更新
This commit is contained in:
parent
8550914e22
commit
c6ba7de430
@ -2,7 +2,7 @@
|
|||||||
/* 获取主题当前版本号 */
|
/* 获取主题当前版本号 */
|
||||||
function _getVersion()
|
function _getVersion()
|
||||||
{
|
{
|
||||||
return "6.0.5";
|
return "6.0.6";
|
||||||
};
|
};
|
||||||
|
|
||||||
/* 判断是否是手机 */
|
/* 判断是否是手机 */
|
||||||
|
@ -3,15 +3,34 @@
|
|||||||
/* 过滤短代码 */
|
/* 过滤短代码 */
|
||||||
require_once('short.php');
|
require_once('short.php');
|
||||||
|
|
||||||
|
function _checkXSS($text)
|
||||||
|
{
|
||||||
|
$isXss = false;
|
||||||
|
$list = array(
|
||||||
|
'([\x00-\x08,\x0b-\x0c,\x0e-\x19])', 'script', 'javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'embed', 'object', 'frame', 'layer', 'title', 'bgsound', 'onload', 'onunload', 'onchange', 'onsubmit', 'onreset', 'onselect', 'onblur', 'onfocus',
|
||||||
|
'onabort', 'onkeydown', 'onkeypress', 'onkeyup', 'onclick', 'ondblclick', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onunload'
|
||||||
|
);
|
||||||
|
if (strip_tags($text)) {
|
||||||
|
for ($i = 0; $i < count($list); $i++) {
|
||||||
|
if (strpos($text, $list[$i]) !== false) {
|
||||||
|
$isXss = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$isXss = true;
|
||||||
|
};
|
||||||
|
return $isXss;
|
||||||
|
}
|
||||||
|
|
||||||
/* 过滤评论回复 */
|
/* 过滤评论回复 */
|
||||||
function _parseCommentReply($text)
|
function _parseCommentReply($text)
|
||||||
{
|
{
|
||||||
if (strip_tags($text)) {
|
if (_checkXSS($text)) {
|
||||||
$text = _parseReply($text);
|
|
||||||
$text = preg_replace('/\{!{(.*?)\}!}/', '<img class="lazyload draw_image" src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" data-src="$1" onerror="javascript: this.src=\'data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\';" alt="画图"/>', $text);
|
|
||||||
echo $text;
|
|
||||||
} else {
|
|
||||||
echo "该回复疑似异常,已被系统拦截!";
|
echo "该回复疑似异常,已被系统拦截!";
|
||||||
|
} else {
|
||||||
|
$text = _parseReply($text);
|
||||||
|
echo preg_replace('/\{!{(.*?)\}!}/', '<img class="lazyload draw_image" src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" data-src="$1" onerror="javascript: this.src=\'data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\';" alt="画图"/>', $text);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -38,26 +57,25 @@ function _parseReply($text)
|
|||||||
/* 格式化留言回复 */
|
/* 格式化留言回复 */
|
||||||
function _parseLeavingReply($text)
|
function _parseLeavingReply($text)
|
||||||
{
|
{
|
||||||
if (strip_tags($text)) {
|
if (_checkXSS($text)) {
|
||||||
|
echo "该回复疑似异常,已被系统拦截!";
|
||||||
|
} else {
|
||||||
$text = strip_tags($text);
|
$text = strip_tags($text);
|
||||||
$text = _parseReply($text);
|
$text = _parseReply($text);
|
||||||
$text = preg_replace('/\{!\{(.*?)\}!\}/', '<img class="draw_image" src="$1" alt="画图"/>', $text);
|
echo preg_replace('/\{!\{(.*?)\}!\}/', '<img class="draw_image" src="$1" alt="画图"/>', $text);
|
||||||
echo $text;
|
|
||||||
} else {
|
|
||||||
echo "该回复疑似异常,已被系统拦截!";
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* 格式化侧边栏回复 */
|
/* 格式化侧边栏回复 */
|
||||||
function _parseAsideReply($text, $type = true)
|
function _parseAsideReply($text, $type = true)
|
||||||
{
|
{
|
||||||
if (strip_tags($text)) {
|
if (_checkXSS($text)) {
|
||||||
|
echo "该回复疑似异常,已被系统拦截!";
|
||||||
|
} else {
|
||||||
$text = strip_tags($text);
|
$text = strip_tags($text);
|
||||||
$text = preg_replace('~{!{.*~', '# 图片回复', $text);
|
$text = preg_replace('~{!{.*~', '# 图片回复', $text);
|
||||||
if ($type) echo _parseReply($text);
|
if ($type) echo _parseReply($text);
|
||||||
else echo $text;
|
else echo $text;
|
||||||
} else {
|
|
||||||
echo "该回复疑似异常,已被系统拦截!";
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "typecho-joe-next",
|
"name": "typecho-joe-next",
|
||||||
"version": "6.0.5",
|
"version": "6.0.6",
|
||||||
"description": "A Theme Of Typecho",
|
"description": "A Theme Of Typecho",
|
||||||
"main": "index.php",
|
"main": "index.php",
|
||||||
"keywords": [
|
"keywords": [
|
||||||
|
Loading…
Reference in New Issue
Block a user