3 B. Z4 Y: S' N" }( y+ G2 b出现在评论处,小问题。放出来怕笑话呢。。
; A6 Z" G; v( f01 }elseif($do == 'view'){
d( C2 }* {4 X5 O& u( L3 {02
" p# F7 G d! ^) J: B03 require_once(dirname(__FILE__)."/global.php");
, W0 e9 i& X- k: {6 N04 require_once(MYMPS_INC."/member.class.php");
, _$ I: l, E$ m05 require_once(MYMPS_INC."/ip.class.php");
- ?% }/ z: e: Y( Y, N$ p06 4 c" ]5 C6 _2 r" g
07 if(!empty($part)&&$action == 'write'){
; Y! O# w" ^' u5 ]$ p) ~08 if(if_other_site_post()){ Z! k# N8 W, p
09 $msgs[]="请不要尝试从站外提交数据!";
! F7 x# L' i. t5 n2 ?/ y+ o# c8 x10 show_msg($msgs);
7 | u w4 y4 @2 U" U11 exit();
1 h* i! K( |2 C! h12 }
; A8 @% ]. T% o7 \: P* ?13
. e/ O+ [9 J3 [4 N! c f14
; }! j5 [7 E/ d6 k4 M" O- K15 //mymps_chk_randcode();* W% `$ R, }$ W% h" g9 a, |
16
3 S1 w3 A$ m/ b6 J8 p5 j0 u17 $content = $_POST[content];
/ a+ C& x8 N8 |18 if(empty($content)){write_msg("请填写评论内容!");exit();}
$ ]3 y, a' {: X6 i8 J$ B( X19 if(strlen($content)>255){write_msg("请不要填写超过127个汉字!");exit();}* D8 `6 ]" y; [9 @
20 $result = verify_badwords_filter($mymps_global[cfg_if_comment_verify],'',$_POST[content]);
/ o; h, s9 W f0 U! C* C21 $content = textarea_post_change($result[content]);" m: ^, J; x% b) F/ J# @2 U
22 $comment_level = $result[level];1 B5 u) E6 D5 ]% r" {. G1 G ?& w
23 $userid = $_GET['userid'];4 E1 L! Z+ s% Y" b# R/ u* n% y
24 7 m1 F3 `4 ]3 u! Y
25 ! ]3 b3 t H1 Y1 c' D
% P& @/ m) t% s& d, f5 E% G4 c
26 $db->query("INSERT INTO `{$db_mymps}".$part."_comment` (".$part."id,content,pubtime,ip,comment_level,userid)VALUES('$id','$content','".time()."','".GetIP()."','$comment_level','".$_POST[userid]."')");, g0 e L, b5 s4 W/ ] | j
27 echo "INSERT INTO `{$db_mymps}".$part."_comment` (".$part."id,content,pubtime,ip,comment_level,userid)VALUES('$id','$content','".time()."','".GetIP()."','$comment_level','".$_POST[userid]."')";//userid和getip都没处理好。出现问题了。
8 g8 d* ?$ }* R8 g& D28 if($comment_level == '1'){5 A- ^- {" D& l7 X
29 write_msg("您的评论提交成功!","?part=".$part."&id=".$id);
% o, m: f$ S) q2 h) g30 }
9 P) @# s7 ^2 W$ K- f/ L31 else{
* f F* a2 p/ X5 n; o( D, i32 write_msg("您提交的留言可能含有违禁词语,审核通过后显示!","?part=".$part."&id=".$id);* g) T! y% V0 e) y% j# B4 z
33 }
3 u: w3 w. }# Z6 {34 exit();
9 E& p/ _( Y5 I! U7 U, }35 }9 `2 I# _3 |2 A2 N4 u
结果出现问题了,
5 g2 h9 v) q4 A8 {$ L k
- X! [; s: ~! R8 m7 i9 J: F' i接下来就是; n+ w8 W' J0 a* Z; K
- h+ h4 z" m; m6 P9 W# r# w0 s* k
直接爆出管理员账号加MD5…7 u4 {; n6 j# p! b0 J
|