修正存在的注入问题

src/admin/sys_info.php

@@ -32,6 +32,7 @@ function ReWriteConfig()
             if ($row['value'] == '') $row['value'] = 0;
             fwrite($fp, "\${$row['varname']} = ".$row['value'].";\r\n");
         } else {
+            $row['value'] = stripslashes($row['value']);
             fwrite($fp, "\${$row['varname']} = '".str_replace("'", '', $row['value'])."';\r\n");
         }
     }
@@ -49,6 +50,9 @@ if ($dopost == "save") {
             continue;
         }
         $k = preg_replace("#^edit___#", "", $k);
+        
+        $v = $dsql->Esc($v);
+        $k = $dsql->Esc($k);
         $dsql->ExecuteNoneQuery("UPDATE `#@__sysconfig` SET `value`='$v' WHERE varname='$k' ");
     }
     ReWriteConfig();

src/system/database/dedesqli.class.php

@@ -189,6 +189,10 @@ class DedeSqli
 
     function Esc($_str)
     {
+        global $dsqli;
+        if (!$dsqli->isInit) {
+            $this->Init($this->pconnect);
+        }
         if (version_compare(phpversion(), '4.3.0', '>=')) {
             return @mysqli_real_escape_string($this->linkID, $_str);
         } else {

src/system/database/dedesqlite.class.php

@@ -163,7 +163,7 @@ class DedeSqlite
 
     function Esc($_str)
     {
-        return addslashes($_str);
+        return $this->linkID->escapeString($_str);
     }
 
     //执行一个不返回结果的SQL语句，如update,delete,insert等