From c666698e4fe2c573c9e1929b3804c3bb3ff06ccd Mon Sep 17 00:00:00 2001 From: whatsns <617035918@qq.com> Date: Mon, 17 Aug 2020 17:56:12 +0800 Subject: [PATCH] =?UTF-8?q?(=E9=87=8D=E8=A6=81)=E4=BF=AE=E6=94=B9=E5=89=8D?= =?UTF-8?q?=E7=AB=AF=E6=8F=90=E4=BA=A4=E9=97=AE=E9=A2=98=E6=8F=8F=E8=BF=B0?= =?UTF-8?q?=E5=92=8C=E5=9B=9E=E7=AD=94=E5=86=85=E5=AE=B9=E8=A7=A3=E6=9E=90?= =?UTF-8?q?=EF=BC=8C=E9=98=B2=E6=AD=A2xss=E6=B3=A8=E5=85=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/models/Answer_model.php | 6 +++--- application/models/Question_model.php | 2 +- application/views/default/editor.php | 2 +- application/views/default/solve.php | 10 +++++----- application/views/fronzewap/editor.php | 2 +- application/views/fronzewap/solve.php | 16 ++++++++-------- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/application/models/Answer_model.php b/application/models/Answer_model.php index 8cf7fb1..6b3f242 100644 --- a/application/models/Answer_model.php +++ b/application/models/Answer_model.php @@ -23,7 +23,7 @@ class Answer_model extends CI_Model { $answer ['format_time'] = tdate ( $answer ['time'] ); $answer ['appends'] = $this->get_appends ( $answer ['id'] ); $answer ['title'] = checkwordsglobal ( $answer ['title'] ); - $answer ['content'] = checkwordsglobal (htmlspecialchars_decode( $answer ['content'] )); + $answer ['content'] = checkwordsglobal ( $answer ['content'] ); } return $answer; } @@ -59,7 +59,7 @@ class Answer_model extends CI_Model { $bestanswer ['total'] = 0; } $bestanswer ['title'] = checkwordsglobal ( $bestanswer ['title'] ); - $bestanswer ['content'] = checkwordsglobal (htmlspecialchars_decode( $bestanswer ['content'] )); + $bestanswer ['content'] = checkwordsglobal ( $bestanswer ['content'] ); $bestanswer ['userinfo'] = array (); $query = $this->db->get_where ( 'user', array ('uid' => $bestanswer ['authorid'] ) ); @@ -120,7 +120,7 @@ class Answer_model extends CI_Model { } $answer ['time'] = tdate ( $answer ['time'] ); $answer ['ip'] = formatip ( $answer ['ip'] ); - $answer ['content'] = checkwordsglobal (htmlspecialchars_decode( $answer ['content'])); + $answer ['content'] = checkwordsglobal ( $answer ['content']); $answer ['title'] = checkwordsglobal ( $answer ['title'] ); $answer ['author_has_vertify'] = get_vertify_info ( $answer ['authorid'] ); //用户是否认证 $answer ['author_avartar'] = get_avatar_dir ( $answer ['authorid'] ); diff --git a/application/models/Question_model.php b/application/models/Question_model.php index dac1c37..48f8dee 100644 --- a/application/models/Question_model.php +++ b/application/models/Question_model.php @@ -120,7 +120,7 @@ class Question_model extends CI_Model { $question['shortdescription']="[图]".$question ['shortdescription']; } $question ['artlen']=mb_strlen(strip_tags(checkwordsglobal ( htmlspecialchars_decode($question ['description'] ) ))); - $question ['description'] = checkwordsglobal (htmlspecialchars_decode($question ['description'] ) ); + $question ['description'] = checkwordsglobal ($question ['description'] ); } return $question; } diff --git a/application/views/default/editor.php b/application/views/default/editor.php index 5c8a350..c9e8e72 100644 --- a/application/views/default/editor.php +++ b/application/views/default/editor.php @@ -18,7 +18,7 @@ {if $this->uri->segment ( 1 )!='question'} {eval echo replacewords($topic['describtion']);} {/if} - {if $user['groupid']==1||$user['uid']==$answer['authorid']&&$this->uri->segment ( 2 )=='editanswer'&&$this->uri->segment ( 1 )=='question'} {eval echo htmlspecialchars_decode($answer['content']);} {/if} + {if $user['groupid']==1||$user['uid']==$answer['authorid']&&$this->uri->segment ( 2 )=='editanswer'&&$this->uri->segment ( 1 )=='question'} {eval echo $answer['content'];} {/if} {/if} diff --git a/application/views/default/solve.php b/application/views/default/solve.php index 04acefd..67bb83b 100644 --- a/application/views/default/solve.php +++ b/application/views/default/solve.php @@ -354,16 +354,16 @@ position:relative;

{if $question['artlen']>=100||strstr($question['shortdescription'],'图')} - {eval echo htmlspecialchars_decode( htmlspecialchars_decode($question['shortdescription']));} + {eval echo $question['shortdescription'];} {else} - {eval echo htmlspecialchars_decode( htmlspecialchars_decode(replacewords($question['description']))); } + {eval echo replacewords($question['description']); } {/if}

- {eval echo htmlspecialchars_decode(htmlspecialchars_decode(replacewords($question['description']))); } + {eval echo replacewords($question['description']); }
@@ -514,7 +514,7 @@ position:relative; {/if}
- {eval echo htmlspecialchars_decode(replacewords($bestanswer['content'])); } + {eval echo replacewords($bestanswer['content']); }
@@ -633,7 +633,7 @@ position:relative; {/if}
- {eval echo htmlspecialchars_decode(replacewords($answer['content'])); } + {eval echo replacewords($answer['content']); }
diff --git a/application/views/fronzewap/editor.php b/application/views/fronzewap/editor.php index 51ca27c..c259197 100644 --- a/application/views/fronzewap/editor.php +++ b/application/views/fronzewap/editor.php @@ -38,7 +38,7 @@ $.noConflict() {if $this->uri->segment ( 1 )!='question'} {eval echo replacewords($topic['describtion']);} {/if} - {if $user['groupid']==1||$user['uid']==$answer['authorid']&&$this->uri->segment ( 2 )=='editanswer'&&$this->uri->segment ( 1 )=='question'} {eval echo htmlspecialchars_decode($answer['content']);} {/if} + {if $user['groupid']==1||$user['uid']==$answer['authorid']&&$this->uri->segment ( 2 )=='editanswer'&&$this->uri->segment ( 1 )=='question'} {eval echo $answer['content'];} {/if} {/if} diff --git a/application/views/fronzewap/solve.php b/application/views/fronzewap/solve.php index 2d30ee2..846faf1 100644 --- a/application/views/fronzewap/solve.php +++ b/application/views/fronzewap/solve.php @@ -140,12 +140,12 @@ color:#fff;
- {eval echo htmlspecialchars_decode(htmlspecialchars_decode(replacewords($question['description']))); } + {eval echo replacewords($question['description']); }
  • 问题补充 : {$supply['format_time']} - {eval echo htmlspecialchars_decode(replacewords($supply['content'])); } + {eval echo replacewords($supply['content']); }
    • @@ -296,7 +296,7 @@ color:#fff; {if $bestanswer['serverid']==null} {if $bestanswer['reward']==0||$bestanswer['authorid']==$user['uid']} - {eval echo htmlspecialchars_decode(replacewords($bestanswer['content'])); } + {eval echo replacewords($bestanswer['content']); } {else} {eval if($question['authorid']==$user['uid']) $bestanswer['canview']=1;} {if $bestanswer['canview']==0} @@ -312,7 +312,7 @@ color:#fff;
{else} - {eval echo htmlspecialchars_decode(replacewords($bestanswer['content'])); } + {eval echo replacewords($bestanswer['content']); } {/if} {/if} @@ -339,7 +339,7 @@ color:#fff;
- {eval echo htmlspecialchars_decode(replacewords($append['content'])); } + {eval echo replacewords($append['content']); }
@@ -462,7 +462,7 @@ color:#fff; {if $answer['serverid']==null} {if $answer['reward']==0||$answer['authorid']==$user['uid']} - {eval echo htmlspecialchars_decode(replacewords($answer['content'])); } + {eval echo replacewords($answer['content']); } {else} {eval if($question['authorid']==$user['uid']) $answer['canview']=1;} {if $answer['canview']==0} @@ -477,7 +477,7 @@ color:#fff;
{else} - {eval echo htmlspecialchars_decode(replacewords($answer['content'])); } + {eval echo replacewords($answer['content']); } {/if} {/if} @@ -505,7 +505,7 @@ color:#fff;

作者追问:{$append['format_time']}

- {eval echo htmlspecialchars_decode(replacewords($append['content'])); } + {eval echo replacewords($append['content']); }
-- GitLab