Beispiel #1
0
function parse_seo_url()
{
    global $conf;
    // 支持 seo url rewrite
    $tid = 0;
    $thread = array();
    $seo_url = '';
    if ($conf['seo_url_rewrite']) {
        $url = $_SERVER['REQUEST_URI'];
        $lastpos = strrpos($url, '/');
        $qmark = strpos($url, '?');
        $qmark = $qmark === FALSE ? strlen($url) : $qmark - 1;
        $tid = 0;
        $url2 = substr($url, $lastpos + 1, $qmark);
        if (preg_match('#^[\\w\\-]+$#', $url2)) {
            $seo_url = $url2;
            $thread = thread_read_by_seo_url($seo_url);
            $tid = empty($thread) ? -1 : $thread['tid'];
            $_REQUEST[0] = 'thread';
            $_REQUEST[1] = $tid;
            return array($tid, $thread);
        }
    }
    return array($tid, $thread);
}
Beispiel #2
0
        $gid != 1 and $message = xn_html_safe($message);
        mb_strlen($message, 'UTF-8') > 2048000 and message('内容太长');
        $arr = array();
        if ($isfirst) {
            $newfid = param('fid');
            $forum = forum_read($newfid);
            empty($forum) and message(1, '板块不存在:' . $newfid);
            if ($fid != $newfid) {
                !forum_access_user($fid, $gid, 'allowthread') and message(-1, '您(' . $user['groupname'] . ')无权限在此版块回帖');
                $post['uid'] != $uid and !forum_access_mod($fid, $gid, 'allowupdate') and message(-1, '您(' . $user['groupname'] . ')无权限在此版块编辑帖子');
                $arr['fid'] = $newfid;
            }
            if ($seo_url != $thread['seo_url'] && $conf['seo_url_rewrite'] && $group['allowcustomurl']) {
                $seo_url = preg_replace('#[\\W]#', '-', $seo_url);
                // 只允许英文和 -
                $seo_url and thread_read_by_seo_url($seo_url) and message(4, '自定义的 URL 已经存在,请修改。');
                // 这里可能有并发问题,seo_url 并非 UNIQUE KEY
                strlen($seo_url) > 128 and message(3, '自定义 URL 太长');
                $arr['seo_url'] = $seo_url;
            }
            if ($subject != $thread['subject']) {
                mb_strlen($subject, 'UTF-8') > 80 and message(1, '标题最长80个字符');
                $arr['subject'] = $subject;
            }
            $arr and thread_update($tid, $arr) === FALSE and message(-1, '更新主题失败');
        }
        $r = post_update($pid, array('message' => $message));
        $r === FALSE and message(-1, '更新帖子失败');
        message(0, array('pid' => $pid, 'subject' => $subject, 'message' => $message));
    }
} elseif ($action == 'delete') {
Beispiel #3
0
 if (!$r) {
     if ($gid == 0) {
         $r = forum_access_user($fid, 101, 'allowthread');
         $r and user_login_check($user);
     }
     message(10, '您(' . $user['groupname'] . ')无权限在此版块发帖');
 }
 $subject = htmlspecialchars(param('subject', '', FALSE));
 $message = param('message', '', FALSE);
 $seo_url = $conf['seo_url_rewrite'] && $group['allowcustomurl'] ? preg_replace('#[^\\w\\-]#', '', strtolower(param('seo_url'))) : '';
 // 只允许英文和 -
 empty($subject) and message(1, '标题不能为空' . $fid);
 $gid != 1 and $subject = badword_filter($subject, $badword);
 $subject === FALSE and message(1, '标题中包含敏感关键词: ' . $badword);
 empty($message) and message(2, '内容不能为空' . $fid);
 $conf['seo_url_rewrite'] and $seo_url and thread_read_by_seo_url($seo_url) and message(4, '自定义的 URL 已经存在,请修改。');
 // 这里可能有并发问题,seo_url 并非 UNIQUE KEY
 $gid != 1 and $message = xn_html_safe($message);
 $gid != 1 and $message = badword_filter($message, $badword);
 $message === FALSE and message(2, '内容中包含敏感关键词: ' . $badword);
 strlen($seo_url) > 128 and message(3, '自定义 URL 太长');
 mb_strlen($subject, 'UTF-8') > 128 and message(1, '标题最长80个字符');
 mb_strlen($message, 'UTF-8') > 2028000 and message(2, '内容太长');
 // 检测是否灌水
 thread_check_flood($gid, $fid, $subject) and message(1, '系统检测到您可能在灌水。');
 $thread = array('fid' => $fid, 'uid' => $uid, 'sid' => $sid, 'subject' => $subject, 'message' => $message, 'time' => $time, 'longip' => $longip, 'sid' => $sid);
 $seo_url and $thread['seo_url'] = $seo_url;
 $tid = thread_create($thread, $pid);
 $pid === FALSE and message(1, '创建帖子失败');
 $tid === FALSE and message(1, '创建主题失败');
 $conf['ipaccess_on'] and ipaccess_inc($longip, 'threads');