帝国cms默认反馈提交的内容不受防火墙禁用字符限制,这里给出解决办法。首先找到反馈处理文件:/e/class/q_functions.php找到处理函数AddFeedback分析发现这个函数没有加载防火墙变量,所以第一步就是把防火墙变量加载进来。方法将原代码global $empire,$dbtbpre,$level_r,$public_r;改为global $empire,$dbtbpre,$level_r,$public_r,$ecms_config;这个时候就加入了防火墙变量了。然后我们找反馈内容字段经分析反馈字段是存在$br['enter']里面的,并用<!–record–>字符隔开了,所以我们只要在其循环中加入代码,请加在$f=$er1[1];下面,此处$f就是字段。 if($f=="saytext") { $cleartext=explode(',',$ecms_config['fw']['cleargettext']); foreach($cleartext as $v) { $add[$f]=str_replace($v,"",$add[$f]); } }就可以实现禁用字符的替换了。代码解释:当提交的字段为saytext时启用防火墙,并把禁用字符替换为空。整体函数代码://提交反馈信息function AddFeedback($add){global $empire,$dbtbpre,$level_r,$public_r,$ecms_config;CheckCanPostUrl();//验证来源if($add['bid']){$bid=(int)$add['bid'];}else{ $bid=(int)getcvar('feedbackbid');}if(empty($bid)){ printerror("EmptyFeedbackname","history.go(-1)",1); }//验证码$keyvname='checkfeedbackkey';if($public_r['fbkey_ok']){ ecmsCheckShowKey($keyvname,$add['key'],1);}//版面是否存在$br=$empire->fetch1("select bid,enter,mustenter,filef,groupid,checkboxf from {$dbtbpre}enewsfeedbackclass where bid='$bid';");if(empty($br['bid'])){ printerror("EmptyFeedback","history.go(-1)",1);}//权限if($br['groupid']){ $user=islogin(); if($level_r[$br[groupid]][level]>$level_r[$user[groupid]][level]) { printerror("HaveNotEnLevel","history.go(-1)",1); }}$pr=$empire->fetch1("select feedbacktfile,feedbackfilesize,feedbackfiletype from {$dbtbpre}enewspublic limit 1");//必填项$mustr=explode(",",$br['mustenter']);$count=count($mustr);for($i=1;$i<$count-1;$i++){ $mf=$mustr[$i]; if(strstr($br['filef'],",".$mf.","))//附件 { if(!$pr['feedbacktfile']) { printerror("NotOpenFBFile","",1); } if(!$_FILES[$mf]['name']) { printerror("EmptyFeedbackname","",1); } } else { $chmustval=ReturnFBCheckboxAddF($add[$mf],$mf,$br['checkboxf']); if(!trim($chmustval)) { printerror("EmptyFeedbackname","",1); } }}$saytime=date("Y-m-d H:i:s");//字段处理$dh="";$tranf="";$record="<!–record–>";$field="<!–field—>";$er=explode($record,$br['enter']);$count=count($er);for($i=0;$i<$count-1;$i++){ $er1=explode($field,$er[$i]); $f=$er1[1];//屏蔽反馈提交的字符 if($f=="saytext") { $cleartext=explode(',',$ecms_config['fw']['cleargettext']); foreach($cleartext as $v) { $add[$f]=str_replace($v,"",$add[$f]); } } //附件 $add[$f]=str_replace('ecms','ecms',$add[$f]); if(strstr($br['filef'],",".$f.",")) { if($_FILES[$f]['name']) { if(!$pr['feedbacktfile']) { printerror("NotOpenFBFile","",1); } $filetype=GetFiletype($_FILES[$f]['name']);//取得文件类型 if(CheckSaveTranFiletype($filetype)) { printerror("NotQTranFiletype","",1); } if(!strstr($pr['feedbackfiletype'],"|".$filetype."|")) { printerror("NotQTranFiletype","",1); } if($_FILES[$f]['size']>$pr['feedbackfilesize']*1024)//文件大小 { printerror("TooBigQTranFile","",1); } $tranf.=$dh.$f; $dh=","; $fval="ecms".$f."-@!]"; } else { $fval=""; } } else { $add[$f]=ReturnFBCheckboxAddF($add[$f],$f,$br['checkboxf']); $fval=$add[$f]; } $addf.=",`".$f."`"; $addval.=",'".addslashes(RepPostStr($fval))."'";}$type=0;$classid=0;$filename='';$filepath='';$userid=(int)getcvar('mluserid');$username=RepPostVar(getcvar('mlusername'));$filepass=ReturnTranFilepass();//上传附件if($tranf){ $dh=""; $tranr=explode(",",$tranf); $count=count($tranr); for($i=0;$i<$count;$i++) { $tf=$tranr[$i]; $tfr=DoTranFile($_FILES[$tf]['tmp_name'],$_FILES[$tf]['name'],$_FILES[$tf]['type'],$_FILES[$tf]['size'],$classid); if($tfr['tran']) { $filepath=$tfr[filepath]; //写入数据库 $filetime=$saytime; $filesize=(int)$_FILES[$tf]['size']; eInsertFileTable($tfr[filename],$filesize,$tfr[filepath],'[Member]'.$username,$classid,'[FB]'.addslashes(RepPostStr($add[title])),$type,$filepass,$filepass,$public_r[fpath],0,4,0); $repfval=($tfr[filepath]?$tfr[filepath].'/':'').$tfr[filename]; $filename.=$dh.$tfr[filename]; $dh=","; } else { $repfval=""; } $addval=str_replace("ecms".$tf."-@!]",$repfval,$addval); }}$ip=egetip();$sql=$empire->query("insert into {$dbtbpre}enewsfeedback(bid,saytime,ip,filepath,filename,userid,username,haveread".$addf.") values('$bid','$saytime','$ip','$filepath','$filename','$userid','$username',0".$addval.");");$fid=$empire->lastid();//更新附件UpdateTheFileOther(4,$fid,$filepass,'other');ecmsEmptyShowKey($keyvname);//清空验证码if($sql){ $reurl=DoingReturnUrl("../tool/feedback/?bid=$bid",$add['ecmsfrom']); printerror("AddFeedbackSuccess",$reurl,1);}else{printerror("DbError","history.go(-1)",1);}} 世上没有绝望的处境,只有对处境绝望的人。
开启帝国CMS反馈防火墙禁用字符的方法
