function waf($data)
{
$xss = new XssHtml($data);
$html = $xss->getHtml();
echo $html;
}
public function jf_singleinsert()
{
$member = $this->userinfo;
$uid = _getcookie('uid');
$ushell = _getcookie('ushell');
$title = "添加晒单";
$recordid = intval($this->segment(4));
$shopid = $recordid;
$shaidan = $this->db->GetOne("select * from `@#_member_go_jf_record` where `id`='{$recordid}' and `uid` = '{$member['uid']}'");
if (!$shaidan) {
_message("该商品您不可晒单!");
}
$shaidanyn = $this->db->GetOne("select sd_id from `@#_shaidan` where `sd_jfshopid`='{$recordid}' and `sd_userid` = '{$member['uid']}'");
if ($shaidanyn) {
_message("不可重复晒单!");
}
$ginfo = $this->db->GetOne("select id,sid,qishu,is_share from `@#_jf_shoplist` where `id`='{$shaidan['shopid']}' LIMIT 1");
if (!$ginfo) {
_message("该商品已不存在!");
}
if ($ginfo['is_share'] != '1') {
_message("对不起,该商品不能晒单!");
}
if (isset($_POST['submit'])) {
if ($_POST['title'] == null) {
_message("标题不能为空");
}
if ($_POST['content'] == null) {
_message("内容不能为空");
}
if (!isset($_POST['fileurl_tmp'])) {
_message("图片不能为空");
}
System::load_sys_class('upload', 'sys', 'no');
$img = $_POST['fileurl_tmp'];
$num = count($img);
$pic = "";
for ($i = 0; $i < $num; $i++) {
$pic .= trim($img[$i]) . ";";
}
$src = trim($img[0]);
if (!file_exists(G_UPLOAD . $src)) {
_message("晒单图片不正确");
}
$size = getimagesize(G_UPLOAD . $src);
$width = 220;
$height = $size[1] * ($width / $size[0]);
$src_houzhui = upload::thumbs($width, $height, false, G_UPLOAD . '/' . $src);
$thumbs = $src . "_" . intval($width) . intval($height) . "." . $src_houzhui;
$sd_userid = $this->userinfo['uid'];
$sd_shopid = $ginfo['id'];
$sd_shopsid = $ginfo['sid'];
$sd_qishu = $ginfo['qishu'];
$sd_title = _htmtocode($_POST['title']);
$sd_thumbs = $thumbs;
$xss = new XssHtml($_POST['content']);
$sd_content = $xss->getHtml();
$sd_photolist = $pic;
$sd_time = time();
$sd_ip = _get_ip_dizhi();
$this->db->Query("INSERT INTO `@#_shaidan`(`sd_userid`,`sd_jfshopid`,`sd_shopsid`,`sd_qishu`,`sd_ip`,`sd_title`,`sd_thumbs`,`sd_content`,`sd_photolist`,`sd_time`)VALUES\r\n\t\t\t('{$sd_userid}','{$sd_shopid}','{$sd_shopsid}','{$sd_qishu}','{$sd_ip}','{$sd_title}','{$sd_thumbs}','{$sd_content}','{$sd_photolist}','{$sd_time}')");
$this->db->Query("update `@#_member_go_jf_record` set share=1 where id={$recordid}");
_message("晒单分享成功", WEB_PATH . "/member/home/singlelist");
}
include templates("member", "jf_singleinsert");
}
/**
* 输入安全过滤
* @param unknown $text
* @return mixed
*/
function tsClean($text)
{
$text = stripslashes(trim($text));
//去除前后空格,并去除反斜杠
//$text = br2nl($text); //将br转换成/n
///////XSS start
require_once 'thinksaas/xsshtml.class.php';
$xss = new XssHtml($text);
$text = $xss->getHtml();
//$text = substr ($text, 4);//去除左边<p>标签
//$text = substr ($text, 0,-5);//去除右边</p>标签
///////XSS end
//$text = html_entity_decode($text,ENT_NOQUOTES,"utf-8");//把 HTML 实体转换为字符
//$text = strip_tags($text); //去掉HTML及PHP标记
//$text = cleanJs ( $text );
$text = htmlentities($text, ENT_NOQUOTES, "utf-8");
//把字符转换为 HTML 实体
return $text;
}