TypeLink->TypeInfos['smalltypes'])) { if (!empty($refObj->TypeLink->TypeInfos['smalltypes'])) {
$smalltypes = explode(',', $refObj->TypeLink->TypeInfos['smalltypes']); $smalltypes = explode(',', $refObj->TypeLink->TypeInfos['smalltypes']);
} }


撰写 预览
正在加载...
取消
保存