Score
0
Watch 766 Star 2.3K Fork 1.2K

Discuz! / DiscuzXPHP

Merged
!291 优化 允许用户从后台关闭系统功能

老周部落:PR_Test_v3.5_Allow_Closed Discuz!:v3.5

老周部落 Created on: 2019-12-04 23:03
bug
enhancement
Reviewer: 134128 discuzx 1578919084 134392 zoewho 1578919099 134400 3dming 1578919100 146896 lootan 1578919519 1157835 comsenzdiscuz 1578943409 5247157 oldhuhu 1578983196   Tester: 5247157 oldhuhu 1578983196

基于 !188:修复/优化 允许用户从后台关闭系统功能 ,此PR原为实现广播功能开关。

考虑到目前用户对站点自定义需求越来越多,同时行业监管政策也日趋严格,因此程序内的部分模块可能因不再运营或监管政策变化导致相关内容不适宜对外展示。同时多余的对外展示的模块也有可能被黑色产业链利用,从而实现发广告等不合规行为( 如广播功能被利用从而骚扰用户 ),因此实现此类开关是有必要的。

本次支持的关闭功能有: 论坛(新增) 、门户、群组、广播、淘帖、导读、动态、 好友(新增) 、日志、相册、分享、记录、留言板(原生支持)、排行榜(改为统一开关)、勋章(改为统一开关)、任务(改为统一开关)、道具(改为统一开关)、 收藏(新增)

不向前兼容的变动:废弃了setting['ranklist']['status']、setting['taskon'],统一由setting['rankliststatus']控制排行榜功能,setting['taskstatus']控制站点任务开启/关闭。

另外为避免部分功能模块未判定自身状态和可用功能导致未知问题和安全风险,本PR已经对未明确判定的模块的功能进行明确,对未定义行为设定默认行为。

另外,由于导读功能支持关闭。“我的帖子”功能转移至用户信息内版块系统已存在的实现。后续如何处理重复功能还等待社区和官方的进一步探讨和决策。

Ref: #IMRFG:关闭广播的情况下,A用户仍然可以通过隐藏接口收听B用户

Issue:
#IOVEU:DiscuzX 3.4 space_poll.php XSS漏洞
#IOVET:DiscuzX X3.4 spacecp_upload.php 跨站脚本漏洞

15 comments, 4 participants 1773794 laozhoubuluo 1578959614 134400 3dming 1578919100 1214169 stackia 1578946413

Show action logs Hide action logs
oldhuhu merged Pull Request 2020-01-21 18:42
oldhuhu test passed 2020-01-21 18:41
oldhuhu check passed 2020-01-21 18:41
老周部落 updated description 2020-01-21 13:39
老周部落 force push code 2020-01-21 13:33
老周部落 force push code 2020-01-19 12:17
老周部落 force push code 2020-01-15 21:59
老周部落 force push code 2020-01-15 21:54
老周部落 force push code 2020-01-15 21:42
老周部落 push code 2019-12-26 20:54
老周部落 push code 2019-12-26 09:44
老周部落 push code 2019-12-25 23:15
老周部落 push code 2019-12-25 21:55
老周部落 push code 2019-12-23 16:23
老周部落 push code 2019-12-12 09:03
老周部落 push code 2019-12-11 14:51
老周部落 push code 2019-12-11 10:44
老周部落 push code 2019-12-11 10:20
老周部落 push code 2019-12-11 09:17
老周部落 push code 2019-12-11 09:14
老周部落 push code 2019-12-11 09:00
老周部落 push code 2019-12-11 08:36
老周部落 push code 2019-12-11 07:45
老周部落 push code 2019-12-10 23:48
老周部落 push code 2019-12-10 22:10
老周部落 push code 2019-12-10 20:42
老周部落 push code 2019-12-10 19:53
老周部落 push code 2019-12-10 17:56
老周部落 push code 2019-12-10 17:16
老周部落 push code 2019-12-10 16:31
老周部落 push code 2019-12-10 16:23
老周部落 updated description 2019-12-10 12:09
老周部落 push code 2019-12-10 12:05
老周部落 updated description 2019-12-08 13:08
老周部落 updated description 2019-12-08 13:07
老周部落 push code 2019-12-08 10:49
老周部落 updated description 2019-12-07 23:14
老周部落 push code 2019-12-07 18:10
老周部落 updated description 2019-12-07 13:02
老周部落 push code 2019-12-07 09:41
老周部落 removed label need_more_code_work 2019-12-06 10:51
老周部落 updated description 2019-12-06 10:51
老周部落 push code 2019-12-06 10:46
老周部落 push code 2019-12-06 10:36
老周部落 push code 2019-12-06 10:31
老周部落 push code 2019-12-06 09:55
老周部落 push code 2019-12-06 09:52
老周部落 push code 2019-12-06 09:34
老周部落 added label need_more_code_work 2019-12-06 07:37
老周部落 push code 2019-12-04 23:16
老周部落 assigned tester oldhuhu 2019-12-04 23:03
老周部落 assigned reviewer 湖中沉 2019-12-04 23:03
老周部落 assigned reviewer oldhuhu 2019-12-04 23:03
老周部落 assigned reviewer monkeye 2019-12-04 23:03
老周部落 assigned reviewer Discuz! 2019-12-04 23:03
老周部落 assigned reviewer LooTan 2019-12-04 23:03
老周部落 assigned reviewer comsenz-service 2019-12-04 23:03
老周部落 assigned reviewer DiscuzX 2019-12-04 23:03
老周部落 set priority to Secondary 2019-12-04 23:03
老周部落 added label enhancement 2019-12-04 23:03
老周部落 added label bug 2019-12-04 23:03
134400 3dming 1578919100
DiscuzX 2019-12-05 17:49 member

upload/source/module/forum/forum_modcp.php
$_GET['action'] = empty($_GET['action']) && $_G['fid'] ? 'thread' : $_GET['action'];

$_GET['action'] = empty($_GET['action']) ? 'home' : $_GET['action'];
这改动是为了什么?

1773794 laozhoubuluo 1578959614
老周部落 2019-12-05 18:12

@DiscuzX 论坛关掉的时候访问modcp 会跳转到论坛功能已关闭的页面。但是实际上里面的用户管理又得保留。所以要改这里。

1773794 laozhoubuluo 1578959614
老周部落 2019-12-05 21:05

@DiscuzX 这逻辑写的确实一般。我回头优化一下。

1773794 laozhoubuluo 1578959614
老周部落 2020-02-09 13:28

@建筑资源吧 这个是X3.5版本分支的

hgac 2020-04-27 07:20

这也忒强大了吧?100个文件,辛苦了!

1214169 stackia 1578946413
Stackia 2020-04-29 00:02
代码评论:

这里的改动会导致 界面设置-全局-个人主页默认皮肤(选择“论坛样式”) 选项无效

1773794 laozhoubuluo 1578959614
老周部落 2020-04-29 10:01
代码评论:

@Stackia 您好,方便提供一下您访问的网址么?
我这里测试在不管是 home.php , home.php?mod=space , home.php?mod=space&do=index , home.php?mod=space&do=profile 都可以和后台设置的个人主页默认皮肤选项保持同步(个性化DIY风格和论坛样式都没问题)。

1214169 stackia 1578946413
Stackia 2020-04-29 14:11

@老周部落 复现步骤是这样:
后台 - 全局 - 广播设置 - 默认查看个人资料,关闭这个选项(否则管理员身份会自动跳转 home.php?mod=space&do=profile)
界面设置 - 全局 - 个人主页默认皮肤,设置为“论坛样式”
然后访问 home.php?mod=space&uid=xxx ,本来期望是默认到 &do=profile,结果默认成了 &do=index

1214169 stackia 1578946413
Stackia 2020-04-29 14:15

我论坛是 keylol.com,目前手动回滚到以前的代码来解决的
https://gitee.com/stackia/DiscuzX/commit/9477d7585d1ad5ce5b0cce47507b6773d5430bc0

此法发现,如果不显式带上 &do=profile,插件钩子是有问题的(runhooks无效),不知道是不是陈年老bug
https://gitee.com/stackia/DiscuzX/commit/cf7010d2fddebc7e472f49007412d0af90a54a01

1214169 stackia 1578946413
Stackia 2020-04-29 14:21
代码评论:

这里改动会导致本版搜索功能失效。本版搜索的时候,$mod 是 "curforum"

1773794 laozhoubuluo 1578959614
老周部落 2020-04-29 15:36

@老周部落 复现步骤是这样:
后台 - 全局 - 广播设置 - 默认查看个人资料,关闭这个选项(否则管理员身份会自动跳转 home.php?mod=space&do=profile)
界面设置 - 全局 - 个人主页默认皮肤,设置为“论坛样式”
然后访问 home.php?mod=space&uid=xxx ,本来期望是默认到 &do=profile,结果默认成了 &do=index

@Stackia 明白了,应该里面子模块还是有对 $_GET['do'] 的调用,我就还是不覆盖这个变量算了。另外搜索的问题也确认了,我回头推上来。感谢您的回报。

1773794 laozhoubuluo 1578959614
老周部落 2020-04-29 16:08

@老周部落 复现步骤是这样:
后台 - 全局 - 广播设置 - 默认查看个人资料,关闭这个选项(否则管理员身份会自动跳转 home.php?mod=space&do=profile)
界面设置 - 全局 - 个人主页默认皮肤,设置为“论坛样式”
然后访问 home.php?mod=space&uid=xxx ,本来期望是默认到 &do=profile,结果默认成了 &do=index

@Stackia 搜索的Bug已经放在 !468:修复 关闭系统功能引入的Bug 了,您尝试一下。

1773794 laozhoubuluo 1578959614
老周部落 2020-04-29 16:08

我论坛是 keylol.com,目前手动回滚到以前的代码来解决的
https://gitee.com/stackia/DiscuzX/commit/9477d7585d1ad5ce5b0cce47507b6773d5430bc0
此法发现,如果不显式带上 &do=profile,插件钩子是有问题的(runhooks无效),不知道是不是陈年老bug
https://gitee.com/stackia/DiscuzX/commit/cf7010d2fddebc7e472f49007412d0af90a54a01

@Stackia 钩子应该也是老Bug了。

smile 1
1214169 stackia 1578946413
Stackia 2020-04-30 11:00

发现一个新问题:
关闭门户功能后,帖子推送到模块不再可用(在X3.4是没问题的)。
虽然模块功能归属于“门户”下面,但实际任何模板里都可以用 <!--{block/28}--> 引入模块,不只局限于门户
推送

1773794 laozhoubuluo 1578959614
老周部落 2020-04-30 12:10

发现一个新问题:
关闭门户功能后,帖子推送到模块不再可用(在X3.4是没问题的)。
虽然模块功能归属于“门户”下面,但实际任何模板里都可以用 <!--{block/28}--> 引入模块,不只局限于门户
推送

@Stackia

https://gitee.com/ComsenzDiscuz/DiscuzX/blob/v3.5/upload/source/module/portal/portal_portalcp.php#L16 增加 portalblock 即可。

这个严格来说属于顶层设计这块归类混乱,我这边把情况发到群里,看情况决定要不要给v3.5开PR吧。

讨论了一下,认为您说的有道理, !471:[Lightweight PR]: 优化 推送功能不受门户关闭影响 修复了此问题。

Sign in to comment

2019-12-04

(1)
100 changed files
upload/forum.php
@@ -19,7 +19,7 @@ require './source/function/function_forum.php';
$modarray = array('ajax','announcement','attachment','forumdisplay',
'group','image','index','medal','misc','modcp','notice','post','redirect',
'group','image','index','misc','modcp','post','redirect',
'rss','topicadmin','trade','viewthread','tag','collection','guide'
);
@@ -56,6 +56,10 @@ if(C::app()->var['mod'] == 'group') {
C::app()->cachelist = $cachelist;
C::app()->init();
if(!$_G['setting']['forumstatus'] && !in_array($mod, array('ajax', 'misc', 'modcp'))) {
showmessage('forum_status_off');
}
loadforum();
set_rssauth();
upload/group.php
@@ -18,6 +18,10 @@ $cachelist = array('grouptype', 'groupindex', 'diytemplatenamegroup');
$discuz->cachelist = $cachelist;
$discuz->init();
if(!$_G['setting']['groupstatus']) {
showmessage('group_module_status_off');
}
$_G['disabledwidthauto'] = 0;
$modarray = array('index', 'my', 'attentiongroup');
upload/home.php
@@ -28,7 +28,7 @@ $space = array();
$mod = getgpc('mod');
if(!in_array($mod, array('space', 'spacecp', 'misc', 'magic', 'editor', 'invite', 'task', 'medal', 'rss', 'follow'))) {
$mod = 'space';
$_GET['do'] = 'home';
$_GET['do'] = $_G['setting']['feedstatus'] ? 'home' : 'profile';
}
if($mod == 'space' && ((empty($_GET['do']) || $_GET['do'] == 'index') && ($_G['inajax']))) {
upload/install/data/install_data.sql
@@ -167,12 +167,12 @@ INSERT INTO pre_common_nav VALUES ('', '0', '记录', '', 'home.php?mod=space&do
INSERT INTO pre_common_nav VALUES ('', '0', '广播', '', 'home.php?mod=follow', 'follow', 0, 0, -1, 6, 0, 0, 0, 0, '{STATICURL}image/feed/follow.gif', '', '', 2, '');
INSERT INTO pre_common_nav VALUES ('', '0', '{hr}', '', '', '', 0, 1, 1, 8, 0, 0, 0, 0, '', '', '', 2, '');
INSERT INTO pre_common_nav VALUES ('', '0', '好友', '', 'home.php?mod=space&do=friend', 'friend', 0, 0, 0, 1, 0, 0, 0, 0, '{STATICURL}image/feed/friend_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '帖子', '', 'forum.php?mod=guide&view=my', 'thread', 0, 0, 0, 2, 0, 0, 0, 0, '{STATICURL}image/feed/thread_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '收藏', '', 'home.php?mod=space&do=favorite&view=me', 'favorite', 0, 0, 0, 3, 0, 0, 0, 0, '{STATICURL}image/feed/favorite_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '道具', '', 'home.php?mod=magic', 'magic', 0, 0, 1, 4, 0, 0, 0, 0, '{STATICURL}image/feed/magic_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '勋章', '', 'home.php?mod=medal', 'medal', 0, 0, 1, 5, 0, 0, 0, 0, '{STATICURL}image/feed/medal_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '任务', '', 'home.php?mod=task', 'task', 0, 0, 1, 6, 0, 0, 0, 0, '{STATICURL}image/feed/task_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '好友', '', 'home.php?mod=space&do=friend', 'friend', 0, 0, -1, 1, 0, 0, 0, 0, '{STATICURL}image/feed/friend_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '帖子', '', 'home.php?mod=space&do=thread&view=me', 'thread', 0, 0, 0, 2, 0, 0, 0, 0, '{STATICURL}image/feed/thread_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '收藏', '', 'home.php?mod=space&do=favorite&view=me', 'favorite', 0, 0, -1, 3, 0, 0, 0, 0, '{STATICURL}image/feed/favorite_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '道具', '', 'home.php?mod=magic', 'magic', 0, 0, -1, 4, 0, 0, 0, 0, '{STATICURL}image/feed/magic_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '勋章', '', 'home.php?mod=medal', 'medal', 0, 0, -1, 5, 0, 0, 0, 0, '{STATICURL}image/feed/medal_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '任务', '', 'home.php?mod=task', 'task', 0, 0, -1, 6, 0, 0, 0, 0, '{STATICURL}image/feed/task_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '淘帖', '', 'forum.php?mod=collection&op=my', 'collection', 0, 0, -1, 7, 0, 0, 0, 0, '{STATICURL}image/feed/collection_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '动态', '', 'home.php', 'feed', 0, 0, -1, 8, 0, 0, 0, 0, '{STATICURL}image/feed/feed_b.png', '', '', 3, '');
INSERT INTO pre_common_nav VALUES ('', '0', '日志', '', 'home.php?mod=space&do=blog', 'blog', 0, 0, -1, 9, 0, 0, 0, 0, '{STATICURL}image/feed/blog_b.png', '', '', 3, '');
@@ -306,6 +306,8 @@ INSERT INTO pre_common_setting VALUES ('targetblank','0');
INSERT INTO pre_common_setting VALUES ('google','1');
INSERT INTO pre_common_setting VALUES ('groupstatus','0');
INSERT INTO pre_common_setting VALUES ('portalstatus','0');
INSERT INTO pre_common_setting VALUES ('forumstatus','1');
INSERT INTO pre_common_setting VALUES ('friendstatus','0');
INSERT INTO pre_common_setting VALUES ('followstatus','0');
INSERT INTO pre_common_setting VALUES ('collectionstatus','0');
INSERT INTO pre_common_setting VALUES ('guidestatus','0');
@@ -316,6 +318,8 @@ INSERT INTO pre_common_setting VALUES ('albumstatus','0');
INSERT INTO pre_common_setting VALUES ('sharestatus','0');
INSERT INTO pre_common_setting VALUES ('wallstatus','0');
INSERT INTO pre_common_setting VALUES ('rankliststatus','0');
INSERT INTO pre_common_setting VALUES ('medalstatus','0');
INSERT INTO pre_common_setting VALUES ('favoritestatus','0');
INSERT INTO pre_common_setting VALUES ('homestyle','0');
INSERT INTO pre_common_setting VALUES ('homepagestyle','0');
@@ -358,7 +362,7 @@ INSERT INTO pre_common_setting VALUES ('karmaratelimit','0');
INSERT INTO pre_common_setting VALUES ('losslessdel','365');
INSERT INTO pre_common_setting VALUES ('magicdiscount','85');
INSERT INTO pre_common_setting VALUES ('magicmarket','1');
INSERT INTO pre_common_setting VALUES ('magicstatus','1');
INSERT INTO pre_common_setting VALUES ('magicstatus','0');
INSERT INTO pre_common_setting VALUES ('mail','a:10:{s:8:\"mailsend\";s:1:\"1\";s:6:\"server\";s:13:\"smtp.21cn.com\";s:4:\"port\";s:2:\"25\";s:4:\"auth\";s:1:\"1\";s:4:\"from\";s:26:\"Discuz <username@21cn.com>\";s:13:\"auth_username\";s:17:\"username@21cn.com\";s:13:\"auth_password\";s:8:\"password\";s:13:\"maildelimiter\";s:1:\"0\";s:12:\"mailusername\";s:1:\"1\";s:15:\"sendmail_silent\";s:1:\"1\";}');
INSERT INTO pre_common_setting VALUES ('maxavatarpixel','120');
INSERT INTO pre_common_setting VALUES ('maxavatarsize','20000');
@@ -479,7 +483,7 @@ INSERT INTO pre_common_setting VALUES ('styleid3','1');
INSERT INTO pre_common_setting VALUES ('stylejump','1');
INSERT INTO pre_common_setting VALUES ('subforumsindex','0');
INSERT INTO pre_common_setting VALUES ('tagstatus','1');
INSERT INTO pre_common_setting VALUES ('taskon','0');
INSERT INTO pre_common_setting VALUES ('taskstatus','0');
INSERT INTO pre_common_setting VALUES ('tasktypes','');
INSERT INTO pre_common_setting VALUES ('threadmaxpages','1000');
INSERT INTO pre_common_setting VALUES ('threadsticky','全局置顶,分类置顶,本版置顶');
upload/portal.php
@@ -17,6 +17,10 @@ $cachelist = array('portalcategory', 'diytemplatenameportal');
$discuz->cachelist = $cachelist;
$discuz->init();
if(!$_G['setting']['portalstatus'] && $_GET['mod'] != 'portalcp'){
showmessage('portal_status_off');
}
require DISCUZ_ROOT.'./source/function/function_home.php';
require DISCUZ_ROOT.'./source/function/function_portal.php';
upload/search.php
@@ -32,6 +32,8 @@ if(in_array($discuz->var['mod'], $modarray) || !empty($_G['setting']['search'][$
}
if(empty($mod)) {
showmessage('search_closed');
} else if (!$_G['setting'][($mod == 'user' ? 'friend' : $mod).'status']) {
    1214169 stackia 1578946413
    Stackia 2020-04-29 14:21

    这里改动会导致本版搜索功能失效。本版搜索的时候,$mod 是 "curforum"

showmessage(($mod == 'user' ? 'friend' : ($mod == 'group' ? 'group_module' : $mod)).'_status_off');
}
define('CURMODULE', $mod);
upload/source/admincp/admincp_magics.php
@@ -26,10 +26,9 @@ if($operation == 'admin') {
/*search={"nav_magics":"action=magics"}*/
showtips('magics_tips');
$settings = C::t('common_setting')->fetch_all(array('magicstatus', 'magicdiscount'));
$settings = C::t('common_setting')->fetch_all(array('magicdiscount'));
showformheader('magics&operation=admin');
showtableheader();
showsetting('magics_config_open', 'settingsnew[magicstatus]', $settings['magicstatus'], 'radio');
showsetting('magics_config_discount', 'settingsnew[magicdiscount]', $settings['magicdiscount'], 'text');
showtablefooter();
/*search*/
@@ -91,7 +90,7 @@ if($operation == 'admin') {
} else {
if(is_array($_GET['settingsnew'])) {
C::t('common_setting')->update_batch(array('magicstatus'=> $_GET['settingsnew']['magicstatus'], 'magicdiscount' => $_GET['settingsnew']['magicdiscount']));
C::t('common_setting')->update_batch(array('magicdiscount' => $_GET['settingsnew']['magicdiscount']));
}
if($ids = dimplode($_GET['delete'])) {
upload/source/admincp/admincp_tasks.php
@@ -36,9 +36,6 @@ if(!($operation)) {
array('nav_task_type', 'tasks&operation=type', 0)
));
showformheader('tasks');
showtableheader();
showsetting('tasks_on', 'taskonnew', $_G['setting']['taskon'], 'radio');
showtablefooter();
showtableheader('tasks_list', 'fixpadding');
showsubtitle(array('display_order', 'available', 'name', 'tasks_reward', 'time', ''));
@@ -111,10 +108,6 @@ if(!($operation)) {
}
}
if($_GET['taskonnew'] != $_G['setting']['taskon']) {
C::t('common_setting')->update('taskon', $_GET['taskonnew']);
}
updatecache('setting');
if($checksettingsok) {
upload/source/class/helper/helper_access.php
@@ -14,7 +14,7 @@ class helper_access {
public static function check_module($module) {
$status = 0;
$allowfuntype = array('portal', 'group', 'follow', 'collection', 'guide', 'feed', 'blog', 'doing', 'album', 'share', 'wall', 'homepage', 'ranklist');
$allowfuntype = array('portal', 'forum', 'friend', 'group', 'follow', 'collection', 'guide', 'feed', 'blog', 'doing', 'album', 'share', 'wall', 'homepage', 'ranklist', 'medal', 'task', 'magic', 'favorite');
$module = in_array($module, $allowfuntype) ? trim($module) : '';
if(!empty($module)) {
$status = getglobal('setting/'.$module.'status');
upload/source/function/cache/cache_setting.php
@@ -321,7 +321,6 @@ function build_cache_setting() {
}
$data['tradeopen'] = C::t('common_usergroup_field')->count_by_field('allowposttrade', 1) ? 1 : 0;
$data['medalstatus'] = intval(C::t('forum_medal')->count_by_available());
$focus = array();
if($data['focus']['data']) {
upload/source/function/function_space.php
@@ -128,21 +128,27 @@ function getblockhtml($blockname,$parameters = array()) {
$html .= '</div></li>';
}
} else {
require_once libfile('function/friend');
$isfriend = friend_check($uid);
$follow = C::t('home_follow')->fetch_by_uid_followuid($_G['uid'], $uid);
if($follow) {
$html .= "<li class='ul_flw'><a href=\"home.php?mod=spacecp&ac=follow&op=del&fuid=$space[uid]\" id=\"followmod\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">".lang('space', 'follow_cancle_follow')."</a></li>";
} else {
$html .= "<li class='ul_flw'><a href=\"home.php?mod=spacecp&ac=follow&op=add&hash=".FORMHASH."&fuid=$space[uid]\" id=\"followmod\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">".lang('space', 'follow_follow_ta')."</a></li>";
if(helper_access::check_module('follow')) {
$follow = C::t('home_follow')->fetch_by_uid_followuid($_G['uid'], $uid);
if($follow) {
$html .= "<li class='ul_flw'><a href=\"home.php?mod=spacecp&ac=follow&op=del&fuid=$space[uid]\" id=\"followmod\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">".lang('space', 'follow_cancle_follow')."</a></li>";
} else {
$html .= "<li class='ul_flw'><a href=\"home.php?mod=spacecp&ac=follow&op=add&hash=".FORMHASH."&fuid=$space[uid]\" id=\"followmod\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">".lang('space', 'follow_follow_ta')."</a></li>";
}
}
if (!$isfriend) {
$html .= "<li class='ul_add'><a href=\"home.php?mod=spacecp&ac=friend&op=add&uid=$space[uid]&handlekey=addfriendhk_{$space[uid]}\" id=\"a_friend_li_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">".lang('space', 'block_profile_friend_add')."</a></li>";
} else {
$html .= "<li class='ul_ignore'><a href=\"home.php?mod=spacecp&ac=friend&op=ignore&uid=$space[uid]&handlekey=ignorefriendhk_{$space[uid]}\" id=\"a_ignore_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">".lang('space', 'block_profile_friend_ignore')."</a></li>";
if(helper_access::check_module('friend')) {
require_once libfile('function/friend');
$isfriend = friend_check($uid);
if (!$isfriend) {
$html .= "<li class='ul_add'><a href=\"home.php?mod=spacecp&ac=friend&op=add&uid=$space[uid]&handlekey=addfriendhk_{$space[uid]}\" id=\"a_friend_li_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">".lang('space', 'block_profile_friend_add')."</a></li>";
} else {
$html .= "<li class='ul_ignore'><a href=\"home.php?mod=spacecp&ac=friend&op=ignore&uid=$space[uid]&handlekey=ignorefriendhk_{$space[uid]}\" id=\"a_ignore_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">".lang('space', 'block_profile_friend_ignore')."</a></li>";
}
$html .= "<li class='ul_poke'><a href=\"home.php?mod=spacecp&ac=poke&op=send&uid=$space[uid]&handlekey=propokehk_{$space[uid]}\" id=\"a_poke_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">".lang('space', 'block_profile_poke')."</a></li>";
}
if(helper_access::check_module('wall')) {
$html .= "<li class='ul_msg'><a href=\"home.php?mod=space&uid=$space[uid]&do=wall\">".lang('space', 'block_profile_wall_to_me')."</a></li>";
}
$html .= "<li class='ul_msg'><a href=\"home.php?mod=space&uid=$space[uid]&do=wall\">".lang('space', 'block_profile_wall_to_me')."</a></li>";
$html .= "<li class='ul_poke'><a href=\"home.php?mod=spacecp&ac=poke&op=send&uid=$space[uid]&handlekey=propokehk_{$space[uid]}\" id=\"a_poke_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">".lang('space', 'block_profile_poke')."</a></li>";
$html .= "<li class='ul_pm'><a href=\"home.php?mod=spacecp&ac=pm&op=showmsg&handlekey=showmsg_$space[uid]&touid=$space[uid]&pmid=0&daterange=2\" id=\"a_sendpm_$space[uid]\" onclick=\"showWindow('showMsgBox', this.href, 'get', 0)\">".lang('space', 'block_profile_sendmessage')."</a></li>";
}
@@ -156,7 +162,11 @@ function getblockhtml($blockname,$parameters = array()) {
$managehtml .= '<li><a href="'.($_G['adminid'] == 1 ? "admin.php?action=members&operation=search&username=$encodeusername&submit=yes&frames=yes" : "forum.php?mod=modcp&action=member&op=edit&uid=$space[uid]").'" id="usermanageli" onmouseover="showMenu(this.id)" class="showmenu" target="_blank">'.lang('home/template', 'member_manage').'</a></li>';
}
if($_G['adminid'] == 1) {
$managehtml .= "<li><a href=\"forum.php?mod=modcp&action=thread&op=post&do=search&searchsubmit=1&users=$encodeusername\" id=\"umanageli\" onmouseover=\"showMenu(this.id)\" class=\"showmenu\">".lang('home/template', 'content_manage')."</a></li>";
if(helper_access::check_module('forum')) {
$managehtml .= "<li><a href=\"forum.php?mod=modcp&action=thread&op=post&do=search&searchsubmit=1&users=$encodeusername\" id=\"umanageli\" onmouseover=\"showMenu(this.id)\" class=\"showmenu\">".lang('home/template', 'content_manage')."</a></li>";
} else {
$managehtml .= "<li><a id=\"umanageli\" onmouseover=\"showMenu(this.id)\" class=\"showmenu\">".lang('home/template', 'content_manage')."</a></li>";
}
}
if(!empty($managehtml)) {
$html .= '<hr class="da mtn m0" /><ul class="ptn xl xl2 cl">'.$managehtml.'</ul><ul id="usermanageli_menu" class="p_pop" style="width: 80px; display:none;">';
@@ -169,16 +179,16 @@ function getblockhtml($blockname,$parameters = array()) {
$html .= '</ul>';
if($_G['adminid'] == 1) {
$html .= '<ul id="umanageli_menu" class="p_pop" style="width: 80px; display:none;">';
$html .= '<li><a href="forum.php?mod=modcp&action=thread&op=post&searchsubmit=1&do=search&users='.$encodeusername.'" target="_blank">'.lang('space', 'manage_post').'</a></li>';
$html .= '<li><a href="admin.php?action=doing&searchsubmit=1&detail=1&search=true&fromumanage=1&users='.$encodeusername.'" target="_blank">'.lang('space', 'manage_doing').'</a></li>';
$html .= '<li><a href="admin.php?action=blog&searchsubmit=1&detail=1&search=true&fromumanage=1&uid='.$uid.'" target="_blank">'.lang('space', 'manage_blog').'</a></li>';
$html .= '<li><a href="admin.php?action=feed&searchsubmit=1&detail=1&fromumanage=1&uid='.$uid.'" target="_blank">'.lang('space', 'manage_feed').'</a></li>';
$html .= '<li><a href="admin.php?action=album&searchsubmit=1&detail=1&search=true&fromumanage=1&uid='.$uid.'" target="_blank">'.lang('space', 'manage_album').'</a></li>';
$html .= '<li><a href="admin.php?action=pic&searchsubmit=1&detail=1&search=true&fromumanage=1&users='.$encodeusername.'" target="_blank">'.lang('space', 'manage_pic').'</a></li>';
helper_access::check_module('forum') && $html .= '<li><a href="forum.php?mod=modcp&action=thread&op=post&searchsubmit=1&do=search&users='.$encodeusername.'" target="_blank">'.lang('space', 'manage_post').'</a></li>';
helper_access::check_module('doing') && $html .= '<li><a href="admin.php?action=doing&searchsubmit=1&detail=1&search=true&fromumanage=1&users='.$encodeusername.'" target="_blank">'.lang('space', 'manage_doing').'</a></li>';
helper_access::check_module('blog') && $html .= '<li><a href="admin.php?action=blog&searchsubmit=1&detail=1&search=true&fromumanage=1&uid='.$uid.'" target="_blank">'.lang('space', 'manage_blog').'</a></li>';
helper_access::check_module('feed') && $html .= '<li><a href="admin.php?action=feed&searchsubmit=1&detail=1&fromumanage=1&uid='.$uid.'" target="_blank">'.lang('space', 'manage_feed').'</a></li>';
helper_access::check_module('album') && $html .= '<li><a href="admin.php?action=album&searchsubmit=1&detail=1&search=true&fromumanage=1&uid='.$uid.'" target="_blank">'.lang('space', 'manage_album').'</a></li>';
helper_access::check_module('album') && $html .= '<li><a href="admin.php?action=pic&searchsubmit=1&detail=1&search=true&fromumanage=1&users='.$encodeusername.'" target="_blank">'.lang('space', 'manage_pic').'</a></li>';
$html .= '<li><a href="admin.php?action=comment&searchsubmit=1&detail=1&fromumanage=1&authorid='.$uid.'" target="_blank">'.lang('space', 'manage_comment').'</a></li>';
$html .= '<li><a href="admin.php?action=share&searchsubmit=1&detail=1&search=true&fromumanage=1&uid='.$uid.'" target="_blank">'.lang('space', 'manage_share').'</a></li>';
$html .= '<li><a href="admin.php?action=threads&operation=group&searchsubmit=1&detail=1&search=true&fromumanage=1&users='.$encodeusername.'" target="_blank">'.lang('space', 'manage_group_threads').'</a></li>';
$html .= '<li><a href="admin.php?action=prune&operation=group&searchsubmit=1&detail=1&fromumanage=1&users='.$encodeusername.'" target="_blank">'.lang('space', 'manage_group_prune').'</a></li>';
helper_access::check_module('share') && $html .= '<li><a href="admin.php?action=share&searchsubmit=1&detail=1&search=true&fromumanage=1&uid='.$uid.'" target="_blank">'.lang('space', 'manage_share').'</a></li>';
helper_access::check_module('group') && $html .= '<li><a href="admin.php?action=threads&operation=group&searchsubmit=1&detail=1&search=true&fromumanage=1&users='.$encodeusername.'" target="_blank">'.lang('space', 'manage_group_threads').'</a></li>';
helper_access::check_module('group') && $html .= '<li><a href="admin.php?action=prune&operation=group&searchsubmit=1&detail=1&fromumanage=1&users='.$encodeusername.'" target="_blank">'.lang('space', 'manage_group_prune').'</a></li>';
$html .= '</ul>';
}
}
upload/source/include/misc/misc_ajax.php
@@ -17,6 +17,15 @@ if($op == 'comment') {
$cid = empty($_GET['cid'])?0:intval($_GET['cid']);
$idtype_array = array('picid' => 'album', 'blogid' => 'blog', 'sid' => 'share', 'uid' => 'wall');
$cmt = C::t('home_comment')->fetch($cid);
if(empty($cmt['idtype']) || !array_key_exists($cmt['idtype'], $idtype_array)) {
showmessage('no_privilege_comment', '', array(), array('return' => true));
} else if(!$_G['setting'][$idtype_array[$cmt['idtype']].'status']) {
showmessage($idtype_array[$cmt['idtype']].'_status_off');
}
if($cid) {
$ajax_edit = 1;
} else {
@@ -31,6 +40,10 @@ if($op == 'comment') {
} elseif($op == 'getfriendgroup') {
if (!$_G['setting']['friendstatus']) {
showmessage('friend_status_off');
}
$uid = intval($_GET['uid']);
if($_G['uid'] && $uid) {
$space = getuserbyuid($_G['uid']);
@@ -46,6 +59,10 @@ if($op == 'comment') {
} elseif($op == 'getfriendname') {
if (!$_G['setting']['friendstatus']) {
showmessage('friend_status_off');
}
$groupname = '';
$group = intval($_GET['group']);
@@ -57,6 +74,10 @@ if($op == 'comment') {
} elseif($op == 'share') {
if (!$_G['setting']['sharestatus']) {
showmessage('share_status_off');
}
require_once libfile('function/share');
$list = array();
@@ -68,6 +89,10 @@ if($op == 'comment') {
} elseif($op == 'album') {
if (!$_G['setting']['albumstatus']) {
showmessage('album_status_off');
}
$id = empty($_GET['id'])?0:intval($_GET['id']);
$perpage = 10;
@@ -94,6 +119,10 @@ if($op == 'comment') {
} elseif($op == 'docomment') {
if (!$_G['setting']['doingstatus']) {
showmessage('doing_status_off');
}
$doid = intval($_GET['doid']);
$clist = $do = array();
$icon = $_GET['icon'] == 'plus' ? 'minus' : 'plus';
@@ -227,6 +256,9 @@ if($op == 'comment') {
include_once libfile('function/profile');
$html = showdistrict($values, $elems, $container, $showlevel, $containertype);
} elseif($_GET['op'] == 'createalbum') {
if (!$_G['setting']['albumstatus']) {
showmessage('album_status_off');
}
$albumname = 'new:'.$_GET['name'];
require_once libfile('function/spacecp');
$albumid = album_creat_by_id($albumname, intval($_GET['catid']));
upload/source/include/misc/misc_category.php
@@ -11,6 +11,10 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if(!$_G['setting']['forumstatus']) {
showmessage('forum_status_off');
}
$_G['mnid'] = 'mn_F'.$gid;
$gquery = C::t('forum_forum')->fetch_all_info_by_fids($gid);
$query = C::t('forum_forum')->fetch_all_info_by_fids(0, 1, 0, $gid, 1, 0, 0, 'forum');
upload/source/include/misc/misc_forumselect.php
@@ -11,6 +11,10 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if(!$_G['setting']['forumstatus']) {
showmessage('forum_status_off');
}
if(!isset($_G['cache']['forums'])) {
loadcache('forums');
}
upload/source/include/misc/misc_inputpwd.php
@@ -18,10 +18,16 @@ if(submitcheck('pwdsubmit')) {
$itemarr = array();
if($blogid) {
if (!$_G['setting']['blogstatus']) {
showmessage('blog_status_off');
}
$itemarr = C::t('home_blog')->fetch($blogid);
$itemurl = "home.php?mod=space&uid=$itemarr[uid]&do=blog&id=$itemarr[blogid]";
$cookiename = 'view_pwd_blog_'.$blogid;
} elseif($albumid) {
if (!$_G['setting']['albumstatus']) {
showmessage('album_status_off');
}
$itemarr = C::t('home_album')->fetch($albumid);
$itemurl = "home.php?mod=space&uid=$itemarr[uid]&do=album&id=$itemarr[albumid]";
$cookiename = 'view_pwd_album_'.$albumid;
upload/source/include/misc/misc_ranklist_member.php
@@ -60,7 +60,7 @@ if ($_GET['view'] == 'credit') {
$orderby = $_GET['orderby'];
$list = getranklistdata($type, $view, $orderby);
} elseif ($_GET['view'] == 'friendnum') {
} elseif ($_GET['view'] == 'friendnum' && helper_access::check_module('friend')) {
$gettype = 'friend';
if($_G['uid']) {
@@ -104,7 +104,7 @@ if ($_GET['view'] == 'credit') {
$orderby = $_GET['orderby'];
$list = getranklistdata($type, $view, $orderby);
} elseif($_GET['view'] == 'blog') {
} elseif($_GET['view'] == 'blog' && helper_access::check_module('blog')) {
$gettype = 'blog';
$now_pos = -1;
@@ -128,7 +128,7 @@ if ($_GET['view'] == 'credit') {
$orderby = $_GET['orderby'];
$list = getranklistdata($type, $view, $orderby);
} elseif($_GET['view'] == 'post') {
} elseif($_GET['view'] == 'post' && helper_access::check_module('forum')) {
$gettype = 'post';
$postsrank_change = 1;
@@ -149,7 +149,7 @@ if ($_GET['view'] == 'credit') {
$orderby = $_GET['orderby'];
$list = getranklistdata($type, $view, $orderby);
} elseif($_GET['view'] == 'onlinetime') {
} elseif($_GET['view'] == 'onlinetime' && !$_G['setting']['sessionclose']) {
$gettype = 'onlinetime';
$onlinetimerank_change = 1;
upload/source/include/modcp/modcp_moderate.php
@@ -11,6 +11,9 @@ if(!defined('IN_DISCUZ') || !defined('IN_MODCP')) {
exit('Access Denied');
}
if(!$_G['setting']['forumstatus'] && $op != 'members') {
showmessage('forum_status_off');
}
$modact = empty($_GET['modact']) || !in_array($_GET['modact'] , array('delete', 'ignore', 'validate')) ? 'ignore' : $_GET['modact'];
upload/source/include/space/space_activity.php
@@ -11,14 +11,18 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['forumstatus']) {
showmessage('forum_status_off');
}
$minhot = $_G['setting']['feedhotmin']<1?3:$_G['setting']['feedhotmin'];
$page = empty($_GET['page'])?1:intval($_GET['page']);
if($page<1) $page=1;
$id = empty($_GET['id'])?0:intval($_GET['id']);
$opactives['activity'] = 'class="a"';
if(empty($_GET['view'])) $_GET['view'] = 'we';
$_GET['order'] = empty($_GET['order']) ? 'dateline' : $_GET['order'];
$_GET['view'] = in_array($_GET['view'], array('we', 'me', 'all')) ? $_GET['view'] : 'we';
$_GET['order'] = in_array($_GET['order'], array('hot', 'dateline')) ? $_GET['order'] : 'dateline';
$perpage = 20;
$perpage = mob_perpage($perpage);
upload/source/include/space/space_album.php
@@ -11,6 +11,10 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['albumstatus']) {
showmessage('album_status_off');
}
$minhot = $_G['setting']['feedhotmin']<1?3:intval($_G['setting']['feedhotmin']);
$id = empty($_GET['id'])?0:intval($_GET['id']);
$picid = empty($_GET['picid'])?0:intval($_GET['picid']);
@@ -286,9 +290,8 @@ if($id) {
$pricount = 0;
$picmode = 0;
if(empty($_GET['view'])) {
$_GET['view'] = 'we';
}
$_GET['view'] = in_array($_GET['view'], array('we', 'me', 'all')) ? $_GET['view'] : 'we';
$_GET['order'] = in_array($_GET['order'], array('hot', 'dateline')) ? $_GET['order'] : 'dateline';
$gets = array(
'mod' => 'space',
upload/source/include/space/space_blog.php
@@ -11,6 +11,10 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['blogstatus']) {
showmessage('blog_status_off');
}
$minhot = $_G['setting']['feedhotmin']<1?3:$_G['setting']['feedhotmin'];
$page = empty($_GET['page'])?1:intval($_GET['page']);
if($page<1) $page=1;
@@ -182,7 +186,8 @@ if($id) {
loadcache('blogcategory');
$category = $_G['cache']['blogcategory'];
if(empty($_GET['view'])) $_GET['view'] = 'we';
$_GET['view'] = in_array($_GET['view'], array('we', 'me', 'all')) ? $_GET['view'] : 'we';
$_GET['order'] = in_array($_GET['order'], array('hot', 'dateline')) ? $_GET['order'] : 'dateline';
$perpage = 10;
$perpage = mob_perpage($perpage);
upload/source/include/space/space_debate.php
@@ -11,14 +11,18 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['forumstatus']) {
showmessage('forum_status_off');
}
$minhot = $_G['setting']['feedhotmin']<1?3:$_G['setting']['feedhotmin'];
$page = empty($_GET['page'])?1:intval($_GET['page']);
if($page<1) $page=1;
$id = empty($_GET['id'])?0:intval($_GET['id']);
$opactives['debate'] = 'class="a"';
if(empty($_GET['view'])) $_GET['view'] = 'we';
$_GET['order'] = empty($_GET['order']) ? 'dateline' : $_GET['order'];
$_GET['view'] = in_array($_GET['view'], array('we', 'me', 'all')) ? $_GET['view'] : 'we';
$_GET['order'] = in_array($_GET['order'], array('hot', 'dateline')) ? $_GET['order'] : 'dateline';
$perpage = 20;
$perpage = mob_perpage($perpage);
$start = ($page-1)*$perpage;
upload/source/include/space/space_doing.php
@@ -11,6 +11,10 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['doingstatus']) {
showmessage('doing_status_off');
}
$perpage = 20;
$perpage = mob_perpage($perpage);
@@ -23,9 +27,7 @@ ckstart($start, $perpage);
$dolist = array();
$count = 0;
if(empty($_GET['view'])) {
$_GET['view'] = 'we';
}
$_GET['view'] = in_array($_GET['view'], array('we', 'me', 'all')) ? $_GET['view'] : 'we';
$gets = array(
'mod' => 'space',
upload/source/include/space/space_favorite.php
@@ -11,6 +11,10 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['favoritestatus']) {
showmessage('favorite_status_off');
}
$space = getuserbyuid($_G['uid']);
$page = empty($_GET['page'])?1:intval($_GET['page']);
upload/source/include/space/space_friend.php
@@ -11,6 +11,10 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['friendstatus']) {
showmessage('friend_status_off');
}
$perpage = 24;
$perpage = mob_perpage($perpage);
@@ -20,7 +24,8 @@ $page = empty($_GET['page'])?0:intval($_GET['page']);
if($page<1) $page = 1;
$start = ($page-1)*$perpage;
if(empty($_GET['view']) || $_GET['view'] == 'all') $_GET['view'] = 'me';
$_GET['view'] = in_array($_GET['view'], array('online', 'visitor', 'trace', 'blacklist', 'me')) ? $_GET['view'] : 'me';
$_GET['order'] = in_array($_GET['order'], array('hot', 'dateline')) ? $_GET['order'] : 'dateline';
ckstart($start, $perpage);
upload/source/include/space/space_home.php
@@ -37,9 +37,8 @@ if(empty($_GET['view'])) {
} elseif(!in_array($_GET['view'], array('we', 'me', 'all', 'app'))) {
$_GET['view'] = 'all';
}
if(empty($_GET['order'])) {
$_GET['order'] = 'dateline';
}
$_GET['order'] = in_array($_GET['order'], array('hot', 'dateline')) ? $_GET['order'] : 'dateline';
$perpage = $_G['setting']['feedmaxnum']<20?20:$_G['setting']['feedmaxnum'];
$perpage = mob_perpage($perpage);
upload/source/include/space/space_poll.php
@@ -11,14 +11,18 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['forumstatus']) {
showmessage('forum_status_off');
}
$minhot = $_G['setting']['feedhotmin']<1?3:$_G['setting']['feedhotmin'];
$page = empty($_GET['page'])?1:intval($_GET['page']);
if($page<1) $page=1;
$id = empty($_GET['id'])?0:intval($_GET['id']);
$_GET['order'] = in_array($_GET['order'], array('dateline', 'hot')) ? $_GET['order'] : 'dateline';
$_GET['order'] = in_array($_GET['order'], array('hot', 'dateline')) ? $_GET['order'] : 'dateline';
$opactives['poll'] = 'class="a"';
if(empty($_GET['view'])) $_GET['view'] = 'we';
$_GET['view'] = in_array($_GET['view'], array('we', 'me', 'all')) ? $_GET['view'] : 'we';
$perpage = 20;
$perpage = mob_perpage($perpage);
upload/source/include/space/space_reward.php
@@ -11,6 +11,10 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['forumstatus']) {
showmessage('forum_status_off');
}
$minhot = $_G['setting']['feedhotmin']<1?3:$_G['setting']['feedhotmin'];
$page = empty($_GET['page'])?1:intval($_GET['page']);
if($page<1) $page=1;
upload/source/include/space/space_share.php
@@ -11,10 +11,15 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['sharestatus']) {
showmessage('share_status_off');
}
$page = empty($_GET['page'])?1:intval($_GET['page']);
if($page<1) $page=1;
$id = empty($_GET['id'])?0:intval($_GET['id']);
$_GET['type'] = in_array($_GET['type'], array('all', 'link', 'video', 'music', 'flash', 'blog', 'album', 'pic', 'poll', 'space', 'thread', 'article'))? $_GET['type'] : 'all';
$_GET['view'] = in_array($_GET['view'], array('we', 'me', 'all')) ? $_GET['view'] : 'we';
if($id) {
if(!IS_ROBOT) {
upload/source/include/space/space_thread.php
@@ -11,14 +11,18 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['forumstatus']) {
showmessage('forum_status_off');
}
$minhot = $_G['setting']['feedhotmin']<1?3:$_G['setting']['feedhotmin'];
$page = empty($_GET['page'])?1:intval($_GET['page']);
if($page<1) $page=1;
$id = empty($_GET['id'])?0:intval($_GET['id']);
$opactives['thread'] = 'class="a"';
if(empty($_GET['view'])) $_GET['view'] = 'me';
$_GET['order'] = empty($_GET['order']) ? 'dateline' : $_GET['order'];
$_GET['view'] = in_array($_GET['view'], array('we', 'me', 'all')) ? $_GET['view'] : 'we';
$_GET['order'] = in_array($_GET['order'], array('hot', 'dateline')) ? $_GET['order'] : 'dateline';
$allowviewuserthread = $_G['setting']['allowviewuserthread'];
@@ -265,6 +269,10 @@ if($_GET['view'] == 'me') {
} else {
if(!$_G['setting']['friendstatus']) {
showmessage('friend_status_off');
}
space_merge($space, 'field_home');
if($space['feedfriend']) {
upload/source/include/space/space_trade.php
@@ -11,13 +11,18 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['forumstatus']) {
showmessage('forum_status_off');
}
$minhot = $_G['setting']['feedhotmin']<1?3:$_G['setting']['feedhotmin'];
$page = empty($_GET['page'])?1:intval($_GET['page']);
if($page<1) $page=1;
$id = empty($_GET['id'])?0:intval($_GET['id']);
$opactives['trade'] = 'class="a"';
if(empty($_GET['view'])) $_GET['view'] = 'we';
$_GET['view'] = in_array($_GET['view'], array('we', 'me', 'tradelog', 'eccredit', 'onlyuser')) ? $_GET['view'] : 'we';
$_GET['order'] = in_array($_GET['order'], array('hot', 'dateline')) ? $_GET['order'] : 'dateline';
$perpage = 20;
$perpage = mob_perpage($perpage);
upload/source/include/space/space_wall.php
@@ -11,6 +11,10 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['wallstatus']) {
showmessage('wall_status_off');
}
$perpage = 20;
$perpage = mob_perpage($perpage);
upload/source/include/spacecp/spacecp_album.php
@@ -11,6 +11,10 @@ if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!$_G['setting']['albumstatus']) {
showmessage('album_status_off');
}
$albumid = empty($_GET['albumid'])?0:intval($_GET['albumid']);
$picid = empty($_GET['picid'])?0:intval($_GET['picid']);