function HtmlReplace($str, $rptype = 0) { $str = stripslashes($str); $str = preg_replace("/<[\\/]{0,1}style([^>]*)>(.*)<\\/style>/i", '', $str); //2011-06-30 禁止会员投稿添加css样式 (by:织梦的鱼) if ($rptype == 0) { $str = dede_htmlspecialchars($str); } else { if ($rptype == 1) { $str = dede_htmlspecialchars($str); $str = str_replace(" ", ' ', $str); $str = preg_replace("/[\r\n\t ]{1,}/", ' ', $str); } else { if ($rptype == 2) { $str = dede_htmlspecialchars($str); $str = str_replace(" ", '', $str); $str = preg_replace("/[\r\n\t ]/", '', $str); } else { $str = preg_replace("/[\r\n\t ]{1,}/", ' ', $str); $str = preg_replace('/script/i', 'script', $str); $str = preg_replace("/<[\\/]{0,1}(link|meta|ifr|fra)[^>]*>/i", '', $str); } } } return addslashes($str); }
function text2wml($content) { $content = str_replace('$', '$$', $content); $content = str_replace("\r\n", "\n", dede_htmlspecialchars($content)); $content = explode("\n", $content); for ($i = 0; $i < count($content); $i++) { // 过滤首尾空格 $content[$i] = trim($content[$i]); // 如果去掉全角空格为空行,则设为空行,否则不对全角空格过滤。 if (str_replace(" ", "", $content[$i]) == "") { $content[$i] = ""; } } //合并各行,转化为 WML,并过滤掉空行 $content = str_replace("<p><br /></p>\n", "", "<p>" . implode("<br /></p>\n<p>", $content) . "<br /></p>\n"); return $content; }
/** * 获取用户数据表单 * * @access public * @param string $type 表单类型 * @param string $value 值 * @param string $admintype 模型类型 * @return string */ function getForm($type = 'post', $value = '', $admintype = 'membermodel2') { global $cfg_cookie_encode; $dtp = new DedeTagParse(); $dtp->SetNameSpace("field", "<", ">"); $dtp->LoadSource($this->info); $formstring = ''; $formfields = ''; $func = $type == 'post' ? 'GetFormItem' : 'GetFormItemValue'; if (is_array($dtp->CTags)) { foreach ($dtp->CTags as $tagid => $tag) { if ($tag->GetAtt('autofield')) { if ($tag->GetAtt('state') == 1) { //如果启用该字段 if ($type == 'post') { //对一些字段进行特殊处理 if ($tag->GetName() == 'onlynet') { $formstring .= '<li><span>联系方式限制:</span><div class="lform"> <input name="onlynet" type="radio" id="onlynet" value="2" checked="checked" /> 不公开所有联系方式 <input name="onlynet" type="radio" id="onlynet" value="1" /> 不公开电话、详细地址 <input name="onlynet" type="radio" id="onlynet" value="0" /> 公开所有联系方式</div></li>'; } else { if ($tag->GetName() == 'place' || $tag->GetName() == 'oldplace') { $formtitle = $tag->GetName() == 'place' ? '目前所在地' : '家乡所在地'; $formstring .= '<li><div class="lform">' . GetEnumsForm('nativeplace', 0, $tag->GetName()) . '</div><span>' . $formtitle . ':</span></li>'; } else { if (array_key_exists($tag->GetName(), $this->egroups)) { //对联动模型进行特殊处理 $formstring .= '<li><div class="lform">' . GetEnumsForm($tag->GetName(), 0, $tag->GetName()) . '</div><span>' . $this->egroups[$tag->GetName()] . ':</span></li>'; } else { if ($tag->GetAtt('type') == 'checkbox') { //对checkbox模型进行特殊处理 $formstring .= $func($tag, $admintype); } else { $formstring .= $func($tag, $admintype); } } } } } else { if ($tag->GetName() == 'onlynet') { $formstring .= '<p style="display:none"><label>联系方式限制:</label> <input name="onlynet" type="radio" id="onlynet" value="2" checked="checked" /> 不公开所有联系方式 <input name="onlynet" type="radio" id="onlynet" value="1" /> 不公开电话、详细地址 <input name="onlynet" type="radio" id="onlynet" value="0" /> 公开所有联系方式</p>'; } else { if ($tag->GetName() == 'place' || $tag->GetName() == 'oldplace') { $formtitle = $tag->GetName() == 'place' ? '目前所在地' : '家乡所在地'; $formstring .= '<p><label>' . $formtitle . ':</label>' . GetEnumsForm('nativeplace', $value[$tag->GetName()], $tag->GetName()) . '</p>'; } else { if ($tag->GetName() == 'birthday') { $formstring .= '<p><label>' . $tag->GetAtt('itemname') . ':</label><input type="text" class="intxt" style="width: 100px;" id="birthday" value="' . $value[$tag->GetName()] . '" name="birthday"></p>'; } else { if (array_key_exists($tag->GetName(), $this->egroups)) { //对联动模型进行特殊处理 $formstring .= '<p><label>' . $this->egroups[$tag->GetName()] . ':</label> ' . GetEnumsForm($tag->GetName(), $value[$tag->GetName()], $tag->GetName()) . '</p>'; } else { if ($tag->GetAtt('type') == 'checkbox') { //对checkbox模型进行特殊处理 $formstring .= $func($tag, dede_htmlspecialchars($value[$tag->GetName()], ENT_QUOTES), $admintype); } else { if ($tag->GetAtt('type') == 'img') { $fieldname = $tag->GetName(); $labelname = $tag->GetAtt('itemname'); $fvalue = dede_htmlspecialchars($value[$tag->GetName()], ENT_QUOTES); $imgstrng = "<p><label>{$labelname}:</label><input type='text' name='{$fieldname}' value='{$fvalue}' id='{$fieldname}' style='width:300px' class='text' /> <input name='" . $fieldname . "_bt' class='inputbut' type='button' value='浏览...' onClick=\"SelectImage('addcontent.{$fieldname}','big')\" />\r\n</p>"; $formstring .= $imgstrng; } else { $formstring .= $func($tag, dede_htmlspecialchars($value[$tag->GetName()], ENT_QUOTES), $admintype); //echo $formstring; } } } } } } } $formfields .= $formfields == '' ? $tag->GetName() . ',' . $tag->GetAtt('type') : ';' . $tag->GetName() . ',' . $tag->GetAtt('type'); } } } } $formstring .= "<input type=\"hidden\" name=\"dede_fields\" value=\"" . $formfields . "\" />\n"; $formstring .= "<input type=\"hidden\" name=\"dede_fieldshash\" value=\"" . md5($formfields . $cfg_cookie_encode) . "\" />"; return $formstring; }
} else { $link = $row1['arcurl']; } $link = dede_htmlspecialchars($link); $description = dede_htmlspecialchars(strip_tags($row['description'])); $text = dede_htmlspecialchars(strip_tags($row['body'])); $image = $row['litpic'] == '' ? '' : $row['litpic']; if ($image != '' && strpos($image, 'http://') === false) { $image = ($cfg_basehost == '' ? 'http://' . $_SERVER["HTTP_HOST"] . $cfg_cmspath : $cfg_basehost) . $image; } //$headlineimg = ''; $keywords = dede_htmlspecialchars($row['keywords']); $category = dede_htmlspecialchars($row['typename']); $author = dede_htmlspecialchars($row['writer']); $source = dede_htmlspecialchars($row['source']); $pubdate = dede_htmlspecialchars(gmdate('Y-m-d H:i', $row['pubdate'] + $cfg_cli_time * 3600)); $baidunews .= "<item>\n"; $baidunews .= "<title>{$title} </title>\n"; $baidunews .= "<link>{$link} </link>\n"; $baidunews .= "<description>{$description} </description>\n"; $baidunews .= "<text>{$text} </text>\n"; $baidunews .= "<image>{$image} </image>\n"; //$baidunews .= "<headlineimages/>\n"; $baidunews .= "<keywords>{$keywords} </keywords>\n"; $baidunews .= "<category>{$category} </category>\n"; $baidunews .= "<author>{$author} </author>\n"; $baidunews .= "<source>{$source} </source>\n"; $baidunews .= "<pubDate>{$pubdate} </pubDate>\n"; $baidunews .= "</item>\n"; } $baidunews .= "</document>\n";
foreach ($latests['comments'] as $k => $v) { $data[] = array('nickname' => $v['passport']['nickname'], 'content' => $v['content'], 'topic_title' => $v['topic_title'], 'topic_url' => $v['topic_url']); } } echo json_encode($latests); exit; } elseif ($dopost == 'getcode') { if (!changyan_islogin()) { ShowMsg("您尚未登录畅言,请先登录后继续使用……!", '?'); exit; } changyan_check_islogin(); $user = changyan_get_setting('user'); $sign = changyan_gen_sign($user); $result = changyan_getcode(CHANGYAN_CLIENT_ID, $user, false, $sign); $code = dede_htmlspecialchars($result['code']); $msg = <<<EOT <style type='text/css'> pre { width:50%; display: block; padding: 9.5px; margin: 0 0 10px; font-size: 13px; line-height: 20px; word-break: break-all; word-wrap: break-word; white-space: pre; white-space: pre-wrap; background-color: #f5f5f5; border: 1px solid #ccc;
</table> </form> <?php //AJAX窗体结束 } else { if ($dopost == 'quickEditSave') { require_once DEDEADMIN . '/inc/inc_archives_functions.php'; //权限检测 if (!TestPurview('a_Edit')) { if (TestPurview('a_AccEdit')) { CheckCatalog($typeid, "对不起,你没有操作栏目 {$typeid} 的文档权限!"); } else { CheckArcAdmin($aid, $cuserLogin->getUserID()); } } $title = dede_htmlspecialchars(cn_substrR($title, $cfg_title_maxlen)); $shorttitle = cn_substrR($shorttitle, 36); $keywords = trim(cn_substrR($keywords, 60)); if (!TestPurview('a_Check,a_AccCheck,a_MyCheck')) { $arcrank = -1; } $adminid = $cuserLogin->getUserID(); //属性处理 $flag = isset($flags) ? join(',', $flags) : ''; if (!empty($flag)) { if (preg_match("#p#", $oldflag)) { $flag .= ',p'; } if (preg_match("#j#", $oldflag)) { $flag .= ',j'; }
$forms .= "结束时间:<input type=\"text\" name=\"enddate\" value=\"\" /><br />"; } else { $tmp = ''; } } } } } $addonstring .= $tmp . ','; } } $forms .= '<input type="submit" name="submit" value="开始搜索" /></form>'; $formssql = addslashes($forms); $query = "REPLACE INTO #@__advancedsearch(mid, maintable, mainfields, addontable, addonfields, forms, template) VALUES('{$mid}','{$maintable}','{$mainstring}','{$addontable}','{$addonstring}','{$formssql}', '{$template}')"; $dsql->ExecuteNoneQuery($query); $formshtml = dede_htmlspecialchars($forms); echo '<meta http-equiv="Content-Type" content="text/html; charset=' . $cfg_soft_lang . '">'; echo "下面为生成的html表单,请自行复制,根据自己需求修改样式后粘贴到对应的模板中<br><br><textarea cols=\"100\" rows=\"10\">" . $forms . "</textarea>"; echo '<br />预览:<br /><hr>'; echo $forms; } } exit; } else { if ($dopost == 'del') { $mid = intval($mid); $dsql->ExecuteNoneQuery("DELETE FROM `#@__advancedsearch` WHERE mid = '{$mid}'; "); ShowMsg("成功删除一个自定义搜索!", "mychannel_main.php"); exit; } }
/** * 获取表单 * * @access public * @param string $type 类型 * @param string $value 值 * @param string $admintype 管理类型 * @return string */ function getForm($type = 'post', $value = '', $admintype = 'diy') { global $cfg_cookie_encode; $dtp = new DedeTagParse(); $dtp->SetNameSpace("field", "<", ">"); $dtp->LoadSource($this->info); $formstring = ''; $formfields = ''; $func = $type == 'post' ? 'GetFormItem' : 'GetFormItemValue'; if (is_array($dtp->CTags)) { foreach ($dtp->CTags as $tagid => $tag) { if ($tag->GetAtt('autofield')) { if ($type == 'post') { $formstring .= $func($tag, $admintype); } else { $formstring .= $func($tag, dede_htmlspecialchars($value[$tag->GetName()], ENT_QUOTES), $admintype); } $formfields .= $formfields == '' ? $tag->GetName() . ',' . $tag->GetAtt('type') : ';' . $tag->GetName() . ',' . $tag->GetAtt('type'); } } } $formstring .= "<input type=\"hidden\" name=\"dede_fields\" value=\"" . $formfields . "\" />\n"; $formstring .= "<input type=\"hidden\" name=\"dede_fieldshash\" value=\"" . md5($formfields . $cfg_cookie_encode) . "\" />"; return $formstring; }
* @package DedeCMS.Administrator * @copyright Copyright (c) 2007 - 2010, DesDev, Inc. * @license http://help.dedecms.com/usersguide/license.html * @link http://www.dedecms.com */ require_once dirname(__FILE__) . "/config.php"; CheckPurview('temp_Test'); require_once DEDEINC . "/arc.partview.class.php"; if (empty($partcode)) { ShowMsg('错误请求', 'javascript:;'); exit; } $partcode = stripslashes($partcode); if (empty($typeid)) { $typeid = 0; } if (empty($showsource)) { $showsource = ""; } if ($typeid > 0) { $pv = new PartView($typeid); } else { $pv = new PartView(); } $pv->SetTemplet($partcode, "string"); if ($showsource == "" || $showsource == "yes") { echo "模板代码:"; echo "<span style='color:red;'><pre>" . dede_htmlspecialchars($partcode) . "</pre></span>"; echo "结果:<hr size='1' width='100%'>"; } $pv->Display();
function lib_changyan(&$ctag, &$refObj) { global $dsql, $envs; //属性处理 $attlist = "type|code,config|,class|_DEDECY,style|"; FillAttsDefault($ctag->CAttribute->Items, $attlist); extract($ctag->CAttribute->Items, EXTR_SKIP); $reval = ""; if (!$dsql->IsTable("#@__plus_changyan_setting")) { return '没安装畅言模块'; } $client_id = changyan_get_setting('appid'); if (empty($client_id)) { return '尚未注册畅言帐号,请到后台注册'; } if ($type == 'code' or $type == 'code2') { $reval .= "<div class='{$class}' style='{$style}'>"; $prefix = 'changyan'; $key = 'code'; $row = GetCache($prefix, $key); if (!is_array($row)) { $appid = changyan_get_setting('appid'); $user = changyan_get_setting('user'); $sign = changyan_gen_sign($user); $result = changyan_getcode(CHANGYAN_CLIENT_ID, $user, false, $sign, $appid); if ($result['status'] == 1) { return '未获取畅言代码,错误消息:' . $result['msg']; } $row['reval'] = dede_htmlspecialchars($result['code']); SetCache($prefix, $key, $row, 60 * 60 * 1); } if (!empty($config)) { $config_arr = array(); $configs = explode(',', $config); if (count($configs) > 0) { foreach ($configs as $c) { $item = explode(':', $c); $config_arr[$item[0]] = $item[1]; } } $config_str = json_encode($config_arr); $reval .= <<<EOT <script> var_config={$config_str}; </script> EOT; } $reval .= htmlspecialchars_decode($row['reval']); $reval = str_replace("id='SOHUCS'", "id='SOHUCS' sid='{$refObj->ArcID}'", $reval); if ($type == 'code2') { $reval = preg_replace("#window.SCS_NO_IFRAME[ ]?=[ ]?true;#i", "", $reval); } $reval = str_replace("<script>", "</div><script>", $reval); } elseif ($type == 'count') { if (!$GLOBALS['changyan_count_js']) { $reval .= "<script type=\"text/javascript\" src=\"http://assets.changyan.sohu.com/upload/plugins/plugins.count.js\"></script>"; } $reval .= "<a href=\"#SOHUCS\" id=\"changyan_count_unit\"></a>"; $GLOBALS['changyan_count_js'] = TRUE; } return $reval; }
$arcRow = $dsql->GetOne("SELECT s.*,t.* FROM `#@__member_stow` AS s LEFT JOIN `#@__member_stowtype` AS t ON s.type=t.stowname WHERE s.aid='{$aid}' AND s.type='{$type}'"); if (!is_array($arcRow)) { ShowMsg("无法把未知文档推荐给好友!", "-1"); exit; } $arcRow['arcurl'] = $arcRow['indexurl'] . "=" . $arcRow['aid']; extract($arcRow, EXTR_OVERWRITE); } } else { if ($action == 'send') { if (!CheckEmail($email)) { echo "<script>alert('Email格式不正确!');history.go(-1);</script>"; exit; } $mailbody = ''; $msg = dede_htmlspecialchars($msg); $mailtitle = "你的好友给你推荐了一篇文章"; $mailbody .= "{$msg} \r\n\r\n"; $mailbody .= "Power by http://www.dedecms.com 织梦内容管理系统!"; $headers = "From: " . $cfg_adminemail . "\r\nReply-To: " . $cfg_adminemail; if ($cfg_sendmail_bysmtp == 'Y' && !empty($cfg_smtp_server)) { $mailtype = 'TXT'; require_once DEDEINC . '/mail.class.php'; $smtp = new smtp($cfg_smtp_server, $cfg_smtp_port, true, $cfg_smtp_usermail, $cfg_smtp_password); $smtp->debug = false; $smtp->sendmail($email, $cfg_webname, $cfg_smtp_usermail, $mailtitle, $mailbody, $mailtype); } else { @mail($email, $mailtitle, $mailbody, $headers); } ShowMsg("成功推荐一篇文章!", $arcurl); exit;
<td align="left" style="padding:3px;"> <?php if ($row['type'] == 'bool') { $c1 = ''; $c2 = ''; $row['value'] == 'Y' ? $c1 = " checked" : ($c2 = " checked"); echo "<input type='radio' class='np' name='edit___{$row['varname']}' value='Y'{$c1}>是 "; echo "<input type='radio' class='np' name='edit___{$row['varname']}' value='N'{$c2}>否 "; } else { if ($row['type'] == 'bstring') { echo "<textarea name='edit___{$row['varname']}' row='4' id='edit___{$row['varname']}' class='textarea_info' style='width:98%;height:50px'>" . dede_htmlspecialchars($row['value']) . "</textarea>"; } else { if ($row['type'] == 'number') { echo "<input type='text' name='edit___{$row['varname']}' id='edit___{$row['varname']}' value='{$row['value']}' style='width:30%'>"; } else { echo "<input type='text' name='edit___{$row['varname']}' id='edit___{$row['varname']}' value=\"" . dede_htmlspecialchars($row['value']) . "\" style='width:80%'>"; } } } ?> </td> <td><?php echo $row['varname']; ?> </td> </tr> <?php } ?> </table> <?php
/** * 获得文档列表 * * @access public * @param string $innertext 底层模板 * @return string */ function GetArcList($innertext = "") { $typeid = $this->TypeID; $innertext = trim($innertext); if ($innertext == "") { $innertext = GetSysTemplets("rss.htm"); } $orwhere = " arc.arcrank > -1 "; $orwhere .= " AND (arc.typeid in (" . GetSonIds($this->TypeID, $this->TypeFields['channeltype']) . ") ) "; $ordersql = " ORDER BY arc.id desc"; $query = "SELECT arc.*,tp.typedir,tp.typename,tp.isdefault,\n tp.defaultname,tp.namerule,tp.namerule2,tp.ispart,tp.moresite,tp.siteurl,tp.sitepath\n FROM `#@__archives` arc LEFT JOIN `#@__arctype` tp ON arc.typeid=tp.id\n WHERE {$orwhere} {$ordersql} LIMIT 0," . $this->MaxRow; $this->dsql->SetQuery($query); $this->dsql->Execute('al'); $artlist = ''; $dtp2 = new DedeTagParse(); $dtp2->SetNameSpace('field', '[', ']'); $dtp2->LoadSource($innertext); while ($row = $this->dsql->GetArray('al')) { //处理一些特殊字段 if ($row['litpic'] == '-' || $row['litpic'] == '') { $row['litpic'] = $GLOBALS['cfg_cmspath'] . '/images/defaultpic.gif'; } if (!preg_match("/^http:\\/\\//", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { $row['litpic'] = $GLOBALS['cfg_mainsite'] . $row['litpic']; } $row['picname'] = $row['litpic']; $row["arcurl"] = GetFileUrl($row["id"], $row["typeid"], $row["senddate"], $row["title"], $row["ismake"], $row["arcrank"], $row["namerule"], $row["typedir"], $row["money"], $row['filename'], $row["moresite"], $row["siteurl"], $row["sitepath"]); $row["typeurl"] = GetTypeUrl($row["typeid"], $row["typedir"], $row["isdefault"], $row["defaultname"], $row["ispart"], $row["namerule2"], $row["moresite"], $row["siteurl"], $row["sitepath"]); $row["info"] = $row["description"]; $row["filename"] = $row["arcurl"]; $row["stime"] = GetDateMK($row["pubdate"]); $row["image"] = "<img src='" . $row["picname"] . "' border='0'>"; $row["fullurl"] = $GLOBALS["cfg_basehost"] . $row["arcurl"]; // 2011-6-20 启用多站点RSS输出存在的路径问题(by:织梦的鱼) if ($GLOBALS['cfg_multi_site'] == 'Y') { $row["fullurl"] = $row["arcurl"]; } $row["phpurl"] = $GLOBALS["cfg_plus_dir"]; $row["templeturl"] = $GLOBALS["cfg_templets_dir"]; if ($row["source"] == '') { $row["source"] = $GLOBALS['cfg_webname']; } if ($row["writer"] == '') { $row["writer"] = "秩名"; } foreach ($row as $k => $v) { $row[$k] = dede_htmlspecialchars($v); } if (is_array($dtp2->CTags)) { foreach ($dtp2->CTags as $k => $ctag) { if ($ctag->GetName() == 'array') { //传递整个数组,在runphp模式中有特殊作用 $dtp2->Assign($k, $row); } else { if (isset($row[$ctag->GetName()])) { $dtp2->Assign($k, $row[$ctag->GetName()]); } else { $dtp2->Assign($k, ''); } } } } $artlist .= $dtp2->GetResult() . "\r\n"; } $this->dsql->FreeResult('al'); return $artlist; }
$id = preg_replace("#[^0-9]#", "", $id); $action = isset($action) ? trim($action) : ''; if ($id < 1) { ShowMsg("含有非法操作!.", "-1"); exit; } //取出圈子信息 $row = $db->GetOne("SELECT * FROM #@__groups WHERE groupid='{$id}'"); $groupsname = $row['groupname']; $groupstoreid = $row['storeid']; $groupishidden = $row['ishidden']; $groupissystem = $row['issystem']; $groupcreater = $row['creater']; $groupimg = $row['groupimg']; $ismaster = $row['ismaster']; $groupdes = dede_htmlspecialchars($row['des']); $groupisindex = $row['isindex']; $groupsmalltype = $row['smalltype']; //编译小分类成数组 $smalltypes = $row['smalltype']; $lists = array(); $smalltypes = @explode(",", $smalltypes); foreach ($smalltypes as $k) { $kk = @explode("|", $k); @array_push($lists, $kk[1]); } //====保存圈子信息=====// if ($action == "save") { $groupname = cn_substr($groupname, 75); $storeid = preg_replace("#[^0-9]#", "", $store); $issystem = preg_replace("#[^0-1]#", "", $issystem);
function StringSafe($str, $safestep = -1) { $safestep = $safestep > -1 ? $safestep : $this->stringSafe; //过滤危险的HTML(默认级别) if ($safestep == 1) { $str = preg_replace("#script:#i", "script:", $str); $str = preg_replace("#<[\\/]{0,1}(link|meta|ifr|fra|scr)[^>]*>#isU", '', $str); $str = preg_replace("#[\r\n\t ]{1,}#", ' ', $str); return $str; } else { if ($this->stringSafe == 2) { $str = addslashes(dede_htmlspecialchars(stripslashes($str))); $str = preg_replace("#eval#i", 'eval', $str); $str = preg_replace("#union#i", 'union', $str); $str = preg_replace("#concat#i", 'concat', $str); $str = preg_replace("#--#", '--', $str); $str = preg_replace("#[\r\n\t ]{1,}#", ' ', $str); return $str; } else { return $str; } } }
function TrimMsg($msg) { $msg = trim(stripslashes($msg)); $msg = nl2br(dede_htmlspecialchars($msg)); $msg = str_replace(" ", " ", $msg); return addslashes($msg); }
/** * 记录会员操作日志 * * @access public * @param string $type 记录类型 * @param string $title 记录标题 * @param string $note记录描述 * @param string $aid涉及到的内容的id * @return string */ function RecordFeeds($type, $title, $note, $aid) { global $dsql, $cfg_mb_feedcheck; //确定是否需要记录 if (in_array($type, array('add', 'addsoft', 'feedback', 'addfriends', 'stow'))) { $ntime = time(); $title = dede_htmlspecialchars(cn_substrR($title, 255)); if (in_array($type, array('add', 'addsoft', 'feedback', 'stow'))) { $rcdtype = array('add' => ' 成功发布了', 'addsoft' => ' 成功发布了软件', 'feedback' => ' 评论了文章', 'stow' => ' 收藏了'); //内容发布处理 $arcrul = " <a href='/plus/view.php?aid=" . $aid . "'>" . $title . "</a>"; $title = dede_htmlspecialchars($rcdtype[$type] . $arcrul, ENT_QUOTES); } else { if ($type == 'addfriends') { //添加好友处理 $arcrul = " <a href='/member/index.php?uid=" . $aid . "'>" . $aid . "</a>"; $title = dede_htmlspecialchars(' 与' . $arcrul . "成为好友", ENT_QUOTES); } } $note = Html2Text($note); $aid = isset($aid) && is_numeric($aid) ? $aid : 0; $ischeck = $cfg_mb_feedcheck == 'Y' ? 0 : 1; $query = "INSERT INTO `#@__member_feed` (`mid`, `userid`, `uname`, `type`, `aid`, `dtime`,`title`, `note`, `ischeck`) \n Values('{$this->M_ID}', '{$this->M_LoginID}', '{$this->M_UserName}', '{$type}', '{$aid}', '{$ntime}', '{$title}', '{$note}', '{$ischeck}'); "; $rs = $dsql->ExecuteNoneQuery($query); return $rs; } else { return FALSE; } }
$winform = $win->GetWindow("ok"); $win->Display(); } else { if ($fmdo == "edit") { if (!isset($backurl)) { $backurl = ""; } $activepath = str_replace("..", "", $activepath); $filename = str_replace("..", "", $filename); $file = "{$cfg_basedir}{$activepath}/{$filename}"; $content = ""; if (is_file($file)) { $fp = fopen($file, "r"); $content = fread($fp, filesize($file)); fclose($fp); $content = dede_htmlspecialchars($content); } $contentView = "<textarea name='str' style='width:99%;height:450px;background:#ffffff;'>{$content}</textarea>\r\n"; $GLOBALS['filename'] = $filename; $ctp = new DedeTagParse(); $ctp->LoadTemplate(DEDEADMIN . "/templets/file_edit.htm"); $ctp->display(); } else { if ($fmdo == "newfile") { $content = ""; $GLOBALS['filename'] = "newfile.txt"; $contentView = "<textarea name='str' style='width:99%;height:400'></textarea>\r\n"; $ctp = new DedeTagParse(); $ctp->LoadTemplate(DEDEADMIN . "/templets/file_edit.htm"); $ctp->display(); } else {
* * @version $Id: flink.php 1 15:38 2010年7月8日Z tianya $ * @package DedeCMS.Site * @copyright Copyright (c) 2007 - 2010, DesDev, Inc. * @license http://help.dedecms.com/usersguide/license.html * @link http://www.dedecms.com */ require_once dirname(__FILE__) . "/../include/common.inc.php"; if (empty($dopost)) { $dopost = ''; } if ($dopost == 'save') { $validate = isset($validate) ? strtolower(trim($validate)) : ''; $svali = GetCkVdValue(); if ($validate == '' || $validate != $svali) { ShowMsg('验证码不正确!', '-1'); exit; } $msg = dede_htmlspecialchars($msg); $email = dede_htmlspecialchars($email); $webname = dede_htmlspecialchars($webname); $url = dede_htmlspecialchars($url); $logo = dede_htmlspecialchars($logo); $typeid = intval($typeid); $dtime = time(); $query = "INSERT INTO `#@__flink`(sortrank,url,webname,logo,msg,email,typeid,dtime,ischeck)\n VALUES('50','{$url}','{$webname}','{$logo}','{$msg}','{$email}','{$typeid}','{$dtime}','0')"; $dsql->ExecuteNoneQuery($query); ShowMsg('成功增加一个链接,但需要审核后才能显示!', '-1', 1); } //显示模板(简单PHP文件) include_once DEDETEMPLATE . '/plus/flink-list.htm';
function lib_tag(&$ctag, &$refObj) { global $dsql, $envs, $cfg_cmsurl; //属性处理 $attlist = "row|30,sort|new,getall|0,typeid|0"; FillAttsDefault($ctag->CAttribute->Items, $attlist); extract($ctag->CAttribute->Items, EXTR_SKIP); $InnerText = $ctag->GetInnerText(); if (trim($InnerText) == '') { $InnerText = GetSysTemplets('tag_one.htm'); } $revalue = ''; $ltype = $sort; $num = $row; $addsql = ''; if ($getall == 0 && isset($refObj->Fields['tags']) && !empty($refObj->Fields['aid'])) { $dsql->SetQuery("SELECT tid FROM `#@__taglist` WHERE aid = '{$refObj->Fields['aid']}' "); $dsql->Execute(); $ids = ''; while ($row = $dsql->GetArray()) { $ids .= $ids == '' ? $row['tid'] : ',' . $row['tid']; } if ($ids != '') { $addsql = " WHERE id IN({$ids}) "; } if ($addsql == '') { return ''; } } else { if (!empty($typeid)) { $addsql = " WHERE typeid='{$typeid}' "; } } if ($ltype == 'rand') { $orderby = 'rand() '; } else { if ($ltype == 'week') { $orderby = ' weekcc DESC '; } else { if ($ltype == 'month') { $orderby = ' monthcc DESC '; } else { if ($ltype == 'hot') { $orderby = ' count DESC '; } else { if ($ltype == 'total') { $orderby = ' total DESC '; } else { $orderby = 'addtime DESC '; } } } } } $dsql->SetQuery("SELECT * FROM `#@__tagindex` {$addsql} ORDER BY {$orderby} LIMIT 0,{$num}"); $dsql->Execute(); $ctp = new DedeTagParse(); $ctp->SetNameSpace('field', '[', ']'); $ctp->LoadSource($InnerText); while ($row = $dsql->GetArray()) { $row['keyword'] = $row['tag']; $row['tag'] = dede_htmlspecialchars($row['tag']); $row['link'] = $cfg_cmsurl . "/tags.php?/" . urlencode($row['keyword']) . "/"; $row['highlight'] = 0; if ($row['monthcc'] > 1000 || $row['weekcc'] > 300) { $row['highlight'] = mt_rand(3, 4); } else { if ($row['count'] > 3000) { $row['highlight'] = mt_rand(5, 6); } else { $row['highlight'] = mt_rand(1, 2); } } foreach ($ctp->CTags as $tagid => $ctag) { if (isset($row[$ctag->GetName()])) { $ctp->Assign($tagid, $row[$ctag->GetName()]); } } $revalue .= $ctp->GetResult(); } return $revalue; }
$win->AddMsgItem("<div style='padding:20px;line-height:300%'>{$msg}</div>"); $winform = $win->GetWindow("ok"); $win->Display(); exit; } else { if ($job == "yes") { if (preg_match("#[^0-9-]#", $newid) || empty($newid)) { ShowMsg("<font color=red>'会员模型ID'</font>必须为数字!", "-1"); exit; } if ($newtable == "") { ShowMsg("表名不能为空!", "-1"); exit; } $state = isset($state) && is_numeric($state) ? $state : 0; $newname = dede_htmlspecialchars($newname); $row = $dsql->GetOne("SELECT * FROM #@__member_model WHERE id='{$newid}' OR `table` LIKE '{$newtable}' OR name LIKE '{$newname}' "); if (is_array($row)) { ShowMsg("可能会员模型的‘ID’、‘名称’在数据库中已存在,不能重复使用!", "-1"); exit; } //拷贝数据表 if (!$dsql->IsTable($newtable)) { $dsql->Execute('me', "SHOW CREATE TABLE {$dsql->dbName}.{$thistable}"); $row = $dsql->GetArray('me', MYSQL_BOTH); $tableStruct = $row[1]; $tb = str_replace('#@__', $cfg_dbprefix, $thistable); $tableStruct = preg_replace("/CREATE TABLE `{$thistable}`/iU", "CREATE TABLE `{$newtable}`", $tableStruct); $dsql->ExecuteNoneQuery($tableStruct); } $query = "INSERT INTO #@__member_model (`id`, `name`, `table`, `description`, `issystem`, `state`, `info`) VALUES ('{$newid}', '{$newname}', '{$newtable}', '{$description}', 0, '{$state}','{$thisinfo}')";
/** * Creates a %CKEditor instance. * In incompatible browsers %CKEditor will downgrade to plain HTML <textarea> element. * * @param $name (string) Name of the %CKEditor instance (this will be also the "name" attribute of textarea element). * @param $value (string) Initial value (optional). * @param $config (array) The specific configurations to apply to this editor instance (optional). * @param $events (array) Event listeners for this editor instance (optional). * * Example usage: * @code * $CKEditor = new CKEditor(); * $CKEditor->editor("field1", "<p>Initial value.</p>"); * @endcode * * Advanced example: * @code * $CKEditor = new CKEditor(); * $config = array(); * $config['toolbar'] = array( * array( 'Source', '-', 'Bold', 'Italic', 'Underline', 'Strike' ), * array( 'Image', 'Link', 'Unlink', 'Anchor' ) * ); * $events['instanceReady'] = 'function (ev) { * alert("Loaded: " + ev.editor.name); * }'; * $CKEditor->editor("field1", "<p>Initial value.</p>", $config, $events); * @endcode */ function editor($name, $value = "", $config = array(), $events = array()) { $attr = ""; foreach ($this->textareaAttributes as $key => $val) { $attr .= " " . $key . '="' . str_replace('"', '"', $val) . '"'; } $out = "<textarea name=\"" . $name . "\"" . $attr . ">" . dede_htmlspecialchars($value) . "</textarea>\n"; if (!$this->initialized) { $out .= $this->init(); } $_config = $this->configSettings($config, $events); $js = $this->returnGlobalEvents(); if (!empty($_config)) { $js .= "CKEDITOR.replace('" . $name . "', " . $this->jsEncode($_config) . ");"; } else { $js .= "CKEDITOR.replace('" . $name . "');"; } $out .= $this->script($js); if (!$this->returnOutput) { print $out; $out = ""; } return $out; }
$win->Display(); $dm->Clear(); exit; } else { if ($action == 'edit') { $dm = new DedeModule($mdir); $minfos = $dm->GetModuleInfo($hash); extract($minfos, EXTR_SKIP); if (!isset($lang)) { $lang = 'gb2312'; } if (!isset($moduletype)) { $moduletype = 'soft'; } $menustring = $dm->GetSystemFile($hash, 'menustring'); $setupsql40 = dede_htmlspecialchars($dm->GetSystemFile($hash, 'setupsql40')); $readmetxt = $dm->GetSystemFile($hash, 'readme'); $delsql = $dm->GetSystemFile($hash, 'delsql'); $filelist = $dm->GetSystemFile($hash, 'oldfilelist', false); $indexurl = str_replace('**', '=', $indexurl); $dm->Clear(); require_once dirname(__FILE__) . '/templets/module_edit.htm'; exit; } else { if ($action == 'download') { $model_remote_url = $updateHost . 'dedecms/module_' . $cfg_soft_lang . '/' . $hash . '.xml'; $model_remote = file_get_contents($model_remote_url); file_put_contents($mdir . '/' . $hash . '.xml', $model_remote); echo "未安装 <a href='module_main.php?action=setup&hash={$hash}'><u>安装</u></a>"; } }