Skip to content

W
whatsns仿layui官方社区fly响应式模板

huangxuan258 / whatsns仿layui官方社区fly响应式模板

通知 3
Star 0
Fork 0
W
whatsns仿layui官方社区fly响应式模板

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 6d9aec65 编写于 作者: huangxuan258's avatar huangxuan258
浏览文件
操作

修改responsive_fly模板,去掉可能对问题详情页面造成xss攻击得代码

上级 1fa0777c
隐藏空白更改
内联 并排
Showing with 6 addition and 6 deletion
application/views/responsive_fly/editor.php
浏览文件 @ 6d9aec65
......@@ -18,7 +18,7 @@
{if $this->uri->segment ( 1 )!='question'}
{eval echo replacewords($topic['describtion']);}
{/if}
{if $user['groupid']==1||$user['uid']==$answer['authorid']&&$this->uri->segment ( 2 )=='editanswer'&&$this->uri->segment ( 1 )=='question'} {eval echo htmlspecialchars_decode($answer['content']);} {/if}
{if $user['groupid']==1||$user['uid']==$answer['authorid']&&$this->uri->segment ( 2 )=='editanswer'&&$this->uri->segment ( 1 )=='question'} {eval echo $answer['content'];} {/if}
{/if}
</textarea>
......@@ -50,7 +50,7 @@ editor.disable();
{else}
<script type="text/javascript" src="{SITE_URL}static/js/neweditor/ueditor.config.js"></script>
<script type="text/javascript" src="{SITE_URL}static/js/neweditor/ueditor.all.js"></script>
<script type="text/plain" id="editor" name="content" style="width:100%;height:200px;">{if $this->uri->segment ( 2 )!='view'&&$this->uri->segment ( 1 )=='question'||$this->uri->segment ( 2 )=='editxinzhi'}{if $navtitle=='编辑问题'}{$question['description']} {/if}{if $this->uri->segment ( 1 )!='question'}{eval echo replacewords($topic['describtion']);}{/if}{if $user['groupid']==1||$user['uid']==$answer['authorid']&&$this->uri->segment ( 2 )=='editanswer'&&$this->uri->segment ( 1 )=='question'}{eval echo htmlspecialchars_decode($answer['content']);}{/if}{/if}</script>
<script type="text/plain" id="editor" name="content" style="width:100%;height:200px;">{if $this->uri->segment ( 2 )!='view'&&$this->uri->segment ( 1 )=='question'||$this->uri->segment ( 2 )=='editxinzhi'}{if $navtitle=='编辑问题'}{$question['description']} {/if}{if $this->uri->segment ( 1 )!='question'}{eval echo replacewords($topic['describtion']);}{/if}{if $user['groupid']==1||$user['uid']==$answer['authorid']&&$this->uri->segment ( 2 )=='editanswer'&&$this->uri->segment ( 1 )=='question'}{eval echo $answer['content'];}{/if}{/if}</script>
<script type="text/javascript">
var isueditor=1;
var editor = UE.getEditor('editor',{
......
application/views/responsive_fly/solve.php
浏览文件 @ 6d9aec65
......@@ -80,7 +80,7 @@
{if $question['description']}
<div class="detail-body photos">
{template question_content_header}
{eval echo htmlspecialchars_decode($question['description']);}
{eval echo $question['description'];}
{template question_content_footer}
</div>
{/if}
......@@ -144,7 +144,7 @@
<i class="iconfont icon-caina" title="最佳答案"></i>
</div>
<div class="detail-body jieda-body photos">
<p> {eval echo clearlinkref(htmlspecialchars_decode(replacewords($bestanswer['content']))); }</p>
<p> {eval echo replacewords($bestanswer['content']); }</p>
<div class="appendcontent">
<!--{loop $bestanswer['appends'] $append}-->
<div class="appendbox">
......@@ -259,7 +259,7 @@
<div class="detail-body jieda-body photos">
{if $answer['serverid']==null}
{if $answer['reward']==0||$answer['authorid']==$user['uid']}
{eval echo replacewords(clearlinkref(htmlspecialchars_decode($answer['content']))); }
{eval echo replacewords($answer['content']); }
{else}
{eval if($question['authorid']==$user['uid']) $answer['canview']=1;}
{if $answer['canview']==0}
......@@ -270,7 +270,7 @@
</div>
{else}
{eval echo replacewords(clearlinkref(htmlspecialchars_decode($answer['content']))); }
{eval echo replacewords($answer['content']); }
{/if}
{/if}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册