Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
huangxuan258
whatsns内容付费问答系统
提交
c666698e
whatsns内容付费问答系统
项目概览
huangxuan258
/
whatsns内容付费问答系统
2021-04-29 05:05:01同步失败
通知
3
Star
2
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
whatsns内容付费问答系统
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
c666698e
编写于
8月 17, 2020
作者:
huangxuan258
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
(重要)修改前端提交问题描述和回答内容解析,防止xss注入
上级
9b9a90a2
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
19 addition
and
19 deletion
+19
-19
application/models/Answer_model.php
application/models/Answer_model.php
+3
-3
application/models/Question_model.php
application/models/Question_model.php
+1
-1
application/views/default/editor.php
application/views/default/editor.php
+1
-1
application/views/default/solve.php
application/views/default/solve.php
+5
-5
application/views/fronzewap/editor.php
application/views/fronzewap/editor.php
+1
-1
application/views/fronzewap/solve.php
application/views/fronzewap/solve.php
+8
-8
未找到文件。
application/models/Answer_model.php
浏览文件 @
c666698e
...
...
@@ -23,7 +23,7 @@ class Answer_model extends CI_Model {
$answer
[
'format_time'
]
=
tdate
(
$answer
[
'time'
]
);
$answer
[
'appends'
]
=
$this
->
get_appends
(
$answer
[
'id'
]
);
$answer
[
'title'
]
=
checkwordsglobal
(
$answer
[
'title'
]
);
$answer
[
'content'
]
=
checkwordsglobal
(
htmlspecialchars_decode
(
$answer
[
'content'
]
)
);
$answer
[
'content'
]
=
checkwordsglobal
(
$answer
[
'content'
]
);
}
return
$answer
;
}
...
...
@@ -59,7 +59,7 @@ class Answer_model extends CI_Model {
$bestanswer
[
'total'
]
=
0
;
}
$bestanswer
[
'title'
]
=
checkwordsglobal
(
$bestanswer
[
'title'
]
);
$bestanswer
[
'content'
]
=
checkwordsglobal
(
htmlspecialchars_decode
(
$bestanswer
[
'content'
]
)
);
$bestanswer
[
'content'
]
=
checkwordsglobal
(
$bestanswer
[
'content'
]
);
$bestanswer
[
'userinfo'
]
=
array
();
$query
=
$this
->
db
->
get_where
(
'user'
,
array
(
'uid'
=>
$bestanswer
[
'authorid'
]
)
);
...
...
@@ -120,7 +120,7 @@ class Answer_model extends CI_Model {
}
$answer
[
'time'
]
=
tdate
(
$answer
[
'time'
]
);
$answer
[
'ip'
]
=
formatip
(
$answer
[
'ip'
]
);
$answer
[
'content'
]
=
checkwordsglobal
(
htmlspecialchars_decode
(
$answer
[
'content'
])
);
$answer
[
'content'
]
=
checkwordsglobal
(
$answer
[
'content'
]
);
$answer
[
'title'
]
=
checkwordsglobal
(
$answer
[
'title'
]
);
$answer
[
'author_has_vertify'
]
=
get_vertify_info
(
$answer
[
'authorid'
]
);
//用户是否认证
$answer
[
'author_avartar'
]
=
get_avatar_dir
(
$answer
[
'authorid'
]
);
...
...
application/models/Question_model.php
浏览文件 @
c666698e
...
...
@@ -120,7 +120,7 @@ class Question_model extends CI_Model {
$question
[
'shortdescription'
]
=
"[图]"
.
$question
[
'shortdescription'
];
}
$question
[
'artlen'
]
=
mb_strlen
(
strip_tags
(
checkwordsglobal
(
htmlspecialchars_decode
(
$question
[
'description'
]
)
)));
$question
[
'description'
]
=
checkwordsglobal
(
htmlspecialchars_decode
(
$question
[
'description'
]
)
);
$question
[
'description'
]
=
checkwordsglobal
(
$question
[
'description'
]
);
}
return
$question
;
}
...
...
application/views/default/editor.php
浏览文件 @
c666698e
...
...
@@ -18,7 +18,7 @@
{
if
$this
->
uri
->
segment
(
1
)
!=
'question'
}
{
eval
echo
replacewords
(
$topic
[
'describtion'
]);}
{
/
if
}
{
if
$user
[
'groupid'
]
==
1
||
$user
[
'uid'
]
==
$answer
[
'authorid'
]
&&
$this
->
uri
->
segment
(
2
)
==
'editanswer'
&&
$this
->
uri
->
segment
(
1
)
==
'question'
}
{
eval
echo
htmlspecialchars_decode
(
$answer
[
'content'
])
;}
{
/
if
}
{
if
$user
[
'groupid'
]
==
1
||
$user
[
'uid'
]
==
$answer
[
'authorid'
]
&&
$this
->
uri
->
segment
(
2
)
==
'editanswer'
&&
$this
->
uri
->
segment
(
1
)
==
'question'
}
{
eval
echo
$answer
[
'content'
]
;}
{
/
if
}
{
/
if
}
</
textarea
>
...
...
application/views/default/solve.php
浏览文件 @
c666698e
...
...
@@ -354,16 +354,16 @@ position:relative;
<p>
{if $question['artlen']>=100||strstr($question['shortdescription'],'图')}
{eval echo
htmlspecialchars_decode( htmlspecialchars_decode($question['shortdescription']))
;}
{eval echo
$question['shortdescription']
;}
<button
type=
"button"
class=
"btnshowall"
>
显示全部
<i
class=
"fa fa-angle-down"
></i></button>
{else}
{eval echo
htmlspecialchars_decode( htmlspecialchars_decode(replacewords($question['description']))
); }
{eval echo
replacewords($question['description']
); }
{/if}
</p>
</div>
<div
class=
"show-content hide hidequestioncontent"
>
{eval echo
htmlspecialchars_decode(htmlspecialchars_decode(replacewords($question['description']))
); }
{eval echo
replacewords($question['description']
); }
</div>
...
...
@@ -514,7 +514,7 @@ position:relative;
{/if}
<div
class=
"comment-wrap art-content"
>
<div
class=
"answercontent"
>
{eval echo
htmlspecialchars_decode(replacewords($bestanswer['content'])
); }
{eval echo
replacewords($bestanswer['content']
); }
<div
class=
"appendcontent"
>
<!--{loop $bestanswer['appends'] $append}-->
...
...
@@ -633,7 +633,7 @@ position:relative;
{/if}
<div
class=
"comment-wrap art-content"
>
<div
class=
"answercontent"
>
{eval echo
htmlspecialchars_decode(replacewords($answer['content'])
); }
{eval echo
replacewords($answer['content']
); }
<div
class=
"appendcontent"
>
<!--{loop $answer['appends'] $append}-->
...
...
application/views/fronzewap/editor.php
浏览文件 @
c666698e
...
...
@@ -38,7 +38,7 @@ $.noConflict()
{if $this->uri->segment ( 1 )!='question'}
{eval echo replacewords($topic['describtion']);}
{/if}
{if $user['groupid']==1||$user['uid']==$answer['authorid']
&&
$this->uri->segment ( 2 )=='editanswer'
&&
$this->uri->segment ( 1 )=='question'} {eval echo
htmlspecialchars_decode($answer['content'])
;} {/if}
{if $user['groupid']==1||$user['uid']==$answer['authorid']
&&
$this->uri->segment ( 2 )=='editanswer'
&&
$this->uri->segment ( 1 )=='question'} {eval echo
$answer['content']
;} {/if}
{/if}
</textarea>
...
...
application/views/fronzewap/solve.php
浏览文件 @
c666698e
...
...
@@ -140,12 +140,12 @@ color:#fff;
</div>
<div
class=
"article-content"
>
<div
class=
"ask_detail_content_text qyer_spam_text_filter"
>
{eval echo
htmlspecialchars_decode(htmlspecialchars_decode(replacewords($question['description']))
); }
{eval echo
replacewords($question['description']
); }
<!--{if $supplylist}-->
<ul
class=
"nav"
>
<!--{loop $supplylist $supply}-->
<li><span
class=
"time buchongtime"
>
问题补充 : {$supply['format_time']}
</span>
{eval echo
htmlspecialchars_decode(replacewords($supply['content'])
); }
{eval echo
replacewords($supply['content']
); }
</li>
<!--{/loop}-->
...
...
@@ -296,7 +296,7 @@ color:#fff;
{if $bestanswer['serverid']==null}
{if $bestanswer['reward']==0||$bestanswer['authorid']==$user['uid']}
{eval echo
htmlspecialchars_decode(replacewords($bestanswer['content'])
); }
{eval echo
replacewords($bestanswer['content']
); }
{else}
{eval if($question['authorid']==$user['uid']) $bestanswer['canview']=1;}
{if $bestanswer['canview']==0}
...
...
@@ -312,7 +312,7 @@ color:#fff;
</div>
{else}
{eval echo
htmlspecialchars_decode(replacewords($bestanswer['content'])
); }
{eval echo
replacewords($bestanswer['content']
); }
{/if}
{/if}
...
...
@@ -339,7 +339,7 @@ color:#fff;
<!--{/if}-->
<div
class=
"zhuiwentext"
>
{eval echo
htmlspecialchars_decode(replacewords($append['content'])
); }
{eval echo
replacewords($append['content']
); }
</div>
<div
class=
"clr"
></div>
</div>
...
...
@@ -462,7 +462,7 @@ color:#fff;
{if $answer['serverid']==null}
{if $answer['reward']==0||$answer['authorid']==$user['uid']}
{eval echo
htmlspecialchars_decode(replacewords($answer['content'])
); }
{eval echo
replacewords($answer['content']
); }
{else}
{eval if($question['authorid']==$user['uid']) $answer['canview']=1;}
{if $answer['canview']==0}
...
...
@@ -477,7 +477,7 @@ color:#fff;
</div>
{else}
{eval echo
htmlspecialchars_decode(replacewords($answer['content'])
); }
{eval echo
replacewords($answer['content']
); }
{/if}
{/if}
...
...
@@ -505,7 +505,7 @@ color:#fff;
<h4
class=
"appendask font-12"
>
作者追问:
<span
class=
'time'
>
{$append['format_time']}
</span></h4>
<!--{/if}-->
<div
class=
"zhuiwentext"
>
{eval echo
htmlspecialchars_decode(replacewords($append['content'])
); }
{eval echo
replacewords($append['content']
); }
</div>
<div
class=
"clr"
></div>
</div>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录