From 7a77e4392a5bc75a44e3c362d4d67a04f8025c11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=91=A8=E9=83=A8=E8=90=BD?= Date: Thu, 14 Nov 2019 10:20:14 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E4=BC=98=E5=8C=96=20=E9=97=A8=E6=88=B7?= =?UTF-8?q?=E8=BF=9C=E7=A8=8B=E4=B8=8B=E8=BD=BD=E5=9B=BE=E7=89=87=E6=94=AF?= =?UTF-8?q?=E6=8C=81HTTPS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- upload/source/include/portalcp/portalcp_upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upload/source/include/portalcp/portalcp_upload.php b/upload/source/include/portalcp/portalcp_upload.php index beed8ca33..a2dfd59e4 100644 --- a/upload/source/include/portalcp/portalcp_upload.php +++ b/upload/source/include/portalcp/portalcp_upload.php @@ -52,7 +52,7 @@ if($operation == 'downremotefile') { continue; } $content = ''; - if(preg_match('/^(http:\/\/|\.)/i', $imageurl)) { + if(preg_match('/^(http(s?):\/\/|\.)/i', $imageurl)) { $content = dfsockopen($imageurl); } elseif(checkperm('allowdownlocalimg')) { if(preg_match('/^data\/(.*?)\.thumb\.jpg$/i', $imageurl)) { -- Gitee From c9c8ccac1bd3526d0e56e7cc25b02f2fb8f6ef6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=91=A8=E9=83=A8=E8=90=BD?= Date: Sat, 16 Nov 2019 23:28:10 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20=E7=94=B1=E4=BA=8E?= =?UTF-8?q?=E6=AD=A3=E5=88=99=E8=A1=A8=E8=BE=BE=E5=BC=8F=E5=8E=9F=E5=9B=A0?= =?UTF-8?q?=E5=AF=BC=E8=87=B4=E5=9B=BE=E7=89=87=E5=8C=B9=E9=85=8D=E5=A4=B1?= =?UTF-8?q?=E8=B4=A5=E7=9A=84Bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- upload/source/include/portalcp/portalcp_upload.php | 2 +- upload/source/module/forum/forum_ajax.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/upload/source/include/portalcp/portalcp_upload.php b/upload/source/include/portalcp/portalcp_upload.php index a2dfd59e4..0a4905922 100644 --- a/upload/source/include/portalcp/portalcp_upload.php +++ b/upload/source/include/portalcp/portalcp_upload.php @@ -34,7 +34,7 @@ if($operation == 'downremotefile') { $arrayimageurl = $temp = $imagereplace = array(); $string = $_GET['content']; $downremotefile = true; - preg_match_all("/\/ismUe", $string, $temp, PREG_SET_ORDER); + preg_match_all("/\/ismU", $string, $temp, PREG_SET_ORDER); if(is_array($temp) && !empty($temp)) { foreach($temp as $tempvalue) { $tempvalue[2] = str_replace('\"', '', $tempvalue[2]); diff --git a/upload/source/module/forum/forum_ajax.php b/upload/source/module/forum/forum_ajax.php index bef719708..50f14fae3 100644 --- a/upload/source/module/forum/forum_ajax.php +++ b/upload/source/module/forum/forum_ajax.php @@ -361,7 +361,7 @@ if($_GET['action'] == 'checkusername') { } $_GET['message'] = str_replace(array("\r", "\n"), array($_GET['wysiwyg'] ? '
' : '', "\\n"), $_GET['message']); preg_match_all("/\[img\]\s*([^\[\<\r\n]+?)\s*\[\/img\]|\[img=\d{1,4}[x|\,]\d{1,4}\]\s*([^\[\<\r\n]+?)\s*\[\/img\]/is", $_GET['message'], $image1, PREG_SET_ORDER); - preg_match_all("/\/ismUe", $_GET['message'], $image2, PREG_SET_ORDER); + preg_match_all("/\/ismU", $_GET['message'], $image2, PREG_SET_ORDER); $temp = $aids = $existentimg = array(); if(is_array($image1) && !empty($image1)) { foreach($image1 as $value) { -- Gitee