02 | function wwwcms_filter($str,$stype= "inject" ) { |
05 |
array( "select" , "insert" , "update" , "delete" , "alter" , "cas" , "union" , "into" , "load_file" , "outfile" , "create" , "join" , "where" , "like" , "drop" , "modify" , "rename" , "'" , "/*" , "*" , "../" , "./" ), |
06 |
array( "" , "" , "" , "" , "" , "" , "" , "" , "" , "" , "" , "" , "" , "" , "" , "" , "" , "" , "" , "" , "" , "" ), |
08 |
} else if ($stype== "xss" ) { |
10 |
"/<(\/?)(script|META|STYLE|HTML|HEAD|BODY|STYLE |i?frame|b|strong|style|html|img|P|o:p|iframe|u |em|strike|BR|div|a|TABLE|TBODY|object|tr|td |st1:chsdate|FONT|span|MARQUEE|body|title |\r\n|link |meta|\?|\%)([^>]*?)>/isU" , |
11 |
"/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU" , |
17 |
$str = preg_replace($farr, $tarr, $str); |
19 |
array( "<" , ">" , "'" , "\"" , ";" , "/*" , "*" , "../" , "./" ), |
20 |
array( "<" , ">" , "" , "" , "" , "" , "" , "" , "" ), |
30 |
* @param string $fieldset 字段列表 |
31 |
* @param string $loadtype 载入类型 |
35 |
function AddFilter($channelid, $ type =1, $fieldsnamef, $defaulttid, $loadtype= 'autofield' ) |
38 |
$tid = $defaulttid ? $defaulttid : $tid; |
41 |
$tidsq = $dsql->GetOne( " Select typeid From `#【分隔符】@__archives` where id='$id' " ); |
42 |
$tid = $tidsq[ "typeid" ]; |
44 |
$nofilter = (isset($_REQUEST[ 'TotalResult' ]) ? "&TotalResult=" .$_REQUEST[ 'TotalResult' ] : '' ).(isset($_REQUEST[ 'PageNo' ]) ? "&PageNo=" .$_REQUEST[ 'PageNo' ] : '' ); |
45 |
$filterarr = wwwcms_filter(stripos($_SERVER[ 'REQUEST_URI' ], "list.php?tid=" ) ? str_replace($nofilter, '' , $_SERVER[ 'REQUEST_URI' ]) : $GLOBALS[ 'cfg_cmsurl' ]. "/plus/list.php?tid=" .$tid); |
46 |
$cInfos = $dsql->GetOne( " Select * From `#【分隔符】@__channeltype` where id='$channelid' " ); |
47 |
$fieldset=$cInfos[ 'fieldset' ]; |
48 |
$dtp = new DedeTagParse(); |
49 |
$dtp->SetNameSpace( 'field' , '<' , '>' ); |
50 |
$dtp->LoadSource($fieldset); |
51 |
$dede_addonfields = '' ; |
52 |
if (is_array($dtp->CTags)) |
54 |
foreach($dtp->CTags as $tid=>$ctag) |
56 |
$fieldsname = $fieldsnamef ? explode( "," , $fieldsnamef) : explode( "," , $ctag->GetName()); |
57 |
if (($loadtype!= 'autofield' || ($loadtype== 'autofield' && $ctag->GetAtt( 'autofield' )==1)) && in_array($ctag->GetName(), $fieldsname) ) |
59 |
$href1 = explode($ctag->GetName(). '=' , $filterarr); |
60 |
$href2 = explode( '&' , $href1[1]); |
61 |
$fields_value = $href2[0]; |
62 |
$dede_addonfields .= '<div class="scv-shaixuan"><b>' .$ctag->GetAtt( 'itemname' ). ':</b>' ; |
65 |
$dede_addonfields .= (preg_match( "/&" .$ctag->GetName(). "=/is" ,$filterarr,$regm) ? '<a title="全部" href="' .str_replace("& ".$ctag->GetName()." = ".$fields_value," ",$filterarr).'" >全部</a>' : '<span>全部</span>' ). ' ' ; |
67 |
$addonfields_items = explode( "," ,$ctag->GetAtt( 'default' )); |
68 |
for ($i=0; $i<count($addonfields_items); $i++) |
70 |
$href = stripos($filterarr,$ctag->GetName(). '=' ) ? str_replace( "=" .$fields_value, "=" .urlencode($addonfields_items[$i]),$filterarr) : $filterarr. '&' .$ctag->GetName(). '=' .urlencode($addonfields_items[$i]);// echo $href; |
71 |
$dede_addonfields .= ($fields_value!=urlencode($addonfields_items[$i]) ? '<a title="' .$addonfields_items[$i]. '" href="' .$href. '">' .$addonfields_items[$i]. '</a>' : '<span>' .$addonfields_items[$i]. '</span>' ). " " ; |
73 |
$dede_addonfields .= '</div>' ; |
77 |
$dede_addonfields .= '<select name="filter"' .$ctag->GetName().' onchange= "window.location=this.options[this.selectedIndex].value" > |
78 |
'.' <option value= "'.str_replace(" & ".$ctag->GetName()." = ".$fields_value," ",$filterarr).'" >全部</option>'; |
79 |
$addonfields_items = explode( "," ,$ctag->GetAtt( 'default' )); |
80 |
for ($i=0; $i<count($addonfields_items); $i++) |
82 |
$href = stripos($filterarr,$ctag->GetName(). '=' ) ? str_replace( "=" .$fields_value, "=" .urlencode($addonfields_items[$i]),$filterarr) : $filterarr. '&' .$ctag->GetName(). '=' .urlencode($addonfields_items[$i]); |
83 |
$dede_addonfields .= '<option value="' .$href. '"' .($fields_value==urlencode($addonfields_items[$i]) ? ' selected="selected"' : '' ). '>' .$addonfields_items[$i].'</option> |
86 |
$dede_addonfields .= '</ select ><br/> |
|