no commit message
This commit is contained in:
雨中磐石
@@ -16,6 +16,7 @@ class coginiClassAction extends Action
|
||||
if(getconfig('systype')=='demo')return returnerror('演示禁止操作');
|
||||
$path = trim($this->post('path'));
|
||||
if(!$path || !file_exists($path))return returnerror('无权限设置,请找到对应文件修改'.$path.'');
|
||||
if(substr($path, -4)!='.ini')return returnerror('无效');
|
||||
$cont = @file_get_contents($path);
|
||||
if(!$cont)return returnerror('无权限获取'.$path.'内容');
|
||||
$str = '';
|
||||
|
||||
@@ -44,9 +44,10 @@ class gerenClassAction extends Action
|
||||
$dt1 = $this->post('dt1');
|
||||
$dt2 = $this->post('dt2');
|
||||
$where = 'and optid='.$this->adminid.'';
|
||||
if($atype=='all'){
|
||||
if($atype=='all' && $this->adminid == 1){
|
||||
$where='';
|
||||
if($this->adminid>1)$where=m('admin')->getcompanywhere(3);
|
||||
|
||||
}
|
||||
if($key!=''){
|
||||
$where.=" and (`optname` like '%$key%' or `filename` like '%$key%' or `mtype`='$key')";
|
||||
|
||||
@@ -4,7 +4,7 @@ class groupClassAction extends Action
|
||||
public function groupusershow($table)
|
||||
{
|
||||
$s = 'and 1=2';
|
||||
$gid = $this->post('gid','0');
|
||||
$gid = (int)$this->post('gid','0');
|
||||
if($gid>0){
|
||||
$s = " and ( id in( select `sid` from `[Q]sjoin` where `type`='gu' and `mid`='$gid') or id in( select `mid` from `[Q]sjoin` where `type`='ug' and `sid`='$gid') )";
|
||||
}
|
||||
@@ -42,8 +42,8 @@ class groupClassAction extends Action
|
||||
|
||||
public function saveuserAjax()
|
||||
{
|
||||
$gid = $this->post('gid','0');
|
||||
$sid = $this->post('sid','0');
|
||||
$gid = (int)$this->post('gid','0');
|
||||
$sid = c('check')->onlynumber($this->post('sid','0'));
|
||||
$dbs = m('sjoin');
|
||||
$dbs->delete("`mid`='$gid' and `type`='gu' and `sid` in($sid)");
|
||||
$this->db->insert('[Q]sjoin','`type`,`mid`,`sid`', "select 'gu','$gid',`id` from `[Q]admin` where `id` in($sid)", true);
|
||||
@@ -53,8 +53,8 @@ class groupClassAction extends Action
|
||||
|
||||
public function deluserAjax()
|
||||
{
|
||||
$gid = $this->post('gid','0');
|
||||
$sid = $this->post('sid','0');
|
||||
$gid = (int)$this->post('gid','0');
|
||||
$sid = c('check')->onlynumber($this->post('sid','0'));
|
||||
$dbs = m('sjoin');
|
||||
$dbs->delete("`mid`='$gid' and `type`='gu' and `sid`='$sid'");
|
||||
$dbs->delete("`sid`='$gid' and `type`='ug' and `mid`='$sid'");
|
||||
|
||||
@@ -96,7 +96,8 @@ class sysfileClassAction extends Action
|
||||
if($str=$this->iscaozuo())return $str;
|
||||
$path = $this->jm->base64decode($this->get('path'));
|
||||
if(isempt($path))return '无效路径';
|
||||
|
||||
$path = str_replace('\\','/', $path);
|
||||
$path = str_replace(array('../','..'),'', $path);
|
||||
if(!file_exists(ROOT_PATH.'/'.$path))return '文件不存在';
|
||||
$pathinfo=pathinfo($path);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user