4 days ago · f352466756
--- a/src/admin/inc/inc_archives_functions.php
+++ b/src/admin/inc/inc_archives_functions.php
@@ -44,7 +44,7 @@ function GetCurContentAlbum($body, $rfurl, &$firstdd)
    foreach ($img_array as $key => $value) {
        $value = trim($value);
        if (
            preg_match("#".$basehost."#i", $value) || !preg_match("#^http:\/\/#i", $value) || ($cfg_basehost != $basehost && preg_match("#".$cfg_basehost."#i", $value))) {
            preg_match("#".$basehost."#i", $value) || !preg_match("#^(http|https):\/\/#i", $value) || ($cfg_basehost != $basehost && preg_match("#".$cfg_basehost."#i", $value))) {
            continue;
        }
        $itype =  substr($value, -4, 4);
@@ -378,7 +378,7 @@ function GetDDImage($litpic, $picname, $isremote)
        $img = $cfg_basedir.$litpic;
    } else {
        $picname = trim($picname);
        if ($isremote == 1 && preg_match("#^http:\/\/#i", $picname)) {
        if ($isremote == 1 && preg_match("#^(http|https):\/\/#i", $picname)) {
            $litpic = $picname;
            $ddinfos = GetRemoteImage($litpic, $cuserLogin->getUserID());
            if (!is_array($ddinfos)) {
@@ -390,7 +390,7 @@ function GetDDImage($litpic, $picname, $isremote)
                }
            }
        } else {
            if ($litpic == 'ddfirst' && !preg_match("#^http:\/\/#i", $picname)) {
            if ($litpic == 'ddfirst' && !preg_match("#^(http|https):\/\/#i", $picname)) {
                $oldpic = $cfg_basedir.$picname;
                $litpic = str_replace('.', '-ty.', $picname);
                @ImageResizeNew($oldpic, $cfg_ddimg_width, $cfg_ddimg_height, $cfg_basedir.$litpic);
@@ -657,7 +657,7 @@ function UploadOneImage($upname, $handurl = '', $isremote = 1, $ntitle = '')
            ShowMsg("您上传的图片格式错误，请使用jpg、png、gif、wbmp格式其中一种", "-1");
            exit();
        }
        if (!empty($handurl) && !preg_match("#^http:\/\/#i", $handurl) && file_exists($cfg_basedir.$handurl)) {
        if (!empty($handurl) && !preg_match("#^(http|https):\/\/#i", $handurl) && file_exists($cfg_basedir.$handurl)) {
            if (!is_object($dsql)) {
                $dsql = new DedeSqli();
            }
--- a/src/system/archive/sglistview.class.php
+++ b/src/system/archive/sglistview.class.php
@@ -575,7 +575,7 @@ class SgListView
     */
    function GetTrueUrl($nurl)
    {
        if (preg_match("/^http[s]?:\/\//", $nurl)) return $nurl;
        if (preg_match("/^(http|https):\/\//i", $nurl)) return $nurl;
        if ($this->Fields['moresite'] == 1) {
            if ($this->Fields['sitepath'] != '') {
                $nurl = preg_replace("/^".$this->Fields['sitepath']."/", '', $nurl);
--- a/src/system/dedecollection.func.php
+++ b/src/system/dedecollection.func.php
@@ -180,7 +180,7 @@ function RefurlCookie($gurl)
 */
 function GetHostInfo($gurl)
 {
    $gurl = preg_replace("/^http:\/\//i", "", trim($gurl));
    $gurl = preg_replace("/^(http|https):\/\//i", "", trim($gurl));
    $garr['host'] = preg_replace("/\/(.*)$/i", "", $gurl);
    $garr['query'] = "/".preg_replace("/^([^\/]*)\//i", "", $gurl);
    return $garr;
@@ -318,7 +318,7 @@ function FillUrl($refurl, $surl)
    $basehost = ((!isset($urls['port']) || $urls['port'] == '80') ? $urls['host'] : $urls['host'].':'.$urls['port']);
    //由于直接获得的path在处理 http://xxxx/nnn/aaa?fdsafd 这种情况时会有错误，因此用其它方式处理
    $basepath = $basehost;
    $paths = explode('/', preg_replace("/^http:\/\//i", "", $refurl));
    $paths = explode('/', preg_replace("/^(http|https):\/\//i", "", $refurl));
    $n = count($paths);
    for ($i = 1; $i < ($n - 1); $i++) {
        if (!preg_match("/[\?]/", $paths[$i])) $basepath .= '/'.$paths[$i];
@@ -347,13 +347,13 @@ function FillUrl($refurl, $surl)
    } else {
        if (strlen($surl) < 7) {
            $okurl = $basepath.'/'.$surl;
        } else if (preg_match("/^http:\/\//i", $surl)) {
        } else if (preg_match("/^(http|https):\/\//i", $surl)) {
            $okurl = $surl;
        } else {
            $okurl = $basepath.'/'.$surl;
        }
    }
    $okurl = preg_replace("/^http:\/\//i", '', $okurl);
    $okurl = preg_replace("/^(http|https):\/\//i", '', $okurl);
    $okurl = 'http://'.preg_replace("/\/{1,}/", '/', $okurl);
    return $okurl;
 }
@@ -380,7 +380,7 @@ function GetUrlFromListRule($regxurl = '', $handurl = '', $startid = 0, $endid =
        $handurls = explode("\n", $handurl);
        foreach ($handurls as $handurl) {
            $handurl = trim($handurl);
            if (preg_match("/^http:\/\//i", $handurl)) {
            if (preg_match("/^(http|https):\/\//i", $handurl)) {
                $lists[$n][0] = $handurl;
                $lists[$n][1] = 0;
                $n++;
--- a/src/system/libraries/dedehttpdown.class.php
+++ b/src/system/libraries/dedehttpdown.class.php
@@ -484,7 +484,7 @@ class DedeHttpDown
            }
            if (isset($this->m_httphead["location"])) {
                $newurl = $this->m_httphead["location"];
                if (preg_match("/^http/i", $newurl)) {
                if (preg_match("/^(http|https):\/\//i", $newurl)) {
                    $this->JumpOpenUrl($newurl);
                } else {
                    $newurl = $this->FillUrl($newurl);
--- a/src/user/inc/inc_archives_functions.php
+++ b/src/user/inc/inc_archives_functions.php
@@ -89,7 +89,7 @@ function GetCurContentAlbum($body, $rfurl, &$firstdd)
 */
 function GetImageMapDD($filename, $ddm, $oldname = '')
 {
    if ($oldname != '' && !preg_match("#^http:\/\/#i", $oldname)) {
    if ($oldname != '' && !preg_match("#^(http|https):\/\/#i", $oldname)) {
        $ddpicok = $oldname;
    } else {
        $ddn = substr($filename, -3);