Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
huangxuan258
whatsns仿layui官方社区fly响应式模板
提交
6d9aec65
W
whatsns仿layui官方社区fly响应式模板
项目概览
huangxuan258
/
whatsns仿layui官方社区fly响应式模板
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
W
whatsns仿layui官方社区fly响应式模板
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
6d9aec65
编写于
8月 17, 2020
作者:
huangxuan258
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
修改responsive_fly模板,去掉可能对问题详情页面造成xss攻击得代码
上级
1fa0777c
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
6 addition
and
6 deletion
+6
-6
application/views/responsive_fly/editor.php
application/views/responsive_fly/editor.php
+2
-2
application/views/responsive_fly/solve.php
application/views/responsive_fly/solve.php
+4
-4
未找到文件。
application/views/responsive_fly/editor.php
浏览文件 @
6d9aec65
...
...
@@ -18,7 +18,7 @@
{
if
$this
->
uri
->
segment
(
1
)
!=
'question'
}
{
eval
echo
replacewords
(
$topic
[
'describtion'
]);}
{
/
if
}
{
if
$user
[
'groupid'
]
==
1
||
$user
[
'uid'
]
==
$answer
[
'authorid'
]
&&
$this
->
uri
->
segment
(
2
)
==
'editanswer'
&&
$this
->
uri
->
segment
(
1
)
==
'question'
}
{
eval
echo
htmlspecialchars_decode
(
$answer
[
'content'
])
;}
{
/
if
}
{
if
$user
[
'groupid'
]
==
1
||
$user
[
'uid'
]
==
$answer
[
'authorid'
]
&&
$this
->
uri
->
segment
(
2
)
==
'editanswer'
&&
$this
->
uri
->
segment
(
1
)
==
'question'
}
{
eval
echo
$answer
[
'content'
]
;}
{
/
if
}
{
/
if
}
</
textarea
>
...
...
@@ -50,7 +50,7 @@ editor.disable();
{
else
}
<
script
type
=
"text/javascript"
src
=
"
{
SITE_URL
}
static/js/neweditor/ueditor.config.js"
></
script
>
<
script
type
=
"text/javascript"
src
=
"
{
SITE_URL
}
static/js/neweditor/ueditor.all.js"
></
script
>
<
script
type
=
"text/plain"
id
=
"editor"
name
=
"content"
style
=
"width:100%;height:200px;"
>
{
if
$this
->
uri
->
segment
(
2
)
!=
'view'
&&
$this
->
uri
->
segment
(
1
)
==
'question'
||
$this
->
uri
->
segment
(
2
)
==
'editxinzhi'
}{
if
$navtitle
==
'编辑问题'
}{
$question
[
'description'
]}
{
/
if
}{
if
$this
->
uri
->
segment
(
1
)
!=
'question'
}{
eval
echo
replacewords
(
$topic
[
'describtion'
]);}{
/
if
}{
if
$user
[
'groupid'
]
==
1
||
$user
[
'uid'
]
==
$answer
[
'authorid'
]
&&
$this
->
uri
->
segment
(
2
)
==
'editanswer'
&&
$this
->
uri
->
segment
(
1
)
==
'question'
}{
eval
echo
htmlspecialchars_decode
(
$answer
[
'content'
])
;}{
/
if
}{
/
if
}
</
script
>
<
script
type
=
"text/plain"
id
=
"editor"
name
=
"content"
style
=
"width:100%;height:200px;"
>
{
if
$this
->
uri
->
segment
(
2
)
!=
'view'
&&
$this
->
uri
->
segment
(
1
)
==
'question'
||
$this
->
uri
->
segment
(
2
)
==
'editxinzhi'
}{
if
$navtitle
==
'编辑问题'
}{
$question
[
'description'
]}
{
/
if
}{
if
$this
->
uri
->
segment
(
1
)
!=
'question'
}{
eval
echo
replacewords
(
$topic
[
'describtion'
]);}{
/
if
}{
if
$user
[
'groupid'
]
==
1
||
$user
[
'uid'
]
==
$answer
[
'authorid'
]
&&
$this
->
uri
->
segment
(
2
)
==
'editanswer'
&&
$this
->
uri
->
segment
(
1
)
==
'question'
}{
eval
echo
$answer
[
'content'
]
;}{
/
if
}{
/
if
}
</
script
>
<
script
type
=
"text/javascript"
>
var
isueditor
=
1
;
var
editor
=
UE
.
getEditor
(
'editor'
,{
...
...
application/views/responsive_fly/solve.php
浏览文件 @
6d9aec65
...
...
@@ -80,7 +80,7 @@
{if $question['description']}
<div
class=
"detail-body photos"
>
{template question_content_header}
{eval echo
htmlspecialchars_decode($question['description'])
;}
{eval echo
$question['description']
;}
{template question_content_footer}
</div>
{/if}
...
...
@@ -144,7 +144,7 @@
<i
class=
"iconfont icon-caina"
title=
"最佳答案"
></i>
</div>
<div
class=
"detail-body jieda-body photos"
>
<p>
{eval echo
clearlinkref(htmlspecialchars_decode(replacewords($bestanswer['content']))
); }
</p>
<p>
{eval echo
replacewords($bestanswer['content']
); }
</p>
<div
class=
"appendcontent"
>
<!--{loop $bestanswer['appends'] $append}-->
<div
class=
"appendbox"
>
...
...
@@ -259,7 +259,7 @@
<div
class=
"detail-body jieda-body photos"
>
{if $answer['serverid']==null}
{if $answer['reward']==0||$answer['authorid']==$user['uid']}
{eval echo replacewords(
clearlinkref(htmlspecialchars_decode($answer['content']))
); }
{eval echo replacewords(
$answer['content']
); }
{else}
{eval if($question['authorid']==$user['uid']) $answer['canview']=1;}
{if $answer['canview']==0}
...
...
@@ -270,7 +270,7 @@
</div>
{else}
{eval echo replacewords(
clearlinkref(htmlspecialchars_decode($answer['content']))
); }
{eval echo replacewords(
$answer['content']
); }
{/if}
{/if}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录