, q' |+ B. w. ]% g, Y! |9 j$ U0 ~
出现在评论处,小问题。放出来怕笑话呢。。- r- d' Y+ |3 ]) `
01 }elseif($do == 'view'){0 M7 H* u7 E! R
02 9 k [$ l# J: S4 g+ l M
03 require_once(dirname(__FILE__)."/global.php");
7 Z" M" m3 c/ t9 u04 require_once(MYMPS_INC."/member.class.php");9 D& q1 m9 N9 t+ c' @6 J1 z+ X
05 require_once(MYMPS_INC."/ip.class.php");( q& Q& `6 {/ o* j# P
06
8 `3 c4 r' r- r; E: S& |07 if(!empty($part)&&$action == 'write'){
w" q6 V: c4 N( n& r08 if(if_other_site_post()){. x B( n2 e% f& j3 S" j, u5 c
09 $msgs[]="请不要尝试从站外提交数据!";7 e; Y; E: b8 J$ }2 _
10 show_msg($msgs);
2 S* D) m3 b. n Z3 N11 exit();
3 P; ?4 C7 l# T12 }2 B _9 z$ s# ]4 ~$ W# m
13
5 J( o$ }$ h2 d3 t j. X14
3 ^# n; R! q; X3 ?0 Q15 //mymps_chk_randcode();
4 s7 l6 o' e" q4 Y- \5 {16 6 \' V# c+ ?1 R1 V. e+ }* {8 g
17 $content = $_POST[content]; i5 ^% U% `* K; y' L
18 if(empty($content)){write_msg("请填写评论内容!");exit();}
9 k8 V5 i' @0 H" {" d: m1 ?19 if(strlen($content)>255){write_msg("请不要填写超过127个汉字!");exit();}
4 f0 f& ^1 b7 c20 $result = verify_badwords_filter($mymps_global[cfg_if_comment_verify],'',$_POST[content]);' n7 I& b, P3 |+ T) c
21 $content = textarea_post_change($result[content]);" v8 v% M5 `2 }3 ^: N
22 $comment_level = $result[level];
3 w$ H9 Y0 B w5 s23 $userid = $_GET['userid'];0 |+ t, j+ U% s
24
1 X" Y) _0 C; \- {" E25
; n+ d; H2 w, d, j' |' N" j* ~1 X+ r% C
26 $db->query("INSERT INTO `{$db_mymps}".$part."_comment` (".$part."id,content,pubtime,ip,comment_level,userid)VALUES('$id','$content','".time()."','".GetIP()."','$comment_level','".$_POST[userid]."')");
. w3 R; P9 V: r) @' J& n27 echo "INSERT INTO `{$db_mymps}".$part."_comment` (".$part."id,content,pubtime,ip,comment_level,userid)VALUES('$id','$content','".time()."','".GetIP()."','$comment_level','".$_POST[userid]."')";//userid和getip都没处理好。出现问题了。) N; \( \# C; H1 N
28 if($comment_level == '1'){
& D2 |" C9 T8 G) N29 write_msg("您的评论提交成功!","?part=".$part."&id=".$id);
( [* b# M! m8 s! y30 }
# N3 ~4 k0 C& {31 else{$ i5 f0 P/ z' m9 H
32 write_msg("您提交的留言可能含有违禁词语,审核通过后显示!","?part=".$part."&id=".$id);1 O5 J4 a9 |! m
33 }
/ C9 T9 e. J( e6 t: b34 exit();1 G" h! [5 S9 F7 O" j7 x
35 }
" P0 w# o$ r" u结果出现问题了,( r; {, U: @# B I
$ Q, F4 z8 w/ f& b6 {
接下来就是9 H; K, V- {5 }2 P. s$ M% ?# e; T& L
- s) M$ [- p6 Y. `/ z
直接爆出管理员账号加MD5…
1 e/ H' c& ?% _" E: {6 t |