преди 2 години · dea2be9799
--- a/src/admin/album_testhtml.php
+++ b/src/admin/album_testhtml.php
@@ -11,7 +11,7 @@
 require_once(dirname(__FILE__)."/config.php");
 AjaxHead();
 $myhtml = UnicodeUrl2Gbk(stripslashes($myhtml));
 echo "<div class='coolbg61'>[<a href='javascript:;' onclick='javascript:HideObj(\"_myhtml\")'>关闭</a>]</div>\r\n";
 echo "<div class='coolbg61'><a href='javascript:;' onclick='javascript:HideObj(\"_myhtml\")'>关闭</a></div>\r\n";
 preg_match_all("/(src|SRC)=[\"|'| ]{0,}(http:\/\/(.*)\.(gif|jpg|jpeg|png))/isU", $myhtml, $img_array);
 $img_array = array_unique($img_array[2]);
 echo "<div class='coolbg62'><xmp>";
--- a/src/admin/content_tj.php
+++ b/src/admin/content_tj.php
@@ -1,50 +0,0 @@
 <?php
 /**
 * 文档统计
 *
 * @version        $id:content_tj.php 14:31 2010年7月12日 tianya $
 * @package        DedeBIZ.Administrator
 * @copyright      Copyright (c) 2022 DedeBIZ.COM
 * @license        https://www.dedebiz.com/license
 * @link           https://www.dedebiz.com
 */
 require_once(dirname(__FILE__)."/config.php");
 CheckPurview('sys_ArcTj');
 $row1 = $dsql->GetOne("SELECT COUNT(*) AS dd FROM `#@__arctiny` ");
 $row2 = $dsql->GetOne("SELECT COUNT(*) AS dd FROM `#@__feedback` ");
 $row3 = $dsql->GetOne("SELECT COUNT(*) AS dd FROM `#@__member` ");
 /**
 *  获取文档
 *
 * @param     object  $dsql
 * @param     string  $ordertype  排序类型
 * @return    string
 */
 function GetArchives($dsql, $ordertype)
 {
    $starttime = time() - (24 * 3600 * 30);
    if ($ordertype == 'monthFeedback' || $ordertype == 'monthHot') {
        $swhere = " where senddate>$starttime ";
    } else {
        $swhere = "";
    }
    if (preg_match("#feedback#", $ordertype)) {
        $ordersql = " ORDER BY scores DESC ";
    } else {
        $ordersql = " ORDER BY click DESC ";
    }
    $query = "SELECT id,title,click,scores FROM `#@__archives` $swhere $ordersql LIMIT 0,30 ";
    $dsql->SetQuery($query);
    $dsql->Execute('ga');
    while ($row = $dsql->GetObject('ga')) {
        if (preg_match("#feedback#i", $ordertype)) {
            $moreinfo = "[<a target='_blank' href='".$GLOBALS['cfg_phpurl']."/feedback.php?aid={$row->id}'>评论：{$row->scores}</a>]";
        } else {
            $moreinfo = "[点击：{$row->click}]";
        }
        echo "·<a href='archives_do.php?aid={$row->id}&dopost=viewArchives' target='_blank'>";
        echo cn_substr($row->title, 30)."</a>{$moreinfo}<br>\r\n";
    }
 }
 include DedeInclude('templets/content_tj.htm');
 ?>
--- a/src/admin/dialog/config.php
+++ b/src/admin/dialog/config.php
@@ -21,7 +21,7 @@ $s_scriptName = $dedeNowurls[0];
 $cuserLogin = new userLogin();
 if ($cuserLogin->getUserID() <= 0) {
    if (empty($adminDirHand)) {
        ShowMsg("提示：需输入后台管理目录才能登录<br><form>请输入后台管理目录名：<input type='hidden' name='gotopage' value='".urlencode($dedeNowurl)."'><input type='text' name='adminDirHand' value='dede' style='width:160px'><input type='submit' name='sbt' value='转入登录' style='width:80px'></form>", "javascript:;");
        ShowMsg("提示：需要输入后台管理目录才能登录<br><form>请输入后台管理目录名：<input type='hidden' name='gotopage' value='".urlencode($dedeNowurl)."'><input type='text' name='adminDirHand' value='dede'><input type='submit' name='sbt' value='前往登录'></form>", "javascript:;");
        exit();
    }
    $adminDirHand = HtmlReplace($adminDirHand, 1);
--- a/src/admin/dialog/select_images.php
+++ b/src/admin/dialog/select_images.php
@@ -146,11 +146,11 @@ html{background:#f5f5f5}
                    <input type="hidden" name="imgstick" value="<?php echo $imgstick ?>">
                    <input type="hidden" name="CKEditorFuncNum" value="<?php echo isset($CKEditorFuncNum) ? $CKEditorFuncNum : 1;?>">
                    <input type="hidden" name="job" value="upload">
                    上传：<input type="file" name="imgfile" class="w-50">
                    <label><input type="checkbox" name="needwatermark" value="1" <?php if ($photo_markup == '1') echo "checked";?> /> 水印 </label>
                    <label><input type="checkbox" name="resize" value="1"> 缩小 </label>
                    宽：<input type="text" name="iwidth" value="<?php echo $cfg_ddimg_width ?>" class="admin-input-xs">
                    高：<input type="text" name="iheight" value="<?php echo $cfg_ddimg_height ?>" class="admin-input-xs">
                    <span>选择：<input type="file" name="imgfile" class="w-50"></span>
                    <label><input type="checkbox" name="needwatermark" value="1" <?php if ($photo_markup == '1') echo "checked";?>> 水印</label>
                    <label><input type="checkbox" name="resize" value="1"> 缩小</label>
                    <span>宽：<input type="text" name="iwidth" value="<?php echo $cfg_ddimg_width ?>" class="admin-input-xs"></span>
                    <span>高：<input type="text" name="iheight" value="<?php echo $cfg_ddimg_height ?>" class="admin-input-xs"></span>
                    <button type="submit" name="sb1" class="btn btn-success btn-sm">上传</button>
                </form>
            </td>
--- a/src/admin/dialog/select_media.php
+++ b/src/admin/dialog/select_media.php
@@ -78,7 +78,7 @@ html{background:#f5f5f5}
                    <input type="hidden" name="f" value="<?php echo $f ?>">
                    <input type="hidden" name="job" value="upload">
                    <input type="hidden" name="CKEditorFuncNum" value="<?php echo isset($CKEditorFuncNum) ? $CKEditorFuncNum : 1;?>">
                    上传：<input type="file" name="uploadfile" class="w-75">
                    <span>选择：<input type="file" name="uploadfile" class="w-75"></span>
                    <button type="submit" name="sb1" class="btn btn-success btn-sm">上传</button>
                </form>
            </td>
--- a/src/admin/dialog/select_media_post.php
+++ b/src/admin/dialog/select_media_post.php
@@ -13,7 +13,6 @@ $cfg_softtype = $cfg_mediatype."|mp4";
 $cfg_soft_dir = $cfg_other_medias;
 $bkurl = 'select_media.php';
 $uploadmbtype = "多媒体文件类型";

 if (empty($activepath)) {
    $activepath = '';
    $activepath = str_replace('.', '', $activepath);
--- a/src/admin/dialog/select_mimages.php
+++ b/src/admin/dialog/select_mimages.php
@@ -41,9 +41,9 @@ button+button{margin-left:10px}
 <div id="wrap">
 	<div id="topbar">
        <label><input type="checkbox" name="isWater" id="isWater" <?php if ($photo_markup == '1') echo "checked";?>> 是否水印</label>
        <button class="addfile">添加文件</button>
        <button class="addfile">添加图片</button>
        <button class="removeall">清空图片</button>
        <button class="upall">全部上传</button>
        <button class="removeall">清空列表</button>
    </div>
 	<ul id="file_list"></ul>
 </div>
--- a/src/admin/dialog/select_soft.php
+++ b/src/admin/dialog/select_soft.php
@@ -82,8 +82,8 @@ html{background:#f5f5f5}
                    <input type="hidden" name="activepath" value="<?php echo $activepath ?>">
                    <input type="hidden" name="f" value="<?php echo $f ?>">
                    <input type="hidden" name="job" value="upload">
                    上传：<input type="file" name="uploadfile" class="w-50">
                    改名：<input type="text" name="newname" class="admin-input-sm">
                    <span>选择：<input type="file" name="uploadfile" class="w-50"></span>
                    <span>改名：<input type="text" name="newname" class="admin-input-sm"></span>
                    <button type="submit" name="sb1" class="btn btn-success btn-sm">保存</button>
                </form>
            </td>
--- a/src/admin/dialog/select_templets.php
+++ b/src/admin/dialog/select_templets.php
@@ -63,8 +63,8 @@ html{background:#f5f5f5}
                    <input type="hidden" name="activepath" value="<?php echo $activepath ?>">
                    <input type="hidden" name="f" value="<?php echo $f ?>">
                    <input type="hidden" name="job" value="upload">
                    上传：<input type="file" name="uploadfile" class="w-50">
                    改名：<input type="text" name="filename" class="admin-input-sm">
                    <span>选择：<input type="file" name="uploadfile" class="w-50"></span>
                    <span>改名：<input type="text" name="filename" class="admin-input-sm"></span>
                    <button type="submit" name="sb1" class="btn btn-success btn-sm">保存</button>
                </form>
            </td>
--- a/src/admin/index_body.php
+++ b/src/admin/index_body.php
@@ -51,7 +51,7 @@ else if ($dopost == 'setskin') {
            if (trim($row['editcon'])==''){
                $row['editcon'] = 'archives_edit.php';
            }
            $rowarcrank = $row['arcrank']==-1? " <span class='text-danger'>[未审核]</span>":"";
            $rowarcrank = $row['arcrank']==-1? " <span class='btn btn-danger btn-xs'>未审核</span>":"";
            $pubdate = GetDateMk($row['pubdate']);
            echo "<tr><td><a href='{$row['editcon']}?aid={$row['id']}&channelid={$row['channel']}'>{$row['title']}</a>{$rowarcrank}</td><td width='90'>{$pubdate}</td></tr>";
        }
--- a/src/admin/index_testenv.php
+++ b/src/admin/index_testenv.php
@@ -126,23 +126,23 @@ if (preg_match("#[\\|/]admin[\\|/]#", $dirname)) {
 	$safeMsg[] = '后台管理登录默认名称admin，建议您进行修改';
 }
 if (IsWritable(DEDEDATA.'/common.inc.php')) {
 	$safeMsg[] = '数据配置data/common.inc.php文件，需要以管理员权限设置禁止写入和执行';
 	$safeMsg[] = '数据库配置data/common.inc.php文件，建议您以管理员权限设置禁止写入和执行';
 }
 if (!IsSSL()) {
 	$safeMsg[] = '站点尚未启用HTTPS，建议您配置HTTPS';
 	$safeMsg[] = '网址非安全链接，建议您配置HTTPS';
 }
 if (version_compare(PHP_VERSION, '5.3.0', '<')) {
 	$safeMsg[] = 'PHP版本过低会无法正常使用系统，需要升级到PHP7.X';
 	$safeMsg[] = 'PHP版本过低会无法正常使用系统，建议您升级到PHP7.X';
 }
 if (!DEDEBIZ_SAFE_MODE) {
 	$safeMsg[] = '系统运行环境为：开发模式，建议启用安全模式 <a href="index_body.php?dopost=safe_mode" class="text-danger">[查看]</a>';
 	$safeMsg[] = '系统运行环境为开发模式，建议您启用安全模式 <a href="index_body.php?dopost=safe_mode" class="btn btn-success btn-xs">查看</a>';
 }
 $rs = TestAdminPWD();
 if ($rs < 0) {
 	$linkurl = '<a href="sys_admin_user.php" class="text-danger">[修改]</span>';
 	$linkurl = '<a href="sys_admin_user.php" class="btn btn-success btn-xs">修改</a>';
 	switch ($rs) {
 		case -1:
 			$msg = "管理员默认名称admin没有修改，建议您修改 {$linkurl}";
 			$msg = "管理员默认名称没有修改，建议您修改 {$linkurl}";
 			break;
 		case -2:
 			$msg = "管理员默认名称和密码没有修改，建议您修改 {$linkurl}";
@@ -159,7 +159,7 @@ if (count($safeMsg) > 0) {
 		$i = 1;
 		foreach ($safeMsg as $key => $val) {
 		?>
 		<div><?php echo $i;?>、<?php echo $val;?></div>
 		<div class="my-1"><?php echo $i;?>、<?php echo $val;?></div>
 		<?php
 		$i++;
 		}
--- a/src/admin/module_upload.php
+++ b/src/admin/module_upload.php
@@ -19,7 +19,7 @@ if (empty($action)) $action = '';
 $mdir = DEDEDATA.'/module';
 if ($action == 'upload') {
    if (!is_uploaded_file($upfile)) {
        ShowMsg("您什么都没有上传", "javascript:;");
        ShowMsg("请选择要上传的模块文件", "javascript:;");
        exit();
    } else {
        include_once(DEDEINC."/libraries/zip.class.php");
@@ -30,7 +30,7 @@ if ($action == 'upload') {
        if (empty($infos['hash'])) {
            unlink($tmpfilename);
            $dm->Clear();
            ShowMsg("您上传的插件不是模块格式文件，<a href='javascript:history.go(-1);'>重新上传</a>", "javascript:;");
            ShowMsg("您上传的插件不是正常模块格式文件，<a href='javascript:history.go(-1);'>重新上传</a>", "javascript:;");
            exit();
        }
        if (preg_match("#[^0-9a-zA-Z]#", $infos['hash'])) {
@@ -40,7 +40,7 @@ if ($action == 'upload') {
        if ($dm->HasModule($infos['hash']) && empty($delhas)) {
            unlink($tmpfilename);
            $dm->Clear();
            ShowMsg("您上传的模块已存在，请删除原模块文件或强制删除同名模块上传，<a href='javascript:history.go(-1);'>重新上传</a>", "javascript:;");
            ShowMsg("您上传的模块已存在，请删除原模块文件或强制同名模块上传，<a href='javascript:history.go(-1);'>重新上传</a>", "javascript:;");
            exit();
        }
        @unlink($okfile);
@@ -55,19 +55,19 @@ if ($action == 'upload') {
    $win->Init("module_upload.php", "js/blank.js", "POST' enctype='multipart/form-data");
    $win->mainTitle = "模块管理";
    $wecome_info = "<a href='module_main.php'>模块管理</a> &gt; 上传模块";
    $win->AddTitle('请选择要上传的文件');
    $win->AddTitle('请选择要上传的模块文件');
    $win->AddHidden("action", 'upload');
    $msg = "<table width='900' cellspacing='0' cellpadding='0'>
    $msg = "<table width='98%' cellspacing='0' cellpadding='0'>
    <tr>
        <td width='260'>文件格式：</td>
        <td><label><input type='radio' name='filetype' value='0' checked='checked'> 正常的模块包</label></td>
        <td><label><input type='radio' name='filetype' value='0' checked='checked'> 正常模块格式</label></td>
    </tr>
    <tr>
        <td>已有模块：</td>
        <td><label><input type='checkbox' name='delhas' id='delhas' value='1'> 强制删除同名模块，这可能导致已经安装的模块无法卸载</label></td>
        <td><label><input type='checkbox' name='delhas' id='delhas' value='1'> 是否删除同名模块可能会导致已经安装模块无法卸载</label></td>
    </tr>
    <tr>
        <td>请选择文件：</td>
        <td>选择文件：</td>
        <td><input name='upfile' type='file' id='upfile' class='admin-input-lg'></td>
    </tr>
    </table>";
--- a/src/admin/mychannel_edit.php
+++ b/src/admin/mychannel_edit.php
@@ -298,13 +298,12 @@ else if ($dopost == "gettemplets") {
    $win->AddTitle("栏目<span class='text-primary'>".$row['typename']."</span>默认模板文件说明");
    $defaulttemplate = $cfg_templets_dir.'/'.$cfg_df_style;
    $msg = "
        文档模板：{$defaulttemplate}/article_{$row['nid']}.htm
        <a href='tpl.php?acdir={$cfg_df_style}&action=edit&filename=article_{$row['nid']}.htm'>[修改]</a><br>
        列表模板：{$defaulttemplate}/list_{$row['nid']}.htm
        <a href='tpl.php?acdir={$cfg_df_style}&action=edit&filename=list_{$row['nid']}.htm'>[修改]</a>
        <br>
        封面栏目模板：{$defaulttemplate}/index_{$row['nid']}.htm
        <a href='tpl.php?acdir={$cfg_df_style}&action=edit&filename=index_{$row['nid']}.htm'>[修改]</a>
        <span>文档模板：{$defaulttemplate}/article_{$row['nid']}.htm</span>
        <a href='tpl.php?acdir={$cfg_df_style}&action=edit&filename=article_{$row['nid']}.htm' class='btn btn-success btn-xs'>修改</a><br>
        <span>列表模板：{$defaulttemplate}/list_{$row['nid']}.htm</span>
        <a href='tpl.php?acdir={$cfg_df_style}&action=edit&filename=list_{$row['nid']}.htm' class='btn btn-success btn-xs'>修改</a><br>
        <span>封面栏目模板：{$defaulttemplate}/index_{$row['nid']}.htm</span>
        <a href='tpl.php?acdir={$cfg_df_style}&action=edit&filename=index_{$row['nid']}.htm' class='btn btn-success btn-xs'>修改</a>
    ";
    $win->AddMsgItem("$msg");
    $winform = $win->GetWindow("hand", "");
--- a/src/admin/templets/content_tj.htm
+++ b/src/admin/templets/content_tj.htm
@@ -1,43 +0,0 @@
 <!DOCTYPE html>
 <html>
 	<head>
 		<meta charset="utf-8">
 		<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">
 		<title>文档信息统计</title>
 		<link rel="stylesheet" href="../static/web/css/admin.css">
 	</head>
 	<body>
 		<table width="98%" cellpadding="3" cellspacing="1" align="center">
 			<tr>
 				<td bgcolor="#f5f5f5" colspan="2">文档信息统计</td>
 			</tr>
 			<tr>
 				<td width="260">综合信息统计：</td>
 				<td>文档总数：<?php echo $row1['dd']?> 评论总数：<?php echo $row2['dd']?> 会员总数：<?php echo $row3['dd']?></td>
 			</tr>
 			<tr>
 				<td>栏目信息统计：</td>
 				<td>
 					<table width="300" cellpadding="1" cellspacing="1">
 						<tr align="center">
 							<td width="140">栏目名称</td>
 							<td>文档总数</td>
 						</tr>
 						<?php
 						$arcs = array();
 						$dsql->Execute("aaa","Select channel,count(channel) as dd From `#@__archives`  group by channel");
 						while($row = $dsql->GetArray("aaa")) $arcs[$row['channel']] = $row['dd'];
 						$dsql->Execute("me","Select id,typename From `#@__channeltype`");
 						while($row = $dsql->GetObject()){
 						?>
 						<tr align="center">
 							<td><?php echo $row->typename?></td>
 							<td>[<?php echo (isset($arcs[$row->id]) ? $arcs[$row->id] : 0 );?>]</td>
 						</tr>
 						<?php }?>
 					</table>
 				</td>
 			</tr>
 		</table>
 	</body>
 </html>
--- a/src/admin/templets/freelist_main.htm
+++ b/src/admin/templets/freelist_main.htm
@@ -20,7 +20,7 @@
 			function ReloadPage(ordertype) {
 				orderby = ordertype;
 				var listArea = $Obj('rslist');
 				var errMsg = "网络通信出错<br>[<a href=\"javascript:ReloadPage('" + ordertype + "')\">点击此重新加载列表</a>]";
 				var errMsg = "网络通信出错<br><a href=\"javascript:ReloadPage('" + ordertype + "')\">重新加载列表</a>";
 				fetch("freelist_main.php?dopost=getlist&pageno=" + pageno + "&orderby=" + ordertype + addget).then(resp=>resp.text()).then((d)=>{
 					listArea.innerHTML = d;
 				}).catch((error) => {
@@ -48,7 +48,7 @@
 					totalrow = totalrow - 1;
 					var pagenum = Math.ceil(totalrow / pagesize);
 					if (pagenum <= pageno) pageno = pagenum;
 					var errMsg = "网络通信出错<br>[<a href=\"javascript:LoadPage('" + pageno + "')\">点击此重新加载列表</a>]";
 					var errMsg = "网络通信出错<br><a href=\"javascript:LoadPage('" + pageno + "')\">重新加载列表</a>";
 					fetch("freelist_main.php?dopost=del&aid=" + nid + "&pageno=" + pageno).then(resp=>{
 						if (resp.ok) {
 							return resp.text()
--- a/src/admin/templets/member_main.htm
+++ b/src/admin/templets/member_main.htm
@@ -69,7 +69,7 @@
 					<td width="6%">性别</td>
 					<td width="6%">会员等级</td>
 					<td width="12%">会员属性</td>
 					<td width="12%">地址时间</td>
 					<td width="14%">地址时间</td>
 					<td width="8%">发布限制</td>
 					<td>操作</td>
 				</tr>
--- a/src/admin/templets/search_keywords_main.htm
+++ b/src/admin/templets/search_keywords_main.htm
@@ -21,7 +21,7 @@
 		function ReloadPage(ordertype) {
 			orderby = ordertype;
 			var listArea = $Obj('rslist');
 			var errMsg = "网络通信出错<br>[<a href=\"javascript:ReloadPage('" + ordertype + "')\">点击此重新加载列表</a>]";
 			var errMsg = "网络通信出错<br><a href=\"javascript:ReloadPage('" + ordertype + "')\">重新加载列表</a>";
 			fetch("search_keywords_main.php?dopost=getlist&pageno=" + pageno + "&orderby=" + ordertype).then(resp=>{
 				if (resp.ok) {
 					return resp.text()
@@ -45,7 +45,7 @@
 			var kw = $Obj('keyword' + nid).value;
 			var kws = $Obj('spwords' + nid).value;
 			var ct = $Obj('count' + nid).value;
 			var errMsg = "网络通信出错<br>[<a href=\"javascript:LoadPage('" + pageno + "')\">点击此重新加载列表</a>]";
 			var errMsg = "网络通信出错<br><a href=\"javascript:LoadPage('" + pageno + "')\">重新加载列表</a>";
 			<?php
 			if (strtolower(substr($cfg_soft_lang, 0, 3)) == 'utf') {
 			?>
--- a/src/admin/tpl.php
+++ b/src/admin/tpl.php
@@ -124,7 +124,7 @@ else if ($action == 'upload') {
    $win->Init("tpl.php", "js/blank.js", "POST' enctype='multipart/form-data' ");
    $win->mainTitle = "模块管理";
    $wecome_info = "<a href='templets_main.php'>模板管理</a> &gt; 上传模板";
    $win->AddTitle('请选择要上传的文件');
    $win->AddTitle('请选择要上传的模块文件');
    $win->AddHidden("action", 'uploadok');
    $msg = "
    <table cellspacing='0' cellpadding='0'>
@@ -175,8 +175,7 @@ function edittag() { }
 else if ($action == 'edittag' || $action == 'addnewtag') {
    if ($action == 'addnewtag') {
        $democode = '<'."?php
 if (!defined('DEDEINC'))
 {
 if (!defined('DEDEINC')) {
    exit(\"Request Error!\");
 }
 function lib_demotag(&\$ctag,&\$refObj)
@@ -228,7 +227,7 @@ else if ($action == 'savetagfile') {
    $msg = "
    <form name='form1' action='tag_test_action.php' target='blank' method='post'>
      <input type='hidden' name='dopost' value='make' />
        标签测试（环境变量标签不能测试）<br>
        标签测试（环境变量标签不支持测试）<br>
        <textarea name='partcode' cols='150' rows='6' style='width:90%;'>{dede:{$tagname}}{/dede:{$tagname}}</textarea><br>
        <button type='submit' name='B1' class='btn btn-success btn-sm'>确定</button>
    </form>
--- a/src/apps/advancedsearch.php
+++ b/src/apps/advancedsearch.php
@@ -43,7 +43,7 @@ if (empty($sql)) {
    $q = stripslashes($q);
    $q = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", " ", trim($q));
    if (($cfg_notallowstr != '' && preg_match("#".$cfg_notallowstr."#i", $q)) || ($cfg_replacestr != '' && preg_match("#".$cfg_replacestr."#i", $q))) {
        echo "您的信息中存在非法文档，被系统禁止<a href='javascript:history.go(-1)'>[返回]</a>";
        echo "您的信息中存在违规文档，被系统禁止";
        exit();
    }
    $q = addslashes($q);