diff --git a/README.md b/README.md index 80382de..d346cc2 100644 --- a/README.md +++ b/README.md @@ -6,11 +6,11 @@ 官网网站:http://www.rockoa.com/ 源码仅供学习二次开发使用,禁止二次发布,禁止用于商业用途出售等(违者必究) 版权:Copyright @2016-2023 信呼开发团队 -版本整理时间:2023-08-22 23:59:59 -版本号:V2.6.0 +版本整理时间:2023-12-22 23:59:59 +版本号:V2.6.2 -### V2.6.0更新说明 +### V2.6.2更新说明 1、完善系统安全性。 2、更多升级日志详见:http://www.rockoa.com/view_core.html diff --git a/config/version.php b/config/version.php index 78c215a..f4ace10 100644 --- a/config/version.php +++ b/config/version.php @@ -1,3 +1,3 @@ option->getselectdata($_ars[0], isset($_ars[2])); - $fvad = 'name'; + $fvad = 'nameo'; if(isset($_ars[1])&&($_ars[1]=='value'||$_ars[1]=='id'||$_ars[1]=='num'))$fvad=$_ars[1]; if($fopt){ diff --git a/include/chajian/rockeditChajian.php b/include/chajian/rockeditChajian.php index af6e38b..bcddf50 100644 --- a/include/chajian/rockeditChajian.php +++ b/include/chajian/rockeditChajian.php @@ -78,13 +78,16 @@ class rockeditChajian extends Chajian{ $onlynum = md5(''.$this->rock->jm->getRandkey().date('YmdHis').'file'.$id.''); m('file')->update("`onlynum`='$onlynum'", $id); } + $stype = '0';//0wps,1onlyoffice $urs = m('admin')->getone($this->adminid); $barr = $this->getdata('file','change', array( 'filenum' => $onlynum, 'optid' => $this->adminid, + 'stype' => $stype, 'optname' => $this->rock->jm->base64encode($this->adminname), 'face' => $this->rock->jm->base64encode(m('admin')->getface($urs['face'])), )); + //$this->rock->debugs($barr,'rockedit'); if(!$barr['success'])return $barr; $data = $barr['data']; $type = $data['type']; @@ -113,6 +116,7 @@ class rockeditChajian extends Chajian{ $url.= '&optid='.$this->adminid.''; $url.= '&gokey='.$gokey.''; $url.= '&otype='.$otype.''; + $url.= '&stype='.$stype.''; if($otype==0){ $callurl = $this->rock->getouturl().'api.php?m=upload&a=upfilevb&fileid='.$id.'&adminid='.$this->adminid.'&token='.$admintoken.''; $url.='&callurl='.$this->rock->jm->base64encode($callurl).''; diff --git a/include/class/mysqliClass.php b/include/class/mysqliClass.php index ff854b3..f361319 100644 --- a/include/class/mysqliClass.php +++ b/include/class/mysqliClass.php @@ -6,6 +6,7 @@ class mysqliClass extends mysql{ protected function connect() { $this->errormsg = ''; + if(!class_exists('mysqli'))exit('鎿嶄綔鏁版嵁搴撶殑php鐨勬墿灞昺ysqli涓嶅瓨鍦'); $this->conn = @new mysqli($this->db_host,$this->db_user, $this->db_pass, $this->db_base); if (mysqli_connect_errno()) { $this->conn = null; diff --git a/include/class/pdoClass.php b/include/class/pdoClass.php index 60c1ff5..e7cfc98 100644 --- a/include/class/pdoClass.php +++ b/include/class/pdoClass.php @@ -6,6 +6,7 @@ class pdoClass extends mysql{ protected function connect() { $this->errormsg = ''; + if(!class_exists('PDO'))exit('鎿嶄綔鏁版嵁搴撶殑php鐨勬墿灞昉DO涓嶅瓨鍦'); try { $this->conn = @new PDO('mysql:host='.$this->db_host.';dbname='.$this->db_base.'', $this->db_user, $this->db_pass); $this->conn->query("SET NAMES 'utf8'"); diff --git a/webmain/flow/input/inputAction.php b/webmain/flow/input/inputAction.php index 9844f66..5e9628b 100644 --- a/webmain/flow/input/inputAction.php +++ b/webmain/flow/input/inputAction.php @@ -312,6 +312,7 @@ class inputAction extends Action $iszb = $xu+1; $farr = m('flow_element')->getrows("`mid`='$modeid' and `islu`=1 and `iszb`=$iszb",'`name`,`fields`,`isbt`,`fieldstype`,`savewhere`,`dev`,`data`,`attr`','`sort`'); $sort = 0; + $zlen = count($farr); for($i=0; $i<$oi; $i++){ $sid = (int)$this->post('sid'.$xu.'_'.$i.''); $bos = true; @@ -320,13 +321,13 @@ class inputAction extends Action foreach($farr as $k=>$rs){ $fid= $rs['fields']; $flx= $rs['fieldstype']; - if(substr($fid,0,5)=='temp_')continue; $na = ''.$fid.''.$xu.'_'.$i.''; - if(!isset($_POST[$na]))$bos=false; + //if(!isset($_POST[$na]))$bos=false; + $val= $this->post($na); + if(isempt($val))$wkz++;//绌哄瓧娈 + if(substr($fid,0,5)=='temp_')continue; if($bos){ - $val= $this->post($na); if($rs['isbt']==1 && isempt($val))$bos=false; - if(isempt($val))$wkz++; } if($bos){ $msy = $this->attrcheck($val,$rs['attr'], $this->checkobj); @@ -348,7 +349,7 @@ class inputAction extends Action if(!$bos)break; } if(!$bos)continue; - //if($wkz==$k+1)continue; + if($wkz==$zlen)continue;//鍏ㄩ儴閮芥槸绌 $uaarr['sort'] = $sort; $sort++; $arr[] = $uaarr; diff --git a/webmain/flow/input/mode_finhkdAction.php b/webmain/flow/input/mode_finhkdAction.php index ecb9bc9..40f0504 100644 --- a/webmain/flow/input/mode_finhkdAction.php +++ b/webmain/flow/input/mode_finhkdAction.php @@ -7,7 +7,7 @@ class mode_finhkdClassAction extends inputAction{ $uid = $arr['uid']; $money = floatval($arr['money']); $to = m('fina')->totaljie($uid, $id); - if($money > $to)return '杩樻閲戦瓒呰繃闇杩橀噾棰'; + if($money > floatval($to))return '杩樻閲戦瓒呰繃闇杩橀噾棰'; $rows['type'] = '3';//涓瀹氳鏄3锛屼笉鑳藉幓鎺 return array( @@ -24,7 +24,7 @@ class mode_finhkdClassAction extends inputAction{ { $mid = (int)$this->get('mid'); $moenky = m('fina')->totaljie($this->adminid, $mid); - return ''.$moenky.'鍏'; + return ''.$this->rock->number($moenky).'鍏'; } public function getlastAjax() diff --git a/webmain/flow/input/mode_finpiaoAction.php b/webmain/flow/input/mode_finpiaoAction.php index 971c20d..1774ede 100644 --- a/webmain/flow/input/mode_finpiaoAction.php +++ b/webmain/flow/input/mode_finpiaoAction.php @@ -71,6 +71,12 @@ class mode_finpiaoClassAction extends inputAction{ if($hjrows['moneyzong']==0)$hjrows['moneyzong']=''; $rows[] = $hjrows; + foreach($rows as $k=>$rs){ + if($rs['moneyshou'])$rows[$k]['moneyshou'] = $this->rock->number($rs['moneyshou']); + if($rs['moneykai'])$rows[$k]['moneykai'] = $this->rock->number($rs['moneykai']); + if($rs['moneyzong'])$rows[$k]['moneyzong'] = $this->rock->number($rs['moneyzong']); + } + $barr = array( 'rows' => $rows, 'dt1' => $dt1, diff --git a/webmain/flow/page/rock_page_flowmenu_script.php b/webmain/flow/page/rock_page_flowmenu_script.php index 720533e..98a1410 100644 --- a/webmain/flow/page/rock_page_flowmenu_script.php +++ b/webmain/flow/page/rock_page_flowmenu_script.php @@ -40,7 +40,7 @@ bootparams.beforeload=function(){ } c.initpage=function(){ - $('#tdleft_{rand}').after(''); + $('#tdleft_{rand}').after(''); $('#modeid_{rand}').change(function(){ a.setparams({pid:this.value},true); }); diff --git a/webmain/main/goods/goodsAction.php b/webmain/main/goods/goodsAction.php index e8ad291..8bfce12 100644 --- a/webmain/main/goods/goodsAction.php +++ b/webmain/main/goods/goodsAction.php @@ -315,13 +315,16 @@ class goodsClassAction extends Action $dgs = m('goods'); $typeb = array('0' ,'1' ,'2' ,'3', '4','5'); $typea = array('棰嗙敤鍗' ,'閲囪喘鍗' ,'閿鍞崟' ,'璋冩嫧鍗', '褰掕繕鍗','閫璐у崟'); + $biana = array('goodly' ,'caigou' ,'custxiao','diaobo', 'goodgh','tuihuo'); $chux = array('0','2'); if($rows)foreach($rows as $k=>&$rs){ - $rs['typev'] = $rs['type']; - $rs['type'] = arrvalue($typea, $rs['type']); + $rs['mknum'] = arrvalue($biana, $rs['type']); + $rs['typev'] = $rs['type']; + $rs['type'] = arrvalue($typea, $rs['type']); $lx = 0; //鍏 if(in_array($rs['typev'],$chux))$lx=1; $rs['state'] = $dgs->crkstate($rs['state'], $lx); + } return array( 'rows' => $rows diff --git a/webmain/main/goods/rock_goods_cropt.php b/webmain/main/goods/rock_goods_cropt.php index b51c86a..1e6722b 100644 --- a/webmain/main/goods/rock_goods_cropt.php +++ b/webmain/main/goods/rock_goods_cropt.php @@ -27,7 +27,10 @@ $(document).ready(function(){ var v='鍘绘搷浣'; return v; } - }] + }], + itemdblclick:function(d){ + if(d.mknum)openxiangs(d.type,d.mknum,d.id); + } }); var c = { search:function(){ diff --git a/webmain/main/userinfo/userinfoAction.php b/webmain/main/userinfo/userinfoAction.php index 80a314b..6fd6d86 100644 --- a/webmain/main/userinfo/userinfoAction.php +++ b/webmain/main/userinfo/userinfoAction.php @@ -93,8 +93,9 @@ class userinfoClassAction extends Action $atatea = explode(',', '璇曠敤鏈,姝e紡,瀹炰範鐢,鍏艰亴,涓存椂宸,绂昏亴'); $atrows = $this->option->getmnum('userstate'); foreach($atrows as $k1=>$rs1)if(!isempt($rs1['value']))$atatea[$rs1['value']] = $rs1['name']; - + $total = 0; foreach($rows as $k=>$rs){ + $total ++; $year = ''; if(!$this->isempt($rs['workdate'])) $year = substr($rs['workdate'],0,4); $rows[$k]['year'] = $year; @@ -121,7 +122,7 @@ class userinfoClassAction extends Action } $arr = array(); - $total = $this->db->count; + //$total = $this->db->count; foreach($rows as $k=>$rs){ $val = $rs[$type]; if($this->isempt($val))$val = '鍏朵粬'; @@ -140,7 +141,7 @@ class userinfoClassAction extends Action return array( 'rows' => $a, - 'totalCound' => count($a) + 'totalCount' => count($a) ); } diff --git a/webmain/model/beifenModel.php b/webmain/model/beifenModel.php index 11e80bb..7cd44a0 100644 --- a/webmain/model/beifenModel.php +++ b/webmain/model/beifenModel.php @@ -9,7 +9,8 @@ class beifenClassModel extends Model $alltabls = $this->db->getalltable(); $nobeifne = array(''.PREFIX.'log',''.PREFIX.'logintoken',''.PREFIX.'kqanay',''.PREFIX.'email_cont',''.PREFIX.'dailyfx',''.PREFIX.'todo',''.PREFIX.'city',''.PREFIX.'kqjcmd'); //涓嶅浠界殑琛; - $beidir = ''.UPDIR.'/data/'.date('Y.m.d.H.i.s').'.'.rand(1000,9999).''; + $beidir = ''.UPDIR.'/data/'.date('Y.m.d.H.i.s').'.'; + $beidir .= substr(str_shuffle(md5($this->rock->jm->getRandkey())),0,15); foreach($alltabls as $tabs){ if(in_array($tabs, $nobeifne))continue; $rows = $this->db->getall('select * from `'.$tabs.'`'); diff --git a/webmain/model/flow/caigouModel.php b/webmain/model/flow/caigouModel.php index 37184a1..c5fc6fb 100644 --- a/webmain/model/flow/caigouModel.php +++ b/webmain/model/flow/caigouModel.php @@ -5,21 +5,15 @@ class flow_caigouClassModel extends flowModel private $goodsobj; - + public function initModel() { $this->goodsobj = m('goods'); } - //瀹℃牳瀹屾垚澶勭悊,瑕侀氱煡浠撳簱绠$悊鍛樺嚭鍏ュ簱 + //瀹℃牳瀹屾垚澶勭悊,鏄惁鐩存帴鍑哄叆搴 protected function flowcheckfinsh($zt){ - /* - m('goodss')->update('status='.$zt.'',"`mid`='$this->id'"); - $aid = '0'; - $rows = m('goodss')->getall("`mid`='$this->id'",'aid'); - foreach($rows as $k=>$rs)$aid.=','.$rs['aid'].''; - m('goods')->setstock($aid); - */ + if($zt==1)m('goods')->chukuopts($this->id, $this->modename); } //浣滃簾鎴栧垹闄ゆ椂 diff --git a/webmain/model/flow/goodlyModel.php b/webmain/model/flow/goodlyModel.php index 4f2ce4d..06e8dfc 100644 --- a/webmain/model/flow/goodlyModel.php +++ b/webmain/model/flow/goodlyModel.php @@ -8,14 +8,9 @@ class flow_goodlyClassModel extends flowModel $this->goodsobj = m('goods'); } - //瀹℃牳瀹屾垚澶勭悊 + //瀹℃牳瀹屾垚澶勭悊,鏄惁鐩存帴鍑哄叆搴 protected function flowcheckfinsh($zt){ - /* - m('goodss')->update('status='.$zt.'',"`mid`='$this->id'"); - $aid = '0'; - $rows = m('goodss')->getall("`mid`='$this->id'",'aid'); - foreach($rows as $k=>$rs)$aid.=','.$rs['aid'].''; - m('goods')->setstock($aid);*/ + if($zt==1)m('goods')->chukuopts($this->id, $this->modename); } //浣滃簾鎴栧垹闄ゆ椂 @@ -37,7 +32,7 @@ class flow_goodlyClassModel extends flowModel if(!isempt($one['xinghao']))$name.='('.$one['xinghao'].')'; if($lx==1){ $rows[$k]['aid'] = $name; - $rows[$k]['count'] = 0-$rs['count']; //璐熸暟鏄剧ず涓烘鏁 + //$rows[$k]['count'] = 0-$rs['count']; //璐熸暟鏄剧ず涓烘鏁 if(isset($rs['lygh'])){ $rows[$k]['lygh']=arrvalue($lygya, $rs['lygh']); diff --git a/webmain/model/flow/meetModel.php b/webmain/model/flow/meetModel.php index 7aede64..af60bf7 100644 --- a/webmain/model/flow/meetModel.php +++ b/webmain/model/flow/meetModel.php @@ -280,6 +280,7 @@ class flow_meetClassModel extends flowModel { $rows = $this->getall("`state` in(0,1) and `type`=0 and `startdt` like '".$this->rock->date."%' and `status`=1"); $time = time(); + $tplnum = m('option')->getval('meetsmstpltx', 'meettodo'); foreach($rows as $k=>$rs){ $this->adminmodel->setcompanyid($rs['comid']); //璁剧疆瀵瑰簲鍗曚綅id $zt = $rs['state']; @@ -304,7 +305,7 @@ class flow_meetClassModel extends flowModel $this->meettodos($rs, '鎮ㄥソ锛屼細璁嵆灏嗗湪'.$ssj.'鍒嗛挓鍚庣殑'.$dts[1].'寮濮嬶紝璇峰噯鏃跺弬鍔犮');//蹇埌鏃堕棿閫氱煡 //鐭俊閫氱煡 - if($ssj<6)$this->sendsms($rs, 'meettodo', array( + if($ssj<6)$this->sendsms($rs, $tplnum, array( 'fenz' => ''.$ssj.'', 'title' => $rs['title'], 'time' => $dts[1], diff --git a/webmain/model/flow/workModel.php b/webmain/model/flow/workModel.php index 8ec0a57..448a2ae 100644 --- a/webmain/model/flow/workModel.php +++ b/webmain/model/flow/workModel.php @@ -3,6 +3,7 @@ class flow_workClassModel extends flowModel { private $absfile = false; private $statearr; + private $updatexm= false; public function initModel() { @@ -107,7 +108,11 @@ class flow_workClassModel extends flowModel $zt = 0; if(!isempt($this->rs['distid']))$zt = 3;//寰呮墽琛岀殑鐘舵佸 $this->updatestatus($zt); - + if($this->updatexm)m('work')->updateproject($this->rs['projectid']); + } + + protected function flowcheckfinsh($zt){ + if($this->updatexm)m('work')->updateproject($this->rs['projectid']); } protected function flowaddlog($a) diff --git a/webmain/model/goodsModel.php b/webmain/model/goodsModel.php index 58c26ac..93fdadd 100644 --- a/webmain/model/goodsModel.php +++ b/webmain/model/goodsModel.php @@ -260,4 +260,95 @@ class goodsClassModel extends Model return $varr; } } + + /** + * 鐩存帴鎿嶄綔鍑哄叆搴 + */ + public function chukuopts($mid, $mknum) + { + $isru = m('option')->getval('wpautostock'); + if($isru!='1')return; + $barr = $this->chukuopt($mid); + if(!$barr['success'])m('log')->addlogs('鐩存帴鍑哄叆搴', $mknum.'('.$mid.'):'.$barr['msg'], 2); + } + public function chukuopt($mid, $depotid=0) + { + $mrs = m('goodm')->getone("`id`='$mid' and `status`=1"); + if(!$mrs)return returnerror('璇ュ崟鎹繕鏈鏍稿畬鎴愶紝涓嶈兘鍑哄叆搴撴搷浣'); + $comid = $mrs['comid']; + + if($depotid==0){ + $where = '1=1'; + if(ISMORECOM){ + $where = 'comid='.$comid.''; + } + $grs = m('godepot')->getone($where); + if(!$grs)return returnerror('娌℃湁鍒涘缓浠撳簱'); + $depotid = $grs['id']; + } + + $mtype = (int)$mrs['type']; //3灏辨槸璋冩嫧 + $typv = (int)$mrs['type']; + + $typa = explode(',', '1,0,1,0,0,0'); + $kina = explode(',', '0,0,1,3,1,4'); + + if(!isset($typa[$typv]) || !isset($kina[$typv]))return returnerror('涓鸿缃嚭鍏ュ簱绫诲瀷'); + $type = $typa[$typv]; + $kind = $kina[$typv]; + + + //if($mtype==3 && $depotid==$mrs['custid'])return returnerror('璋冩嫧鍑哄叆搴撲粨搴撲笉鑳界浉鍚'); + + $ndbs = m('goodn'); + + //璇诲彇宸插叆搴撴暟閲 + $arwos = $ndbs->getall('`mid`='.$mid.' and `couns`<`count`'); + + if(!$arwos)return returnerror('瀛愯〃娌$敤鍙嚭鍏ュ簱寰'); + + $arr['applydt'] = $this->rock->date; + $arr['type'] = $type; + $arr['kind'] = $kind; + $arr['depotid'] = $depotid; + $arr['explain'] = ''; + $arr['uid'] = $this->adminid; + $arr['optid'] = $this->adminid; + $arr['optdt'] = $this->rock->now; + $arr['comid'] = $comid; + $arr['optname'] = $this->adminname; + $arr['status'] = 1; + $arr['mid'] = $mid; + + $aid = '0'; + + foreach($arwos as $k1=>$rs1){ + $count = floatval($rs1['count']) - floatval($rs1['couns']); + if($count<=0)continue; + $arr['type'] = $type; + $arr['depotid'] = $depotid; + $arr['aid'] = $rs1['aid']; + $arr['count'] = $count; + if($type==1)$arr['count'] = 0 - $arr['count'];//鍑哄簱涓鸿礋鏁 + + $ussid = $this->db->record('[Q]goodss', $arr); + + if($ussid){ + $ndbs->update('`couns`=`count`', $rs1['id']); + } + + if($mtype==3){ + $arr['depotid'] = $mrs['custid']; //浠撳簱 + $arr['type'] = 1; //鍑哄簱 + $arr['count'] = 0 - $count; + $this->db->record('[Q]goodss', $arr); + } + + $aid.=','.$rs1['aid'].''; + } + + if($aid!='0')$this->setstock($aid); + $this->upstatem($mid); + return returnsuccess(); + } } \ No newline at end of file diff --git a/webmain/model/workModel.php b/webmain/model/workModel.php index 7ccf87b..086f2b2 100644 --- a/webmain/model/workModel.php +++ b/webmain/model/workModel.php @@ -11,4 +11,18 @@ class workClassModel extends Model return $to; } + + //鏇存柊瀵瑰簲椤圭洰杩涘害 + public function updateproject($id) + { + $id = (int)$id; + if($id==0)return; + $zshu = $this->rows('`projectid`='.$id.' and `status`<>5'); + $wcshu = $this->rows('`projectid`='.$id.' and `status`=1'); + $blix = '0'; + if($zshu>0){ + $blix = ($wcshu/$zshu) *100; + } + m('project')->update('progress='.$blix.'', $id); + } } \ No newline at end of file diff --git a/webmain/system/cogini/coginiAction.php b/webmain/system/cogini/coginiAction.php index 791ae96..e098c9f 100644 --- a/webmain/system/cogini/coginiAction.php +++ b/webmain/system/cogini/coginiAction.php @@ -16,6 +16,7 @@ class coginiClassAction extends Action if(getconfig('systype')=='demo')return returnerror('婕旂ず绂佹鎿嶄綔'); $path = trim($this->post('path')); if(!$path || !file_exists($path))return returnerror('鏃犳潈闄愯缃紝璇锋壘鍒板搴旀枃浠朵慨鏀'.$path.''); + if(substr($path, -4)!='.ini')return returnerror('鏃犳晥'); $cont = @file_get_contents($path); if(!$cont)return returnerror('鏃犳潈闄愯幏鍙'.$path.'鍐呭'); $str = ''; diff --git a/webmain/system/geren/gerenAction.php b/webmain/system/geren/gerenAction.php index c70ac2d..17b1244 100644 --- a/webmain/system/geren/gerenAction.php +++ b/webmain/system/geren/gerenAction.php @@ -44,9 +44,10 @@ class gerenClassAction extends Action $dt1 = $this->post('dt1'); $dt2 = $this->post('dt2'); $where = 'and optid='.$this->adminid.''; - if($atype=='all'){ + if($atype=='all' && $this->adminid == 1){ $where=''; if($this->adminid>1)$where=m('admin')->getcompanywhere(3); + } if($key!=''){ $where.=" and (`optname` like '%$key%' or `filename` like '%$key%' or `mtype`='$key')"; diff --git a/webmain/system/group/groupAction.php b/webmain/system/group/groupAction.php index ce3db3a..4c84a11 100644 --- a/webmain/system/group/groupAction.php +++ b/webmain/system/group/groupAction.php @@ -4,7 +4,7 @@ class groupClassAction extends Action public function groupusershow($table) { $s = 'and 1=2'; - $gid = $this->post('gid','0'); + $gid = (int)$this->post('gid','0'); if($gid>0){ $s = " and ( id in( select `sid` from `[Q]sjoin` where `type`='gu' and `mid`='$gid') or id in( select `mid` from `[Q]sjoin` where `type`='ug' and `sid`='$gid') )"; } @@ -42,8 +42,8 @@ class groupClassAction extends Action public function saveuserAjax() { - $gid = $this->post('gid','0'); - $sid = $this->post('sid','0'); + $gid = (int)$this->post('gid','0'); + $sid = c('check')->onlynumber($this->post('sid','0')); $dbs = m('sjoin'); $dbs->delete("`mid`='$gid' and `type`='gu' and `sid` in($sid)"); $this->db->insert('[Q]sjoin','`type`,`mid`,`sid`', "select 'gu','$gid',`id` from `[Q]admin` where `id` in($sid)", true); @@ -53,8 +53,8 @@ class groupClassAction extends Action public function deluserAjax() { - $gid = $this->post('gid','0'); - $sid = $this->post('sid','0'); + $gid = (int)$this->post('gid','0'); + $sid = c('check')->onlynumber($this->post('sid','0')); $dbs = m('sjoin'); $dbs->delete("`mid`='$gid' and `type`='gu' and `sid`='$sid'"); $dbs->delete("`sid`='$gid' and `type`='ug' and `mid`='$sid'"); diff --git a/webmain/system/sysfile/sysfileAction.php b/webmain/system/sysfile/sysfileAction.php index 2095d0d..bc79ddb 100644 --- a/webmain/system/sysfile/sysfileAction.php +++ b/webmain/system/sysfile/sysfileAction.php @@ -96,7 +96,8 @@ class sysfileClassAction extends Action if($str=$this->iscaozuo())return $str; $path = $this->jm->base64decode($this->get('path')); if(isempt($path))return '鏃犳晥璺緞'; - + $path = str_replace('\\','/', $path); + $path = str_replace(array('../','..'),'', $path); if(!file_exists(ROOT_PATH.'/'.$path))return '鏂囦欢涓嶅瓨鍦'; $pathinfo=pathinfo($path); diff --git a/webmain/task/api/asynrunAction.php b/webmain/task/api/asynrunAction.php index 8f98533..93425c8 100644 --- a/webmain/task/api/asynrunAction.php +++ b/webmain/task/api/asynrunAction.php @@ -63,12 +63,13 @@ class asynrunClassAction extends apiAction return m('flow')->initflow('hrsalary', $id)->todouser(); } - //涓嬭浇寰俊鍙戦佺殑鍥剧墖鍒版湇鍔″櫒 + //涓嬭浇寰俊鍙戦佺殑鍥剧墖鍒版湇鍔″櫒(寮冪敤) public function downwxpicAction() { - $picurl = $this->rock->jm->uncrypt($this->get('picurl')); - $msgid = $this->get('msgid'); - return m('reim')->downwximg($picurl, $msgid); + //$picurl = $this->rock->jm->uncrypt($this->get('picurl')); + //$msgid = $this->get('msgid'); + //return m('reim')->downwximg($picurl, $msgid); + return 'noturl'; } //涓嬭浇寰俊涓婂獟浣撴枃浠 diff --git a/webmain/task/api/uploadAction.php b/webmain/task/api/uploadAction.php index 89d9725..267746f 100644 --- a/webmain/task/api/uploadAction.php +++ b/webmain/task/api/uploadAction.php @@ -476,6 +476,7 @@ class uploadClassAction extends apiAction { $data = array(); $fenlei = $this->jm->base64decode($this->get('fenlei')); + $fenlei = $this->rock->xssrepstr($this->rock->iconvsql($fenlei)); $where = m('admin')->getjoinstr('a.`receid`', $this->adminid, 1); $sql = 'select a.`name`,a.`wtype`,b.`filepath`,b.`id` from `[Q]wordxie` a left join `[Q]file` b on a.`fileid`=b.`id` where a.`fenlei`=\''.$fenlei.'\' and a.`isgk`=1 and ('.$where.')'; $rows = $this->db->getall($sql); diff --git a/webmain/we/ying/tpl_ying_daka.html b/webmain/we/ying/tpl_ying_daka.html index 509b300..8fd69d8 100644 --- a/webmain/we/ying/tpl_ying_daka.html +++ b/webmain/we/ying/tpl_ying_daka.html @@ -245,12 +245,16 @@ function paizhao(){ destinationType: 'base64',quality:80, targetWidth:1000,targetHeight:1000 }, function(ret, err) { - if (ret) { + if (ret && ret.base64Data) { imagecont= ret.base64Data; + if(imagecont.indexOf('data:')!=0)imagecont='data:image/jpg;base64,'+imagecont; $('#paizhaoimg').parent().show(); get('paizhaoimg').src = imagecont; get('pzbtnicons').className='icon-remove'; ispzs = true; + }else{ + apicloud=false; + js.wx.alert('璇风敤鐩告満鎷嶇収鍐嶅幓閫夊搴斿浘鐗'); } }); }else{ diff --git a/webmain/we/ying/tpl_ying_location.html b/webmain/we/ying/tpl_ying_location.html index efd2ddb..cf62189 100644 --- a/webmain/we/ying/tpl_ying_location.html +++ b/webmain/we/ying/tpl_ying_location.html @@ -263,12 +263,16 @@ function paizhao(){ destinationType: 'base64',quality:80, targetWidth:1000,targetHeight:1000 }, function(ret, err) { - if (ret) { + if (ret && ret.base64Data) { imagecont= ret.base64Data; + if(imagecont.indexOf('data:')!=0)imagecont='data:image/jpg;base64,'+imagecont; $('#paizhaoimg').parent().show(); get('paizhaoimg').src = imagecont; get('pzbtnicons').className='icon-remove'; ispzs = true; + }else{ + apicloud=false; + js.wx.alert('璇风敤鐩告満鎷嶇収鍐嶅幓閫夊搴斿浘鐗'); } }); }else{