Home > IT > One Bug of DEDECMS

One Bug of DEDECMS

December 30th, 2008 Iron_Feet Leave a comment Go to comments   Short URL
分享家:Addthis中国

这几天又在折腾网站和DEDECMS。今天巨崩溃的发现了DEDECMS的连载模块的一个大Bug
在连载模块的添加书本内容只要加入引号就会出现错误
比方说

<img src="../uploads/1.jpg" />

就会变成这个样子

<img src=\\\"../uploads/1.jpg\\\" />

然后就导致很多标签失效和出错。
初步看应该是CMS的二次转义的错误,显示把”转移成了\”,然后第二次转义成了\\\”,就成了那个样子。
而且DEDECMS的连载模块,竟然不是将书本内容放入数据库而是保存成一个一个文本,我Faint,害我找了好久。
后来看了DEDECMS的源代码半天,终于找到了比较方便的解决方法。在保存书本内容和读取书本内容的部分做一下手脚,基本搞定问题
在DEDECMS的文件夹下面找到include/inc_bookfunctions.php文件
原来是

<?php
 
function GetBookText($cid)
{
	global $cfg_cmspath,$cfg_basedir;
	$ipath = $cfg_cmspath."/data/textdata";
	$tpath = ceil($cid/5000);
	$bookfile = $cfg_basedir."$ipath/$tpath/bk{$cid}.php";
	if(!file_exists($bookfile)) return '';
	else{
		$alldata = '';
		$fp = fopen($bookfile,'r');
		$line = fgets($fp,64);
		$alldata = '';
		while(!feof($fp)){
			$alldata .= fread($fp,1024);
		}
		fclose($fp);
		return trim(substr($alldata,0,strlen($alldata)-2));
	}
}
 
function WriteBookText($cid,$body)
{
	global $cfg_cmspath,$cfg_basedir;
	$ipath = $cfg_cmspath."/data/textdata";
	$tpath = ceil($cid/5000);
	if(!is_dir($cfg_basedir.$ipath)) MkdirAll($cfg_basedir.$ipath,$GLOBALS['cfg_dir_purview']);
	if(!is_dir($cfg_basedir.$ipath.'/'.$tpath)) MkdirAll($cfg_basedir.$ipath.'/'.$tpath,$GLOBALS['cfg_dir_purview']);
	$bookfile = $cfg_basedir.$ipath."/{$tpath}/bk{$cid}.php";
	$body = "<"."?php exit();\r\n".$body."\r\n?".">";
	@$fp = fopen($bookfile,'w');
	@flock($fp);
	@fwrite($fp,$body);
	@fclose($fp);
}
 
?>

改成这个

<?php
 
function GetBookText($cid)
{
	global $cfg_cmspath,$cfg_basedir;
	$ipath = $cfg_cmspath."/data/textdata";
	$tpath = ceil($cid/5000);
	$bookfile = $cfg_basedir."$ipath/$tpath/bk{$cid}.php";
	if(!file_exists($bookfile)) return '';
	else{
		$alldata = '';
		$fp = fopen($bookfile,'r');
		$line = fgets($fp,64);
		$alldata = '';
		while(!feof($fp)){
			$alldata .= fread($fp,1024);
		}
		fclose($fp);
		return str_replace("\\\\\\", "", trim(substr($alldata,0,strlen($alldata)-2)));
	}
}
 
function WriteBookText($cid,$body)
{
	global $cfg_cmspath,$cfg_basedir;
	$ipath = $cfg_cmspath."/data/textdata";
	$tpath = ceil($cid/5000);
	if(!is_dir($cfg_basedir.$ipath)) MkdirAll($cfg_basedir.$ipath,$GLOBALS['cfg_dir_purview']);
	if(!is_dir($cfg_basedir.$ipath.'/'.$tpath)) MkdirAll($cfg_basedir.$ipath.'/'.$tpath,$GLOBALS['cfg_dir_purview']);
	$bookfile = $cfg_basedir.$ipath."/{$tpath}/bk{$cid}.php";
	$body = "<"."?php exit();\r\n".$body."\r\n?".">";
	$body = str_replace("\\\\\\", "",$body);
	@$fp = fopen($bookfile,'w');
	@flock($fp);
	@fwrite($fp,$body);
	@fclose($fp);
}
 
?>

修改是

$ diff inc_bookfunctions.php inc_bookfunctions_bak.php 
19c19
< 		return str_replace("\\\\\\", "", trim(substr($alldata,0,strlen($alldata)-2)));
---
> 		return trim(substr($alldata,0,strlen($alldata)-2));
32d31
< 	$body = str_replace("\\\\\\", "",$body);

PS:本日志内容仅限于DEDECMS4.X,以后的新版本无论是功能php文件的位置和bug的修复上应该都会有所不同

You don't feel like leaving comments? Please leave your palm-print.
懒得留言?那留下您的掌印吧。
Categories: IT Tags: ,
  1. No comments yet.
  1. No trackbacks yet.

:D 8) :down: 8O :!: :halo: :evil: :heart: :kiss: :lol: :money: :mrgreen: :x :| :pirate: :?: :oops: :roll: :P :( :) :o :up: :vangry: :twisted: ;) :? :cry:

也许您会觉得ReCAPTCHA验证码很繁琐,会认为他和其他所有的验证码一样让你厌烦。那请点击这里,您会了解到ReCAPTCHA为人类文化的传承做出了多大的贡献。请您也为人类知识的保存和传递也出一份力吧,谢谢!
 
    Posts Nav.