/ }# ^' L4 ]8 @/ s出现在评论处,小问题。放出来怕笑话呢。。3 N b% b' M# z1 N7 ^+ t. T
01 }elseif($do == 'view'){
; m5 o5 t, S# ~: f! b02
9 s0 p/ |5 w4 V03 require_once(dirname(__FILE__)."/global.php");
; ?9 y/ f/ J& Y J5 K04 require_once(MYMPS_INC."/member.class.php");
0 E& s- A1 X3 c5 j+ M, D! o05 require_once(MYMPS_INC."/ip.class.php");
( v5 J; e; q: N% c8 ?: B8 }* Q06
& S, d& ^( n, X* V6 N07 if(!empty($part)&&$action == 'write'){! w+ H% A, g/ s: }
08 if(if_other_site_post()){
& Z! I0 B( v* k. v: V Q09 $msgs[]="请不要尝试从站外提交数据!";0 Z1 f' L* f# N2 u
10 show_msg($msgs);
& T9 {$ z) H7 S! Z11 exit();7 B% [/ F) c. e: A
12 }3 ]" ~; t9 f- O) ~- d) |
13 $ ?7 H8 e5 @9 T. p) Z' V% f- l; A
14 7 R( i' O3 ]/ N+ ^0 n
15 //mymps_chk_randcode();% R3 c# w! f) z, t- s
16
1 F* ]6 R. q8 ?4 ~17 $content = $_POST[content];% t+ K! G7 Y! S6 v
18 if(empty($content)){write_msg("请填写评论内容!");exit();}: @5 Y* V @* P! V, v1 g3 l- R
19 if(strlen($content)>255){write_msg("请不要填写超过127个汉字!");exit();}
( p7 A1 Q! e2 N3 V% N; T8 V20 $result = verify_badwords_filter($mymps_global[cfg_if_comment_verify],'',$_POST[content]);4 M* u$ A v0 k+ K# [$ o5 c
21 $content = textarea_post_change($result[content]);: s; t, U- R* j- B p9 J
22 $comment_level = $result[level];+ Q$ I8 i8 \9 Z* M3 S6 C1 z& L
23 $userid = $_GET['userid'];
2 S! [; ?% M+ Q24
' f+ ^4 K# M5 c- v& ]9 w! K25 - {- i" a% f- `- S/ }# [
; k0 e& O9 e: v/ P+ J
26 $db->query("INSERT INTO `{$db_mymps}".$part."_comment` (".$part."id,content,pubtime,ip,comment_level,userid)VALUES('$id','$content','".time()."','".GetIP()."','$comment_level','".$_POST[userid]."')");
2 |0 N( W3 W M8 { j9 v27 echo "INSERT INTO `{$db_mymps}".$part."_comment` (".$part."id,content,pubtime,ip,comment_level,userid)VALUES('$id','$content','".time()."','".GetIP()."','$comment_level','".$_POST[userid]."')";//userid和getip都没处理好。出现问题了。: N) E( q( E3 r
28 if($comment_level == '1'){) J8 s# |) b6 I: O. D
29 write_msg("您的评论提交成功!","?part=".$part."&id=".$id);
; X7 R0 S/ T) y4 d0 G2 {" a30 }& U0 l5 s' [$ |( F% f
31 else{' n; B# o- L2 `' C) H
32 write_msg("您提交的留言可能含有违禁词语,审核通过后显示!","?part=".$part."&id=".$id);
: N W! H# D+ k8 O/ H$ j5 ^5 w$ t33 }4 w# O% ?# D- ~# _
34 exit();, l9 E- p+ D5 Y
35 }
" h% L% v3 p, H- w结果出现问题了,
+ z" Y' h% Y8 i, X
" J. E: Z4 u3 ^) S接下来就是1 k, R" r4 S6 ~. F% \
; \% r# L+ h: y+ K
直接爆出管理员账号加MD5…8 B0 w) f7 C# E7 U4 @
|