function HtmlReplace($str, $rptype = 0)
{
$str = stripslashes($str);
$str = preg_replace("/<[\\/]{0,1}style([^>]*)>(.*)<\\/style>/i", '', $str);
//2011-06-30 禁止会员投稿添加css样式 (by:织梦的鱼)
if ($rptype == 0) {
$str = dede_htmlspecialchars($str);
} else {
if ($rptype == 1) {
$str = dede_htmlspecialchars($str);
$str = str_replace(" ", ' ', $str);
$str = preg_replace("/[\r\n\t ]{1,}/", ' ', $str);
} else {
if ($rptype == 2) {
$str = dede_htmlspecialchars($str);
$str = str_replace(" ", '', $str);
$str = preg_replace("/[\r\n\t ]/", '', $str);
} else {
$str = preg_replace("/[\r\n\t ]{1,}/", ' ', $str);
$str = preg_replace('/script/i', 'script', $str);
$str = preg_replace("/<[\\/]{0,1}(link|meta|ifr|fra)[^>]*>/i", '', $str);
}
}
}
return addslashes($str);
}
function text2wml($content)
{
$content = str_replace('$', '$$', $content);
$content = str_replace("\r\n", "\n", dede_htmlspecialchars($content));
$content = explode("\n", $content);
for ($i = 0; $i < count($content); $i++) {
// 过滤首尾空格
$content[$i] = trim($content[$i]);
// 如果去掉全角空格为空行,则设为空行,否则不对全角空格过滤。
if (str_replace(" ", "", $content[$i]) == "") {
$content[$i] = "";
}
}
//合并各行,转化为 WML,并过滤掉空行
$content = str_replace("<p><br /></p>\n", "", "<p>" . implode("<br /></p>\n<p>", $content) . "<br /></p>\n");
return $content;
}
/**
* 获取用户数据表单
*
* @access public
* @param string $type 表单类型
* @param string $value 值
* @param string $admintype 模型类型
* @return string
*/
function getForm($type = 'post', $value = '', $admintype = 'membermodel2')
{
global $cfg_cookie_encode;
$dtp = new DedeTagParse();
$dtp->SetNameSpace("field", "<", ">");
$dtp->LoadSource($this->info);
$formstring = '';
$formfields = '';
$func = $type == 'post' ? 'GetFormItem' : 'GetFormItemValue';
if (is_array($dtp->CTags)) {
foreach ($dtp->CTags as $tagid => $tag) {
if ($tag->GetAtt('autofield')) {
if ($tag->GetAtt('state') == 1) {
//如果启用该字段
if ($type == 'post') {
//对一些字段进行特殊处理
if ($tag->GetName() == 'onlynet') {
$formstring .= '<li><span>联系方式限制:</span><div class="lform">
<input name="onlynet" type="radio" id="onlynet" value="2" checked="checked" />
不公开所有联系方式
<input name="onlynet" type="radio" id="onlynet" value="1" />
不公开电话、详细地址
<input name="onlynet" type="radio" id="onlynet" value="0" />
公开所有联系方式</div></li>';
} else {
if ($tag->GetName() == 'place' || $tag->GetName() == 'oldplace') {
$formtitle = $tag->GetName() == 'place' ? '目前所在地' : '家乡所在地';
$formstring .= '<li><div class="lform">' . GetEnumsForm('nativeplace', 0, $tag->GetName()) . '</div><span>' . $formtitle . ':</span></li>';
} else {
if (array_key_exists($tag->GetName(), $this->egroups)) {
//对联动模型进行特殊处理
$formstring .= '<li><div class="lform">' . GetEnumsForm($tag->GetName(), 0, $tag->GetName()) . '</div><span>' . $this->egroups[$tag->GetName()] . ':</span></li>';
} else {
if ($tag->GetAtt('type') == 'checkbox') {
//对checkbox模型进行特殊处理
$formstring .= $func($tag, $admintype);
} else {
$formstring .= $func($tag, $admintype);
}
}
}
}
} else {
if ($tag->GetName() == 'onlynet') {
$formstring .= '<p style="display:none"><label>联系方式限制:</label>
<input name="onlynet" type="radio" id="onlynet" value="2" checked="checked" />
不公开所有联系方式
<input name="onlynet" type="radio" id="onlynet" value="1" />
不公开电话、详细地址
<input name="onlynet" type="radio" id="onlynet" value="0" />
公开所有联系方式</p>';
} else {
if ($tag->GetName() == 'place' || $tag->GetName() == 'oldplace') {
$formtitle = $tag->GetName() == 'place' ? '目前所在地' : '家乡所在地';
$formstring .= '<p><label>' . $formtitle . ':</label>' . GetEnumsForm('nativeplace', $value[$tag->GetName()], $tag->GetName()) . '</p>';
} else {
if ($tag->GetName() == 'birthday') {
$formstring .= '<p><label>' . $tag->GetAtt('itemname') . ':</label><input type="text" class="intxt" style="width: 100px;" id="birthday" value="' . $value[$tag->GetName()] . '" name="birthday"></p>';
} else {
if (array_key_exists($tag->GetName(), $this->egroups)) {
//对联动模型进行特殊处理
$formstring .= '<p><label>' . $this->egroups[$tag->GetName()] . ':</label> ' . GetEnumsForm($tag->GetName(), $value[$tag->GetName()], $tag->GetName()) . '</p>';
} else {
if ($tag->GetAtt('type') == 'checkbox') {
//对checkbox模型进行特殊处理
$formstring .= $func($tag, dede_htmlspecialchars($value[$tag->GetName()], ENT_QUOTES), $admintype);
} else {
if ($tag->GetAtt('type') == 'img') {
$fieldname = $tag->GetName();
$labelname = $tag->GetAtt('itemname');
$fvalue = dede_htmlspecialchars($value[$tag->GetName()], ENT_QUOTES);
$imgstrng = "<p><label>{$labelname}:</label><input type='text' name='{$fieldname}' value='{$fvalue}' id='{$fieldname}' style='width:300px' class='text' /> <input name='" . $fieldname . "_bt' class='inputbut' type='button' value='浏览...' onClick=\"SelectImage('addcontent.{$fieldname}','big')\" />\r\n</p>";
$formstring .= $imgstrng;
} else {
$formstring .= $func($tag, dede_htmlspecialchars($value[$tag->GetName()], ENT_QUOTES), $admintype);
//echo $formstring;
}
}
}
}
}
}
}
$formfields .= $formfields == '' ? $tag->GetName() . ',' . $tag->GetAtt('type') : ';' . $tag->GetName() . ',' . $tag->GetAtt('type');
}
}
}
}
$formstring .= "<input type=\"hidden\" name=\"dede_fields\" value=\"" . $formfields . "\" />\n";
$formstring .= "<input type=\"hidden\" name=\"dede_fieldshash\" value=\"" . md5($formfields . $cfg_cookie_encode) . "\" />";
return $formstring;
}
} else {
$link = $row1['arcurl'];
}
$link = dede_htmlspecialchars($link);
$description = dede_htmlspecialchars(strip_tags($row['description']));
$text = dede_htmlspecialchars(strip_tags($row['body']));
$image = $row['litpic'] == '' ? '' : $row['litpic'];
if ($image != '' && strpos($image, 'http://') === false) {
$image = ($cfg_basehost == '' ? 'http://' . $_SERVER["HTTP_HOST"] . $cfg_cmspath : $cfg_basehost) . $image;
}
//$headlineimg = '';
$keywords = dede_htmlspecialchars($row['keywords']);
$category = dede_htmlspecialchars($row['typename']);
$author = dede_htmlspecialchars($row['writer']);
$source = dede_htmlspecialchars($row['source']);
$pubdate = dede_htmlspecialchars(gmdate('Y-m-d H:i', $row['pubdate'] + $cfg_cli_time * 3600));
$baidunews .= "<item>\n";
$baidunews .= "<title>{$title} </title>\n";
$baidunews .= "<link>{$link} </link>\n";
$baidunews .= "<description>{$description} </description>\n";
$baidunews .= "<text>{$text} </text>\n";
$baidunews .= "<image>{$image} </image>\n";
//$baidunews .= "<headlineimages/>\n";
$baidunews .= "<keywords>{$keywords} </keywords>\n";
$baidunews .= "<category>{$category} </category>\n";
$baidunews .= "<author>{$author} </author>\n";
$baidunews .= "<source>{$source} </source>\n";
$baidunews .= "<pubDate>{$pubdate} </pubDate>\n";
$baidunews .= "</item>\n";
}
$baidunews .= "</document>\n";
foreach ($latests['comments'] as $k => $v) {
$data[] = array('nickname' => $v['passport']['nickname'], 'content' => $v['content'], 'topic_title' => $v['topic_title'], 'topic_url' => $v['topic_url']);
}
}
echo json_encode($latests);
exit;
} elseif ($dopost == 'getcode') {
if (!changyan_islogin()) {
ShowMsg("您尚未登录畅言,请先登录后继续使用……!", '?');
exit;
}
changyan_check_islogin();
$user = changyan_get_setting('user');
$sign = changyan_gen_sign($user);
$result = changyan_getcode(CHANGYAN_CLIENT_ID, $user, false, $sign);
$code = dede_htmlspecialchars($result['code']);
$msg = <<<EOT
<style type='text/css'>
pre {
width:50%;
display: block;
padding: 9.5px;
margin: 0 0 10px;
font-size: 13px;
line-height: 20px;
word-break: break-all;
word-wrap: break-word;
white-space: pre;
white-space: pre-wrap;
background-color: #f5f5f5;
border: 1px solid #ccc;
</table>
</form>
<?php
//AJAX窗体结束
} else {
if ($dopost == 'quickEditSave') {
require_once DEDEADMIN . '/inc/inc_archives_functions.php';
//权限检测
if (!TestPurview('a_Edit')) {
if (TestPurview('a_AccEdit')) {
CheckCatalog($typeid, "对不起,你没有操作栏目 {$typeid} 的文档权限!");
} else {
CheckArcAdmin($aid, $cuserLogin->getUserID());
}
}
$title = dede_htmlspecialchars(cn_substrR($title, $cfg_title_maxlen));
$shorttitle = cn_substrR($shorttitle, 36);
$keywords = trim(cn_substrR($keywords, 60));
if (!TestPurview('a_Check,a_AccCheck,a_MyCheck')) {
$arcrank = -1;
}
$adminid = $cuserLogin->getUserID();
//属性处理
$flag = isset($flags) ? join(',', $flags) : '';
if (!empty($flag)) {
if (preg_match("#p#", $oldflag)) {
$flag .= ',p';
}
if (preg_match("#j#", $oldflag)) {
$flag .= ',j';
}
$forms .= "结束时间:<input type=\"text\" name=\"enddate\" value=\"\" /><br />";
} else {
$tmp = '';
}
}
}
}
}
$addonstring .= $tmp . ',';
}
}
$forms .= '<input type="submit" name="submit" value="开始搜索" /></form>';
$formssql = addslashes($forms);
$query = "REPLACE INTO #@__advancedsearch(mid, maintable, mainfields, addontable, addonfields, forms, template) VALUES('{$mid}','{$maintable}','{$mainstring}','{$addontable}','{$addonstring}','{$formssql}', '{$template}')";
$dsql->ExecuteNoneQuery($query);
$formshtml = dede_htmlspecialchars($forms);
echo '<meta http-equiv="Content-Type" content="text/html; charset=' . $cfg_soft_lang . '">';
echo "下面为生成的html表单,请自行复制,根据自己需求修改样式后粘贴到对应的模板中<br><br><textarea cols=\"100\" rows=\"10\">" . $forms . "</textarea>";
echo '<br />预览:<br /><hr>';
echo $forms;
}
}
exit;
} else {
if ($dopost == 'del') {
$mid = intval($mid);
$dsql->ExecuteNoneQuery("DELETE FROM `#@__advancedsearch` WHERE mid = '{$mid}'; ");
ShowMsg("成功删除一个自定义搜索!", "mychannel_main.php");
exit;
}
}
/**
* 获取表单
*
* @access public
* @param string $type 类型
* @param string $value 值
* @param string $admintype 管理类型
* @return string
*/
function getForm($type = 'post', $value = '', $admintype = 'diy')
{
global $cfg_cookie_encode;
$dtp = new DedeTagParse();
$dtp->SetNameSpace("field", "<", ">");
$dtp->LoadSource($this->info);
$formstring = '';
$formfields = '';
$func = $type == 'post' ? 'GetFormItem' : 'GetFormItemValue';
if (is_array($dtp->CTags)) {
foreach ($dtp->CTags as $tagid => $tag) {
if ($tag->GetAtt('autofield')) {
if ($type == 'post') {
$formstring .= $func($tag, $admintype);
} else {
$formstring .= $func($tag, dede_htmlspecialchars($value[$tag->GetName()], ENT_QUOTES), $admintype);
}
$formfields .= $formfields == '' ? $tag->GetName() . ',' . $tag->GetAtt('type') : ';' . $tag->GetName() . ',' . $tag->GetAtt('type');
}
}
}
$formstring .= "<input type=\"hidden\" name=\"dede_fields\" value=\"" . $formfields . "\" />\n";
$formstring .= "<input type=\"hidden\" name=\"dede_fieldshash\" value=\"" . md5($formfields . $cfg_cookie_encode) . "\" />";
return $formstring;
}
* @package DedeCMS.Administrator
* @copyright Copyright (c) 2007 - 2010, DesDev, Inc.
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
require_once dirname(__FILE__) . "/config.php";
CheckPurview('temp_Test');
require_once DEDEINC . "/arc.partview.class.php";
if (empty($partcode)) {
ShowMsg('错误请求', 'javascript:;');
exit;
}
$partcode = stripslashes($partcode);
if (empty($typeid)) {
$typeid = 0;
}
if (empty($showsource)) {
$showsource = "";
}
if ($typeid > 0) {
$pv = new PartView($typeid);
} else {
$pv = new PartView();
}
$pv->SetTemplet($partcode, "string");
if ($showsource == "" || $showsource == "yes") {
echo "模板代码:";
echo "<span style='color:red;'><pre>" . dede_htmlspecialchars($partcode) . "</pre></span>";
echo "结果:<hr size='1' width='100%'>";
}
$pv->Display();
function lib_changyan(&$ctag, &$refObj)
{
global $dsql, $envs;
//属性处理
$attlist = "type|code,config|,class|_DEDECY,style|";
FillAttsDefault($ctag->CAttribute->Items, $attlist);
extract($ctag->CAttribute->Items, EXTR_SKIP);
$reval = "";
if (!$dsql->IsTable("#@__plus_changyan_setting")) {
return '没安装畅言模块';
}
$client_id = changyan_get_setting('appid');
if (empty($client_id)) {
return '尚未注册畅言帐号,请到后台注册';
}
if ($type == 'code' or $type == 'code2') {
$reval .= "<div class='{$class}' style='{$style}'>";
$prefix = 'changyan';
$key = 'code';
$row = GetCache($prefix, $key);
if (!is_array($row)) {
$appid = changyan_get_setting('appid');
$user = changyan_get_setting('user');
$sign = changyan_gen_sign($user);
$result = changyan_getcode(CHANGYAN_CLIENT_ID, $user, false, $sign, $appid);
if ($result['status'] == 1) {
return '未获取畅言代码,错误消息:' . $result['msg'];
}
$row['reval'] = dede_htmlspecialchars($result['code']);
SetCache($prefix, $key, $row, 60 * 60 * 1);
}
if (!empty($config)) {
$config_arr = array();
$configs = explode(',', $config);
if (count($configs) > 0) {
foreach ($configs as $c) {
$item = explode(':', $c);
$config_arr[$item[0]] = $item[1];
}
}
$config_str = json_encode($config_arr);
$reval .= <<<EOT
<script>
var_config={$config_str};
</script>
EOT;
}
$reval .= htmlspecialchars_decode($row['reval']);
$reval = str_replace("id='SOHUCS'", "id='SOHUCS' sid='{$refObj->ArcID}'", $reval);
if ($type == 'code2') {
$reval = preg_replace("#window.SCS_NO_IFRAME[ ]?=[ ]?true;#i", "", $reval);
}
$reval = str_replace("<script>", "</div><script>", $reval);
} elseif ($type == 'count') {
if (!$GLOBALS['changyan_count_js']) {
$reval .= "<script type=\"text/javascript\" src=\"http://assets.changyan.sohu.com/upload/plugins/plugins.count.js\"></script>";
}
$reval .= "<a href=\"#SOHUCS\" id=\"changyan_count_unit\"></a>";
$GLOBALS['changyan_count_js'] = TRUE;
}
return $reval;
}
$arcRow = $dsql->GetOne("SELECT s.*,t.* FROM `#@__member_stow` AS s LEFT JOIN `#@__member_stowtype` AS t ON s.type=t.stowname WHERE s.aid='{$aid}' AND s.type='{$type}'");
if (!is_array($arcRow)) {
ShowMsg("无法把未知文档推荐给好友!", "-1");
exit;
}
$arcRow['arcurl'] = $arcRow['indexurl'] . "=" . $arcRow['aid'];
extract($arcRow, EXTR_OVERWRITE);
}
} else {
if ($action == 'send') {
if (!CheckEmail($email)) {
echo "<script>alert('Email格式不正确!');history.go(-1);</script>";
exit;
}
$mailbody = '';
$msg = dede_htmlspecialchars($msg);
$mailtitle = "你的好友给你推荐了一篇文章";
$mailbody .= "{$msg} \r\n\r\n";
$mailbody .= "Power by http://www.dedecms.com 织梦内容管理系统!";
$headers = "From: " . $cfg_adminemail . "\r\nReply-To: " . $cfg_adminemail;
if ($cfg_sendmail_bysmtp == 'Y' && !empty($cfg_smtp_server)) {
$mailtype = 'TXT';
require_once DEDEINC . '/mail.class.php';
$smtp = new smtp($cfg_smtp_server, $cfg_smtp_port, true, $cfg_smtp_usermail, $cfg_smtp_password);
$smtp->debug = false;
$smtp->sendmail($email, $cfg_webname, $cfg_smtp_usermail, $mailtitle, $mailbody, $mailtype);
} else {
@mail($email, $mailtitle, $mailbody, $headers);
}
ShowMsg("成功推荐一篇文章!", $arcurl);
exit;
<td align="left" style="padding:3px;">
<?php
if ($row['type'] == 'bool') {
$c1 = '';
$c2 = '';
$row['value'] == 'Y' ? $c1 = " checked" : ($c2 = " checked");
echo "<input type='radio' class='np' name='edit___{$row['varname']}' value='Y'{$c1}>是 ";
echo "<input type='radio' class='np' name='edit___{$row['varname']}' value='N'{$c2}>否 ";
} else {
if ($row['type'] == 'bstring') {
echo "<textarea name='edit___{$row['varname']}' row='4' id='edit___{$row['varname']}' class='textarea_info' style='width:98%;height:50px'>" . dede_htmlspecialchars($row['value']) . "</textarea>";
} else {
if ($row['type'] == 'number') {
echo "<input type='text' name='edit___{$row['varname']}' id='edit___{$row['varname']}' value='{$row['value']}' style='width:30%'>";
} else {
echo "<input type='text' name='edit___{$row['varname']}' id='edit___{$row['varname']}' value=\"" . dede_htmlspecialchars($row['value']) . "\" style='width:80%'>";
}
}
}
?>
</td>
<td><?php
echo $row['varname'];
?>
</td>
</tr>
<?php
}
?>
</table>
<?php
/**
* 获得文档列表
*
* @access public
* @param string $innertext 底层模板
* @return string
*/
function GetArcList($innertext = "")
{
$typeid = $this->TypeID;
$innertext = trim($innertext);
if ($innertext == "") {
$innertext = GetSysTemplets("rss.htm");
}
$orwhere = " arc.arcrank > -1 ";
$orwhere .= " AND (arc.typeid in (" . GetSonIds($this->TypeID, $this->TypeFields['channeltype']) . ") ) ";
$ordersql = " ORDER BY arc.id desc";
$query = "SELECT arc.*,tp.typedir,tp.typename,tp.isdefault,\n tp.defaultname,tp.namerule,tp.namerule2,tp.ispart,tp.moresite,tp.siteurl,tp.sitepath\n FROM `#@__archives` arc LEFT JOIN `#@__arctype` tp ON arc.typeid=tp.id\n WHERE {$orwhere} {$ordersql} LIMIT 0," . $this->MaxRow;
$this->dsql->SetQuery($query);
$this->dsql->Execute('al');
$artlist = '';
$dtp2 = new DedeTagParse();
$dtp2->SetNameSpace('field', '[', ']');
$dtp2->LoadSource($innertext);
while ($row = $this->dsql->GetArray('al')) {
//处理一些特殊字段
if ($row['litpic'] == '-' || $row['litpic'] == '') {
$row['litpic'] = $GLOBALS['cfg_cmspath'] . '/images/defaultpic.gif';
}
if (!preg_match("/^http:\\/\\//", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') {
$row['litpic'] = $GLOBALS['cfg_mainsite'] . $row['litpic'];
}
$row['picname'] = $row['litpic'];
$row["arcurl"] = GetFileUrl($row["id"], $row["typeid"], $row["senddate"], $row["title"], $row["ismake"], $row["arcrank"], $row["namerule"], $row["typedir"], $row["money"], $row['filename'], $row["moresite"], $row["siteurl"], $row["sitepath"]);
$row["typeurl"] = GetTypeUrl($row["typeid"], $row["typedir"], $row["isdefault"], $row["defaultname"], $row["ispart"], $row["namerule2"], $row["moresite"], $row["siteurl"], $row["sitepath"]);
$row["info"] = $row["description"];
$row["filename"] = $row["arcurl"];
$row["stime"] = GetDateMK($row["pubdate"]);
$row["image"] = "<img src='" . $row["picname"] . "' border='0'>";
$row["fullurl"] = $GLOBALS["cfg_basehost"] . $row["arcurl"];
// 2011-6-20 启用多站点RSS输出存在的路径问题(by:织梦的鱼)
if ($GLOBALS['cfg_multi_site'] == 'Y') {
$row["fullurl"] = $row["arcurl"];
}
$row["phpurl"] = $GLOBALS["cfg_plus_dir"];
$row["templeturl"] = $GLOBALS["cfg_templets_dir"];
if ($row["source"] == '') {
$row["source"] = $GLOBALS['cfg_webname'];
}
if ($row["writer"] == '') {
$row["writer"] = "秩名";
}
foreach ($row as $k => $v) {
$row[$k] = dede_htmlspecialchars($v);
}
if (is_array($dtp2->CTags)) {
foreach ($dtp2->CTags as $k => $ctag) {
if ($ctag->GetName() == 'array') {
//传递整个数组,在runphp模式中有特殊作用
$dtp2->Assign($k, $row);
} else {
if (isset($row[$ctag->GetName()])) {
$dtp2->Assign($k, $row[$ctag->GetName()]);
} else {
$dtp2->Assign($k, '');
}
}
}
}
$artlist .= $dtp2->GetResult() . "\r\n";
}
$this->dsql->FreeResult('al');
return $artlist;
}
$id = preg_replace("#[^0-9]#", "", $id);
$action = isset($action) ? trim($action) : '';
if ($id < 1) {
ShowMsg("含有非法操作!.", "-1");
exit;
}
//取出圈子信息
$row = $db->GetOne("SELECT * FROM #@__groups WHERE groupid='{$id}'");
$groupsname = $row['groupname'];
$groupstoreid = $row['storeid'];
$groupishidden = $row['ishidden'];
$groupissystem = $row['issystem'];
$groupcreater = $row['creater'];
$groupimg = $row['groupimg'];
$ismaster = $row['ismaster'];
$groupdes = dede_htmlspecialchars($row['des']);
$groupisindex = $row['isindex'];
$groupsmalltype = $row['smalltype'];
//编译小分类成数组
$smalltypes = $row['smalltype'];
$lists = array();
$smalltypes = @explode(",", $smalltypes);
foreach ($smalltypes as $k) {
$kk = @explode("|", $k);
@array_push($lists, $kk[1]);
}
//====保存圈子信息=====//
if ($action == "save") {
$groupname = cn_substr($groupname, 75);
$storeid = preg_replace("#[^0-9]#", "", $store);
$issystem = preg_replace("#[^0-1]#", "", $issystem);
function StringSafe($str, $safestep = -1)
{
$safestep = $safestep > -1 ? $safestep : $this->stringSafe;
//过滤危险的HTML(默认级别)
if ($safestep == 1) {
$str = preg_replace("#script:#i", "script:", $str);
$str = preg_replace("#<[\\/]{0,1}(link|meta|ifr|fra|scr)[^>]*>#isU", '', $str);
$str = preg_replace("#[\r\n\t ]{1,}#", ' ', $str);
return $str;
} else {
if ($this->stringSafe == 2) {
$str = addslashes(dede_htmlspecialchars(stripslashes($str)));
$str = preg_replace("#eval#i", 'eval', $str);
$str = preg_replace("#union#i", 'union', $str);
$str = preg_replace("#concat#i", 'concat', $str);
$str = preg_replace("#--#", '--', $str);
$str = preg_replace("#[\r\n\t ]{1,}#", ' ', $str);
return $str;
} else {
return $str;
}
}
}
function TrimMsg($msg)
{
$msg = trim(stripslashes($msg));
$msg = nl2br(dede_htmlspecialchars($msg));
$msg = str_replace(" ", " ", $msg);
return addslashes($msg);
}
/**
* 记录会员操作日志
*
* @access public
* @param string $type 记录类型
* @param string $title 记录标题
* @param string $note记录描述
* @param string $aid涉及到的内容的id
* @return string
*/
function RecordFeeds($type, $title, $note, $aid)
{
global $dsql, $cfg_mb_feedcheck;
//确定是否需要记录
if (in_array($type, array('add', 'addsoft', 'feedback', 'addfriends', 'stow'))) {
$ntime = time();
$title = dede_htmlspecialchars(cn_substrR($title, 255));
if (in_array($type, array('add', 'addsoft', 'feedback', 'stow'))) {
$rcdtype = array('add' => ' 成功发布了', 'addsoft' => ' 成功发布了软件', 'feedback' => ' 评论了文章', 'stow' => ' 收藏了');
//内容发布处理
$arcrul = " <a href='/plus/view.php?aid=" . $aid . "'>" . $title . "</a>";
$title = dede_htmlspecialchars($rcdtype[$type] . $arcrul, ENT_QUOTES);
} else {
if ($type == 'addfriends') {
//添加好友处理
$arcrul = " <a href='/member/index.php?uid=" . $aid . "'>" . $aid . "</a>";
$title = dede_htmlspecialchars(' 与' . $arcrul . "成为好友", ENT_QUOTES);
}
}
$note = Html2Text($note);
$aid = isset($aid) && is_numeric($aid) ? $aid : 0;
$ischeck = $cfg_mb_feedcheck == 'Y' ? 0 : 1;
$query = "INSERT INTO `#@__member_feed` (`mid`, `userid`, `uname`, `type`, `aid`, `dtime`,`title`, `note`, `ischeck`) \n Values('{$this->M_ID}', '{$this->M_LoginID}', '{$this->M_UserName}', '{$type}', '{$aid}', '{$ntime}', '{$title}', '{$note}', '{$ischeck}'); ";
$rs = $dsql->ExecuteNoneQuery($query);
return $rs;
} else {
return FALSE;
}
}
$winform = $win->GetWindow("ok");
$win->Display();
} else {
if ($fmdo == "edit") {
if (!isset($backurl)) {
$backurl = "";
}
$activepath = str_replace("..", "", $activepath);
$filename = str_replace("..", "", $filename);
$file = "{$cfg_basedir}{$activepath}/{$filename}";
$content = "";
if (is_file($file)) {
$fp = fopen($file, "r");
$content = fread($fp, filesize($file));
fclose($fp);
$content = dede_htmlspecialchars($content);
}
$contentView = "<textarea name='str' style='width:99%;height:450px;background:#ffffff;'>{$content}</textarea>\r\n";
$GLOBALS['filename'] = $filename;
$ctp = new DedeTagParse();
$ctp->LoadTemplate(DEDEADMIN . "/templets/file_edit.htm");
$ctp->display();
} else {
if ($fmdo == "newfile") {
$content = "";
$GLOBALS['filename'] = "newfile.txt";
$contentView = "<textarea name='str' style='width:99%;height:400'></textarea>\r\n";
$ctp = new DedeTagParse();
$ctp->LoadTemplate(DEDEADMIN . "/templets/file_edit.htm");
$ctp->display();
} else {
*
* @version $Id: flink.php 1 15:38 2010年7月8日Z tianya $
* @package DedeCMS.Site
* @copyright Copyright (c) 2007 - 2010, DesDev, Inc.
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
require_once dirname(__FILE__) . "/../include/common.inc.php";
if (empty($dopost)) {
$dopost = '';
}
if ($dopost == 'save') {
$validate = isset($validate) ? strtolower(trim($validate)) : '';
$svali = GetCkVdValue();
if ($validate == '' || $validate != $svali) {
ShowMsg('验证码不正确!', '-1');
exit;
}
$msg = dede_htmlspecialchars($msg);
$email = dede_htmlspecialchars($email);
$webname = dede_htmlspecialchars($webname);
$url = dede_htmlspecialchars($url);
$logo = dede_htmlspecialchars($logo);
$typeid = intval($typeid);
$dtime = time();
$query = "INSERT INTO `#@__flink`(sortrank,url,webname,logo,msg,email,typeid,dtime,ischeck)\n VALUES('50','{$url}','{$webname}','{$logo}','{$msg}','{$email}','{$typeid}','{$dtime}','0')";
$dsql->ExecuteNoneQuery($query);
ShowMsg('成功增加一个链接,但需要审核后才能显示!', '-1', 1);
}
//显示模板(简单PHP文件)
include_once DEDETEMPLATE . '/plus/flink-list.htm';
function lib_tag(&$ctag, &$refObj)
{
global $dsql, $envs, $cfg_cmsurl;
//属性处理
$attlist = "row|30,sort|new,getall|0,typeid|0";
FillAttsDefault($ctag->CAttribute->Items, $attlist);
extract($ctag->CAttribute->Items, EXTR_SKIP);
$InnerText = $ctag->GetInnerText();
if (trim($InnerText) == '') {
$InnerText = GetSysTemplets('tag_one.htm');
}
$revalue = '';
$ltype = $sort;
$num = $row;
$addsql = '';
if ($getall == 0 && isset($refObj->Fields['tags']) && !empty($refObj->Fields['aid'])) {
$dsql->SetQuery("SELECT tid FROM `#@__taglist` WHERE aid = '{$refObj->Fields['aid']}' ");
$dsql->Execute();
$ids = '';
while ($row = $dsql->GetArray()) {
$ids .= $ids == '' ? $row['tid'] : ',' . $row['tid'];
}
if ($ids != '') {
$addsql = " WHERE id IN({$ids}) ";
}
if ($addsql == '') {
return '';
}
} else {
if (!empty($typeid)) {
$addsql = " WHERE typeid='{$typeid}' ";
}
}
if ($ltype == 'rand') {
$orderby = 'rand() ';
} else {
if ($ltype == 'week') {
$orderby = ' weekcc DESC ';
} else {
if ($ltype == 'month') {
$orderby = ' monthcc DESC ';
} else {
if ($ltype == 'hot') {
$orderby = ' count DESC ';
} else {
if ($ltype == 'total') {
$orderby = ' total DESC ';
} else {
$orderby = 'addtime DESC ';
}
}
}
}
}
$dsql->SetQuery("SELECT * FROM `#@__tagindex` {$addsql} ORDER BY {$orderby} LIMIT 0,{$num}");
$dsql->Execute();
$ctp = new DedeTagParse();
$ctp->SetNameSpace('field', '[', ']');
$ctp->LoadSource($InnerText);
while ($row = $dsql->GetArray()) {
$row['keyword'] = $row['tag'];
$row['tag'] = dede_htmlspecialchars($row['tag']);
$row['link'] = $cfg_cmsurl . "/tags.php?/" . urlencode($row['keyword']) . "/";
$row['highlight'] = 0;
if ($row['monthcc'] > 1000 || $row['weekcc'] > 300) {
$row['highlight'] = mt_rand(3, 4);
} else {
if ($row['count'] > 3000) {
$row['highlight'] = mt_rand(5, 6);
} else {
$row['highlight'] = mt_rand(1, 2);
}
}
foreach ($ctp->CTags as $tagid => $ctag) {
if (isset($row[$ctag->GetName()])) {
$ctp->Assign($tagid, $row[$ctag->GetName()]);
}
}
$revalue .= $ctp->GetResult();
}
return $revalue;
}
$win->AddMsgItem("<div style='padding:20px;line-height:300%'>{$msg}</div>");
$winform = $win->GetWindow("ok");
$win->Display();
exit;
} else {
if ($job == "yes") {
if (preg_match("#[^0-9-]#", $newid) || empty($newid)) {
ShowMsg("<font color=red>'会员模型ID'</font>必须为数字!", "-1");
exit;
}
if ($newtable == "") {
ShowMsg("表名不能为空!", "-1");
exit;
}
$state = isset($state) && is_numeric($state) ? $state : 0;
$newname = dede_htmlspecialchars($newname);
$row = $dsql->GetOne("SELECT * FROM #@__member_model WHERE id='{$newid}' OR `table` LIKE '{$newtable}' OR name LIKE '{$newname}' ");
if (is_array($row)) {
ShowMsg("可能会员模型的‘ID’、‘名称’在数据库中已存在,不能重复使用!", "-1");
exit;
}
//拷贝数据表
if (!$dsql->IsTable($newtable)) {
$dsql->Execute('me', "SHOW CREATE TABLE {$dsql->dbName}.{$thistable}");
$row = $dsql->GetArray('me', MYSQL_BOTH);
$tableStruct = $row[1];
$tb = str_replace('#@__', $cfg_dbprefix, $thistable);
$tableStruct = preg_replace("/CREATE TABLE `{$thistable}`/iU", "CREATE TABLE `{$newtable}`", $tableStruct);
$dsql->ExecuteNoneQuery($tableStruct);
}
$query = "INSERT INTO #@__member_model (`id`, `name`, `table`, `description`, `issystem`, `state`, `info`) VALUES ('{$newid}', '{$newname}', '{$newtable}', '{$description}', 0, '{$state}','{$thisinfo}')";
/**
* Creates a %CKEditor instance.
* In incompatible browsers %CKEditor will downgrade to plain HTML <textarea> element.
*
* @param $name (string) Name of the %CKEditor instance (this will be also the "name" attribute of textarea element).
* @param $value (string) Initial value (optional).
* @param $config (array) The specific configurations to apply to this editor instance (optional).
* @param $events (array) Event listeners for this editor instance (optional).
*
* Example usage:
* @code
* $CKEditor = new CKEditor();
* $CKEditor->editor("field1", "<p>Initial value.</p>");
* @endcode
*
* Advanced example:
* @code
* $CKEditor = new CKEditor();
* $config = array();
* $config['toolbar'] = array(
* array( 'Source', '-', 'Bold', 'Italic', 'Underline', 'Strike' ),
* array( 'Image', 'Link', 'Unlink', 'Anchor' )
* );
* $events['instanceReady'] = 'function (ev) {
* alert("Loaded: " + ev.editor.name);
* }';
* $CKEditor->editor("field1", "<p>Initial value.</p>", $config, $events);
* @endcode
*/
function editor($name, $value = "", $config = array(), $events = array())
{
$attr = "";
foreach ($this->textareaAttributes as $key => $val) {
$attr .= " " . $key . '="' . str_replace('"', '"', $val) . '"';
}
$out = "<textarea name=\"" . $name . "\"" . $attr . ">" . dede_htmlspecialchars($value) . "</textarea>\n";
if (!$this->initialized) {
$out .= $this->init();
}
$_config = $this->configSettings($config, $events);
$js = $this->returnGlobalEvents();
if (!empty($_config)) {
$js .= "CKEDITOR.replace('" . $name . "', " . $this->jsEncode($_config) . ");";
} else {
$js .= "CKEDITOR.replace('" . $name . "');";
}
$out .= $this->script($js);
if (!$this->returnOutput) {
print $out;
$out = "";
}
return $out;
}
$win->Display();
$dm->Clear();
exit;
} else {
if ($action == 'edit') {
$dm = new DedeModule($mdir);
$minfos = $dm->GetModuleInfo($hash);
extract($minfos, EXTR_SKIP);
if (!isset($lang)) {
$lang = 'gb2312';
}
if (!isset($moduletype)) {
$moduletype = 'soft';
}
$menustring = $dm->GetSystemFile($hash, 'menustring');
$setupsql40 = dede_htmlspecialchars($dm->GetSystemFile($hash, 'setupsql40'));
$readmetxt = $dm->GetSystemFile($hash, 'readme');
$delsql = $dm->GetSystemFile($hash, 'delsql');
$filelist = $dm->GetSystemFile($hash, 'oldfilelist', false);
$indexurl = str_replace('**', '=', $indexurl);
$dm->Clear();
require_once dirname(__FILE__) . '/templets/module_edit.htm';
exit;
} else {
if ($action == 'download') {
$model_remote_url = $updateHost . 'dedecms/module_' . $cfg_soft_lang . '/' . $hash . '.xml';
$model_remote = file_get_contents($model_remote_url);
file_put_contents($mdir . '/' . $hash . '.xml', $model_remote);
echo "未安装 <a href='module_main.php?action=setup&hash={$hash}'><u>安装</u></a>";
}
}
