DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
Browse Source

友情链接错误及相关安全问题修复

tags/6.1.8
tianya 2 years ago
parent
7456cefd78
commit
e03cbfda1f
6 changed files with 51 additions and 20 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -1
      .gitignore
  2. +8
    -0
      src/admin/friendlink_add.php
  3. +32
    -16
      src/admin/friendlink_edit.php
  4. +2
    -0
      src/admin/friendlink_main.php
  5. +3
    -2
      src/admin/friendlink_type.php
  6. +4
    -1
      src/system/datalistcp.class.php

+ 2
- 1
.gitignore View File

@@ -46,4 +46,5 @@ src/data/sqlite_error_trace.inc
src/static/soft/*/
src/static/userup/*/
src/static/js/*.js
src/apps/special/*.html
src/apps/special/*.html
src/static/flink/*.png

+ 8
- 0
src/admin/friendlink_add.php View File

@@ -46,6 +46,14 @@ if ($dopost == "add") {
$typeid = 0;
$dsql->ExecuteNoneQuery("ALTER TABLE `#@__flinktype` CHANGE `ID` `id` MEDIUMINT( 8 ) UNSIGNED DEFAULT NULL AUTO_INCREMENT; ");
}
$sortrank = isset($sortrank)? intval($sortrank) : 1;
$url = isset($url)? HtmlReplace($url, -1) : '';
$imgurl = isset($imgurl)? HtmlReplace($imgurl, -1) : '';
$webname = isset($webname)? HtmlReplace($webname, -1) : '';
$msg = isset($msg)? HtmlReplace($msg, -1) : '';
$email = isset($email)? HtmlReplace($email, -1) : '';
$typeid = isset($typeid)? intval($typeid) : 0;
$ischeck = isset($ischeck)? intval($ischeck) : 0;
$query = "INSERT INTO `#@__flink`(sortrank,url,webname,logo,msg,email,typeid,dtime,ischeck)
VALUES('$sortrank','$url','$webname','$imgurl','$msg','$email','$typeid','$dtime','$ischeck'); ";
$rs = $dsql->ExecuteNoneQuery($query);


+ 32
- 16
src/admin/friendlink_edit.php View File

@@ -12,16 +12,16 @@ require_once(dirname(__FILE__)."/config.php");
CheckPurview('plus_友情链接模块');
$ENV_GOBACK_URL = empty($_COOKIE['ENV_GOBACK_URL']) ? 'friendlink_main.php' : $_COOKIE['ENV_GOBACK_URL'];
if (empty($dopost)) $dopost = "";
$id = isset($id)? intval($id) : 0;

if (isset($allid)) {
$aids = explode(',', $allid);
if (count($aids) == 1) {
$id = $aids[0];
$id = intval($aids[0]);
$dopost = "delete";
}
}
if ($dopost == "delete") {
$id = preg_replace("#[^0-9]#", "", $id);
$dsql->ExecuteNoneQuery("DELETE FROM `#@__flink` WHERE id='$id'");
ShowMsg("成功删除一个链接", $ENV_GOBACK_URL);
exit();
@@ -29,7 +29,7 @@ if ($dopost == "delete") {
$aids = explode(',', $aids);
if (isset($aids) && is_array($aids)) {
foreach ($aids as $aid) {
$aid = preg_replace("#[^0-9]#", "", $aid);
$aid = intval($aid);
$dsql->ExecuteNoneQuery("DELETE FROM `#@__flink` WHERE id='$aid'");
}
ShowMsg("成功删除指定链接", $ENV_GOBACK_URL);
@@ -39,25 +39,41 @@ if ($dopost == "delete") {
exit();
}
} else if ($dopost == "saveedit") {
$id = preg_replace("#[^0-9]#", "", $id);
$logo = $request->Item('logo', '');
$logoimg = $request->Upfile('logoimg', '');
$logo = isset($logo)? HtmlReplace($logo, -1) : '';
if (empty($logoimg)) {
$logoimg = '';
}
if (!empty($logoimg)) {
$request->MoveUploadFile('logoimg', DEDEROOT.'/uploads/flink/'.$request->GetFileInfo('logoimg', 'name'));
$logo = $cfg_cmspath.'/uploads/flink/'.$request->GetFileInfo('logoimg', 'name');
if (!is_uploaded_file($logoimg)) {
ShowMsg("您没有选择上传的文件".$logoimg, "-1");
exit();
}
$mime = get_mime_type($logoimg);
if (preg_match("#^unknow#", $mime)) {
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
exit;
}
if (!preg_match("#^(image)#i", $mime)) {
ShowMsg("仅支持上传图片文件", -1);
exit;
}
$logoimg_name = trim(preg_replace("#[ \r\n\t\*\%\\\/\?><\|\":]{1,}#", '', $logoimg_name));
$fullfilename = DEDEROOT.'static/flink/'.$logoimg_name;
move_uploaded_file($logoimg, $fullfilename) or die("上传文件到 $fullfilename 失败");
@unlink($logoimg);
$logo = $cfg_cmspath.'/static/flink/'.$logoimg_name;
}
$sortrank = $request->Item('sortrank', 1);
$url = $request->Item('url', '');
$webname = $request->Item('webname', '');
$msg = $request->Item('msg', '');
$email = $request->Item('email', '');
$typeid = $request->Item('typeid', 0);
$ischeck = $request->Item('ischeck', 0);
$sortrank = isset($sortrank)? intval($sortrank) : 1;
$url = isset($url)? HtmlReplace($url, -1) : '';
$webname = isset($webname)? HtmlReplace($webname, -1) : '';
$msg = isset($msg)? HtmlReplace($msg, -1) : '';
$email = isset($email)? HtmlReplace($email, -1) : '';
$typeid = isset($typeid)? intval($typeid) : 0;
$ischeck = isset($ischeck)? intval($ischeck) : 0;
$query = "UPDATE `#@__flink` SET sortrank='$sortrank',url='$url',webname='$webname',logo='$logo',msg='$msg', email='$email',typeid='$typeid',ischeck='$ischeck' WHERE id='$id' ";
$dsql->ExecuteNoneQuery($query);
ShowMsg("成功修改一个链接", $ENV_GOBACK_URL);
exit();
}
$id = preg_replace("#[^0-9]#", "", $id);
$myLink = $dsql->GetOne("SELECT `#@__flink`.*,`#@__flinktype`.typename FROM `#@__flink` LEFT JOIN `#@__flinktype` ON `#@__flink`.typeid=`#@__flinktype`.id WHERE `#@__flink`.id=$id");
include DedeInclude('templets/friendlink_edit.htm');

+ 2
- 0
src/admin/friendlink_main.php View File

@@ -16,9 +16,11 @@ if (empty($ischeck)) {
$ischeck = 0;
$ischeckSql = '';
} else {
$ischeck = intval($ischeck);
if ($ischeck == -1) $ischeckSql = " And ischeck < 1 ";
else $ischeckSql = " And ischeck='$ischeck' ";
}
$keyword = HtmlReplace($keyword, -1);
$selCheckArr = array(0 => '不限类型', -1 => '未审核', 1 => '内页', 2 => '首页');
$sql = "SELECT * FROM `#@__flink` WHERE CONCAT(`url`,`webname`,`email`) LIKE '%$keyword%' $ischeckSql ORDER BY dtime desc";
$dlist = new DataListCP();


+ 3
- 2
src/admin/friendlink_type.php View File

@@ -16,8 +16,8 @@ if ($dopost == "save") {
$endID = $idend;
for (; $startID <= $endID; $startID++) {
$query = '';
$tid = ${'ID_'.$startID};
$pname = ${'pname_'.$startID};
$tid = intval(${'ID_'.$startID});
$pname = HtmlReplace(${'pname_'.$startID},-1);
if (isset(${'check_'.$startID})) {
if ($pname != '') {
$query = "UPDATE `#@__flinktype` SET typename='$pname' WHERE id='$tid' ";
@@ -30,6 +30,7 @@ if ($dopost == "save") {
}
//增加新记录
if (isset($check_new) && $pname_new != '') {
$pname_new = HtmlReplace($pname_new, -1);
$query = "INSERT INTO `#@__flinktype`(typename) VALUES('{$pname_new}');";
$dsql->ExecuteNoneQuery($query);
}


+ 4
- 1
src/system/datalistcp.class.php View File

@@ -168,7 +168,7 @@ class DataListCP
{
global $cfg_soft_lang;
if ($cfg_soft_lang == 'gb2312') $val = gb2utf8($val);
$val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);
$val = preg_replace('/([\x00-\x08|\x0b-\x0c|\x0e-\x19])/', '', $val);
$search = 'abcdefghijklmnopqrstuvwxyz';
$search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$search .= '1234567890!@#$%^&*()';
@@ -183,6 +183,8 @@ class DataListCP
$val = str_replace(",", ",", $val);
$val = str_replace("(", "(", $val);
$val = str_replace(")", ")", $val);
$val = str_replace("flink", "fl*&k", $val);
$ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
$ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
$ra = array_merge($ra1, $ra2);
@@ -209,6 +211,7 @@ class DataListCP
}
}
}
$val = str_replace("fl*&k","flink", $val);
if ($cfg_soft_lang == 'gb2312') $val = utf82gb($val);
return $val;
}


Write Preview
Loading…
Cancel
Save