/**
* 转义字符串的HTML
* @param string or array $var
* @return string or array
* 返回转义后的字符串或是数组
*/
function ihtmlspecialchars($var) {
if (is_array($var)) {
foreach ($var as $key => $value) {
$var[htmlspecialchars($key)] = ihtmlspecialchars($value);
}
} else {
$var = preg_replace('/&((#(\d{3,5}|x[a-fA-F0-9]{4}));)/', '&\\1', str_replace('&', '&', htmlspecialchars($var, ENT_QUOTES)));
}
return $var;
}
function ihtmlspecialchars($var)
{
if (is_array($var)) {
foreach ($var as $key => $value) {
$var[htmlspecialchars($key)] = ihtmlspecialchars($value);
}
} else {
$var = str_replace('&', '&', htmlspecialchars($var, ENT_QUOTES));
}
return $var;
}
function ihtmlspecialchars($string)
{
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = ihtmlspecialchars($val);
}
} else {
$string = preg_replace('/&((#(\\d{3,5}|x[a-fA-F0-9]{4})|[a-zA-Z][a-z0-9]{2,5});)/', '&\\1', str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $string));
}
return $string;
}
public function fieldsFormSubmit($rid = 0)
{
global $_GPC, $_W;
$id = intval($_GPC['reply_id']);
$insert = array('rid' => $rid, 'weid' => $_W['uniacid'], 'title' => $_GPC['title'], 'description' => $_GPC['description'], 'votetype' => $_GPC['votetype'], 'votelimit' => $_GPC['votelimit'], 'votetimes' => $_GPC['votetimes'], 'votetotal' => $_GPC['votetotal'], 'isimg' => $_GPC['isimg'], 'share_title' => $_GPC['share_title'], 'share_desc' => preg_replace('/\\s/i', '', str_replace(' ', '', cutstr(str_replace(' ', '', ihtmlspecialchars(strip_tags($_GPC['share_desc']))), 60))), 'share_url' => $_GPC['share_url'], 'share_txt' => $_GPC['share_txt'], 'starttime' => strtotime($_GPC['datelimit']['start']), 'endtime' => strtotime($_GPC['datelimit']['end']));
if (!empty($_GPC['thumb'])) {
$insert['thumb'] = $_GPC['thumb'];
load()->func('file');
file_delete($_GPC['thumb-old']);
}
if (empty($id)) {
if ($insert['starttime'] <= TIMESTAMP) {
$insert['isshow'] = 1;
} else {
$insert['isshow'] = 0;
}
$id = pdo_insert($this->tablename, $insert);
} else {
pdo_update($this->tablename, $insert, array('id' => $id));
}
$options = array();
$option_ids = $_POST['option_id'];
$option_titles = $_POST['option_title'];
$option_thumb_olds = $_POST['option_thumb_old'];
$files = $_FILES;
$len = count($option_ids);
$ids = array();
for ($i = 0; $i < $len; $i++) {
$item_id = $option_ids[$i];
$a = array("title" => $option_titles[$i], "rid" => $rid, "thumb" => $_GPC['option_thumb_' . $item_id]);
if ((int) $item_id == 0) {
pdo_insert("vote_option", $a);
$item_id = pdo_insertid();
} else {
pdo_update("vote_option", $a, array('id' => $item_id));
}
$ids[] = $item_id;
}
if (!empty($ids)) {
pdo_query("delete from " . tablename('vote_option') . " where rid = {$rid} and id not in ( " . implode(',', $ids) . ")");
}
return true;
}
}
?>
<script>require(['bootstrap']);</script>
</div>
<style>
h5{color:#555;}
</style>
<?php
$_share['title'] = !empty($_share['title']) ? $_share['title'] : $_W['account']['name'];
$_share['imgUrl'] = !empty($_share['imgUrl']) ? $_share['imgUrl'] : '';
if (isset($_share['content'])) {
$_share['desc'] = $_share['content'];
unset($_share['content']);
}
$_share['desc'] = !empty($_share['desc']) ? $_share['desc'] : '';
$_share['desc'] = preg_replace('/\\s/i', '', str_replace(' ', '', cutstr(str_replace(' ', '', ihtmlspecialchars(strip_tags($_share['desc']))), 60)));
if (empty($_share['link'])) {
$_share['link'] = '';
$query_string = $_SERVER['QUERY_STRING'];
if (!empty($query_string)) {
//加上分享人的uid
parse_str($query_string, $query_arr);
$query_arr['u'] = $_W['member']['uid'];
$query_string = http_build_query($query_arr);
$_share['link'] = $_W['siteroot'] . 'app/index.php?' . $query_string;
}
}
?>
<script type="text/javascript">
wx.config(jssdkconfig);
$_W['isajax'] = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';
$_W['ispost'] = $_SERVER['REQUEST_METHOD'] == 'POST';
if (MAGIC_QUOTES_GPC) {
$_GET = istripslashes($_GET);
$_POST = istripslashes($_POST);
$_COOKIE = istripslashes($_COOKIE);
}
$cplen = strlen($_W['config']['cookie']['pre']);
foreach ($_COOKIE as $key => $value) {
if (substr($key, 0, $cplen) == $_W['config']['cookie']['pre']) {
$_GPC[substr($key, $cplen)] = $value;
}
}
unset($cplen, $key, $value);
$_GPC = array_merge($_GET, $_POST, $_GPC);
$_GPC = ihtmlspecialchars($_GPC);
if (!$_W['isajax']) {
$input = file_get_contents("php://input");
if (!empty($input)) {
$__input = @json_decode($input, true);
if (!empty($__input)) {
$_GPC['__input'] = $__input;
$_W['isajax'] = true;
}
}
unset($input, $__input);
}
setting_load('upload');
if (empty($_W['setting']['upload'])) {
$_W['setting']['upload'] = array_merge($_W['config']['upload']);
}
<?php
$cfg_needFilter = TRUE;
require_once dirname(__FILE__) . '/include/common.inc.php';
require_once DEDEINC . '/filter.inc.php';
if (!isset($action)) {
$action = '';
}
if (empty($uid) && $action != 'rate') {
showmsgs('no_login', '../member/login.php?gourl=../ask/');
exit;
}
//词语过滤也应该在此处处理
$title = isset($title) ? ihtmlspecialchars(trim($title)) : '';
$brief = isset($brief) ? ihtmlspecialchars(trim($brief)) : '';
$content = isset($content) ? trim($content) : '';
$extra = isset($extra) ? trim($extra) : '';
if (empty($action)) {
//问答分类
$query = "select id, name, reid from `#@__asktype` order by disorder desc";
$dsql->Execute('me', $query);
$tids = "var class_level_1=new Array( \n";
$tid2s = "var class_level_2=new Array( \n";
while ($asktype = $dsql->getarray()) {
if ($asktype['reid'] == 0) {
$tids .= 'new Array("' . $asktype['id'] . '","' . $asktype['name'] . '"),' . "\n";
} else {
$tid2s .= 'new Array("' . $asktype['reid'] . '","' . $asktype['id'] . '","' . $asktype['name'] . '"),' . "\n";
}
}
$tids = substr($tids, 0, -2) . "\n";
public function doReply()
{
global $_GPC, $_W;
//评论用户ID
//$replyid =authcode(base64_decode($_GPC['uid']), 'DECODE');
$replyid = $_GPC['uid'] ? authcode(base64_decode($_GPC['uid']), 'DECODE') : $_W['fans']['from_user'];
//被楼中评论的评论用户ID
if (empty($_GPC['to_uid'])) {
$touid = '';
} else {
$touid = $this->doUserinfo($_GPC['to_uid']);
}
$to_uid = $touid['from_user'];
//主题作者ID
//$postid =authcode(base64_decode($_GPC['postuid']), 'DECODE');
$pid = $this->doUserinfo($_GPC['postuid']);
//print_r($pid);exit;
$postid = $pid['from_user'];
//主题ID
$id = intval($_GPC['id']);
//版块规则ID
$rid = intval($_GPC['rid']);
$sns = pdo_fetch("SELECT id, type, default_tips, send_tips, rule, picture, replycredit,description FROM " . tablename('sns') . " WHERE rid = '{$rid}' LIMIT 1");
$post = pdo_fetch("SELECT * FROM " . tablename('sns_post') . " WHERE post_id= '{$id}' AND is_del='0' LIMIT 1");
if (empty($replyid) || empty($postid) || empty($id) || empty($rid)) {
exit('非法参数');
}
if (empty($sns)) {
$result['status'] = '-1';
$result['message'] = '找不到模块配置参数';
message($result, create_url('mobile/module', array('name' => 'sns', 'do' => 'list', 'id' => $rid, 'from_user' => $replyid)), 'ajax');
exit;
}
if (empty($post)) {
$result['status'] = '-1';
$result['message'] = '未找到你要回复的贴子,请确实贴子ID是否正确';
message($result, create_url('mobile/module', array('name' => 'sns', 'do' => 'list', 'id' => $rid, 'from_user' => $replyid)), 'ajax');
exit;
}
$fans = $this->doUserinfo($replyid);
$result = $this->doPmem($replyid);
if ($fans['status'] == '-1') {
//message($result, create_url('index/module', array('name' => 'sns', 'do' => 'list', 'id' => intval($_GPC['id']), 'from_user' => $_GPC['from_user'])), 'ajax');}
message($fans, create_url('mobile/module', array('name' => 'sns', 'do' => 'list', 'id' => intval($_GPC['id']))), 'ajax');
exit;
}
if ($result['status'] == '-1') {
message($result, create_url('mobile/module', array('name' => 'sns', 'do' => 'list', 'id' => $rid, 'from_user' => $replyid)), 'ajax');
exit;
}
if ($post['lock'] == 1) {
$result['status'] = '-1';
$result['message'] = '此贴已经被锁定。请返回!';
message($result, create_url('mobile/module', array('name' => 'sns', 'do' => 'list', 'id' => $rid, 'from_user' => $replyid)), 'ajax');
exit;
}
$data = array('post_id' => $_GPC['id'], 'post_uid' => $postid, 'to_reply_id' => $_GPC['to_reply_id'] ? $_GPC['to_reply_id'] : 0, 'uid' => $replyid, 'to_uid' => $to_uid ? $to_uid : 0, 'content' => ihtmlspecialchars(emotion($_GPC['content'])), 'ctime' => TIMESTAMP, 'storey' => $_GPC['storey'], 'weid' => $fans['weid'], 'rid' => $_GPC['rid']);
//插入内容开始
if (empty($data['content']) || strlen($data['content']) < 20) {
$result['status'] = '-1';
$result['message'] = '请填写您内容!且内容不能小于20个字符!';
message($result, '', 'ajax');
exit;
}
$data2['credit'] = $fans['credit'] + $sns['replycredit'];
$data3['reply_count'] = $post['reply_count'] + 1;
$data3['last_reply_time'] = TIMESTAMP;
$data3['last_reply_uid'] = $replyid;
pdo_insert('sns_reply', $data);
pdo_update('fans', $data2, array('from_user' => $replyid));
pdo_update('sns_post', $data3, array('post_id' => $id));
$result = array('status' => 0, 'uid' => $data['uid'], 'to_uid' => $data['to_uid'], 'to_reply_id' => $data['to_reply_id'], 'content' => $data['content'], 'ctime' => date('Y-m-d H:i:s', $data['ctime']), 'storey' => $data['storey'], 'message' => '评论成功!');
message($result, create_url('mobile/module', array('name' => 'sns', 'do' => 'view', 'id' => intval($_GPC['id']), 'rid' => intval($_GPC['rid']), 'from_user' => $replyid)), 'ajax');
exit;
}
public function doMobilepost()
{
global $_GPC, $_W;
$fromuser = $_GPC['from_user'] ? authcode(base64_decode($_GPC['from_user']), 'DECODE') : $_W['fans']['from_user'];
if (empty($fromuser)) {
exit('非法参数');
}
$id = intval($_GPC['id']);
$sns = pdo_fetch("SELECT id, type, default_tips, send_tips, rule, picture, postcredit,description FROM " . tablename('sns') . " WHERE rid = '{$id}' LIMIT 1");
if (empty($sns)) {
exit('非法参数');
}
$fans = $this->doUserinfo($fromuser);
$pmem = $this->doPmem($fromuser);
if ($fans['status'] == '-1') {
//message($result, create_url('index/module', array('name' => 'sns', 'do' => 'list', 'id' => intval($_GPC['id']), 'from_user' => $_GPC['from_user'])), 'ajax');}
message($fans, $this->createMobileUrl('list', array('id' => $rid, 'from_user' => $replyid)), 'ajax');
exit;
}
if ($pmem['status'] == '-1') {
//message($result, create_url('index/module', array('name' => 'sns', 'do' => 'list', 'id' => intval($_GPC['id']), 'from_user' => $_GPC['from_user'])), 'ajax');}
message($pmem, $this->createMobileUrl('list', array('id' => $rid, 'from_user' => $replyid)), 'ajax');
exit;
}
$data = array('rid' => $_GPC['id'], 'post_uid' => $fromuser, 'title' => ihtmlspecialchars($_GPC['title']), 'content' => htmlspecialchars_decode(emotion($_GPC['content'])), 'post_time' => TIMESTAMP, 'weid' => $fans['weid']);
if (empty($data['title'])) {
$result['status'] = '-1';
$result['message'] = '请填写标题!';
message($result, $this->createMobileUrl('list', array('id' => $rid, 'from_user' => $replyid)), 'ajax');
exit;
//message($result, $this->createMobileUrl('list',array('id'=>$rid,'from_user' => $replyid)), 'ajax');
}
if (empty($data['content']) || strlen($data['content']) < 20) {
$result['status'] = '-1';
$result['message'] = '请填写您内容!且内容不能小于20个字符!';
message($result, $this->createMobileUrl('list', array('id' => $rid, 'from_user' => $replyid)), 'ajax');
//message($result, $this->createMobileUrl('list',array('id'=>$rid,'from_user' => $replyid)), 'ajax');
exit;
}
$data2['credit1'] = $fans['credit1'] + $sns['postcredit'];
pdo_insert('sns_post', $data);
pdo_update('fans', $data2, array('from_user' => $fromuser));
$result = array('status' => 0, 'message' => '发表成功!');
message($result, $this->createMobileUrl('list', array('id' => $rid, 'from_user' => $replyid)), 'ajax');
//message($result, $this->createMobileUrl('list',array('id'=>$rid,'from_user' => $replyid)), 'ajax');
}
}
$question['honor'] = gethonor($question['scores'], $honors);
$nav = '<a href="' . $indexname . '">' . $sitename . '</a> ' . $symbols . ' <a href="browser.php?tid=' . $question['tid'] . '">' . $question['tidname'] . '</a>';
$navtitle = $question['title'];
if ($question['tid2']) {
$nav .= ' ' . $symbols . ' <a href="browser.php?tid2=' . $question['tid2'] . '">' . $question['tid2name'] . '</a>';
$navtitle .= ' ' . $question['tid2name'];
}
$navtitle .= ' ' . $question['tidname'] . ' ' . $sitename;
$dsql->Execute('me', "select answer.*,m.scores from #@__askanswer answer left join `#@__member` m on m.mid=answer.uid where askid='{$id}' and ifcheck='1'");
$comments = $answers = array();
$first = $goodrateper = $badrateper = $goodrate = $badrate = $ratenum = $commentnum = $answernum = $myanswer = 0;
while ($row = $dsql->getarray()) {
$row['dateline'] = gmdate('m-d h:i', $row['dateline'] + $timeoffset * 3600);
$row['dbcontent'] = $row['content'];
$row['content'] = nl2br(ihtmlspecialchars($row['content']));
$row['honor'] = gethonor($row['scores'], $honors);
if ($row['ifanswer'] == 1) {
//回答
if ($uid == $row['uid']) {
$myanswer = 1;
}
if ($row['id'] == $question['bestanswer']) {
$digestanswer = $row;
$ratenum = $row['goodrate'] + $row['badrate'];
$goodrate = $row['goodrate'];
$badrate = $row['badrate'];
$goodrateper = @ceil($goodrate * 100 / $ratenum);
$badrateper = 100 - $goodrateper;
} else {
$answers[] = $row;
