Discuz! 7.0在增加大量新功能的同时,也引入了大量的缺陷,topicadmin中警告短消息缺失信息就是其中之一,该缺陷导致版主在实施警告管理行为时,被警告的用户接收到的短消息中不能正确反映版主实施警告的贴子。相关短消息代码如下:
‘reason_warn_post_message’=>’这是由论坛系统自动发送的通知短消息。[b]以下您所发表的帖子被 [url={$boardurl}space.php?uid={$discuz_uid}][i]{$discuz_userss}[/i][/url] 执行 {$modaction} 操作。[/b][quote]{$post[message]}[/quote]连续 $warningexpiration 天内累计 $warninglimit 次警告,您将被自动禁止发帖 $warningexpiration 天。截至目前,您已被警告 $post[warnings] 次,请注意![b]发表时间:[/b] {$post[dateline]}[b]所在版块:[/b] [url={$boardurl}forumdisplay.php?fid={$fid}]{$forumname}[/url][b]操作理由:[/b] {$reason}如果您对本管理操作有异议,请与我取得联系。’,
其中缺失$post[message], $post[warnings], $post[dateline]三个变量。为解决该缺陷,按如下所示打补丁即可:
— topicadmin.original.php+++ topicadmin.fixed.php@@ -543,23 +546,23 @@} elseif($action == ‘warn’) {if(!($warnpids = implodeids($topiclist))) {showmessage(‘admin_warn_invalid’);} elseif(!$allowbanpost || !$tid) {showmessage(‘admin_nopermission’, NULL, ‘HALTED’);}$posts = $authors = array();$authorwarnings = $warningauthor = $warnstatus = ”;- $query = $db->query(“SELECT p.pid,p.authorid, p.author, p.status, m.adminid FROM {$tablepre}posts p LEFTJOIN {$tablepre}members m ON p.authorid=m.uid WHERE pid IN ($warnpids)AND p.tid=’$tid'”);+ $query = $db->query(“SELECT p.pid,p.authorid, p.author, p.status, p.message, p.dateline, m.adminid FROM{$tablepre}posts p LEFT JOIN {$tablepre}members m ON p.authorid=m.uidWHERE pid IN ($warnpids) AND p.tid=’$tid'”);while($post = $db->fetch_array($query)) {if($post[‘adminid’] == 0) {$warnstatus = ($post[‘status’] & 2) || $warnstatus;$authors[$post[‘authorid’]] = 1;$posts[] = $post;}}if(!$posts) {showmessage(‘admin_warn_nopermission’, NULL, ‘HALTED’);}@@ -589,22 +592,23 @@checkreasonpm();$pids = $comma = ”;foreach($posts as $k => $post) {if($post[‘adminid’] == 0) {if($warned && !($post[‘status’] & 2)) {$db->query(“UPDATE{$tablepre}posts SET status=status|2 WHERE pid=’$post[pid]'”,’UNBUFFERED’);$reason = cutstr(dhtmlspecialchars($reason), 40);$db->query(“INSERT INTO{$tablepre}warnings (pid, operatorid, operator, authorid, author,dateline, reason) VALUES (‘$post[pid]’, ‘$discuz_uid’, ‘$discuz_user’,’$post[authorid]’, ‘”.addslashes($post[‘author’]).”‘, ‘$timestamp’,’$reason’)”, ‘UNBUFFERED’);$authorwarnings =$db->result_first(“SELECT COUNT(*) FROM {$tablepre}warnings WHEREauthorid=’$post[authorid]'”);+ $posts[$k][‘warnings’] = $authorwarnings;if($authorwarnings >= $warninglimit) {$member =$db->fetch_first(“SELECT adminid, groupid FROM {$tablepre}membersWHERE uid=’$post[authorid]'”);if($member && $member[‘groupid’] != 4) {$banexpiry = $timestamp + $warningexpiration * 86400;$groupterms = array();$groupterms[‘main’]= array(‘time’ => $banexpiry, ‘adminid’ => $member[‘adminid’],’groupid’ => $member[‘groupid’]);$groupterms[‘ext’][4] = $banexpiry;$db->query(“UPDATE{$tablepre}members SET groupid=’4′,groupexpiry='”.groupexpiry($groupterms).”‘ WHEREuid=’$post[authorid]'”);$db->query(“UPDATE{$tablepre}memberfields SETgroupterms='”.addslashes(serialize($groupterms)).”‘ WHEREuid=’$post[authorid]'”);}}
第一处补丁是从数据库中查询$post[‘message’], $post[‘dateline’]两个变量。第二处补丁是将计算出的警告数值赋给$post[‘warnings’]。
[Discuz! – 官方网站]
http://www.discuz.net/
[Discuz! – 常见问题]
Discuz! 6.1 从GBK编码转为UTF-8编码Discuz! 6.1 多语言翻译工作范围
Discuz! 6.1 发送HTML格式电子邮件
Discuz! 6.1~7.0 安装SupeSite后导致安全漏洞
Discuz! 6.1 不修改模板在贴子上增加收藏按钮
Discuz! 6.1 cpmsg函数在IE下和Firefox下表现不一致
Discuz! 6.1~7.0 升级后request缓存文件名不兼容
Discuz! 6.1~7.0升级后request路径不兼容以及相应修改方案
Discuz! 7.0 模块脚本文件名
Discuz! 7.0 模块调用脚本范例程序 – 模板
Discuz! 7.0 模块调用脚本范例程序 – 数组
Discuz! 7.0模块调用脚本范例程序 – 主题
Discuz! 7.0 模块调用脚本范例程序 – 多选下拉的缺陷以及使用方法
Discuz! 6.1 – 自动禁止非公开版面向Home推送事件
Discuz! 6.1~7.0 – 解决jQuery兼容问题
Discuz! 7.0 – 修正topicadmin中警告短消息缺失信息的缺陷
志在山顶的人,不会贪念山腰的风景。
