From 19fd20f7420397b88278ac1a0dae65fe50012506 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BA=B7=E7=9B=9BDiscuz!?= Date: Fri, 20 Oct 2017 20:00:17 +0800 Subject: [PATCH 1/8] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20=E5=AE=89=E5=85=A8?= =?UTF-8?q?=E8=80=83=E8=99=91=EF=BC=8C=E5=85=B3=E9=97=AD=E8=BF=9C=E7=A8=8B?= =?UTF-8?q?=E8=AE=BE=E7=BD=AE=E5=B8=96=E5=AD=90=E5=B0=81=E9=9D=A2=E7=9A=84?= =?UTF-8?q?=E5=8A=9F=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- upload/source/class/extend/extend_thread_image.php | 8 +------- upload/source/function/function_post.php | 3 +-- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/upload/source/class/extend/extend_thread_image.php b/upload/source/class/extend/extend_thread_image.php index 8cfa20d..d3c232f 100644 --- a/upload/source/class/extend/extend_thread_image.php +++ b/upload/source/class/extend/extend_thread_image.php @@ -36,13 +36,7 @@ class extend_thread_image extends extend_thread_base { $values = array('fid' => $fid, 'tid' => $tid, 'pid' => $pid, 'coverimg' => ''); $param = array(); if($this->forum['picstyle']) { - if(!setthreadcover($pid, 0, $threadimageaid) && !defined('IN_MOBILE')) { - $imglist = array(); - preg_match_all("/(\[img\]|\[img=\d{1,4}[x|\,]\d{1,4}\])\s*([^\[\<\r\n]+?)\s*\[\/img\]/is", $this->param['message'], $imglist, PREG_SET_ORDER); - $values['coverimg'] = "

".lang('message', 'post_newthread_set_cover')."

"; - $param['clean_msgforward'] = 1; - $param['timeout'] = $param['refreshtime'] = 15; - } + setthreadcover($pid, 0, $threadimageaid); } if($threadimageaid) { diff --git a/upload/source/function/function_post.php b/upload/source/function/function_post.php index acd8302..0c051c4 100644 --- a/upload/source/function/function_post.php +++ b/upload/source/function/function_post.php @@ -631,8 +631,7 @@ function setthreadcover($pid, $tid = 0, $aid = 0, $countimg = 0, $imgurl = '') { $tid = empty($tid) ? $attach['tid'] : $tid; $picsource = ($attach['remote'] ? $_G['setting']['ftp']['attachurl'] : $_G['setting']['attachurl']).'forum/'.$attach['attachment']; } else { - $attachtable = 'pid:'.$pid; - $picsource = $imgurl; + return true; } $basedir = !$_G['setting']['attachdir'] ? (DISCUZ_ROOT.'./data/attachment/') : $_G['setting']['attachdir']; From a90b72af51f42f522692543640ab8f577778a739 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BA=B7=E7=9B=9BDiscuz!?= Date: Fri, 20 Oct 2017 23:06:22 +0800 Subject: [PATCH 2/8] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20XSS=E6=BC=8F=E6=B4=9E?= =?UTF-8?q?=EF=BC=88=E8=A1=A5=E5=85=85=EF=BC=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- upload/template/default/ranklist/ranklist.htm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upload/template/default/ranklist/ranklist.htm b/upload/template/default/ranklist/ranklist.htm index 75a16bb..ca29469 100644 --- a/upload/template/default/ranklist/ranklist.htm +++ b/upload/template/default/ranklist/ranklist.htm @@ -37,7 +37,7 @@
  • - $member[avatar] + $member[avatar]
    • From 4887604d808da41df39daced2207b557372faf72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BA=B7=E7=9B=9BDiscuz!?= Date: Sat, 21 Oct 2017 09:20:29 +0800 Subject: [PATCH 3/8] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20=E5=AE=8C=E5=96=84XSS?= =?UTF-8?q?=E6=BC=8F=E6=B4=9E=E7=9A=84=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- upload/source/function/function_core.php | 2 +- upload/template/default/ranklist/ranklist.htm | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/upload/source/function/function_core.php b/upload/source/function/function_core.php index 9e1bc50..ee1a484 100644 --- a/upload/source/function/function_core.php +++ b/upload/source/function/function_core.php @@ -210,7 +210,7 @@ function dhtmlspecialchars($string, $flags = null) { if($flags === null) { $string = str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $string); if(strpos($string, '&#') !== false) { - $string = preg_replace('/&((#(\d{3,5}|x[a-fA-F0-9]{4}));)/', '&\\1', $string); + $string = preg_replace('/&((#(\d{3,5}));)/', '&\\1', $string); } } else { if(PHP_VERSION < '5.4.0') { diff --git a/upload/template/default/ranklist/ranklist.htm b/upload/template/default/ranklist/ranklist.htm index ca29469..3d30421 100644 --- a/upload/template/default/ranklist/ranklist.htm +++ b/upload/template/default/ranklist/ranklist.htm @@ -31,13 +31,13 @@ From 0acd457b5214d473b3a4a1792d349855cba2e508 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BA=B7=E7=9B=9BDiscuz!?= Date: Sat, 21 Oct 2017 09:52:37 +0800 Subject: [PATCH 4/8] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20=E5=AE=8C=E5=96=84XSS?= =?UTF-8?q?=E6=BC=8F=E6=B4=9E=E7=9A=84=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- upload/source/function/function_core.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/upload/source/function/function_core.php b/upload/source/function/function_core.php index ee1a484..4093561 100644 --- a/upload/source/function/function_core.php +++ b/upload/source/function/function_core.php @@ -209,9 +209,6 @@ function dhtmlspecialchars($string, $flags = null) { } else { if($flags === null) { $string = str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $string); - if(strpos($string, '&#') !== false) { - $string = preg_replace('/&((#(\d{3,5}));)/', '&\\1', $string); - } } else { if(PHP_VERSION < '5.4.0') { $string = htmlspecialchars($string, $flags); From 76a3c77c979f92dc1633ae581b5359db76096593 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BA=B7=E7=9B=9BDiscuz!?= Date: Sat, 21 Oct 2017 13:45:43 +0800 Subject: [PATCH 5/8] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20=E5=8A=A0=E5=BC=BA?= =?UTF-8?q?=E8=BF=9C=E7=A8=8B=E9=99=84=E4=BB=B6=E4=B8=8B=E8=BD=BD=E7=9A=84?= =?UTF-8?q?=E5=88=A4=E6=96=AD=EF=BC=88=E6=AD=A4=E5=8A=9F=E8=83=BD=E5=9B=A0?= =?UTF-8?q?=E5=AE=89=E5=85=A8=E5=8E=9F=E5=9B=A0=E5=BB=BA=E8=AE=AE=E4=BB=85?= =?UTF-8?q?=E5=BC=80=E6=94=BE=E7=BB=99=E7=AE=A1=E7=90=86=E4=BA=BA=E5=91=98?= =?UTF-8?q?=EF=BC=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- upload/source/module/forum/forum_ajax.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/upload/source/module/forum/forum_ajax.php b/upload/source/module/forum/forum_ajax.php index cf8c204..ae459d5 100644 --- a/upload/source/module/forum/forum_ajax.php +++ b/upload/source/module/forum/forum_ajax.php @@ -356,6 +356,9 @@ if($_GET['action'] == 'checkusername') { } } elseif($_GET['action'] == 'downremoteimg') { + if(!$_G['group']['allowdownremoteimg']) { + dexit(); + } $_GET['message'] = str_replace(array("\r", "\n"), array($_GET['wysiwyg'] ? '
    ' : '', "\\n"), $_GET['message']); preg_match_all("/\[img\]\s*([^\[\<\r\n]+?)\s*\[\/img\]|\[img=\d{1,4}[x|\,]\d{1,4}\]\s*([^\[\<\r\n]+?)\s*\[\/img\]/is", $_GET['message'], $image1, PREG_SET_ORDER); preg_match_all("/\/ismUe", $_GET['message'], $image2, PREG_SET_ORDER); From 9f71d7698a950b00adee3c66268c29abe0240bb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BA=B7=E7=9B=9BDiscuz!?= Date: Sat, 21 Oct 2017 13:46:54 +0800 Subject: [PATCH 6/8] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20=E5=8A=A0=E5=BC=BA?= =?UTF-8?q?=E5=AE=89=E5=85=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- upload/source/module/forum/forum_viewthread.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upload/source/module/forum/forum_viewthread.php b/upload/source/module/forum/forum_viewthread.php index dae15fe..7a28a3a 100644 --- a/upload/source/module/forum/forum_viewthread.php +++ b/upload/source/module/forum/forum_viewthread.php @@ -875,7 +875,7 @@ if($_G['forum_cachepid']) { foreach(C::t('forum_postcache')->fetch_all($_G['forum_cachepid']) as $postcache) { if($postcache['rate']) { $postcache['rate'] = dunserialize($postcache['rate']); - $postlist[$postcache['pid']]['ratelog'] = $postcache['rate']['ratelogs']; + $postlist[$postcache['pid']]['ratelog'] = dhtmlspecialchars($postcache['rate']['ratelogs']); $postlist[$postcache['pid']]['ratelogextcredits'] = $postcache['rate']['extcredits']; $postlist[$postcache['pid']]['totalrate'] = $postcache['rate']['totalrate']; } From 777e3dda8f0b1e61b37e207a2a66145c5c05fb14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BA=B7=E7=9B=9BDiscuz!?= Date: Sat, 21 Oct 2017 13:54:20 +0800 Subject: [PATCH 7/8] =?UTF-8?q?=E8=AF=AD=E6=B3=95=E7=BC=A9=E8=BF=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- upload/source/function/function_post.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upload/source/function/function_post.php b/upload/source/function/function_post.php index 0c051c4..f26e60a 100644 --- a/upload/source/function/function_post.php +++ b/upload/source/function/function_post.php @@ -631,7 +631,7 @@ function setthreadcover($pid, $tid = 0, $aid = 0, $countimg = 0, $imgurl = '') { $tid = empty($tid) ? $attach['tid'] : $tid; $picsource = ($attach['remote'] ? $_G['setting']['ftp']['attachurl'] : $_G['setting']['attachurl']).'forum/'.$attach['attachment']; } else { - return true; + return true; } $basedir = !$_G['setting']['attachdir'] ? (DISCUZ_ROOT.'./data/attachment/') : $_G['setting']['attachdir']; From 27fe490149a29ee9ca0cb7aee75627ff7cd57747 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BA=B7=E7=9B=9BDiscuz!?= Date: Sat, 21 Oct 2017 14:19:12 +0800 Subject: [PATCH 8/8] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20=E6=96=B0=E8=A7=A6?= =?UTF-8?q?=E5=B1=8F=E7=89=88=E7=99=BD=E5=B1=8F=E7=9A=84=E9=97=AE=E9=A2=98?= =?UTF-8?q?=EF=BC=88=E5=8E=9F=E5=9B=A0=E6=98=AF=E5=9C=A8=E9=9D=9E=E9=BB=98?= =?UTF-8?q?=E8=AE=A4=E6=A8=A1=E6=9D=BF=E4=B8=8B=E9=9C=80=E8=A6=81=E5=A4=8D?= =?UTF-8?q?=E5=88=B6=E5=85=A8=E9=83=A8=20template/default/m/=20=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E5=88=B0=E5=BD=93=E5=89=8D=E6=A8=A1=E6=9D=BF=E7=9B=AE?= =?UTF-8?q?=E5=BD=95=E4=B8=8B=E6=89=8D=E5=8F=AF=EF=BC=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- upload/m/index.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/upload/m/index.php b/upload/m/index.php index f539548..40d4e73 100644 --- a/upload/m/index.php +++ b/upload/m/index.php @@ -18,6 +18,10 @@ $discuz->init_mobile = false; $discuz->init(); +if(!file_exists(DISCUZ_ROOT . $_G['style']['tpldir'] . '/m')) { + $_G['style']['tpldir'] = './template/default'; +} + if ($_GET['c'] == 'static') { $path = DISCUZ_ROOT . $_G['style']['tpldir'] . '/m/js/'; $bpath = DISCUZ_ROOT . 'template/default/m/js/';