帝國cms默認(rèn)反饋提交的內(nèi)容不受防火墻禁用字符限制�����,這里給出解決辦法�����。
首先找到反饋處理文件:/e/class/q_functions.php
找到處理函數(shù)AddFeedback
分析發(fā)現(xiàn)這個函數(shù)沒有加載防火墻變量�����,所以第一步就是把防火墻變量加載進(jìn)來����。
方法
將原代碼
global $empire,$dbtbpre,$level_r,$public_r;
改為
global $empire,$dbtbpre,$level_r,$public_r,$ecms_config;
這個時候就加入了防火墻變量了���。
然后我們找反饋內(nèi)容字段
經(jīng)分析
反饋字段是存在$br['enter']里面的�,并用<!--record-->字符隔開了,所以我們只要在其循環(huán)中加入代碼,請加在$f=$er1[1];下面����,此處$f就是字段��。
if($f=="saytext")
{
$cleartext=explode(',',$ecms_config['fw']['cleargettext']);
foreach($cleartext as $v)
{
$add[$f]=str_replace($v,"",$add[$f]);
}
}
就可以實現(xiàn)禁用字符的替換了。
代碼解釋:當(dāng)提交的字段為saytext時啟用防火墻,并把禁用字符替換為空。
整體函數(shù)代碼:
//提交反饋信息
function AddFeedback($add){
global $empire,$dbtbpre,$level_r,$public_r,$ecms_config;
CheckCanPostUrl();//驗證來源
if($add['bid'])
{
$bid=(int)$add['bid'];
}
else
{
$bid=(int)getcvar('feedbackbid');
}
if(empty($bid))
{
printerror("EmptyFeedbackname","history.go(-1)",1);
}
//驗證碼
$keyvname='checkfeedbackkey';
if($public_r['fbkey_ok'])
{
ecmsCheckShowKey($keyvname,$add['key'],1);
}
//版面是否存在
$br=$empire->fetch1("select bid,enter,mustenter,filef,groupid,checkboxf from {$dbtbpre}enewsfeedbackclass where bid='$bid';");
if(empty($br['bid']))
{
printerror("EmptyFeedback","history.go(-1)",1);
}
//權(quán)限
if($br['groupid'])
{
$user=islogin();
if($level_r[$br[groupid]][level]>$level_r[$user[groupid]][level])
{
printerror("HaveNotEnLevel","history.go(-1)",1);
}
}
$pr=$empire->fetch1("select feedbacktfile,feedbackfilesize,feedbackfiletype from {$dbtbpre}enewspublic limit 1");
//必填項
$mustr=explode(",",$br['mustenter']);
$count=count($mustr);
for($i=1;$i<$count-1;$i++)
{
$mf=$mustr[$i];
if(strstr($br['filef'],",".$mf.","))//附件
{
if(!$pr['feedbacktfile'])
{
printerror("NotOpenFBFile","",1);
}
if(!$_FILES[$mf]['name'])
{
printerror("EmptyFeedbackname","",1);
}
}
else
{
$chmustval=ReturnFBCheckboxAddF($add[$mf],$mf,$br['checkboxf']);
if(!trim($chmustval))
{
printerror("EmptyFeedbackname","",1);
}
}
}
$saytime=date("Y-m-d H:i:s");
//字段處理
$dh="";
$tranf="";
$record="<!--record-->";
$field="<!--field--->";
$er=explode($record,$br['enter']);
$count=count($er);
for($i=0;$i<$count-1;$i++)
{
$er1=explode($field,$er[$i]);
$f=$er1[1];
//屏蔽反饋提交的字符
if($f=="saytext")
{
$cleartext=explode(',',$ecms_config['fw']['cleargettext']);
foreach($cleartext as $v)
{
$add[$f]=str_replace($v,"",$add[$f]);
}
}
//附件
$add[$f]=str_replace('ecms','ecms',$add[$f]);
if(strstr($br['filef'],",".$f.","))
{
if($_FILES[$f]['name'])
{
if(!$pr['feedbacktfile'])
{
printerror("NotOpenFBFile","",1);
}
$filetype=GetFiletype($_FILES[$f]['name']);//取得文件類型
if(CheckSaveTranFiletype($filetype))
{
printerror("NotQTranFiletype","",1);
}
if(!strstr($pr['feedbackfiletype'],"|".$filetype."|"))
{
printerror("NotQTranFiletype","",1);
}
if($_FILES[$f]['size']>$pr['feedbackfilesize']*1024)//文件大小
{
printerror("TooBigQTranFile","",1);
}
$tranf.=$dh.$f;
$dh=",";
$fval="ecms".$f."-@!]";
}
else
{
$fval="";
}
}
else
{
$add[$f]=ReturnFBCheckboxAddF($add[$f],$f,$br['checkboxf']);
$fval=$add[$f];
}
$addf.=",`".$f."`";
$addval.=",'".addslashes(RepPostStr($fval))."'";
}
$type=0;
$classid=0;
$filename='';
$filepath='';
$userid=(int)getcvar('mluserid');
$username=RepPostVar(getcvar('mlusername'));
$filepass=ReturnTranFilepass();
//上傳附件
if($tranf)
{
$dh="";
$tranr=explode(",",$tranf);
$count=count($tranr);
for($i=0;$i<$count;$i++)
{
$tf=$tranr[$i];
$tfr=DoTranFile($_FILES[$tf]['tmp_name'],$_FILES[$tf]['name'],$_FILES[$tf]['type'],$_FILES[$tf]['size'],$classid);
if($tfr['tran'])
{
$filepath=$tfr[filepath];
//寫入數(shù)據(jù)庫
$filetime=$saytime;
$filesize=(int)$_FILES[$tf]['size'];
eInsertFileTable($tfr[filename],$filesize,$tfr[filepath],'[Member]'.$username,$classid,'[FB]'.addslashes(RepPostStr($add[title])),$type,$filepass,$filepass,$public_r[fpath],0,4,0);
$repfval=($tfr[filepath]?$tfr[filepath].'/':'').$tfr[filename];
$filename.=$dh.$tfr[filename];
$dh=",";
}
else
{
$repfval="";
}
$addval=str_replace("ecms".$tf."
-@!]",$repfval,$addval
);
}
}
$ip=egetip();
$sql=$empire->query("insert into {$dbtbpre}enewsfeedback(bid,saytime,ip,filepath,filename,userid,username,haveread".$addf.") values('$bid','$saytime','$ip','$filepath','$filename','$userid','$username',0".$addval.");");
$fid=$empire->lastid();
//更新附件
UpdateTheFileOther(4,$fid,$filepass,'other');
ecmsEmptyShowKey($keyvname);//清空驗證碼
if($sql)
{
$reurl=DoingReturnUrl("../tool/feedback/?bid=$bid",$add['ecmsfrom']);
printerror("AddFeedbackSuccess",$reurl,1);
}
else
{printerror("DbError","history.go(-1)",1);}
}
