Close #40, Close #39, Close #38, Close #36, Close #34, Close #31, Close

#30, Close #27, Close #26, Close #24, Close #23, Close #22, Close #21, Close #20, Close #18, Close #16, Close #15
bg5sbk · Jul 19, 2021 · f8fc729 · f8fc729
1 parent 104db25
commit f8fc729
Show file tree

Hide file tree

Showing 15 changed files with 3,990 additions and 73 deletions.
diff --git a/mc-admin/conf.php b/mc-admin/conf.php
@@ -10,7 +10,7 @@
   $mc_config['site_link'] = $_POST['site_link'];
   $mc_config['user_nick'] = $_POST['user_nick'];
   $mc_config['user_name'] = $_POST['user_name'];
-  $mc_config['comment_code'] = get_magic_quotes_gpc() ? stripslashes(trim($_POST['comment_code'])) : trim($_POST['comment_code']);
+  $mc_config['comment_code'] = trim($_POST['comment_code']);
 
   if ($_POST['user_pass'] != '')
     $mc_config['user_pass'] = $_POST['user_pass'];
@@ -33,7 +33,7 @@
 $user_name = $mc_config['user_name'];
 $comment_code = isset($mc_config['comment_code']) ? $mc_config['comment_code'] : '';
 ?>
-<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
+<form action="<?php echo htmlentities($_SERVER['REQUEST_URI']); ?>" method="post">
   <?php if ($display_info) { ?>
   <div class="updated">设置保存成功！</div>
   <?php } ?>

diff --git a/mc-admin/head.php b/mc-admin/head.php
@@ -31,7 +31,7 @@ function shorturl($input) {
 
   for ($i = 0; $i < $subHexLen; $i++) {
     $subHex = substr ($hex, $i * 8, 8);
-    $int = 0x3FFFFFFF & (1 * ('0x'.$subHex));
+    $int = 0x3FFFFFFF & (1 * hexdec('0x'.$subHex));
     $out = '';
     for ($j = 0; $j < 6; $j++) {
       $val = 0x0000001F & $int;
@@ -62,7 +62,7 @@ function post_sort($a, $b) {
 </head>
 <body>
   <div id="menu">
-    <h3 id="menu_title"><a href="<?php echo $mc_config['site_link'] != '' ? $mc_config['site_link'] : '/'; ?>"><?php echo htmlspecialchars($mc_config['site_name']); ?></a></h3>
+    <h3 id="menu_title"><a href="<?php echo $mc_config['site_link'] != '' ? htmlentities($mc_config['site_link']) : '/'; ?>"><?php echo htmlspecialchars($mc_config['site_name']); ?></a></h3>
     <ul>
       <li <?php echo $page_file == 'post.php' || $page_file == 'post-edit.php' ? 'class="current"' : ''; ?>><a href="post.php">文章</a></li>
       <li <?php echo $page_file == 'page.php' || $page_file == 'page-edit.php' ? 'class="current"' : ''; ?>><a href="page.php">页面</a></li>

diff --git a/mc-admin/index.php b/mc-admin/index.php
@@ -36,7 +36,7 @@
   </style>
 </head>
 <body>
-  <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
+  <form action="<?php echo htmlentities($_SERVER['REQUEST_URI']); ?>" method="post">
   <div id="login_title">MiniCMS</div>
   <div id="login_form">
     <div id="login_form_box">

diff --git a/mc-admin/page-edit.php b/mc-admin/page-edit.php
@@ -17,11 +17,16 @@
   $page_path        = $_POST['path'];
   $page_state       = $_POST['state'];
   $page_title       = trim($_POST['title']);
-  $page_content     = get_magic_quotes_gpc() ? stripslashes(trim($_POST['content'])) : trim($_POST['content']);;
+  $page_content     = trim($_POST['content']);
   $page_date        = date("Y-m-d");
   $page_time        = date("H:i:s");
   $page_can_comment = $_POST['can_comment'];
 
+  if ($page_state != "delete" && $page_state != "draft" && $page_state != "publish") {
+    Header("Location:index.php");
+    exit;
+  }
+
   if ($_POST['year'] != '')
     $page_date = substr_replace($page_date, $_POST['year'], 0, 4);
 
@@ -156,11 +161,11 @@ function empty_textbox_blur(target) {
   }
 }
 </script>
-<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
+<form action="<?php echo htmlentities($_SERVER['REQUEST_URI']); ?>" method="post">
   <input type="hidden" name="_IS_POST_BACK_" value=""/>
   <?php if ($succeed) { ?>
   <?php if ($page_state == 'publish') { ?>
-  <div class="updated">页面已发布。 <a href="<?php echo $mc_config['site_link']; ?>/?<?php echo $page_path; ?>/" target="_blank">查看页面</a></div>
+  <div class="updated">页面已发布。 <a href="<?php echo $mc_config['site_link']; ?>/?<?php echo urlencode($page_path); ?>/" target="_blank">查看页面</a></div>
   <?php } else { ?>
   <div class="updated">页面已保存到“草稿箱”。 <a href="page.php?state=draft">打开草稿箱</a></div>
   <?php } ?>
@@ -182,37 +187,37 @@ function empty_textbox_blur(target) {
     <div style="float:left">
     时间：
     <select name="year">
-      <option value=""></option>
+      <option value="">&nbsp;&nbsp;年</option>
 <?php $year = substr($page_date, 0, 4); for ($i = 1990; $i <= 2030; $i ++) { ?>
       <option value="<?php echo $i; ?>" <?php if ($year == $i) echo 'selected="selected";' ?>><?php echo $i; ?></option>
 <?php } ?>
     </select> -
     <select name="month">
-      <option value=""></option>
+      <option value="">月</option>
 <?php $month = substr($page_date, 5, 2); for ($i = 1; $i <= 12; $i ++) { $m = sprintf("%02d", $i); ?>
       <option value="<?php echo $m; ?>" <?php if ($month == $m) echo 'selected="selected";' ?>><?php echo $m; ?></option>
 <?php } ?>
     </select> -
     <select name="day">
-      <option value=""></option>
+      <option value="">日</option>
 <?php $day = substr($page_date, 8, 2); for ($i = 1; $i <= 31; $i ++) { $m = sprintf("%02d", $i); ?>
       <option value="<?php echo $m; ?>" <?php if ($day == $m) echo 'selected="selected";' ?>><?php echo $m; ?></option>
 <?php } ?>
     </select>&nbsp;
     <select name="hourse">
-      <option value=""></option>
+      <option value="">时</option>
 <?php $hourse = substr($page_time, 0, 2); for ($i = 0; $i <= 23; $i ++) { $m = sprintf("%02d", $i); ?>
       <option value="<?php echo $m; ?>" <?php if ($hourse == $m) echo 'selected="selected";' ?>><?php echo $m; ?></option>
 <?php } ?>
     </select> :
     <select name="minute">
-      <option value=""></option>
+      <option value="">分</option>
 <?php $minute = substr($page_time, 3, 2); for ($i = 0; $i <= 59; $i ++) { $m = sprintf("%02d", $i); ?>
       <option value="<?php echo $m; ?>" <?php if ($minute == $m) echo 'selected="selected";' ?>><?php echo $m; ?></option>
 <?php } ?>
     </select> :
     <select name="second">
-      <option value=""></option>
+      <option value="">秒</option>
 <?php $second = substr($page_time, 6, 2); for ($i = 0; $i <= 59; $i ++) { $m = sprintf("%02d", $i); ?>
       <option value="<?php echo $m; ?>" <?php if ($second == $m) echo 'selected="selected";' ?>><?php echo $m; ?></option>
 <?php } ?>

diff --git a/mc-admin/page.php b/mc-admin/page.php
@@ -272,11 +272,11 @@ function goto_page(e)
   </span>
   <span class="pager">
     共 <?php echo $page_count; ?> 项&nbsp;&nbsp;
-    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo $filter_date;?>">&laquo;</a>
-    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo $filter_date;?>&page=<?php echo $prev_page; ?>">&lsaquo;</a>
-    第 <input type="text" value="<?php echo $page_num; ?>" id="page_input_1"/> 页,共 <?php echo $last_page; ?> 页
-    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo $filter_date;?>&page=<?php echo $next_page; ?>">&rsaquo;</a>
-    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo $filter_date;?>&page=<?php echo $last_page; ?>">&raquo;</a>
+    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo urlencode($filter_date);?>">&laquo;</a>
+    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo urlencode($filter_date);?>&page=<?php echo $prev_page; ?>">&lsaquo;</a>
+    第 <input type="text" value="<?php echo urlencode($page_num); ?>" id="page_input_1"/> 页,共 <?php echo $last_page; ?> 页
+    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo urlencode($filter_date);?>&page=<?php echo $next_page; ?>">&rsaquo;</a>
+    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo urlencode($filter_date);?>&page=<?php echo $last_page; ?>">&raquo;</a>
   </span>
   <script type="text/javascript">
   document.getElementById('page_input_1').onkeydown = goto_page;
@@ -293,18 +293,18 @@ function goto_page(e)
   <tbody>
   <?php for ($i = 0; $i < $page_count; $i ++) { if ($i < ($page_num - 1) * 10 || $i >= ($page_num * 10)) continue; $page_id = $page_ids[$i]; $page = $mc_pages[$page_id]; ?>
     <tr<?php if ($i % 2 == 0) echo ' class="alt"'; ?>>
-      <td><input type="checkbox" name="ids" value="<?php echo $page_id; ?>"/></td>
+      <td><input type="checkbox" name="ids" value="<?php echo htmlentities($page_id); ?>"/></td>
       <td>
         <a class="row_name" href="page-edit.php?file=<?php echo $page['file']; ?>"><?php echo htmlspecialchars($page['title']);?></a>
         <div class="row_tool">
           <a class="link_button" href="page-edit.php?file=<?php echo $page['file']; ?>">编辑</a>
           <?php if ($state == 'delete') { ?>
-          <a class="link_button" href="?revert=<?php echo $page_id; ?>&state=<?php echo $state; ?>&date=<?php echo $filter_date;?>">还原</a>
-          <a class="link_button" href="?delete=<?php echo $page_id; ?>&state=<?php echo $state; ?>&date=<?php echo $filter_date;?>">删除</a>
+          <a class="link_button" href="?revert=<?php echo urlencode($page_id); ?>&state=<?php echo $state; ?>&date=<?php echo urlencode($filter_date);?>">还原</a>
+          <a class="link_button" href="?delete=<?php echo urlencode($page_id); ?>&state=<?php echo $state; ?>&date=<?php echo urlencode($filter_date);?>">删除</a>
           <?php } else { ?>
-          <a class="link_button" href="?delete=<?php echo $page_id; ?>&state=<?php echo $state; ?>&date=<?php echo $filter_date;?>">回收</a>
+          <a class="link_button" href="?delete=<?php echo urlencode($page_id); ?>&state=<?php echo $state; ?>&date=<?php echo urlencode($filter_date);?>">回收</a>
           <?php } ?>
-          <a class="link_button" href="/?<?php echo $page_id; ?>/" target="_blank">查看</a>
+          <a class="link_button" href="<?php echo htmlentities($mc_config['site_link']); ?>/?<?php echo urlencode($page_id); ?>/" target="_blank">查看</a>
         </div>
       </td>
       <td><?php
@@ -313,7 +313,7 @@ function goto_page(e)
         for ($j = 0; $j < $paths_count - 1; $j ++) {
           echo '－';
         }
-        echo $paths[$paths_count - 1]; ?></td>
+        echo htmlspecialchars($paths[$paths_count - 1]); ?></td>
       <td><?php echo htmlspecialchars($page['date']);?></td>
     </tr>
   <?php } ?>
@@ -335,11 +335,11 @@ function goto_page(e)
   </span>
   <span class="pager">
     共 <?php echo $page_count; ?> 项&nbsp;&nbsp;
-    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo $filter_date;?>">&laquo;</a>
-    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo $filter_date;?>&page=<?php echo $prev_page; ?>">&lsaquo;</a>
-    第 <input type="text" value="<?php echo $page_num; ?>" id="page_input_2"/> 页,共 <?php echo $last_page; ?> 页
-    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo $filter_date;?>&page=<?php echo $next_page; ?>">&rsaquo;</a>
-    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo $filter_date;?>&page=<?php echo $last_page; ?>">&raquo;</a>
+    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo urlencode($filter_date);?>">&laquo;</a>
+    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo urlencode($filter_date);?>&page=<?php echo $prev_page; ?>">&lsaquo;</a>
+    第 <input type="text" value="<?php echo urlencode($page_num); ?>" id="page_input_2"/> 页,共 <?php echo $last_page; ?> 页
+    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo urlencode($filter_date);?>&page=<?php echo $next_page; ?>">&rsaquo;</a>
+    <a class="link_button" href="?state=<?php echo $state; ?>&date=<?php echo urlencode($filter_date);?>&page=<?php echo $last_page; ?>">&raquo;</a>
   </span>
   <script type="text/javascript">
   document.getElementById('page_input_2').onkeydown = goto_page;

diff --git a/mc-admin/post-edit.php b/mc-admin/post-edit.php
@@ -16,12 +16,17 @@
   $post_id          = $_POST['id'];
   $post_state       = $_POST['state'];
   $post_title       = trim($_POST['title']);
-  $post_content     = get_magic_quotes_gpc() ? stripslashes(trim($_POST['content'])) : trim($_POST['content']);
+  $post_content     = trim($_POST['content']);
   $post_tags        = explode(',', trim($_POST['tags']));
   $post_date        = date("Y-m-d");
   $post_time        = date("H:i:s");
   $post_can_comment  = $_POST['can_comment'];
 
+  if ($post_state != "delete" && $post_state != "draft" && $post_state != "publish") {
+    Header("Location:index.php");
+    exit;
+  }
+
   if ($_POST['year'] != '')
     $post_date = substr_replace($post_date, $_POST['year'], 0, 4);
 
@@ -149,7 +154,7 @@ function empty_textbox_blur(target) {
   }
 }
 </script>
-<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
+<form action="<?php echo htmlentities($_SERVER['REQUEST_URI']); ?>" method="post">
   <input type="hidden" name="_IS_POST_BACK_" value=""/>
   <?php if ($succeed) { ?>
   <?php if ($post_state == 'publish') { ?>
@@ -175,37 +180,37 @@ function empty_textbox_blur(target) {
     <div style="float:left">
     时间：
     <select name="year">
-      <option value=""></option>
+      <option value="">&nbsp;&nbsp;年</option>
 <?php $year = substr($post_date, 0, 4); for ($i = 1990; $i <= 2030; $i ++) { ?>
       <option value="<?php echo $i; ?>" <?php if ($year == $i) echo 'selected="selected";' ?>><?php echo $i; ?></option>
 <?php } ?>
     </select> -
     <select name="month">
-      <option value=""></option>
+      <option value="">月</option>
 <?php $month = substr($post_date, 5, 2); for ($i = 1; $i <= 12; $i ++) { $m = sprintf("%02d", $i); ?>
       <option value="<?php echo $m; ?>" <?php if ($month == $m) echo 'selected="selected";' ?>><?php echo $m; ?></option>
 <?php } ?>
     </select> -
     <select name="day">
-      <option value=""></option>
+      <option value="">日</option>
 <?php $day = substr($post_date, 8, 2); for ($i = 1; $i <= 31; $i ++) { $m = sprintf("%02d", $i); ?>
       <option value="<?php echo $m; ?>" <?php if ($day == $m) echo 'selected="selected";' ?>><?php echo $m; ?></option>
 <?php } ?>
     </select>&nbsp;
     <select name="hourse">
-      <option value=""></option>
+      <option value="">时</option>
 <?php $hourse = substr($post_time, 0, 2); for ($i = 0; $i <= 23; $i ++) { $m = sprintf("%02d", $i); ?>
       <option value="<?php echo $m; ?>" <?php if ($hourse == $m) echo 'selected="selected";' ?>><?php echo $m; ?></option>
 <?php } ?>
     </select> :
     <select name="minute">
-      <option value=""></option>
+      <option value="">分</option>
 <?php $minute = substr($post_time, 3, 2); for ($i = 0; $i <= 59; $i ++) { $m = sprintf("%02d", $i); ?>
       <option value="<?php echo $m; ?>" <?php if ($minute == $m) echo 'selected="selected";' ?>><?php echo $m; ?></option>
 <?php } ?>
     </select> :
     <select name="second">
-      <option value=""></option>
+      <option value="">秒</option>
 <?php $second = substr($post_time, 6, 2); for ($i = 0; $i <= 59; $i ++) { $m = sprintf("%02d", $i); ?>
       <option value="<?php echo $m; ?>" <?php if ($second == $m) echo 'selected="selected";' ?>><?php echo $m; ?></option>
 <?php } ?>