/** * 转义字符串的HTML * @param string or array $var * @return string or array * 返回转义后的字符串或是数组 */ function ihtmlspecialchars($var) { if (is_array($var)) { foreach ($var as $key => $value) { $var[htmlspecialchars($key)] = ihtmlspecialchars($value); } } else { $var = preg_replace('/&((#(\d{3,5}|x[a-fA-F0-9]{4}));)/', '&\\1', str_replace('&', '&', htmlspecialchars($var, ENT_QUOTES))); } return $var; }
function ihtmlspecialchars($var) { if (is_array($var)) { foreach ($var as $key => $value) { $var[htmlspecialchars($key)] = ihtmlspecialchars($value); } } else { $var = str_replace('&', '&', htmlspecialchars($var, ENT_QUOTES)); } return $var; }
function ihtmlspecialchars($string) { if (is_array($string)) { foreach ($string as $key => $val) { $string[$key] = ihtmlspecialchars($val); } } else { $string = preg_replace('/&((#(\\d{3,5}|x[a-fA-F0-9]{4})|[a-zA-Z][a-z0-9]{2,5});)/', '&\\1', str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $string)); } return $string; }
public function fieldsFormSubmit($rid = 0) { global $_GPC, $_W; $id = intval($_GPC['reply_id']); $insert = array('rid' => $rid, 'weid' => $_W['uniacid'], 'title' => $_GPC['title'], 'description' => $_GPC['description'], 'votetype' => $_GPC['votetype'], 'votelimit' => $_GPC['votelimit'], 'votetimes' => $_GPC['votetimes'], 'votetotal' => $_GPC['votetotal'], 'isimg' => $_GPC['isimg'], 'share_title' => $_GPC['share_title'], 'share_desc' => preg_replace('/\\s/i', '', str_replace(' ', '', cutstr(str_replace(' ', '', ihtmlspecialchars(strip_tags($_GPC['share_desc']))), 60))), 'share_url' => $_GPC['share_url'], 'share_txt' => $_GPC['share_txt'], 'starttime' => strtotime($_GPC['datelimit']['start']), 'endtime' => strtotime($_GPC['datelimit']['end'])); if (!empty($_GPC['thumb'])) { $insert['thumb'] = $_GPC['thumb']; load()->func('file'); file_delete($_GPC['thumb-old']); } if (empty($id)) { if ($insert['starttime'] <= TIMESTAMP) { $insert['isshow'] = 1; } else { $insert['isshow'] = 0; } $id = pdo_insert($this->tablename, $insert); } else { pdo_update($this->tablename, $insert, array('id' => $id)); } $options = array(); $option_ids = $_POST['option_id']; $option_titles = $_POST['option_title']; $option_thumb_olds = $_POST['option_thumb_old']; $files = $_FILES; $len = count($option_ids); $ids = array(); for ($i = 0; $i < $len; $i++) { $item_id = $option_ids[$i]; $a = array("title" => $option_titles[$i], "rid" => $rid, "thumb" => $_GPC['option_thumb_' . $item_id]); if ((int) $item_id == 0) { pdo_insert("vote_option", $a); $item_id = pdo_insertid(); } else { pdo_update("vote_option", $a, array('id' => $item_id)); } $ids[] = $item_id; } if (!empty($ids)) { pdo_query("delete from " . tablename('vote_option') . " where rid = {$rid} and id not in ( " . implode(',', $ids) . ")"); } return true; }
} ?> <script>require(['bootstrap']);</script> </div> <style> h5{color:#555;} </style> <?php $_share['title'] = !empty($_share['title']) ? $_share['title'] : $_W['account']['name']; $_share['imgUrl'] = !empty($_share['imgUrl']) ? $_share['imgUrl'] : ''; if (isset($_share['content'])) { $_share['desc'] = $_share['content']; unset($_share['content']); } $_share['desc'] = !empty($_share['desc']) ? $_share['desc'] : ''; $_share['desc'] = preg_replace('/\\s/i', '', str_replace(' ', '', cutstr(str_replace(' ', '', ihtmlspecialchars(strip_tags($_share['desc']))), 60))); if (empty($_share['link'])) { $_share['link'] = ''; $query_string = $_SERVER['QUERY_STRING']; if (!empty($query_string)) { //加上分享人的uid parse_str($query_string, $query_arr); $query_arr['u'] = $_W['member']['uid']; $query_string = http_build_query($query_arr); $_share['link'] = $_W['siteroot'] . 'app/index.php?' . $query_string; } } ?> <script type="text/javascript"> wx.config(jssdkconfig);
$_W['isajax'] = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'; $_W['ispost'] = $_SERVER['REQUEST_METHOD'] == 'POST'; if (MAGIC_QUOTES_GPC) { $_GET = istripslashes($_GET); $_POST = istripslashes($_POST); $_COOKIE = istripslashes($_COOKIE); } $cplen = strlen($_W['config']['cookie']['pre']); foreach ($_COOKIE as $key => $value) { if (substr($key, 0, $cplen) == $_W['config']['cookie']['pre']) { $_GPC[substr($key, $cplen)] = $value; } } unset($cplen, $key, $value); $_GPC = array_merge($_GET, $_POST, $_GPC); $_GPC = ihtmlspecialchars($_GPC); if (!$_W['isajax']) { $input = file_get_contents("php://input"); if (!empty($input)) { $__input = @json_decode($input, true); if (!empty($__input)) { $_GPC['__input'] = $__input; $_W['isajax'] = true; } } unset($input, $__input); } setting_load('upload'); if (empty($_W['setting']['upload'])) { $_W['setting']['upload'] = array_merge($_W['config']['upload']); }
<?php $cfg_needFilter = TRUE; require_once dirname(__FILE__) . '/include/common.inc.php'; require_once DEDEINC . '/filter.inc.php'; if (!isset($action)) { $action = ''; } if (empty($uid) && $action != 'rate') { showmsgs('no_login', '../member/login.php?gourl=../ask/'); exit; } //词语过滤也应该在此处处理 $title = isset($title) ? ihtmlspecialchars(trim($title)) : ''; $brief = isset($brief) ? ihtmlspecialchars(trim($brief)) : ''; $content = isset($content) ? trim($content) : ''; $extra = isset($extra) ? trim($extra) : ''; if (empty($action)) { //问答分类 $query = "select id, name, reid from `#@__asktype` order by disorder desc"; $dsql->Execute('me', $query); $tids = "var class_level_1=new Array( \n"; $tid2s = "var class_level_2=new Array( \n"; while ($asktype = $dsql->getarray()) { if ($asktype['reid'] == 0) { $tids .= 'new Array("' . $asktype['id'] . '","' . $asktype['name'] . '"),' . "\n"; } else { $tid2s .= 'new Array("' . $asktype['reid'] . '","' . $asktype['id'] . '","' . $asktype['name'] . '"),' . "\n"; } } $tids = substr($tids, 0, -2) . "\n";
public function doReply() { global $_GPC, $_W; //评论用户ID //$replyid =authcode(base64_decode($_GPC['uid']), 'DECODE'); $replyid = $_GPC['uid'] ? authcode(base64_decode($_GPC['uid']), 'DECODE') : $_W['fans']['from_user']; //被楼中评论的评论用户ID if (empty($_GPC['to_uid'])) { $touid = ''; } else { $touid = $this->doUserinfo($_GPC['to_uid']); } $to_uid = $touid['from_user']; //主题作者ID //$postid =authcode(base64_decode($_GPC['postuid']), 'DECODE'); $pid = $this->doUserinfo($_GPC['postuid']); //print_r($pid);exit; $postid = $pid['from_user']; //主题ID $id = intval($_GPC['id']); //版块规则ID $rid = intval($_GPC['rid']); $sns = pdo_fetch("SELECT id, type, default_tips, send_tips, rule, picture, replycredit,description FROM " . tablename('sns') . " WHERE rid = '{$rid}' LIMIT 1"); $post = pdo_fetch("SELECT * FROM " . tablename('sns_post') . " WHERE post_id= '{$id}' AND is_del='0' LIMIT 1"); if (empty($replyid) || empty($postid) || empty($id) || empty($rid)) { exit('非法参数'); } if (empty($sns)) { $result['status'] = '-1'; $result['message'] = '找不到模块配置参数'; message($result, create_url('mobile/module', array('name' => 'sns', 'do' => 'list', 'id' => $rid, 'from_user' => $replyid)), 'ajax'); exit; } if (empty($post)) { $result['status'] = '-1'; $result['message'] = '未找到你要回复的贴子,请确实贴子ID是否正确'; message($result, create_url('mobile/module', array('name' => 'sns', 'do' => 'list', 'id' => $rid, 'from_user' => $replyid)), 'ajax'); exit; } $fans = $this->doUserinfo($replyid); $result = $this->doPmem($replyid); if ($fans['status'] == '-1') { //message($result, create_url('index/module', array('name' => 'sns', 'do' => 'list', 'id' => intval($_GPC['id']), 'from_user' => $_GPC['from_user'])), 'ajax');} message($fans, create_url('mobile/module', array('name' => 'sns', 'do' => 'list', 'id' => intval($_GPC['id']))), 'ajax'); exit; } if ($result['status'] == '-1') { message($result, create_url('mobile/module', array('name' => 'sns', 'do' => 'list', 'id' => $rid, 'from_user' => $replyid)), 'ajax'); exit; } if ($post['lock'] == 1) { $result['status'] = '-1'; $result['message'] = '此贴已经被锁定。请返回!'; message($result, create_url('mobile/module', array('name' => 'sns', 'do' => 'list', 'id' => $rid, 'from_user' => $replyid)), 'ajax'); exit; } $data = array('post_id' => $_GPC['id'], 'post_uid' => $postid, 'to_reply_id' => $_GPC['to_reply_id'] ? $_GPC['to_reply_id'] : 0, 'uid' => $replyid, 'to_uid' => $to_uid ? $to_uid : 0, 'content' => ihtmlspecialchars(emotion($_GPC['content'])), 'ctime' => TIMESTAMP, 'storey' => $_GPC['storey'], 'weid' => $fans['weid'], 'rid' => $_GPC['rid']); //插入内容开始 if (empty($data['content']) || strlen($data['content']) < 20) { $result['status'] = '-1'; $result['message'] = '请填写您内容!且内容不能小于20个字符!'; message($result, '', 'ajax'); exit; } $data2['credit'] = $fans['credit'] + $sns['replycredit']; $data3['reply_count'] = $post['reply_count'] + 1; $data3['last_reply_time'] = TIMESTAMP; $data3['last_reply_uid'] = $replyid; pdo_insert('sns_reply', $data); pdo_update('fans', $data2, array('from_user' => $replyid)); pdo_update('sns_post', $data3, array('post_id' => $id)); $result = array('status' => 0, 'uid' => $data['uid'], 'to_uid' => $data['to_uid'], 'to_reply_id' => $data['to_reply_id'], 'content' => $data['content'], 'ctime' => date('Y-m-d H:i:s', $data['ctime']), 'storey' => $data['storey'], 'message' => '评论成功!'); message($result, create_url('mobile/module', array('name' => 'sns', 'do' => 'view', 'id' => intval($_GPC['id']), 'rid' => intval($_GPC['rid']), 'from_user' => $replyid)), 'ajax'); exit; }
public function doMobilepost() { global $_GPC, $_W; $fromuser = $_GPC['from_user'] ? authcode(base64_decode($_GPC['from_user']), 'DECODE') : $_W['fans']['from_user']; if (empty($fromuser)) { exit('非法参数'); } $id = intval($_GPC['id']); $sns = pdo_fetch("SELECT id, type, default_tips, send_tips, rule, picture, postcredit,description FROM " . tablename('sns') . " WHERE rid = '{$id}' LIMIT 1"); if (empty($sns)) { exit('非法参数'); } $fans = $this->doUserinfo($fromuser); $pmem = $this->doPmem($fromuser); if ($fans['status'] == '-1') { //message($result, create_url('index/module', array('name' => 'sns', 'do' => 'list', 'id' => intval($_GPC['id']), 'from_user' => $_GPC['from_user'])), 'ajax');} message($fans, $this->createMobileUrl('list', array('id' => $rid, 'from_user' => $replyid)), 'ajax'); exit; } if ($pmem['status'] == '-1') { //message($result, create_url('index/module', array('name' => 'sns', 'do' => 'list', 'id' => intval($_GPC['id']), 'from_user' => $_GPC['from_user'])), 'ajax');} message($pmem, $this->createMobileUrl('list', array('id' => $rid, 'from_user' => $replyid)), 'ajax'); exit; } $data = array('rid' => $_GPC['id'], 'post_uid' => $fromuser, 'title' => ihtmlspecialchars($_GPC['title']), 'content' => htmlspecialchars_decode(emotion($_GPC['content'])), 'post_time' => TIMESTAMP, 'weid' => $fans['weid']); if (empty($data['title'])) { $result['status'] = '-1'; $result['message'] = '请填写标题!'; message($result, $this->createMobileUrl('list', array('id' => $rid, 'from_user' => $replyid)), 'ajax'); exit; //message($result, $this->createMobileUrl('list',array('id'=>$rid,'from_user' => $replyid)), 'ajax'); } if (empty($data['content']) || strlen($data['content']) < 20) { $result['status'] = '-1'; $result['message'] = '请填写您内容!且内容不能小于20个字符!'; message($result, $this->createMobileUrl('list', array('id' => $rid, 'from_user' => $replyid)), 'ajax'); //message($result, $this->createMobileUrl('list',array('id'=>$rid,'from_user' => $replyid)), 'ajax'); exit; } $data2['credit1'] = $fans['credit1'] + $sns['postcredit']; pdo_insert('sns_post', $data); pdo_update('fans', $data2, array('from_user' => $fromuser)); $result = array('status' => 0, 'message' => '发表成功!'); message($result, $this->createMobileUrl('list', array('id' => $rid, 'from_user' => $replyid)), 'ajax'); //message($result, $this->createMobileUrl('list',array('id'=>$rid,'from_user' => $replyid)), 'ajax'); }
} $question['honor'] = gethonor($question['scores'], $honors); $nav = '<a href="' . $indexname . '">' . $sitename . '</a> ' . $symbols . ' <a href="browser.php?tid=' . $question['tid'] . '">' . $question['tidname'] . '</a>'; $navtitle = $question['title']; if ($question['tid2']) { $nav .= ' ' . $symbols . ' <a href="browser.php?tid2=' . $question['tid2'] . '">' . $question['tid2name'] . '</a>'; $navtitle .= ' ' . $question['tid2name']; } $navtitle .= ' ' . $question['tidname'] . ' ' . $sitename; $dsql->Execute('me', "select answer.*,m.scores from #@__askanswer answer left join `#@__member` m on m.mid=answer.uid where askid='{$id}' and ifcheck='1'"); $comments = $answers = array(); $first = $goodrateper = $badrateper = $goodrate = $badrate = $ratenum = $commentnum = $answernum = $myanswer = 0; while ($row = $dsql->getarray()) { $row['dateline'] = gmdate('m-d h:i', $row['dateline'] + $timeoffset * 3600); $row['dbcontent'] = $row['content']; $row['content'] = nl2br(ihtmlspecialchars($row['content'])); $row['honor'] = gethonor($row['scores'], $honors); if ($row['ifanswer'] == 1) { //回答 if ($uid == $row['uid']) { $myanswer = 1; } if ($row['id'] == $question['bestanswer']) { $digestanswer = $row; $ratenum = $row['goodrate'] + $row['badrate']; $goodrate = $row['goodrate']; $badrate = $row['badrate']; $goodrateper = @ceil($goodrate * 100 / $ratenum); $badrateper = 100 - $goodrateper; } else { $answers[] = $row;