From bde86574b8d958176f7013156d8d5f5463123be9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Tue, 11 Mar 2014 15:43:31 +0800 Subject: [PATCH 01/23] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E6=B3=A8=E5=86=8C?= =?UTF-8?q?=E6=97=B6=E5=8F=AF=E8=83=BD=E9=80=A0=E6=88=90=E7=9A=84=E4=BF=A1?= =?UTF-8?q?=E6=81=AF=E6=B3=84=E6=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Widget/Login.php | 2 +- var/Widget/Register.php | 2 +- var/Widget/Users/Edit.php | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/var/Widget/Login.php b/var/Widget/Login.php index d3de316c..6d2568b4 100644 --- a/var/Widget/Login.php +++ b/var/Widget/Login.php @@ -73,7 +73,7 @@ class Widget_Login extends Widget_Abstract_Users implements Widget_Interface_Do $this->response->redirect($this->request->referer); } else if (!$this->user->pass('contributor', true)) { /** 不允许普通用户直接跳转后台 */ - $this->response->redirect($this->options->siteUrl); + $this->response->redirect($this->options->profileUrl); } else { $this->response->redirect($this->options->adminUrl); } diff --git a/var/Widget/Register.php b/var/Widget/Register.php index a9480b84..10e2d672 100644 --- a/var/Widget/Register.php +++ b/var/Widget/Register.php @@ -79,6 +79,6 @@ class Widget_Register extends Widget_Abstract_Users implements Widget_Interface_ Typecho_Cookie::delete('__typecho_remember_mail'); $this->widget('Widget_Notice')->set(_t('用户 %s 已经成功注册, 密码为 %s', $this->screenName, $generatedPassword), 'success'); - $this->response->goBack(); + $this->response->redirect($this->options->adminUrl); } } diff --git a/var/Widget/Users/Edit.php b/var/Widget/Users/Edit.php index 16a2c638..d071207b 100644 --- a/var/Widget/Users/Edit.php +++ b/var/Widget/Users/Edit.php @@ -125,9 +125,9 @@ class Widget_Users_Edit extends Widget_Abstract_Users implements Widget_Interfac $form->addInput($url); /** 用户组 */ - $group = new Typecho_Widget_Helper_Form_Element_Select('group', array('visitor' => _t('访问者'), - 'subscriber' => _t('关注者'), 'contributor' => _t('贡献者'), 'editor' => _t('编辑'), 'administrator' => _t('管理员')), - NULL, _t('用户组'), _t('不同的用户组拥有不同的权限.') + $group = new Typecho_Widget_Helper_Form_Element_Select('group', array('subscriber' => _t('关注者'), + 'contributor' => _t('贡献者'), 'editor' => _t('编辑'), 'administrator' => _t('管理员')), + NULL, _t('用户组'), _t('不同的用户组拥有不同的权限.') . '
' . _t('具体的权限分配表请参考这里.')); $form->addInput($group); From f4ca780f161f697f5592ba8fa34164881a1aa361 Mon Sep 17 00:00:00 2001 From: fen Date: Tue, 11 Mar 2014 19:08:46 +0800 Subject: [PATCH 02/23] =?UTF-8?q?=E7=BC=96=E8=BE=91=E5=99=A8=E5=9B=BE?= =?UTF-8?q?=E6=A0=87=E9=80=82=E9=85=8D=20retina?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- admin/css/style.css | 71 ++++++++++++++++------------- admin/img/editor.png | Bin 7370 -> 7592 bytes admin/img/editor@2x.png | Bin 0 -> 15600 bytes admin/scss/components/_editor.scss | 9 ++++ 4 files changed, 49 insertions(+), 31 deletions(-) create mode 100644 admin/img/editor@2x.png diff --git a/admin/css/style.css b/admin/css/style.css index c568cdf7..c87b5f50 100644 --- a/admin/css/style.css +++ b/admin/css/style.css @@ -1,3 +1,4 @@ +@charset "UTF-8"; /* vim: set et sw=2 ts=2 sts=2 fdm=marker ff=unix fenc=utf8 */ /** * Typecho 后台样式 @@ -1584,40 +1585,48 @@ a.operate-reply { height: 20px; background: transparent url(../img/editor.png) no-repeat; } -/* line 44, ../scss/components/_editor.scss */ +@media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 46, ../scss/components/_editor.scss */ + #wmd-button-row span { + background-image: url(../img/editor@2x.png); + -webkit-background-size: 320px 60px; + -moz-background-size: 320px 60px; + -o-background-size: 320px 60px; + background-size: 320px 60px; } } +/* line 53, ../scss/components/_editor.scss */ .wmd-edittab { float: right; margin-top: 3px; font-size: .92857em; } - /* line 48, ../scss/components/_editor.scss */ + /* line 57, ../scss/components/_editor.scss */ .wmd-edittab a { display: inline-block; padding: 0 8px; margin-left: 5px; height: 20px; line-height: 20px; } - /* line 54, ../scss/components/_editor.scss */ + /* line 63, ../scss/components/_editor.scss */ .wmd-edittab a:hover { text-decoration: none; } - /* line 57, ../scss/components/_editor.scss */ + /* line 66, ../scss/components/_editor.scss */ .wmd-edittab a.active { background: #E9E9E6; color: #999; } -/* line 65, ../scss/components/_editor.scss */ +/* line 74, ../scss/components/_editor.scss */ .wmd-hidetab { display: none; } -/* line 69, ../scss/components/_editor.scss */ +/* line 78, ../scss/components/_editor.scss */ .wmd-visualhide { visibility: hidden; } /* 对话框 */ -/* line 74, ../scss/components/_editor.scss */ +/* line 83, ../scss/components/_editor.scss */ .wmd-prompt-background { background-color: #000; } -/* line 77, ../scss/components/_editor.scss */ +/* line 86, ../scss/components/_editor.scss */ .wmd-prompt-dialog { position: fixed; z-index: 1001; @@ -1628,22 +1637,22 @@ a.operate-reply { padding: 20px; width: 360px; background: #F6F6F3; } - /* line 88, ../scss/components/_editor.scss */ + /* line 97, ../scss/components/_editor.scss */ .wmd-prompt-dialog p { margin: 0 0 5px; } - /* line 89, ../scss/components/_editor.scss */ + /* line 98, ../scss/components/_editor.scss */ .wmd-prompt-dialog form { margin-top: 10px; } - /* line 90, ../scss/components/_editor.scss */ + /* line 99, ../scss/components/_editor.scss */ .wmd-prompt-dialog input[type="text"] { margin-bottom: 10px; width: 100%; } - /* line 94, ../scss/components/_editor.scss */ + /* line 103, ../scss/components/_editor.scss */ .wmd-prompt-dialog button { margin-right: 10px; } /* 预览 */ -/* line 98, ../scss/components/_editor.scss */ +/* line 107, ../scss/components/_editor.scss */ #wmd-preview { background: #FFF; margin: 1em 0; @@ -1655,37 +1664,37 @@ a.operate-reply { -ms-border-radius: 2px; -o-border-radius: 2px; border-radius: 2px; } - /* line 105, ../scss/components/_editor.scss */ + /* line 114, ../scss/components/_editor.scss */ #wmd-preview img { max-width: 100%; } - /* line 106, ../scss/components/_editor.scss */ + /* line 115, ../scss/components/_editor.scss */ #wmd-preview code, #wmd-preview pre { padding: 2px 4px; background: #F3F3F0; font-size: .92857em; } - /* line 111, ../scss/components/_editor.scss */ + /* line 120, ../scss/components/_editor.scss */ #wmd-preview code { color: #C13; } - /* line 112, ../scss/components/_editor.scss */ + /* line 121, ../scss/components/_editor.scss */ #wmd-preview pre { padding: 1em; } - /* line 114, ../scss/components/_editor.scss */ + /* line 123, ../scss/components/_editor.scss */ #wmd-preview pre code { padding: 0; color: #444; } - /* line 119, ../scss/components/_editor.scss */ + /* line 128, ../scss/components/_editor.scss */ #wmd-preview blockquote { margin: 1em 1.5em; padding-left: 1.5em; border-left: 4px solid #E9E9E6; color: #777; } - /* line 125, ../scss/components/_editor.scss */ + /* line 134, ../scss/components/_editor.scss */ #wmd-preview hr { margin: 2em auto; width: 100px; border: 1px solid #E9E9E6; border-width: 2px 0 0 0; } - /* line 131, ../scss/components/_editor.scss */ + /* line 140, ../scss/components/_editor.scss */ #wmd-preview .summary:after { display: block; margin: 2em 0; @@ -1696,7 +1705,7 @@ a.operate-reply { content: "- more -"; } /* 编辑器全屏 */ -/* line 144, ../scss/components/_editor.scss */ +/* line 153, ../scss/components/_editor.scss */ .fullscreen #wmd-button-bar, .fullscreen #text, .fullscreen #wmd-preview, .fullscreen .submit { position: absolute; top: 0; @@ -1711,20 +1720,20 @@ a.operate-reply { -ms-border-radius: 0; -o-border-radius: 0; border-radius: 0; } -/* line 154, ../scss/components/_editor.scss */ +/* line 163, ../scss/components/_editor.scss */ .fullscreen #wmd-button-bar { left: 0; padding: 13px 20px; border-bottom: 1px solid #F3F3F0; z-index: 1000; } -/* line 160, ../scss/components/_editor.scss */ +/* line 169, ../scss/components/_editor.scss */ .fullscreen #text { top: 53px; left: 0; padding: 20px; border: none; outline: none; } -/* line 167, ../scss/components/_editor.scss */ +/* line 176, ../scss/components/_editor.scss */ .fullscreen #wmd-preview { top: 53px; right: 0; @@ -1734,23 +1743,23 @@ a.operate-reply { border-left: 1px solid #F3F3F0; background: #F6F6F3; overflow: auto; } - /* line 176, ../scss/components/_editor.scss */ + /* line 185, ../scss/components/_editor.scss */ .fullscreen #wmd-preview code, .fullscreen #wmd-preview pre { background: #F0F0EC; } -/* line 180, ../scss/components/_editor.scss */ +/* line 189, ../scss/components/_editor.scss */ .fullscreen .submit { right: 0; margin: 0; padding: 10px 20px; border-bottom: 1px solid #F3F3F0; } -/* line 188, ../scss/components/_editor.scss */ +/* line 197, ../scss/components/_editor.scss */ .fullscreen #tab-files { position: absolute; top: 52px; right: 20px; width: 280px; z-index: 1001; } -/* line 202, ../scss/components/_editor.scss */ +/* line 211, ../scss/components/_editor.scss */ .fullscreen .wmd-edittab, .fullscreen .typecho-post-option, .fullscreen .title, @@ -1759,10 +1768,10 @@ a.operate-reply { .fullscreen .typecho-head-nav, .fullscreen .message { display: none; } -/* line 203, ../scss/components/_editor.scss */ +/* line 212, ../scss/components/_editor.scss */ .fullscreen .wmd-hidetab { display: block; } -/* line 205, ../scss/components/_editor.scss */ +/* line 214, ../scss/components/_editor.scss */ .fullscreen .wmd-visualhide, .fullscreen #btn-fullscreen-upload { visibility: visible; } diff --git a/admin/img/editor.png b/admin/img/editor.png index d905db6d0abd4528e3b659cabc88a6bf678cdae9..9bc092de66f81609b10de34180f284382cd1f4b4 100644 GIT binary patch literal 7592 zcmd6sbx;&wxA1paN*WOmkP-!vlFi2wiqshXgH{g)OtQ8}Cn zMe8&<@@bDls8^JPZDK(WaPY(rRqJKiUgQTeIH@*>#L;+Vyz8fhwSj&RK6@lRJ9M^Z z59uGrdpQHlu&?>h zDPxh#m?kjeaEP{*4mJ)S1nC+%DPL}k!95OYvK1dKjThwYFE zq+NOwI32;U2MC2Nw0@NAKJ+i0$p^-lwD#^o2ha`I9h)wv4r`a=e6|*_%`8PjbajBN zXsZF_;&)kAhP$8D*u``%_H1(kN_IlGqnMQ#7V*muU2D&fY-M*o**;t^(`{>En2oqQ z`9nN-2$MgV@hPhIS>i5#AsLb$H#$g%IW6|RNHzCPoa`@7uc=thd@oOT@B%|a^iA2k zs=5s|I+MlvaN5Z8YPNDH5^gk;@MAoS?`wP)t3U?=K`pJ;Lz#{Bwo=dpz?I*pzaFA? z)1Ou{Jm!mLYFL3;=Zhhif3m~qg=~gNl@QC1f?!lZ3ddf| z1yyL4*AZkj43#vt_^RvaZ2Bu*umx2LNl>X$avyZ_BYvgfZhGxS)j1xD7J<&uZU`FgeBMowu&MLjmXe1vpjiU2@)=S?5-(4dZ)(@ zcwKbO8iLUqB{b6=(JiPt7D`p?ZqZW^h`*v%fi?Zg2p(7&ov{j=&wl|)pIm(!3aN}c zk2@Th>p(5g^`AdB9;iV-}=Vk{iLks}6{l-ip zK2hwazfa%zFH}4KUI}yE%*Bis1J}ChGA{7fLI;DktI8em7DbcL*QRy84k&!t-brU= z`cCR1!h-2*8iAUd`rsp~?^Yo!&Vya^5TU~-t7Xa`Hi6m)rw=oKlFz>jF^Fg@Ll%$n z9v$54ll5R*$u@j$7{(>53Fb6WPeN_dxCTVM_Am)wRs9)h%}6A|(NkEhpdlbcJgzU6 zQir+tgBP_hMK{K$GQ)$jK(~mbtjkIr=Ad)MDTy_T_()k38upn4zYI`*uw{CSCBFB> zX~yr98ReBywh*Zq_%me9NdOJ}E}Lg|_VazQ13Pyx?tyaP^?lcOB>pd7R6fU-mtOl} zPHTZyBT~zHW1BNIY7CG@{%(LMIx5&{;i`MO_z-?PUSmX^HoCd>ZM%MFG&*nn^~agZ zib{;wUv1gR?N5(RCP6E9)zwv7D~|F|_Bar{5fy#e_LEn`q(wt*sq94YE4hUU;L8fF z^T|wG>EE8&$+@t_38CGG^t&76$`@Vy<-o+^P40DFIM(7Z@3sCMP$YKb0;$+3r4s}jP1Hbjg8~?( z8cJ_V)UDwa>ogdL&NJHhfciG=H6kb!dZKhK`3lZ>2-{*1&0znXP=%kerARU6{<6hU zuk5CZq`$MC_(p{3i$g~98X#i@&Bm|fjp)n{IM*x|QFYD>Qey{e z8Y}PO*SS{88h5eJs+&{iv>plDj;C-Tnhs4IJWjHgxqGsA&)9BNl;EsBwTJg(pxuty zRg)Do6%R5avtb!eq26U~${5MzF49K#ozeHt5866)IGY$}GO|sTJkvCzO4PcIzRdB> zTsRo{zs)>IHp~>xI8*#qVxK%QFSSwOCVV1ms2y~a0PXuxnr!JuWOszDshexjUukgz zp5JvH5y6+dN-8?^S+oF@0!2eI@R)=s?5^$uD6F`4oU_D8B~#?lF~S0SC#|Zx?5?K4 zq<_$6`JCug{rO)~WfYQL2GuaEP5ZIUHvJIKn$hxY`Ik%cBXU&^92Sv{Wq#Z=e67;G zQWihT3xXgsTz_wGeILjYH)_z2Y zrvVfHtis;V>3);OOn(I}03P1Hnwjb4@O@)m1j>wK(IY!o#`5BGs~3HkSsx|bCj0JI z4(}PvZQ?;Cs5Bd>hoPpbQG-P5=36%D%GpxgH^luqn&Fg)~QvPauwND#q!w(83XLFfpaNGKd;A!g1L0ibx zrlv0BLj+~n5>n-O1x4N1-Qxo=+?aomROVVpewyB8;zf4*pV#jw!%ZE%Y-)z7PEX{=1?94(^ z#yyfEO~tu<>eX2pBMYBnbh~008#|}=1MnK02_#HoG$M{*hbxwyYcp4Bhf1J5Le#D+ zw%4&MiY_-=pjRf!udF5Ss*;+qAnG5uR{Z_H;F|31#gH~I_jqlx!ng21gdx3Jr4##9 zJxOY?YtuKQCZsf>+yjOg8BZ2L=QrKb_#90kAEDPjAq`v`m{6 zU|BO@AwF=~>e(1O&iJoy>GE^>+|!rBQ?sPB zO7Ph$CshR7+~TMwAg`V}`*~^__sg9wMdVi8;h5FU)rH$}Jmqmj?l(hffYNE|aic%R z`@Gondb7{zv}=uSp(Am|%YAOgm+CBWWfa~ceC!npFgogvWn1`&e@=S}n&zt4n0D_^ z7u~bkU*qoFbMACGNcS~#%c=`Au1&zUUmSj8!^;$RBxG$~ zyxYgySR#Em)b@8pd@Hs&TUfrFo{=h*Tt_ye{!wkT%z;q?m_p&wUF_z3MOO2cS&0F> z$PIhIsFJf~fPX|~SZk*rdeecfe-iKqBC-fRs&jQu&GCR}pbCV&)XdXLp0wP*7{Fu= z;3^`U|AZXCT}fFAdp__2JaH9>wL-5chH#C}VI(&?d2{dQQFNNYx zAhKm{+V~Dx3){(loi%8tEuG58?>8AE7#b2LLB`TZ&%pfj7QrsdS=~;asjG`H@k2DP zM3*UG3`p8cqHnREUT`wt7M(@dO=9VIS#CpQO*AWe29c5`No3HzbL%MdiTe(+&({~{ z9CEf_WhY)sB58Ucl$!5pua9~3d6%un&~_aOmMY?Har;)PCg5Dy1@tL}Rp|9)^h88$ z%}E&!mpW}P34<)Z8MjfZR;9=YbwKl&HPYU8+D7!?vS2?hGCitfD-aVQ&djyjr-~gF z3UpA!EqL0eOyzOM!b@{QcH5%v;-}GVK|_meU)zVe2SB)P#W78kX;wJFY^p<@r{jh$ zV;8ezTLsaj>_Wcm_Tl?~PboT*(yeD}7fOo_!SEG3Gn!LExoX2e%iefTBjd1nQor+h zJsNNzucIpRxD7-uHSB-)qa^E$I-Tv#!6?{w4c71i0Uf3f?HtQleEMTmm@b$BAz*9q7D+8VVpyktY09KYzv~?Q~stGBF3)74Z&{pv>3q#IU3#; z5zR~|lrJr9{T+{aZ4T)qK}>6OC+iT5QRsQcmW#iMQ4#dM9?V4k+1jjGP`*DehubnFENCO_Gc?0QLgx?|?)T%5shhUPsbzCFG z!tIQA0Qa@*Z3F?>hB#l>=WPc35wJ71XzF5n!-LTQDcfSNjTbEafTI}1e@&&^8y%ji3_yE;- zm=BRN-6Drraz=@2KESz0<1EJ@%VY@NHRoG)z-RyD$*b)<8cSsE;nHWaW(YYq&a`U{ zk0Jx8(b~w6d6u#@r@IE>Esg|)l01ziyvr!y9dUJ;3g{TPh=>8T6JC|c-yC$)p7W?) zT5uklesGkf$=C% z6?5+s72=C!bEtnpFDab$E0U4&T$+C46&Fk}V)Kz6?0e92%gv@Nx>*OX;~wDH5SRqx zWKN5#;u^^dG813qs1MA{^iP(`7O!~%40R_Ml$ai~Tz@l9W8a%=Quf@jDyS$DiicY>+q>@oOUb`aJzon|2)h-%5}IYNpHD14!iMpHYj&w@=15(Q;^K zmZX{$gy_Gq_JoCRxPf7zQ;NQLnD?|caE=jpBF8~Av#h_kyZuT=vBi1s+6<<*%$pDA z6TvPTsjZ#R)Z)y~Lb#_ouZ~4mTJ?Q(8`pV$<9_5g?G%{05C9*zifWz~{nNp9Zz6RZ zIH#33$!YA3#{aj8D-Il9Iu*k)lZ=!yv^I?4xL_+Dco~CWCiP2WGLVF5Np%mdoPpuzD|xJ(~CC?@J;8i$tr2=o>8;AL58-# zj+RZAJ*wJso?O1ShHYTbHfeoCCg0NXBqBDk(;D-0BVF-HBh&Xy375b9^`djGI-9tq zSVw23$9%XoJkn+!*lOTtoTLmvYN-sUzwh*%K6KXBTh4D7d0jb7pROO?N(PWhlB}Q6 zuq7J8*U%>nAqc(;G7s|cJ1+Z#uq-tFSE+2jjeu#9ItV0z{wW*f*ZERX$f|N~6*=LJ z+enr{FrAg{ckKT&nX-aUK|4dDMi<5;y}J}@4!L{BNsY8M1|m#& zb4gqA=Iqk>ptIBKo9ewo&u>4$k?4_=9K*AcYMH}P8_SSm?66gShA?!JU*>0Bh`%S% zwG*-T@t>K;?&S@0zB6lBxeYzQIEMpa-GlN=Mj@2#hHI36%+Me2L%eQ_@314QZhrTo z^U}|j(w>ygc!ycR2+G%UO>SG0f*05)PGi4H4#_#Z7Y09WMwto@?N@H{Hyr<=aJqJk zYSCp<@fA@qmH4>KPCIO$cTJpb{!n~^WR1Mh-yL<5sJU(tzqwGXix3~Tt|s^UK+jHe zW`AeVjFKvr3<(t1u`I>W_CYOoCrJkRplP(TjpIcuYA~4vUcuUvbvJpq3wW7oR0`4n zl%qn@0QKt^$C>~=v6K_xIMK+aKbF1`Ros9pIfF(fBKeI4OUU9EPHDa+F+kzcl_orRAYW^@)W+c}D}W+%1Ol|HPabGWfj11H?)b1xhm;PkmgsU67z# z$Qwbs!E#R$Ej;fE&PXv!w>xF@?397d@oe~($cJX1ZuZDX?nA6BQDdihyo|QJ(-Rys z;@)SVeJ(pe#T8v43yWcr$^M`fap8ju*<*1bm|zM|G?e1`0YFF0 zHF^Xjc-t>=?>d7PP31C@4}(rXZfk5uGQww3)rXjpGR1meF< z-_}yN#I-KtvLQaf&Hfum%ky;=tvL0-uWJ7FmnV$Ocf?bN0aE#19I$CR00@WLBxr7j z`M}@21B>bTb|2xl-8BmMufAxl?_O#N3!eVwF1fc2 zf#=a{?zgnOS?RUyu*w>v*f1yM=fRxr&>^|ffU?CaTDCkPyW%9kpcO`+dIk}u9buVppHIt}wA^88NBVy}9Dc&cviM%+*%oW9#c))V`V zc1YrZomSi%Na&A@d?70CM;b=QSIan^ds|T($+_D!L3r@*7|C+kD-yEGM%tKxLy^@y5w-rC`i5 z#d#9o;&%rxgWYGOeKiZZEt<4*!CD=YYt`ZUplUVe=v)gn`|l7^eqE6B129T=CsBA8 ziceJ&6ty1ykONovcdFU-&j$!v0FHn93j^qTgn8ZRfX}}RGl>OFX?r$6q&8=C5On9N z#OXg}StQTN$u0eVxUz>L+|9{oW9dRMb%Dam>+W015lDAtY18Kw`a=dxiCc*>cj)?K zjD>YiS|-$(()*h7GR(NqedBqerwuxQ$Wg_e14B!h38rF$-WQ<#c&2{GG|5>B)>msu z)|%_r6i=XNs~S;lZ#!en>!C@VMX5DZrOnn;{VW{xl|7FG(s8oR(HPKj)Rs696-zua zlF+%17g$U2dDjXc9TJ>#eR(!z3M#Aa^II0$Hp4HyF`Dza=8J2*H@X50e-&($0g~;*a z$VyAglBeRdvLffbw`fKq2t)?5%i{^lkG?euoTKfjdno5p;Y?d-_e7Ez_(N8(4PM%qjqW@KL5z)N=Krgo1d8FgfKw$63!>+<8 zu5Kn*yFWpWfT)1{ZM!w9mcsIJptc$XH^J3oKUz>y{=4FB7YOdZN@q%D)E4gpB$wP0 zaODDj8a~OFU2^#fBJvK`yj5=uHY~GFNM36LVq52e9$u7qNp~chA{yk-q7gEsQW3B# zr~a2yItw>}nCp_GZ3>>P0L31LNF7-PPu+VrA1O(}a{K0%ymwnCiGr=Guu*0UtW}pN7)m8#;bA>u<(;e}uRsEiXcExY^8D^GN@pQ#s#ZG|P zx~5=vI~EvU2ExQJi$5|#zcfSlITLXp_b}Alk4Dbzg+*qiU& zmq|~(170DW6~E2U&8#10v9vz%Q$MzTnZI3POGo-+!3!6A5HaQ8s4fdDfQ+#!Po2tGI=xclHRxCD3C1eZ*J1a}XC z<@aByeYkb+t*zRZQ>W@wKb`KbPk%d7TT2=5IrVb@0Dz~eqVN^~K;eFRm%zq+daka* zi~#`J1XTrDJ#Uml(`QgJ#Wv?*IStE1$T(s5XB50dSxYL#nIT$bBRWOPM4~%ryGsC zhQXWuL_*s}g3#24`w|y#2`!p}Z~phAk&)4*962URG&xU(PK{XyTW#gZD9IZMeqp_I zM}`q58jcC3v0n}EJRq%RAW;cI07%egQbSEc!^HRW=Kx$U?Cx^^F)%M`HiDtDv=k%| zaDVgZbrrq%ZD?s}Daz-P_@ilL^i;0&V@d7%p=wXg^O8|Escz3b+pAaSeY|6Jv+rNV zcR%<4Y2UD&__+)%Mc2rZWQA>Ca4dCSXJvPHu0&K-P0je`W;0%z6o0Lz^KK8QsHpfJ zu9@liRf>WT|e!#qHtXDJIi+8?U`!SC4uj!rN-F(xr z09V(D>7DAg+C&y5k9p;6Js4!+{`Oq={rmR|7F#XtEiK+C>z|Vq;ziv}+}+Q-6<|M( z2&5^r1Ds4(#W=R`X`-ArgkEix<&n^|@aE6UZyBEAn62WuP6SSn0NATFszSbRU`4bd zobathbx&yx&>#DZcAnRa&07V(DOrem1aAJs3OZF(Q zNy|wsRjiIwV4i3ogn#sH=vnXR=xC+e=Acs@Cxy4Y0(i+tg57zcO#1{7r49)R*MR~b(wA{g9?Uihx z2Pxx+Zu}a8N_yA_5dj9y^@Y@p+43x({*xD)4haB6uK-=vdR+qi5~#Ud@0EgUkB(4_ z-~hgM?C%%BwP3EHrRaHXwZh-KCuu#NCIAmvD}lJYDH7f6#Atp$9h`NP7S#a&TgxAL z&J%Hy0wdS(tyw8poDC_~VxcVwZ1e9@*iy=F(EUG=DuIR=ZBU*4L#+ncMpG`M>@WiE zKmu58B~gBjbcP7s5mrGl&T-B_VGO!@;=+)3r-9QEwy(mAOY}l%X7Y#<6LO<;mZ=Nf zquWXK<_QcG)a{11h*I@^0&fJz44pI>#n7U~ZI?lGl@X=u)xzQtD3!}?Ct3F`Yi@Ow%sJ}TTpke-bnwwFq$_fcUMkeU=`yz7tGB%zAE_2y;0R*+htRSYs9_wUPe6%iyjhiREc(_&NLcMQdYI8DrYk) zjjbS#(y#0sn!%Y5GSkAqn4^^7Vlr{iz*4;p3?OsQ!eyFtg4L9r0rWchd~BT~D*fBe4C?^UH*Trn+YfN2xy<+tY1gK!qmf7dV&_1K; z{p-4wGLpzvGMOPfCe3Uf^qff(OBj$}b;-rjx~fxlc7Q%9Sde=DDyIg$~KSB z3C3M!XJ^}(9HK$h#6!bTfQtK@(@k*sw7O8(^ah3JO-Wc1re=QpWO;k|Yi?YV%so3 zf@L6CS6`13`HN!bnc@3L)XoLvP+||-`#XWNqvSIO)&Z@zg^Y5}R zzcFOEnb6?*eZ3iB#P0c8lwRxG(9;|dbrh)hll=M3;g}TZia2OZkv?53smI-lS_@cg z6;L>>Qo;d2R%toRK#P&<@VGhzt-?=|&jq7i`*zLlhZOh}FGsi?Zz7=$0)@xN-(9d<~64*sg`k@_h$>TJ6 zJiUBbkIwytfKAZ0O5T6Lg24b|UlJA#k1l;w)Id9~r#9kefMeb*uxkPF%Frl1v}^0B zMnv{rE5LNJD}ZZN2e0a4&&Cfvyvs=lC=pjM>ak4wuDO-EspV}+m1Hf}b3k&NW;QMu z{ca{>7ZflF~>L=T&A%!`TTPxHce2I5V=F(|;6o ze&+Mi{mx8bI;EWvKHYGHs~Osg@LF}_J{dse+H(Tn&EeElZca}fGJh|=Fs#sf{levC z0hG(s8n2|^QAU9-%rc5jDTW4-W}Q!GY6|tThm{32Y7>@E3birIqBpsRCx#364kuNWxQ9UxNw~L1lzf~3w zwLAd9O8O2PKiO2J`HF?W8}`N_xekv#lMh$PS%&ZO_4`IWBj|K^1=Ux+_qf|yDnb;Q zev2g!+&jbEhbZRiY7Q13?)Ga+P%G~WA6{SR;NU=HJu#sT!POq#m;|LaN{#p$Y=2}F zhqjBJ0k{RMe{=^?1Rf0`5eAN{eFV~em_E5o@zl>?Yj$yf=q;pey7#>XRtenj5%{*- z-Y0+FVg^hu-39{2i~6tZ`q^%rb$$AH-YUtk-YnU+WAbbG>T&D=n|wAtOQ)-cQtU{| z^I%cyAzxHn85i(qNLgzQNowU36cj8fgoi9a^aisN<&F?a&~l$nJIJuEtiC@p-NK7+ zz7hAF0V88$(d*4F8>Ty7*G_07UWUEEr;DAAr|(e@P+n9upd)db5HXI9G_MFh7rHOK&Z3G{liF%v6(8o*&bOfkSijRyKUTEKZ_WtF zmsMx7k)+S@H`pF$fz|k#B@tZ@{2`cM;I%jMGU-a{*&E2>ArO&pBb0v0y&#~xUI^9B zJXQ$TSX`uRGBEovAq<_)UmpRy)dB2Zsj$7b&%PzEUPiBS^<-Tt(V8oW<#a3Y%{n_= zs)s!ke&bUN2+$soh>Q04A;FJ3$TdqOBX|8Bz%8ykaYF17>BeF)PZOiX{oa?wD2Z)0 zVkZ#DsHluBZYF)jSDtcZGe<)?!Q2*z!!P8TZe zlaTS7|^n44xt+9$LW3A zy;D(j#E28^wV*g36nyo37$F<@*L27b>Or_m=dHE;iBM196~ou|9oATFBWV!PV`02h zMtod;d`snM>_xV5ll@{N`!KbqJ5dPP%=brTWi0+cvR6D%gvFY3Ao(5*n$KUiM20^s z9e{u`3p#5iFVbmgw%K93+L)i?Y`+VoTiSMb$Go_BmiZR+c}eD!?(EdUKMKw#pN(9f z1bu37QDCsAzZ1eEOjp}I3s^%K74Ukj{e5;Q5?E^d;HAUV>MP>w&7}K z@cLN8<*!*!Bh@vQX?@?$Q2;_Hyo(ot-l#-tv|A7=jc!aCTNOkwSST;jqY|SOckxKC z$rr=w5^~%o`>^su9m|}Afj?}`&E>K<1apgFNz`4u6p&BY^tEkg(uu89JL(Btsx8lm zc!D>%kj!^#wsOSoBKLn9vui?`xNz$M&R~1KuWlj}#0XcBc{>S6!)rg{xn34Ftt{^- zxX=yk%ZCujq)Hk5)9%Lpcaifwv@Wrb^i`c(rmfFoRdU?vcT-Slzn><9<{Btt1d_Sp z)`3mi@(kzeEJF_t$3!s#lO64E_s_nW38vpHyxF&n!uny4nu`Z7%Ux0-4QPMvG9kP3 z`4SmVd~@zE*qRjY`+~Uzr>>B2_FV^+cbQ7p=T17^{2zY9ANIlTwAl-Z zEFdz_ueY9vTiX2griHs$m@5NQfUlTIcOzWJ9O3>8Nf_^U8M7Fgc$#eE-B94~Wvu>H ze~wcmkUi%a(Gjosxgagv`8f!EuOUJ!595`cY@Rc^F}eZZFOo3*0Ii}Ka4+1XgKdAw zzT9d$MEA`+sAuA=<@;ycca7Zfv5+JcRrskL$mx3pZT^qVrAXwD)FI%=m6tR@xz zdPsubwTQ|s03e8$vKjh@7_XM~2E9LZHHE>d1DmuKw_!(@KRPJl&TD80RdhP1n)0@l z?kwIxm&)jFcAR z&tLXcIx~0CdiAo52^K@rtm!aS6bnNJ z-|y85^YbT6dOx}m4UBVwr5=0+8Y!vPFa!Ka0Y=#;o?6}T(Q9V&%^kE|O?to{UwYC6s7W^pCl=PzVt10sllRne5X* zERYAhOhR7rDQP`HZ2xJj1i?2d0`!Bva>103;mcP5DYE^KzfV-DqziHX_U3d@Exx;E zy?WmfTo?=w=S(>%PfPXy?vC#FC zl|eSt^yrU%tFt`|C_1@w&z5yv^1FwtZHD`&Bx8{6t$g+E0W%2t7U6z>ofwtXN@6% zH}8JAt>wepVLB1gwST7-n~1BaTor7%<|jpai`y6N5GsTZDqtYF%mZ=v2f$C!G|_Wl z&6(2|1-Z~0?5r&y*>_f`;Dq_4udDIS0iWTajA;d5eyxg6HpZ;AUox=}&GGJb#~t(NoY zZprDEMoeSmfl6sSSE_BH+A3MGNGK%y6mu9B$$g&}Z%uN0-s1`S>))v>=R5-ubkjgyBh#=buc z0qnEO{0gKqV*p9w|8}&L(rd5b>nhe4JC8uBXUsFBK*FrVUw6EStJ?L-7_~X(ruv2r zNhZ|wbX|;ybfWB6FcaeqCL3*fANoD>!HIgV=SUaP%r=|pHm8aeCyV3W_MY-p?$#W2~0~ciD`K{n2F9Jm2yBXMmZq(Pm+tjI+W%!M$ROz`z+joQaVkQh8kQa zb3K6@ryuLs zTjii-Ew}qLq4`H%ZGYm}3VN6^o9}@goN~$bf#T?x{X0lh}wkyK54h@rC6tJ@2@$c`*fS<*Vt_{n7tZ6t; zp2o{YCiNVuA6kh{dK#gUckf}7PK&FfB>9EAO4GJloo$VjJ#phKUImmVr!psdXH(uZ zUlX(Cu3S7?Px5*y!fdk7d;Jsqqpa${bnq8>d3BteuKhBU<)V1M{@abmS3C@l&MX!G z5v|4qLWSr)W?=zTHC0r+DMT(qdBRzAVnCUwmFpOibYEI(8XBNQjBJc;ke*;qTUh#M zI-I+0Y!|{vL{l1G`WOPc6Fi=}xvIJdc5hv4crujd@?>=tGVj_+)SI2QPSv`lNj-GT zjH}h+&vILQZmPnLFc+Orl`oemcg%^ z{&R|)`)TA|*>>Y{(3`xxZS+dNw!3Z@YkRRS2IXCP*8-_(-nOsiiAHNRp?>z@ ztNg|Jo;}{PVQ2wv3fG+LG6&B&O_-9nCJK&=hjBEV3-6jf3iA7qFi=yRK4;?Q?vf0S zo>b+BtXRqhVMPxv5Aj;P4Eo%}%cx3oiOW~v&H_I$+x;{?(&en&_czy5-Oj*+z0e`0 zbMqk`83L@{xV_9v+YGC6vHK7Jo3GA&0ZH(Coi6J@xA&F&4}ufK_we{bEQ7b;fr1~e zeahZ)z%Pw@2VD62P^btW@=bPN(wcRpbd!)y$)oxR+FaK+EHWxsKjq}3beFwHXoZnz zZXlWfjsqeSth6(>(d*xAz4zsx;&xVafC~Z;2uh9Umh-$)g6_zRDs;hYBt6WVS;=4u zb^I4&m4x4rVI>$cVa<$C%dHFa5V91J_PwxusbriYk0rpIwb1RU+3axWivgJJFck!t zsjbx5r@;pEgu5n%1rkpDM=~SX*VIyt`Z)M$2z8X1(k);_o0!~iBU|OCs-L}VZV%xh z4YmJJdhbrw+65Z15>J<&om(dwNm!TTU1sxqTY-OAU~HvR;NO$RJaYxP^0g9{lsR<# z9&Rl}5BYvkoOy*LY UnX|Az-BAKm6}1$q1O+P!%N^)OQ5$U|?WS`{)Fnk!b7lZ=u>VGAP*8+8>N=%FH5l6(^Y_i1Qwf~V`*^Y(NBuyFFi zM0%ewTh*w2zy74@bYHRZb?x@}NEuTF;RCFc=>NNKBk%p5_6nkY|!@N`nOVN!$wz#4%`=eAxBWzueJr_N4(@wh*KL0EPongkN@UG@6js!_C^ zRJKubLZ4?xmTzimYC>-iYTA)Z(cW8TxB>Vtj0nHoqfoq5gaT%kmMwReMywy}Ovm}l zyr~`MegTd&J2^;DHDUy=tx$Jy4jbt>bJ*0%leo%sW4kAtl@GO7})^xOh)F zE_=q!urQMb1Y6jufoJv^z%_NtT-M7s^i~NBE!57IQ`uq+!!(^)Cwsv<3>!;Lwt$b^ ze*jb>6D;wtA)tj1#E_4_+{x-|5+%>{p%Hq&GgzO0;U8bO(*3 zs&@{GXhc&N`R<`|yoO+6Q%CN*rXtWoPh zb<;BAS-f_JD`>?0V?@H94|}R^@wp^ukuuy?i>z=jP5E>pN8UfLuL<8;G%C6+Nc*0o zFH+&}0E@_1SRX3$Cn5T@!6^7MS4oC)Vfn<^IChZP{GVe<0ME z2s9*bD((goX^3^c-r>P9S(2fZ34%ti4P9Nq0ALz+0|my zNLt1-De6iCCIo^@SsMiAgAF!3o_TsF6NL=^+e3|t@3)50>nHS|DTm*;!K>S$~$!WjwbR-EqX_&=a69rIt_s-zBEtUb?ZGM9h_}9V$&X!+Eef=ffv1c;j-T*KjcZGLKfOfqV1ZFPSO^ojf-&}6&eoh8>Su2p%* zy2E0mj(K-L;$2rxoY-8FDkZexB>0nG2TBVjW{c=?t1o2Mb zXFp0-$VjukNd;gbFq^>Lc~IJJ{|fPUz{YQ}oghN(<+#j!$+BX1*#K3anLx?{Ol zX{}=$`L4K1kpji_e+MEHx*GB)o@}Dgd$T&9enS@W(c#!|`7n1t;*v^1%uBEYkN53& zQlMK9HP6maIF7`~E#=$Ix@mHCX-_7OCZHg)ktzGEkiXf@wi`dLMh4UAd|t0Zxfs#K zJcW%{c)REl-p{1mg@D8L^q+6H-ZqBq3`ANkb$Hwd(_R2UG$iSJC{vPyIJgTDATvkN zEX1Lfz(_fln5Kzc0SQxe8PRL6t8^X$Hn7rA=Hh;HPFNQ=wK>+awLTxZWWdq8hD_odwjP~9Jg z>-(J@<|dHS>@UT^KMdvV#WxDxMLXkZqkJA+!OZH6Db+LC)&wCg1wBgzi2r* z_swNG))+L(UDslmr8o~@C7Zsq`xv&fG3cQAXl)pBK=RKreo31bM8QG_-b?d&h+_7& zFWTcnN8f{X5Zk?z(ip%UgeAlV(aSCusrNu0WYMbKy`kiJ`gygF@00tsR#>7-?~sZx zPS7X514a>G-t`l+m}crt2=zz5dW`5n_4MBGEs=!l8fF3?{KH!7GdI9FRaqjFvR7=oUMyFACwF&;J{T!Pm}M+Fvn(6# z4ij)W4hwNhW_>{s1%anCor#oZv?Q!25B9`+DCYU5ZpY_`PlLj>Md%YIS}Prv5g zrUkR^SEh*gKx|mNbq>*TZIe{z-z-~iy3@hmTd*t_yQxNsP$)-;x`trVR*~CJ#D3mK zPUo~x3%)yB0pb$#STA!*>AXsBP@WM4h?kp24^wf3&Ploj? zX|9yMy7dEZ&1QSQlWSvWP8QpH-SB5wJ`vV?Az0=dJWkCIZ&$y>s)-E6W%9dq7qibxVzakeBmgO0SGAoUfRYVMz1nMCv>x=#yh-tmqtb& zIL>6MYC#D0IhNCvx@|N)ZskN+NrHK0LC~!EcjFK9MTI@b-6&veT91Do0*jx#vG$}C zVM8Yi5`DW~<$`jtU>U|!%DkoAu)c;Xs`VSWguCVs5)WmelCsju0u@ zWiMg&e(lQ2@!XU9D1I+Vbk#l4V>ze`(Dn4EF5zvzgrL3-gI>202*zom>CbzH!75#D zzD981p2%q6Ln+yUcbaf&6_P7?ce6;?^QO=$4|{)K6Bg-?6d@%Gbl5x%T6jKXnDl_z zZ?d#$q{~=I4Msc$;DT+7_cOA%k+bl$(xcv*kFY6%cZ)`Q2`IV+AUwy~=%pt^IYa{^ z=EK=KQS0oBR{^=H&8%W*lE_n}x<$B>EfzQkIQ1TTmdlLaGa=zce#9Cw;cQ~ssS+@f z>qPiO=yIbegMlFt;&1_%$`M64U&%jH{(XF?(K@~UYh>5=OLJ)j1mg}Nqf`9KI8!eR zt_3AG)tf<8Et-8;Nxx86_QdQ>J?8Ckwok1&#qB9~d~psLxq#sawH1{4j0>gNCAZ8B1hIDd(Xt@OlM#7mJA5t6fcL)j-V~E$kviRAPW6;(d}+M3cAcVnrHRz+r6i+vtVlc5GAC@5Tq_*{=jA(5piUZWjWMGBY9pmq zR@^qm12KhQkFgL-zTh`*`bA@XaK;g>HVvWWX3QKvH_N1v(Joa#V0kgtK*jQ^H{YZz zPd6sF_An!?b_Mh^q65}d!-pZFyGTR~5UTC%RmYiVIIe*}PYTNx?P_s_U%$&8DM_%%6I$m0&o&^U`ShqF^fAhYuNGyS(~xCs~;rNPEOHf0x`YQuzM zXmcN$(icQi?LC8uE3dXSm-^M_2CICXxz~pku36#kD!(@zCs3{s1mQOCx?MFtnlT4a zZ)BkL3NSLAe2vogH7O0<`u%)8KSVgpX4)7q>ugW(frI)k#5?$pVy#Q<=a!{YM!GoSjm-0Ji$ z1T`hzgkldh?6eod0p5XK@c}S=I_`dq#t-&c{fKkY+~=-IQ#9I$&Tr$W3=fDStWT`3%w`PxX-eI~$G6KUVjST}vcI26t!26NIQ*^QLftjSL(DVZ_WPP`{%3+u0|oX#T|#u~f>S z*&tLxrGe;F+`!Is^MA@q6(#o)W+z-&BChaQP6$HDoRDwS`8OpU91k;ZJe=C~qfjgM zTm8*$KU6lI&Xk6HDLqDIHJD%hM)UX*3-^Rx;&FQiH?{p0q@w*Sa+ed{hZ3Fy>$46y zZqkR{)nr0J5vPz&W%E2pA5!08{Bfu&+$=Z5_1A=5#L=|g*&E=U-lLw|B_43_5;jp~ zD5!KuEjxuy-`=`VuXVfci`cF8e&;gzg#yMws)HUJHf@JV2z@w#v1@MqT;d*yrg2+gSWE-x%pR6+P`HIr|Bic zR`GuQto%n&X#DYnB$!&HM1#=VhR++UD8!@tP5Ast?z#cwFdCT}wX*JOkLzITMmpGC z>U-li+*vyWrx_|8a#h4{8S6cqq9hQ7nW+6rqu#$$_6B!eY8Bhddf$EhB9m0z(z6>8IMa7%V`KNL8aWX2Jb-jDV`5JkO7} zJ_oWzB>f@7Ua$xTCGM{ZMzx5#yA7Z0P6&nk1M##7-Gr3U+Y`}!|G3>KJCw+PrM8pW zHr9r++mm#EXU$frlL=5WNRV8=rYB`fufIv(Q)j@Sh+azHP2=)2^c40pv)5(Xwn99? zS-?oJg#j3vv+5XK+;O$1lhYJGd;Y}16|ylcG)1(U;g&+ls90s$0CrUfOS@}%BU3Vy zG~O*=^=@mPKP@enJWgXE2?*!PA?uA+D9`LnkBc;$uE)z=%eQu{e=o`+T!QJ#bM{vk znim}wm>_Z5m(%HF8AWw%93IU6HW(c40eTnmBQD8#h~~KOfrF4~H?1vgCQ&OC%*HDs zbrEjdi(*OLwv(_LKYne6CcSC&L2y9)ypdSI`Lx{?w4ETlfp)ix%^4TRYlOfa4KeGI_rzo0v!ukjQ~YcBHyAdm!#uXmGU??M*8 zT^Lm{f+{{nlR+WL8-64zQ+-ai+9CyRp_`t~So_EP#X&rM7Oc*IY2JlNqn%++aZ_ir zvmYg?fBMG@@bR0j#D6@VpG}6oCZ&na{-@G}7M$_#V67@SYRc@lw(?O0pPpm8lHm}*!RT9=8<4wz_NvV!f94Y(Z}Sw^j`MuKWio=$`=}P{LbIiq4RUh z3b#ZPU)!R_ZQR-Ee72lxlUdO_^<(zmtLwjz&9|BP&xs8=Il?te8#Zd=|NZL!7Yy%z z+wX05i-~qIxoqAvG~U37>(7^KVP}jJ3wyfiEo&8mmXVr493K#6)X$X&`LSC^6_?{J zi~sfnq9qvSU+8=2HU9^y?2hX0_JdDLcij$UQsUhTv<^T-T{im{4s73v5La{Wt-lgudSqUTGTo%RO(t*bwQpg#EuK(I9$$G9qyo)ek)5uksuGi6giD$HqGXH|Vwn(REq-QwjxRUUVXfdG4=}m(k7J*2vCpkA*^r zxN(icJbPkC)}EXIObmoEUi&pU{7y751qHg^+(8Tp`zt_tJ8^k zGft*jm-mbF^WB*x{bQEboz{3dpMx;Xt9q2CbQDpG+SLwN9N$+ljoUhqJ%cSeO4Kh% zsb|+qLtVWtN((3ilqG?kXcJ3!kTKyKb=rA*zwTjs%eA0$4cslDllcd^j^M(gv`b8# zi&Q6kCt&JtT!x}Pks9Sxdq=V^frasN=vN3vt4IU^*N?ayRKg&3m|!&GCpI|mfLJEh zJ7$TLyhza*WmQO}oO}qChv8@<6H8zA55+4>A{n*&CM{ucwK-DzS28$gbA4B3Fowqc z8`gnmussXBOJk{!85Aapfe@Ri)oPN8UoIeWCUwcd6(!kim(FcFS-R*UZ4AG$|LLotWu+{R7F%^|vo1 z1;vBo_cO=G$G?mQqt;>y!THZU;t4h8_cJrgKh*Vb!8J! zxG9|k@OHC3?37!InL^ngKGn&rJ}(^~7b)@+k+Xh>Qt|_(5cfyY?!iy{_Hnt|?wA$- z0bS5x9&q0cop?_wbp2;9Dg%s77iN%>Z3)P1YD(pw)O>@vSu({YNK7yhd3tgrFR$T$ z$k-}R7`s=#iuMJ8S}A=IM?1eG?`5(%K_RSG1EKPNXw&{t_< zY{sRUWGZD3pOnLN?0M{FVYYfg+;?yJ$H{z!{Y;;?_Zc0lC^gA1w8IzI*@a&ml(%E|mhjXFG^0vq2g{Ym_ zxLw>D;w>Jgwlg;9qI4_lhJ7KEQz!6_L)UP%Hm)t|EKdsN)cn`9^)Qe7 z@<=2^RouoglHcXr6BbzIZVw3goy&Nf?LoNw^Us>g#>>^y?FsH|Wrqcw=@SJV#O|5P z!fW-+{u)?TmFB}&*!8d-E=0^fguOmyJ4pc)H0%hrNB0b9v17&AkL2Jgsn^Q66Dg0*k6$up3V<+P zSF~P_+=EI{Pdo{V}6S#qm28C{q#LvO`d!M!Q6)kkGW9Pp8l9XrJCmj2Ayh?kEi^9NJFGE$^G zB+@22U^Mg-27y-6Qnsgut~tL%ccG>>OfmkR1+~Q4u0AR08SIqX@xgX5i`m*;pOa@6 zrNxoDa}RVAh-ydS>g2qbUGI-$XXxPVOb$sYdF>KSlD9Q9rFfbxLe&%Qd?5DsIAxuP zZg;0O>~C}&rp~oqVjE*TFX}cqsDt@eqZJ)=$Ld+b-;^g7-Z$gMJ0hzPSm!GS+l{v+ zax?E^u8j^Ahf>g-KD?u6pqorp6ybTzcE{%@1gMj6MU-iNX)!pd`Ecgrb~d^(A@T}d zrN&?(Nta2<=qZe-S?KHQ4Gdk+xAy1bLt{6=<2U>>Vj3I!aw)nm=!?gE95Myj0=rGOrXA@6 z^MPIl2LwfDhT9^q{*N0I&mNTGi(w@HC3RXP>LECU(%e&gK5oid8E<}Vmw3RmxHS#3 z@}|d8QZY}&f_M8QaoN7Ji?qj;2txWV567p|ji?ZZu<?sRVWL{&zwr_Esm9Yf1k=`SNG_;L zb3r0f4H5in@ccBh&1~i+pP^VV-erUBd;*7%dGG2o^2DAFM ziBv+nBYyz-U|sI;QV8w;L<5h-AAc@)MxRWk3D-N-@>+G}&!OM`K31j6=;1#ao8_Ly zeJ(X!Z+FX*o)-Fwo^1s>kal6?SqaLe+34iS%qFvw}Itr+GZBY5Vg^(1rsNh`82CGmzy9nbOs}P}dm9I;0i3 zp(j)(6WC1i{nO>At;|Qs><0Kz`ud+DjTn|1XVBhfqM~LHbmg3L>+h^|drY+tYfNL! zpyfE(S|&|PDczG3SUc79Cg?Z)_T<))Z2uztoTv-FJCViJlpRe~AaZ@&+#E8&j9AKG zr{U(~A4~#M(UifSAnv~rWlo!wCbkcQmh!VCAc?YtHE4hjXs zPaYjcu_-VzYZ@(3>;O=6zrH<{$ z84oLC=$YH?;F`Hxu`em-l#p|C^o^g?fZBX{PExxBGewGuX(83)l4ky&<#f=3^c!V2~f|41F)iBL+4m*Zhhu<*p& zc9(F^>a+JY4LCjWnek#*(bF6yQ~w15KmLp1>GX!cdnO}240u)IszJ? zJs_z)g}_)qpCwDjyU))=kd!{%7Lzk0}lHtANH& zmLxk&^QNPHg1)r%Vm6glMi3<66oGS1JK~{_^sv_IDz`q$h-oyWoFk4)84B1eU=H?? zeXme=RvE;mS{U17ZG^%z2FQN&yy2@W3;DSM#cpXpLY@gI)0l%D>{X=3v%zlS41U$_ zQ7nKXU$1T_ZW9l4(HgM$1g^^^oSpb?l*RU4-Z@eDCkz@*k9PY;1^&gL?NY6Y?-$cm zQuJ3FZfR%=ZL}ZPL^y_nGb97e?6$Eb>s7u#i{X}q?pHs+e-cQTs+_9@Pd1ua^e6{N z@8j220eXGI-0wXY5aWKm`i9szu;VV22wOSDpYl;%jla#xSnsNKw#N_|NegQF02+S$ z*``x3++A;YYfXq~6qKpL9cj!RCEAtp@c!m;gZ&pKr1%-m(^$xuMLh$SC3A&g$S3&< zUBNpZgQV8?PG)YLgLbP61HHdY)isrW+W@gkn3{>a^>y^-Xx3yI$ywMs8D7_TzFAO3Q-%?|UO3?Or0xmt}(w zZ2xjV^r{jc)bpkkkB|3QEx0W4xYExH@1#{n-(!`3=cS*I^ZHC-5B#`SIF#3UzSZ1U zv~Mgl@>A?B=-WW&G=X;lkv;i!A8ddmcaUcuw2BL`$Z{xOJX{gmKsVZ%02hHNI^_PWSX{RL{tE)`MYxj90GHb$mH2koU+a=?+N=S!?K~Km&3M+ z@`YpnLDPmQ-z|+RtKBPENoSuf8!99fGHJ4A%6(*om4|>=a?X=9Jw^Dk{l5$_Vzlm} z~Dvm%aCbm~D8S zPZxge@huGL9bok!#3ke!6z{u~V=2CZ<4@Y8G?( zz!JL^853IyI~3_zF(kf!ACvL?J2=KxoDQ2n?q9-GkWaLVU=ChZi|u>&KVrZ!Gy^*L zHsua;1rlJqLp?Ri=j3=Aj0km)Q_JOFuxr5-cgq?Bq7>B=r`6o;Twng}k%^VgHYX9C zUnd?LA20D~;D~Wf&!~{uJ{k$t>Tq`|B@|`-iA#R^Ey@ND(I^>n&sczB+YQ^6U@*!m zL%|MOu;Ghs;}KVpU&9eHZ4iv%hv1oBfGRdCZi)_;i63^&t-=2LgSQAcy$^AXQ@~Ir z3*QAhF;LC)lIdpu)#>6*X}o8DiJE(<&9TJ<;GUQBQLbV6(qR;|V|(0k^!v(gK{>T5 zGE3WL&T;h)F($m%1oeKIiFf*)HwiNm3yaL|*ZGA2wcxw71py;f9{3sI5bmQrq(`P7*zo zwWVyy=RMDk$S<>R40o6ll4w}SGMZ$gQzlPbVOrpB@9i0XEo{7d7p{Ud z+0Ny6NIP)gLFxmpX-6NvmJzWP%SxEq*Q@gHtZ{jEM>b+wk*or%?WLrYq`;=tE0Ri> zG2D;d@7R_BDgkhz;lULhjo|8sgf{O+=O5mj2*0C%=4$>6_9t;Su8!B}l_@+XGvHX8 zs;2p)18Hs;HVB$i=>oK$x5?jd-j_?SfLxsmJ(Bz^L^3jD;5mEi_R;r1NzLVja%R=I z@4>OMm*IHlfO1&{g~Sly(}6+M6JEfTN!YPfW|1q7_-lrL7dk$B{*pye#=JW;kEgx& z5?G9r3sEpaFr0ES5o9tn{cW`wvOUkn(-5w!#n!&ZAlwxo0&7DA(3N{XK4cKbvgU_;$xmnAbv9DZ}+VE_zf>JV08CYIo6Z^?7qC&VX5IVPpxkYZS>^PjXko5V9C;5%3`g2-ZB|5DY=a-m08~D ztI*VOv+*t%(A~q8hH0a}mPAXFLIP&784ch(PDyWl?~#|l_mv@bnhV8K#~mJx&p=GT z4E9?<%`4UB)|K!iys2Grra*O#Omh(fMs8vA#M|!IZ0#U!1)%Aj66C$M9BN-Q??idv z_#d=~aQ;UQ_={21$b8ovo7I^;@T15wl3~q#Qqt5*2cVX!>|BiM@tYlYj95fip{k%F zH-vP9NnH2+geS~u)UM()7M|6-Mu`(TxP(AoK46^i>&*7a01ltg&?pn2mkf*@Ro^$i zXa)|m$w}4tn`*N0kTyf1_2UP4^MoAelzj|_Sr{~PQ%hO04hP+XI3@+v=f>+kzD=et z|3@zWmufDmEBaU0Q8d=l)-?}r6#Mrg{Qngl{Ktvt$L}lp!as#*?GGJUGe$CpnNlQ& z<>6G0d!+y@D6|d4vHO3A5I%r*v|WzpO1z+WPoxv_bmFo^*P9f`4pXF<=KPmSRUy-w zzCxW=B7V-qgVz)?QD9d6j=7=p){{!)NGRUApvf*QG~KH<=r#Sn1cT*Tb!cUPE(kG^ z*WJa&E8W5RE+&OEct9FZ?m0^m5H7c}n|76b!~Iw7M}jjYYMEx;8OtE$%;4V0zX=~5 z+%#BD`_NVY_|E6F+!>1dI^JpTeXa~$BY@(|&sU)r2kwvL3nMO2D~RSV#aqo`;PrbG z7-+vJ73?FGLxN;|iq#%ekLT&Zi?+?1h*(b+zajj=C)Qo0fMOlYUUv9;J6$C3lod{* zE118aa)-7V=3V6;Zv$dtftqjZM@B<;Tn!abYn%25AV=&sa%NTA=*Y!T^3u2lHJ z)TPRFtYt2OWwjy%cw$T#r7jByVRG0yU8(~N409Vp-KZDHs__6?c#NGhTcpQ3VyI)# z9O_xZ&DPof&E$W7y5v9+CV2j38w%Bk0#|C^wMG%)syok*rEqkOqP%j^=*Dbw9g0XA zk0-O`0ph3?A&1f0k&u@upBf6~yf9xDIJrs2HMnu8TOiAk|IFF-XtcjF{F=bfe5ftf zbpocmw3NS0tIm`q^$KZAzW(AA>2{p^RE#tVGU zMwZ5Z6-J_4t=|K{Xq`kF$lzCw6bT6Wm+>VZ2*Xo(%?4TT-gH@~n88i=MVQudOyZ{O zR??z{yRF6EK1Y0KRj!>rkhQx3bqoq{P_-?xTg$=Ua0jQNV-oAPXNxiTQBw@(yt>=&{k;!Y!Ogvw)N z?kT}5xwZK!rrsru+iXJ9aQkF~0sc#@M=V+MOcy#oh*-$|Mm~R3+P28XV5g8&p+oIH zSg~_@R>S57h!qC!yFqyzRdB)32$+76U9QF}FFadruoRzpf0MD83i-L;A3Aupkbi5} z)ITm#*=YmWORlV}T<_Td4=;%CtcpGO zRctrg?RSbrfOc{T!vzBS{6=bWzT@8>f5YojTGwP!Xkn$g{@;CP&fUYf(4^2`!E zh?ItM!7-5QF|Q2l>md(Lp#yc7)B9lOkh6*adw! zxHNoF-t#OE9{?b>TCEg*)-D*g*edZn;fBNW1N^-B{pZi_tMk{#sgxR~M z+{Fkzs!)f@-Dnuo1o65 z(b3ImJuD0QD5Z!?6n)kxRBB|j@hU>vX!f)T`jw9^M%$Jrk}D#EQyO@1^=^a(m*DA6 zvt1f$^}I0{?KWa}y5hE)a_IzmS=;v^1)2>D`IY}khM6cL5bAmSGEBiFV<@tm#&cb8 zmPsN;F;%rXwItpoNSGmzrO0pcNQKdqxtH1aA5sXyK*w7M!@c|_D4KC?efxU^WSOKG z#Ux_zILS`lNk7!EQ3%{;fYU=_JqKnyC1O=)KC`1S*F2JYfVUF{dK1bM=%u=8&=D963-*(Bwq{g zeY`|4iO?`h{KowE&PTD5pR^X~fho z_Z3FPd167Z@a(K*wMMhv5BTq+E__eJYqH$5`5fO*TPTx1 zv6@)m`$)faR9wTBCA2Xv2f_|&YEN*b#wQG)C}qv1lqNREQgYsVg(PPAsxZOhztT3f{0_hStqfR->RD5FtmiekZ3lraSsuZc-+ z{ve+h!Fv!%nN@4@Jso;tk$Ic7 zf$uCT>bJNp;s|^`&KP|xG@Z;8dJQ|{gm377C>xl*6Co;MT{pz{fs?36%QmKdlo)nd zLSb)qyWYRziY_GDFbFPdfB5QL^Whf6kew0f!age);oDKBQQ=NC+!(a=hS@Ds&<2tc zo-^!H)O(30KkA-9fv2DH!?5`h(#~}yZ6A?xwpp*g(rDeZ>Nu--LhR{KRYrcH!9Bl9 zZ{q5vsqVvW-8?8pNdI{aFzZ~xvGgU-jNvAF9LtN&r)O6NdAbH2yt@)Mo_@;)k!ClD zSqqEtsg1%Co@E8w3r0I3SN)06+*P2-9K8=iLOmE!SH->IcS{8sT`3TNJJlvWB+@b- zu=vGeD^VS1&h?pgC9_4bwM4VM!W{f^%TGuhuo+i*??*+_m{~873MQ7e@u6*=w!PC+-lcRW(o_`g)ubrN- zWgXFN%Xi)T4=DsP>$a|jWfHIP`{gk%pKVXL6#WVU`W;w%+Re`O)O#c6qdEVGrVibz zhf3seZ29|da#&~x{wXix@+ZS`y!n+W&Ft3VP$vnRs|%F)m}&Xgpn0=f1_ib ziOJ8(C<`Q~XzRMbUM?14gJa__aQ~FqT^}i;m*YTW_e6!U!^V{FkzSksGzbJ%tR~tn?`ql{ZUED%DWHCPV5N5)x- zCv@=ufg6tEgv`ghB#78$2dZ)%N*%vnPOqRRR!wteZ@Z-8~7M!D;{xHLY*l&B!@GM{Y`R*CDfE2{ohCV$k1WA zY1YSL1N<1@k1+O(Fhrz;oWk~v?&ulKEf&59^0D-7o*dBvq+T}oW=dq(4DA6hV&6*F zMP`%B#c({Slp!45! zcxAvouRrqSZr^c`VWDn+KDD^(S|&eFWMhiBkX&nw@caf1wZGv^W`e-V2^8;B=Hvgl z;Q=Sp>m?V4VgfT_l@We}@2W8&8A_ND7A+EZrKB_V+BfdTvBeg+LG~IvWun(9i-~KZg)nM7Zal7a8O|E#FWgK_Q7Bns_Kao?_-H zU7RAi7i)9AjxgOF8{%Sk;DtWt#O?K>D|=*g%9>W&_fk_QI|mEtfr|F%@0}jc4%@GL z)Km5ULTvv!pHd(WlXjwTTAJ=UQyb6B247u1&$Rcw1QQzFA-{aB3rQCOFy!fgBV*=S z2XIMl2v%WBl5#gYhPZs|9VNjLzW0Uc72&8KAT&VdHd z_sU3zHAmH1KuV%2pSjRKYbKW>8ya#^8S_vn!jC^f^bWbesxlrmrK(D|t+6=G?1Z%* zdNAm}9pid(3<@5}U8E^FxeWNWzK{(38wCa#Bi? JmE!vT{|o%4_k;id literal 0 HcmV?d00001 diff --git a/admin/scss/components/_editor.scss b/admin/scss/components/_editor.scss index 01f775b4..96adabec 100644 --- a/admin/scss/components/_editor.scss +++ b/admin/scss/components/_editor.scss @@ -40,6 +40,15 @@ background: transparent url(../img/editor.png) no-repeat; } +@media +(-webkit-min-device-pixel-ratio: 2), +(min-resolution: 192dpi) { + #wmd-button-row span { + background-image: url(../img/editor@2x.png); + @include background-size(320px 60px); + } +} + // 撰写预览切换 tab .wmd-edittab { float: right; From 1a51276b3d95fa9ab9122075d5e36729add25584 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Tue, 11 Mar 2014 19:40:07 +0800 Subject: [PATCH 03/23] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E6=98=B5=E7=A7=B0=E4=BF=AE=E6=94=B9=E6=97=B6=E5=8F=AF=E8=83=BD?= =?UTF-8?q?=E9=80=A0=E6=88=90=E7=9A=84xss?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Widget/Users/Edit.php | 1 + 1 file changed, 1 insertion(+) diff --git a/var/Widget/Users/Edit.php b/var/Widget/Users/Edit.php index d071207b..14206648 100644 --- a/var/Widget/Users/Edit.php +++ b/var/Widget/Users/Edit.php @@ -167,6 +167,7 @@ class Widget_Users_Edit extends Widget_Abstract_Users implements Widget_Interfac /** 给表单增加规则 */ if ('insert' == $action || 'update' == $action) { $screenName->addRule(array($this, 'screenNameExists'), _t('昵称已经存在')); + $screenName->addRule('xssCheck', _t('请不要在昵称中使用特殊字符')); $url->addRule('url', _t('个人主页地址格式错误')); $mail->addRule('required', _t('必须填写电子邮箱')); $mail->addRule(array($this, 'mailExists'), _t('电子邮箱地址已经存在')); From e4c62b85f14f8e1a9e1cfea19fdd2f824ca8f679 Mon Sep 17 00:00:00 2001 From: fen Date: Tue, 11 Mar 2014 20:02:35 +0800 Subject: [PATCH 04/23] fixed retina support --- admin/css/style.css | 129 +++++++++++++----- admin/img/icons-2x-se223d6d340.png | Bin 0 -> 4801 bytes .../{icon-delete-2x.png => icon-delete.png} | Bin .../{icon-edit-2x.png => icon-edit.png} | Bin .../{icon-exlink-2x.png => icon-exlink.png} | Bin ...d-active-2x.png => icon-upload-active.png} | Bin .../{icon-upload-2x.png => icon-upload.png} | Bin ...pplication-2x.png => mime-application.png} | Bin .../{mime-archive-2x.png => mime-archive.png} | Bin .../{mime-audio-2x.png => mime-audio.png} | Bin .../{mime-html-2x.png => mime-html.png} | Bin .../{mime-image-2x.png => mime-image.png} | Bin .../{mime-office-2x.png => mime-office.png} | Bin .../{mime-script-2x.png => mime-script.png} | Bin .../{mime-text-2x.png => mime-text.png} | Bin .../{mime-unknow-2x.png => mime-unknow.png} | Bin .../{mime-video-2x.png => mime-video.png} | Bin admin/scss/_icons.scss | 65 ++++++--- admin/scss/components/_editor.scss | 2 +- 19 files changed, 145 insertions(+), 51 deletions(-) create mode 100644 admin/img/icons-2x-se223d6d340.png rename admin/img/icons-2x/{icon-delete-2x.png => icon-delete.png} (100%) rename admin/img/icons-2x/{icon-edit-2x.png => icon-edit.png} (100%) rename admin/img/icons-2x/{icon-exlink-2x.png => icon-exlink.png} (100%) rename admin/img/icons-2x/{icon-upload-active-2x.png => icon-upload-active.png} (100%) rename admin/img/icons-2x/{icon-upload-2x.png => icon-upload.png} (100%) rename admin/img/icons-2x/{mime-application-2x.png => mime-application.png} (100%) rename admin/img/icons-2x/{mime-archive-2x.png => mime-archive.png} (100%) rename admin/img/icons-2x/{mime-audio-2x.png => mime-audio.png} (100%) rename admin/img/icons-2x/{mime-html-2x.png => mime-html.png} (100%) rename admin/img/icons-2x/{mime-image-2x.png => mime-image.png} (100%) rename admin/img/icons-2x/{mime-office-2x.png => mime-office.png} (100%) rename admin/img/icons-2x/{mime-script-2x.png => mime-script.png} (100%) rename admin/img/icons-2x/{mime-text-2x.png => mime-text.png} (100%) rename admin/img/icons-2x/{mime-unknow-2x.png => mime-unknow.png} (100%) rename admin/img/icons-2x/{mime-video-2x.png => mime-video.png} (100%) diff --git a/admin/css/style.css b/admin/css/style.css index c87b5f50..ade4c149 100644 --- a/admin/css/style.css +++ b/admin/css/style.css @@ -1408,112 +1408,177 @@ a.operate-reply { /** * icons */ -/* line 8, ../scss/_icons.scss */ +/* line 29, ../scss/_icons.scss */ .i-edit, .i-delete, .i-exlink, .mime-office, .mime-text, .mime-image, .mime-html, .mime-archive, .mime-application, .mime-audio, .mime-script, .mime-video, .mime-unknow, .i-upload, .i-upload-active { display: inline-block; vertical-align: text-bottom; - background: url('../img/icons-sba2b1299ac.png') no-repeat; - text-indent: -9999em; } - /* line 13, ../scss/_icons.scss */ + text-indent: -9999em; + background-image: url('../img/icons-sba2b1299ac.png'); + background-repeat: no-repeat; } + /* line 35, ../scss/_icons.scss */ .i-edit:hover, .i-delete:hover, .i-exlink:hover, .mime-office:hover, .mime-text:hover, .mime-image:hover, .mime-html:hover, .mime-archive:hover, .mime-application:hover, .mime-audio:hover, .mime-script:hover, .mime-video:hover, .mime-unknow:hover, .i-upload:hover, .i-upload-active:hover { filter: progid:DXImageTransform.Microsoft.Alpha(Opacity=75); opacity: 0.75; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 29, ../scss/_icons.scss */ + .i-edit, .i-delete, .i-exlink, .mime-office, .mime-text, .mime-image, .mime-html, .mime-archive, .mime-application, .mime-audio, .mime-script, .mime-video, .mime-unknow, .i-upload, .i-upload-active { + -webkit-background-size: auto 256px; + -moz-background-size: auto 256px; + -o-background-size: auto 256px; + background-size: auto 256px; + background-image: url('../img/icons-2x-se223d6d340.png'); } } -/* line 18, ../scss/_icons.scss */ +/* line 47, ../scss/_icons.scss */ .i-edit, .i-delete, .i-exlink, .mime-office, .mime-text, .mime-image, .mime-html, .mime-archive, .mime-application, .mime-audio, .mime-script, .mime-video, .mime-unknow { width: 16px; height: 16px; } -/* line 24, ../scss/_icons.scss */ +/* line 53, ../scss/_icons.scss */ .i-upload, .i-upload-active { width: 24px; height: 24px; } -/* line 30, ../scss/_icons.scss */ +/* line 59, ../scss/_icons.scss */ .i-edit { background-position: 0 -80px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 59, ../scss/_icons.scss */ + .i-edit { + background-position: 0 -80px; } } -/* line 34, ../scss/_icons.scss */ +/* line 63, ../scss/_icons.scss */ .i-delete { background-position: 0 -64px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 63, ../scss/_icons.scss */ + .i-delete { + background-position: 0 -64px; } } -/* line 42, ../scss/_icons.scss */ +/* line 71, ../scss/_icons.scss */ .i-upload { background-position: 0 -24px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 71, ../scss/_icons.scss */ + .i-upload { + background-position: 0 -24px; } } -/* line 47, ../scss/_icons.scss */ +/* line 76, ../scss/_icons.scss */ .i-upload-active { background-position: 0 0; } -/* line 53, ../scss/_icons.scss */ +/* line 82, ../scss/_icons.scss */ .i-caret-up, .i-caret-down, .i-caret-left, .i-caret-right { display: inline-block; border-style: solid; border-color: transparent transparent #BBB transparent; border-width: 3px 4px 5px; } -/* line 59, ../scss/_icons.scss */ +/* line 88, ../scss/_icons.scss */ .i-caret-down { border-color: #BBB transparent transparent transparent; border-width: 5px 4px 3px; } -/* line 63, ../scss/_icons.scss */ +/* line 92, ../scss/_icons.scss */ .i-caret-left { border-color: transparent #BBB transparent transparent; border-width: 4px 5px 4px 3px; } -/* line 67, ../scss/_icons.scss */ +/* line 96, ../scss/_icons.scss */ .i-caret-right { border-color: transparent transparent transparent #BBB; border-width: 4px 3px 4px 5px; } -/* line 72, ../scss/_icons.scss */ +/* line 101, ../scss/_icons.scss */ .i-exlink { background-position: 0 -48px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 101, ../scss/_icons.scss */ + .i-exlink { + background-position: 0 -48px; } } /* 文件类型图标 */ -/* line 80, ../scss/_icons.scss */ +/* line 109, ../scss/_icons.scss */ .mime-office { background-position: 0 -128px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 109, ../scss/_icons.scss */ + .mime-office { + background-position: 0 -112px; } } -/* line 85, ../scss/_icons.scss */ +/* line 114, ../scss/_icons.scss */ .mime-text { background-position: 0 -208px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 114, ../scss/_icons.scss */ + .mime-text { + background-position: 0 -208px; } } -/* line 90, ../scss/_icons.scss */ +/* line 119, ../scss/_icons.scss */ .mime-image { background-position: 0 -96px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 119, ../scss/_icons.scss */ + .mime-image { + background-position: 0 -96px; } } -/* line 95, ../scss/_icons.scss */ +/* line 124, ../scss/_icons.scss */ .mime-html { background-position: 0 -144px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 124, ../scss/_icons.scss */ + .mime-html { + background-position: 0 -144px; } } -/* line 100, ../scss/_icons.scss */ +/* line 129, ../scss/_icons.scss */ .mime-archive { background-position: 0 -224px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 129, ../scss/_icons.scss */ + .mime-archive { + background-position: 0 -224px; } } -/* line 105, ../scss/_icons.scss */ +/* line 134, ../scss/_icons.scss */ .mime-application { background-position: 0 -160px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 134, ../scss/_icons.scss */ + .mime-application { + background-position: 0 -176px; } } -/* line 110, ../scss/_icons.scss */ +/* line 139, ../scss/_icons.scss */ .mime-audio { background-position: 0 -240px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 139, ../scss/_icons.scss */ + .mime-audio { + background-position: 0 -240px; } } -/* line 115, ../scss/_icons.scss */ +/* line 144, ../scss/_icons.scss */ .mime-script { background-position: 0 -176px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 144, ../scss/_icons.scss */ + .mime-script { + background-position: 0 -160px; } } -/* line 120, ../scss/_icons.scss */ +/* line 149, ../scss/_icons.scss */ .mime-video { background-position: 0 -112px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 149, ../scss/_icons.scss */ + .mime-video { + background-position: 0 -128px; } } -/* line 125, ../scss/_icons.scss */ +/* line 154, ../scss/_icons.scss */ .mime-unknow { background-position: 0 -192px; } + @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) { + /* line 154, ../scss/_icons.scss */ + .mime-unknow { + background-position: 0 -192px; } } /* Logo 图标 */ -/* line 132, ../scss/_icons.scss */ +/* line 161, ../scss/_icons.scss */ .i-logo, .i-logo-s { width: 169px; height: 40px; @@ -1526,12 +1591,12 @@ a.operate-reply { background-size: auto 40px; filter: progid:DXImageTransform.Microsoft.Alpha(Opacity=15); opacity: 0.15; } - /* line 140, ../scss/_icons.scss */ + /* line 169, ../scss/_icons.scss */ .i-logo:hover, .i-logo-s:hover { filter: progid:DXImageTransform.Microsoft.Alpha(Opacity=20); opacity: 0.2; } -/* line 144, ../scss/_icons.scss */ +/* line 173, ../scss/_icons.scss */ .i-logo-s { width: 26px; height: 26px; @@ -1589,10 +1654,10 @@ a.operate-reply { /* line 46, ../scss/components/_editor.scss */ #wmd-button-row span { background-image: url(../img/editor@2x.png); - -webkit-background-size: 320px 60px; - -moz-background-size: 320px 60px; - -o-background-size: 320px 60px; - background-size: 320px 60px; } } + -webkit-background-size: 320px auto; + -moz-background-size: 320px auto; + -o-background-size: 320px auto; + background-size: 320px auto; } } /* line 53, ../scss/components/_editor.scss */ .wmd-edittab { float: right; diff --git a/admin/img/icons-2x-se223d6d340.png b/admin/img/icons-2x-se223d6d340.png new file mode 100644 index 0000000000000000000000000000000000000000..71b1f8799d5ec33753dbb8bdc0996081dbe7d87b GIT binary patch literal 4801 zcmZ`-cTkhxw*3;27D@yJr6n|jpaRl+L^-h>XAG_QI_FwlAitfkAGa1pEy)INjzN+H zx*knlL8fzcTn+R*aMieX#zwk&9tQ@;?Esv{JKK z?8BJRIQ1X|dy3|RXlT_k%%iTbE{8GCjsxoJ7k;v45#2l}Z@y*pqbx#jIWz*?{|J(N z^+$Nik91Qxv7puRvD`^R?>TpAkT|u#3-qGyJySonvcth}Hm~_DeZ|k;t3IjoZOERL z=-Oue_Mn1$pa+GE_SL03+|4!09I|?9?U#U*Nww>WA-CunK93*V+0d(H3sRR0gUoah zt2W+y|t zF9haD3HQ02cf!5b5Li3q#7{o%xqu1fQr*btZj0jwToXxZ`6WO%r&1e)*NLOb!Udg*EEDHMxc3e0vtt5RxDH%G=_E3l^ z9PQQV5h&;H*t%PfqKcE+X=Z=?DptmNZKAV{?Qs0^<<*HQqAjjh%ztMpr7VxX&wJ(5 z=I+^d-FP8y^x!d(s*>_S>9YhtUAu->^ST|drgJxr(qfS=1Nq%;2wYFd57nQZu=VNUu}jOjGf|PT ziK>e^Wc$u!zR4?8FNgc+gwG2b54s~)`@BNBJi95*xHL5hcyL`+#o*;Fu#b~zYuI<~ zWd$oL2?~RN&}m_1K~4|mJ6@F{AlfZ2x3Dua;P`J{2XlbcE7Wo-LXaT?%YQ@}L-l40$Y_xiNcsFsaDSbK z^xXWU8_{J~SLa|<9Pk;mMb_u zSpii|?gI_m8DYA$sZ`g1$Jq_Kw=--E6iyEfu~|xW+>S8>lQq8X z)7$RhphrvCu4LIce~fa?jm4E2mDsG`M9Gn7qb0hhV zYLhyKUdnsuJ0s89qN0-HKg%$5xh>Sq8TpYM{n)>@h0dp|yHQ)wPMcH5v8fqWe}$cH zb8S8m9;u$S4sH+u!K89PM5jI^tIG2}x=FJ%XQYT<5qM))Us8F#|2kNm+lc6% zrcKR}xSu5Z2MCjCQ3#~wfs%z45FXj*#KTm9D5OB82d6X&Vlrj%IQ-Kg}LK4Lj> z)4Y~6+yxnxM#~e-uZxNWc5 z8Dq_b1{`{Pks;wyW5EB-yg7uDtcs%PO6!Uej#qC!w5W~4F~}WFxxj#rT>8*95WG*9 z>{xol-@T{Js}lT?A=|jrWwmFZJ6){WfS;IsiKs+f@Ef1c`g%=GP0J9ZQ9-A~i)`}^ zex!S>!}4UypPpEt!i#LRhC=8|XkM%(A1op|*h^*1x49~|!C}FeUsq4hEiuo=7`}Eh z)3nnHb16-B55dpCCgr}x7|DPwW;Cj_pEd=?gGEU;f4rxM8dFeEWE3+7t<*#2U)v>2 zWnlB#8U@u=?RPJ$Uyl^FYpAP#ZJv*t>*Sq?)vSendsToYYhpAchZ(K(WS)u8b9Sr9 zl2VO8_MBdi7O|Qd8m^htLRoZs7}W#-zhF1+t~pEF(1nYWG0_iaA8?FmBCqvXCjyAF z9Ret*1DuM`WE1#ndF5TZ&f8cBqraAk$rPIZoA<%Ss|+#Wqy}L3*#;aawh ze9=($ji00uf3UI}H8>#9)UT@h!q5f!^=EVb)+prR@g>xs@tfn<+;l5(>4;(XS}37a z7MWIW*u|76Q31~F7`b!z@iMD%Zf@?w4eY?cz;nfRDw4+J=9O%0s<0CKIWdp7iPuRf@~VYe9Gm!-gvw5|z|Ym=KBaALVxjwcr+36Ze)VP#UZ@0W zZ`lQR*y%vk3OBLvbA>nh3`(4YaaY@Q-z&wN{VoJPB&HQs>z#`!cs?RgjJ-HKOi(dAVkLiYXEauK5`&0{w0<=k6Vr7ry55x{Y)8} zY`f@9baqH;$_V7fjT@Q7TTizRDgEu^GTFq*!vY_s@Hys!@O|Wv^c{kCwubd8zZaPK zk=s?~Y=6D2Z7ZPmBmeiO`tkKZY65gcA!F0$tu}1l#s{t#xmYuXX4ln>N;6hwlxQbg zT-uP7>hfD|)r$7`2LpQ0iTeeN^2G`f_n(cee@f&t$UE8?<~#Lfub;hQVp&b?%SU3R`=?R9qZL&eE`#Z8>a< zSK^m^_f||q0>o}(Gp~k(79+!Zh9K8qP6R#YEq+>Z2YI2SV>hsGo!9{|oDi5L z5;6l~HJSgchW-5CzkiQ(3Si!oiuCgGni>R7PEI00ja_hB>XPT}w02u#rB@+7)Lxpt zbQbQoRMa%4uPeBIF-FSW!owutO>~B8N;9R<5jkmGT5?lom6`3!x~t2x(84U;M`vY* zmIhkKbm5pjwcmRA*F@x820p5gmOhYbvb;d}>TCFRs_Zp+roT(2nc}*NPm5LbJbtqk zh(8N{@%H(5iNeHjT?2!oQQ>*1wHeKRWY3(fYT=uySNcXyyAM<+UVPSL2U^SRiq9cia)x zZe9sNx*xw%iTTXM8agP+doWj!ey|ZnAXeQ?nSTSwv-)_zP|SX|Zd(5VLWCcyl;Hhv zG(-y6sXdyZunvg08`v@rvY`#Tn-|^g;(Gg-I>!J`QAGsUo#ph0$J<+ToJ0#VfAP9g zW7|B;Lr&~wTcJtZtgAmT=gcj8^5};+CM$F z6DbarBHfV*bD?nj?KkMLW4}jL(OUc z*z{I-pxTOPvQBvCqfde@@=I4T7uzRi(n4|V8K@OeyLAw1%rUQ@8q}>iFO%4Xg%>(A zlgE>lhf73Bp0tuO{razT1PvRWVie?3-RaGopX&8|EW;hVTPZ#r-A>eGQRfBjNZTWp zX?FiwrB#qZXI1HgS3d9BiT(98%OI#PZe}kZfzRdu&Y}7%h<#j|%%p1J{8C z?(z?0+8;X;OVa0YpJ&d5B)Q9+cHQ&iok)97d zeawX^70^$w7!<>jrx<1~kuNX}e2VQJs$bqHNBAtHU8OWXrM>%K!~9@qSi){DoVt#$ zU$5ItiyKUfFz9vnL;NmWS;!oA&lZUAncL9MF5aeD$+Mmy=^0P>2##yoK^vVXPQm0H z4ho0pw>v+AmA&cS5=;V{(3Avh{-6b!AFsIPevxSKoQ$31QL|MLJJ93>*jqkKc0wxK zFV4$wN)oGAnZf|{a(iO`y{i~Tj$Y>xF3^$0G+c*zLnpCb@!jC zy7F6V*vx)K_hk&!8Q11WeDM?WZlr}L`O1zxnktu#qvv$0$=1-KQ2;9^rQYg5k^kpD zED$085TOOx(_p(1bc5#@gC-t(x}EDLjRCf=ox#fe@2W@(g=v)HcQW3GVq)aAslSw+s<0OS%^z6uJ4DoS-kGRwC) z%LOz}aP*v@G=Ub{w$}mZV-8V%9nr^}P6lhBVmSl{%(1%d7wIq3g=+*t_MpD=f7UeQ z5lPMos5k}MO%q2)hg2}0q1`Rdwk=L^;d<&bhb}6sQGtx;pVrxy$!>$0Npy8%-1m!mk7ad7#>M$%J><(8tm6XUtMxiCg_u$r=K;Br0%*6xF8Bl!sHy2MTS+aG{?`B_U=*0?{quV1bFUM7t-` z1dQSMv5pZs)+-wpIBb^}QyR*{tUjc?H6o;!2Fu}D5+*?Yv#Gi|5dO9sLEe9k8O<0g z&_w)rcJp9jFx>uxirV}B5(Q@ZvwSa#Jf|SG1)Z9Upxf^tQ-~L?aM1v@;8gYlJx?&k5;P~k z3C6&;;dOc95>Y}lEz;l`p%RtA{{uCZw7&D0i>cwJB8TFQQ)=}ZVCynbXdeX5;Ze{I zd#^R>ZgILPO5A5k0BE>JNa^2G5dg2v0K#%}H|X9IiY)H*E$xF3f$irP_s4zV{W8k3 zNZC0(SWf;RfdNFDCXS|0T?XVzLQsAROd#{mWc^L`kA?Zv6^(Nh{}5>q;SXNphlol~ zfdhb$1aN@#^~IEFSNb(Kf2UI?htyC5GRv)SQ_*5bE~>#D9a@4H zG39{1cI)=4(sOxYr~^=t5wa3a5FJdA)0mI~5}2l(y8`8B$c;S5Ph=3DrT`U14TU0k Hv!H(gw66AZ literal 0 HcmV?d00001 diff --git a/admin/img/icons-2x/icon-delete-2x.png b/admin/img/icons-2x/icon-delete.png similarity index 100% rename from admin/img/icons-2x/icon-delete-2x.png rename to admin/img/icons-2x/icon-delete.png diff --git a/admin/img/icons-2x/icon-edit-2x.png b/admin/img/icons-2x/icon-edit.png similarity index 100% rename from admin/img/icons-2x/icon-edit-2x.png rename to admin/img/icons-2x/icon-edit.png diff --git a/admin/img/icons-2x/icon-exlink-2x.png b/admin/img/icons-2x/icon-exlink.png similarity index 100% rename from admin/img/icons-2x/icon-exlink-2x.png rename to admin/img/icons-2x/icon-exlink.png diff --git a/admin/img/icons-2x/icon-upload-active-2x.png b/admin/img/icons-2x/icon-upload-active.png similarity index 100% rename from admin/img/icons-2x/icon-upload-active-2x.png rename to admin/img/icons-2x/icon-upload-active.png diff --git a/admin/img/icons-2x/icon-upload-2x.png b/admin/img/icons-2x/icon-upload.png similarity index 100% rename from admin/img/icons-2x/icon-upload-2x.png rename to admin/img/icons-2x/icon-upload.png diff --git a/admin/img/icons-2x/mime-application-2x.png b/admin/img/icons-2x/mime-application.png similarity index 100% rename from admin/img/icons-2x/mime-application-2x.png rename to admin/img/icons-2x/mime-application.png diff --git a/admin/img/icons-2x/mime-archive-2x.png b/admin/img/icons-2x/mime-archive.png similarity index 100% rename from admin/img/icons-2x/mime-archive-2x.png rename to admin/img/icons-2x/mime-archive.png diff --git a/admin/img/icons-2x/mime-audio-2x.png b/admin/img/icons-2x/mime-audio.png similarity index 100% rename from admin/img/icons-2x/mime-audio-2x.png rename to admin/img/icons-2x/mime-audio.png diff --git a/admin/img/icons-2x/mime-html-2x.png b/admin/img/icons-2x/mime-html.png similarity index 100% rename from admin/img/icons-2x/mime-html-2x.png rename to admin/img/icons-2x/mime-html.png diff --git a/admin/img/icons-2x/mime-image-2x.png b/admin/img/icons-2x/mime-image.png similarity index 100% rename from admin/img/icons-2x/mime-image-2x.png rename to admin/img/icons-2x/mime-image.png diff --git a/admin/img/icons-2x/mime-office-2x.png b/admin/img/icons-2x/mime-office.png similarity index 100% rename from admin/img/icons-2x/mime-office-2x.png rename to admin/img/icons-2x/mime-office.png diff --git a/admin/img/icons-2x/mime-script-2x.png b/admin/img/icons-2x/mime-script.png similarity index 100% rename from admin/img/icons-2x/mime-script-2x.png rename to admin/img/icons-2x/mime-script.png diff --git a/admin/img/icons-2x/mime-text-2x.png b/admin/img/icons-2x/mime-text.png similarity index 100% rename from admin/img/icons-2x/mime-text-2x.png rename to admin/img/icons-2x/mime-text.png diff --git a/admin/img/icons-2x/mime-unknow-2x.png b/admin/img/icons-2x/mime-unknow.png similarity index 100% rename from admin/img/icons-2x/mime-unknow-2x.png rename to admin/img/icons-2x/mime-unknow.png diff --git a/admin/img/icons-2x/mime-video-2x.png b/admin/img/icons-2x/mime-video.png similarity index 100% rename from admin/img/icons-2x/mime-video-2x.png rename to admin/img/icons-2x/mime-video.png diff --git a/admin/scss/_icons.scss b/admin/scss/_icons.scss index 83beeff8..1992149d 100644 --- a/admin/scss/_icons.scss +++ b/admin/scss/_icons.scss @@ -1,18 +1,47 @@ /** * icons */ +$sprites: sprite-map("icons/*.png"); +$sprites-retina: sprite-map("icons-2x/*.png"); + +@mixin sprite-background($name) { + // background-image: sprite-url($sprites); + background-position: sprite-position($sprites, $name); + // background-repeat: no-repeat; + // display: block; + // height: image-height(sprite-file($sprites, $name)); + // width: image-width(sprite-file($sprites, $name)); + @media + (-webkit-min-device-pixel-ratio: 2), + (min-resolution: 192dpi) { + // Workaround for https://gist.github.com/2140082 + @if (sprite-position($sprites, $name) != sprite-position($sprites-retina, $name)) { + $ypos: round(nth(sprite-position($sprites-retina, $name), 2) / 2); + background-position: 0 $ypos; + } + // Hard coded width of the normal sprite image. There must be a smarter way to do this. + // @include background-size(auto 256px); + // background-image: sprite-url($sprites-retina); + } +} -$icons: sprite-map("icons/*.png"); -$icons-2x: sprite-map("icons-2x/*.png"); %i-base { display: inline-block; vertical-align: text-bottom; - background: $icons no-repeat; text-indent: -9999em; + background-image: sprite-url($sprites); + background-repeat: no-repeat; &:hover { @include opacity(0.75); } + @media + (-webkit-min-device-pixel-ratio: 2), + (min-resolution: 192dpi) { + // Hard coded width of the normal sprite image. There must be a smarter way to do this. + @include background-size(auto 256px); + background-image: sprite-url($sprites-retina); + } } %i-16 { @@ -29,11 +58,11 @@ $icons-2x: sprite-map("icons-2x/*.png"); .i-edit { @extend %i-16; - background-position: sprite-position($icons, icon-edit); + @include sprite-background(icon-edit); } .i-delete { @extend %i-16; - background-position: sprite-position($icons, icon-delete); + @include sprite-background(icon-delete); } @@ -41,12 +70,12 @@ $icons-2x: sprite-map("icons-2x/*.png"); .i-upload { @extend %i-24; - background-position: sprite-position($icons, icon-upload); + @include sprite-background(icon-upload); } .i-upload-active { @extend %i-24; - background-position: sprite-position($icons, icon-upload-active); + @include sprite-background(icon-upload-active); } // 小箭头 @@ -71,7 +100,7 @@ $icons-2x: sprite-map("icons-2x/*.png"); .i-exlink { @extend %i-16; - background-position: sprite-position($icons, icon-exlink); + @include sprite-background(icon-exlink); } @@ -79,52 +108,52 @@ $icons-2x: sprite-map("icons-2x/*.png"); .mime-office { @extend %i-16; - background-position: sprite-position($icons, mime-office); + @include sprite-background(mime-office); } .mime-text { @extend %i-16; - background-position: sprite-position($icons, mime-text); + @include sprite-background(mime-text); } .mime-image { @extend %i-16; - background-position: sprite-position($icons, mime-image); + @include sprite-background(mime-image); } .mime-html { @extend %i-16; - background-position: sprite-position($icons, mime-html); + @include sprite-background(mime-html); } .mime-archive { @extend %i-16; - background-position: sprite-position($icons, mime-archive); + @include sprite-background(mime-archive); } .mime-application { @extend %i-16; - background-position: sprite-position($icons, mime-application); + @include sprite-background(mime-application); } .mime-audio { @extend %i-16; - background-position: sprite-position($icons, mime-audio); + @include sprite-background(mime-audio); } .mime-script { @extend %i-16; - background-position: sprite-position($icons, mime-script); + @include sprite-background(mime-script); } .mime-video { @extend %i-16; - background-position: sprite-position($icons, mime-video); + @include sprite-background(mime-video); } .mime-unknow { @extend %i-16; - background-position: sprite-position($icons, mime-unknow); + @include sprite-background(mime-unknow); } diff --git a/admin/scss/components/_editor.scss b/admin/scss/components/_editor.scss index 96adabec..2d9b68f4 100644 --- a/admin/scss/components/_editor.scss +++ b/admin/scss/components/_editor.scss @@ -45,7 +45,7 @@ (min-resolution: 192dpi) { #wmd-button-row span { background-image: url(../img/editor@2x.png); - @include background-size(320px 60px); + @include background-size(320px auto); } } From 6e92b4d7ce27ec41071d28733ae6aea3cd706688 Mon Sep 17 00:00:00 2001 From: fen Date: Tue, 11 Mar 2014 20:23:29 +0800 Subject: [PATCH 05/23] fixed default theme retina support --- usr/themes/default/img/icon-search.png | Bin 532 -> 494 bytes usr/themes/default/img/icon-search@2x.png | Bin 0 -> 1011 bytes usr/themes/default/style.css | 12 ++++++++++++ 3 files changed, 12 insertions(+) create mode 100644 usr/themes/default/img/icon-search@2x.png diff --git a/usr/themes/default/img/icon-search.png b/usr/themes/default/img/icon-search.png index c437e3632ee0c0549371a6da851bcc2bb123fad6..c0b7599c8d4645c2a4c1c56471ced077f9e62c47 100644 GIT binary patch delta 468 zcmV;_0W1EL1nvWnB!9I@L_t(Y4eeCBN&`U@-G>P_DFiSM`;JDEYFB?=JUDV>2#jfGmJ(f zuUf4}z)`L2)Ksq04phxqmZ6lKVhSH(Sy6n#;wTA##RIiajz=*=tXW zSiI?ih|gxTcYo#2`8uv7z*e+u+dk9<5wF+l2g;xGbzDhcO0w&^=enRZf6mu&O9H$^ zAhXZA>=r3d;a#>6IxUnq1y*WPI>Io##?*)L5)FBvJQJ2p?W_yjg|Sax;cv9t?Js_> z4^d##O-9lLVh)W7O(LQ|@fW7I2%IC>J??=~#3)b*=}l(*z{Mt!(jn`TNjRQ}2jBrp zl+lmP?8R|hTjl;}2Sp<81j%pEQ4KsJ9|gYEIS7K?ttR|C$-V*OceKffr^Au}0000< KMNUMnLSTZ|z~8U{ delta 506 zcmVyw?fR6}d z-t#7JixjBvCS>F-x|28=R=B2g42Q!TOg@Z{sK;y0CDJ9#<9N{z`0`6wCf7D(beDN+6=0&Q2$r9d$)tw;7xBel wzy88}-`|q*tkr|XSC%Z+mZ&6m>e_gLU&cuh!Bc8SGXMYp07*qoM6N<$f_a5(p5WFQ;S0pX`xc-AJ7g-hD=@D1)Ty-vUGN^AT&raD6Lf| zkq(aP)Pg#?6f0@k_!ZdfjffHw%Tr7mg45@g`8MR&OBi zrwH_pO;8}V4I-<#TyED!-&V(&KsK9AFD@>YQmIr9PF(HV$H&Ljjg5`s&dyHDHpnPF zrvQ-kiwOJ$0H>osE#AEWkp;}gPYc~hm1N{w@sgSE6+B8~3$?y-czAdn?FfH?yux<^ zMv2qJBBmPfZLMbj*)PLsUOGZue?@@H$mCl&uFJ5!jrFpQ^)fEsVHPT|Eyyuf*@^%c zEQ0?C@Qyx$e~;kjY|DV<2NE@qm=Zy9O-usAdtqCZ5O*6bcxK)@cm_5&RYciL804ugkP0h8)K% z%*(!uY$OnzupLa)?DI~?Q_wMVA1<&)0stG6fJaA1?_}Rc4#DX1;eu%-fJJwDw^5)d zsc%a5ZFLOYhYPNefD4$d?%v*BXFH}1)Jq!3uQek9Izxt5*(k?Y z*yA8kb0HA~&&!;=k+#u)sc?N-D*`zFcX4`Fr2{yg0*Ma@%ves;p)PGC24rrhPb!tl zeQn&j+qEA@S@GjzX=&*dbf$GZ-feh2;0db^DQ>siZMa|&d{@ou_UJdUkRRmpdFR=% zCP1ew0|YdPPs$Juek4+1NWI4D_4@CFgM()i6BCzE4wKMxN&xh^j`%Sj<~Ie*h1uEJ zPmM;y`Y#yQ0O0%YgW2%wAQJdya_0${NO>Y&qe*Q#j}Llv9jT! zMkzMX@03XNJ2?Vw1U837U=1PQBiz%{$J`ux0XHk Date: Tue, 11 Mar 2014 21:18:16 +0800 Subject: [PATCH 06/23] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E9=AA=8C=E8=AF=81?= =?UTF-8?q?=E5=8F=82=E6=95=B0=E4=B8=8D=E4=B8=A5=E5=AF=BC=E8=87=B4=E7=9A=84?= =?UTF-8?q?=E5=8F=AF=E8=83=BD=E6=B3=84=E6=BC=8F=E8=B7=AF=E5=BE=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install.php | 6 +- var/Typecho/Request.php | 28 ++++++- var/Widget/Comments/Edit.php | 20 +---- var/Widget/Contents/Attachment/Edit.php | 42 +++++------ var/Widget/Contents/Page/Edit.php | 83 +++++++++------------ var/Widget/Contents/Post/Edit.php | 99 +++++++++++-------------- var/Widget/Metas/Category/Edit.php | 30 ++++---- var/Widget/Metas/Tag/Edit.php | 8 +- var/Widget/Users/Edit.php | 16 ++-- 9 files changed, 160 insertions(+), 172 deletions(-) diff --git a/install.php b/install.php index 6d426266..27d8a721 100644 --- a/install.php +++ b/install.php @@ -68,7 +68,8 @@ if (!isset($_GET['finish']) && file_exists(__TYPECHO_ROOT_DIR__ . '/config.inc.p * @return string */ function _r($name, $default = NULL) { - return isset($_REQUEST[$name]) ? $_REQUEST[$name] : $default; + return isset($_REQUEST[$name]) ? + (is_array($_REQUEST[$name]) ? $default : $_REQUEST[$name]) : $default; } /** @@ -81,7 +82,8 @@ function _rFrom() { $params = func_get_args(); foreach ($params as $param) { - $result[$param] = isset($_REQUEST[$param]) ? $_REQUEST[$param] : NULL; + $result[$param] = isset($_REQUEST[$param]) ? + (is_array($_REQUEST[$param]) ? NULL : $_REQUEST[$param]) : NULL; } return $result; diff --git a/var/Typecho/Request.php b/var/Typecho/Request.php index 0d702489..0f6272f0 100644 --- a/var/Typecho/Request.php +++ b/var/Typecho/Request.php @@ -249,10 +249,36 @@ class Typecho_Request break; } - $value = is_array($value) || strlen($value) > 0 ? $value : $default; + $value = !is_array($value) && strlen($value) > 0 ? $value : $default; return $this->_filter ? $this->_applyFilter($value) : $value; } + /** + * 获取一个数组 + * + * @param $key + * @return array + */ + public function getArray($key) + { + $result = array(); + + switch (true) { + case isset($_GET[$key]): + $result = $_GET[$key]; + break; + case isset($_POST[$key]): + $result = $_POST[$key]; + break; + default: + break; + } + + $result = is_array($result) ? $result + : (strlen($result) > 0 ? array($result) : array()); + return $this->_filter ? $this->_applyFilter($result) : $result; + } + /** * 从参数列表指定的值中获取http传递参数 * diff --git a/var/Widget/Comments/Edit.php b/var/Widget/Comments/Edit.php index c98869c2..39eeedf4 100644 --- a/var/Widget/Comments/Edit.php +++ b/var/Widget/Comments/Edit.php @@ -60,18 +60,6 @@ class Widget_Comments_Edit extends Widget_Abstract_Comments implements Widget_In return false; } - /** - * 以数组形式获取coid - * - * @access private - * @return array - */ - private function getCoidAsArray() - { - $coid = $this->request->filter('int')->coid; - return $coid ? (is_array($coid) ? $coid : array($coid)) : array(); - } - /** * 标记为待审核 * @@ -80,7 +68,7 @@ class Widget_Comments_Edit extends Widget_Abstract_Comments implements Widget_In */ public function waitingComment() { - $comments = $this->getCoidAsArray(); + $comments = $this->request->filter('int')->getArray('coid'); $updateRows = 0; foreach ($comments as $comment) { @@ -105,7 +93,7 @@ class Widget_Comments_Edit extends Widget_Abstract_Comments implements Widget_In */ public function spamComment() { - $comments = $this->getCoidAsArray(); + $comments = $this->request->filter('int')->getArray('coid'); $updateRows = 0; foreach ($comments as $comment) { @@ -130,7 +118,7 @@ class Widget_Comments_Edit extends Widget_Abstract_Comments implements Widget_In */ public function approvedComment() { - $comments = $this->getCoidAsArray(); + $comments = $this->request->filter('int')->getArray('coid'); $updateRows = 0; foreach ($comments as $comment) { @@ -155,7 +143,7 @@ class Widget_Comments_Edit extends Widget_Abstract_Comments implements Widget_In */ public function deleteComment() { - $comments = $this->getCoidAsArray(); + $comments = $this->request->filter('int')->getArray('coid'); $deleteRows = 0; foreach ($comments as $coid) { diff --git a/var/Widget/Contents/Attachment/Edit.php b/var/Widget/Contents/Attachment/Edit.php index b4b706c5..c0019704 100644 --- a/var/Widget/Contents/Attachment/Edit.php +++ b/var/Widget/Contents/Attachment/Edit.php @@ -214,41 +214,34 @@ class Widget_Contents_Attachment_Edit extends Widget_Contents_Post_Edit implemen */ public function deleteAttachment() { - $cid = $this->request->filter('int')->cid; + $posts = $this->request->filter('int')->getArray('cid'); $deleteCount = 0; - $status = 'publish'; - if ($cid) { - /** 格式化文章主键 */ - $posts = is_array($cid) ? $cid : array($cid); - foreach ($posts as $post) { - // 删除插件接口 - $this->pluginHandle()->delete($post, $this); + foreach ($posts as $post) { + // 删除插件接口 + $this->pluginHandle()->delete($post, $this); - $condition = $this->db->sql()->where('cid = ?', $post); - $row = $this->db->fetchRow($this->select() + $condition = $this->db->sql()->where('cid = ?', $post); + $row = $this->db->fetchRow($this->select() ->where('table.contents.type = ?', 'attachment') ->where('table.contents.cid = ?', $post) ->limit(1), array($this, 'push')); - if ($this->isWriteable($condition) && $this->delete($condition)) { - /** 删除文件 */ - Widget_Upload::deleteHandle($row); + if ($this->isWriteable($condition) && $this->delete($condition)) { + /** 删除文件 */ + Widget_Upload::deleteHandle($row); - /** 删除评论 */ - $this->db->query($this->db->delete('table.comments') + /** 删除评论 */ + $this->db->query($this->db->delete('table.comments') ->where('cid = ?', $post)); - $status = $this->status; + // 完成删除插件接口 + $this->pluginHandle()->finishDelete($post, $this); - // 完成删除插件接口 - $this->pluginHandle()->finishDelete($post, $this); - - $deleteCount ++; - } - - unset($condition); + $deleteCount ++; } + + unset($condition); } if ($this->request->isAjax()) { @@ -273,7 +266,8 @@ class Widget_Contents_Attachment_Edit extends Widget_Contents_Post_Edit implemen public function clearAttachment() { $page = 1; - + $deleteCount = 0; + do { $posts = Typecho_Common::arrayFlatten($this->db->fetchAll($this->select('cid') ->from('table.contents') diff --git a/var/Widget/Contents/Page/Edit.php b/var/Widget/Contents/Page/Edit.php index ba6f6588..9b03d2ae 100644 --- a/var/Widget/Contents/Page/Edit.php +++ b/var/Widget/Contents/Page/Edit.php @@ -133,51 +133,47 @@ class Widget_Contents_Page_Edit extends Widget_Contents_Post_Edit implements Wid */ public function deletePage() { - $cid = $this->request->filter('int')->cid; + $pages = $this->request->filter('int')->getArray('cid'); $deleteCount = 0; - if ($cid) { - /** 格式化页面主键 */ - $pages = is_array($cid) ? $cid : array($cid); - foreach ($pages as $page) { - // 删除插件接口 - $this->pluginHandle()->delete($page, $this); + foreach ($pages as $page) { + // 删除插件接口 + $this->pluginHandle()->delete($page, $this); - if ($this->delete($this->db->sql()->where('cid = ?', $page))) { - /** 删除评论 */ - $this->db->query($this->db->delete('table.comments') + if ($this->delete($this->db->sql()->where('cid = ?', $page))) { + /** 删除评论 */ + $this->db->query($this->db->delete('table.comments') ->where('cid = ?', $page)); - /** 解除附件关联 */ - $this->unAttach($page); + /** 解除附件关联 */ + $this->unAttach($page); - /** 解除首页关联 */ - if ($this->options->frontPage == 'page:' . $page) { - $this->db->query($this->db->update('table.options') + /** 解除首页关联 */ + if ($this->options->frontPage == 'page:' . $page) { + $this->db->query($this->db->update('table.options') ->rows(array('value' => 'recent')) ->where('name = ?', 'frontPage')); - } + } - /** 删除草稿 */ - $draft = $this->db->fetchRow($this->db->select('cid') + /** 删除草稿 */ + $draft = $this->db->fetchRow($this->db->select('cid') ->from('table.contents') ->where('table.contents.parent = ? AND table.contents.type = ?', $page, 'page_draft') ->limit(1)); - /** 删除自定义字段 */ - $this->deleteFields($page); + /** 删除自定义字段 */ + $this->deleteFields($page); - if ($draft) { - $this->deleteDraft($draft['cid']); - $this->deleteFields($draft['cid']); - } - - // 完成删除插件接口 - $this->pluginHandle()->finishDelete($page, $this); - - $deleteCount ++; + if ($draft) { + $this->deleteDraft($draft['cid']); + $this->deleteFields($draft['cid']); } + + // 完成删除插件接口 + $this->pluginHandle()->finishDelete($page, $this); + + $deleteCount ++; } } @@ -197,29 +193,24 @@ class Widget_Contents_Page_Edit extends Widget_Contents_Post_Edit implements Wid */ public function deletePageDraft() { - $cid = $this->request->filter('int')->cid; + $pages = $this->request->filter('int')->getArray('cid'); $deleteCount = 0; - - if ($cid) { - /** 格式化文章主键 */ - $pages = is_array($cid) ? $cid : array($cid); - - foreach ($pages as $page) { - /** 删除草稿 */ - $draft = $this->db->fetchRow($this->db->select('cid') + + foreach ($pages as $page) { + /** 删除草稿 */ + $draft = $this->db->fetchRow($this->db->select('cid') ->from('table.contents') ->where('table.contents.parent = ? AND table.contents.type = ?', $page, 'page_draft') ->limit(1)); - if ($draft) { - $this->deleteDraft($draft['cid']); - $this->deleteFields($draft['cid']); - $deleteCount ++; - } + if ($draft) { + $this->deleteDraft($draft['cid']); + $this->deleteFields($draft['cid']); + $deleteCount ++; } } - + /** 设置提示信息 */ $this->widget('Widget_Notice')->set($deleteCount > 0 ? _t('草稿已经被删除') : _t('没有草稿被删除'), $deleteCount > 0 ? 'success' : 'notice'); @@ -236,9 +227,9 @@ class Widget_Contents_Page_Edit extends Widget_Contents_Post_Edit implements Wid */ public function sortPage() { - $pages = $this->request->filter('int')->cid; + $pages = $this->request->filter('int')->getArray('cid'); - if ($pages && is_array($pages)) { + if ($pages) { foreach ($pages as $sort => $cid) { $this->db->query($this->db->update('table.contents')->rows(array('order' => $sort + 1)) ->where('cid = ?', $cid)); diff --git a/var/Widget/Contents/Post/Edit.php b/var/Widget/Contents/Post/Edit.php index 7d021264..b844d42d 100644 --- a/var/Widget/Contents/Post/Edit.php +++ b/var/Widget/Contents/Post/Edit.php @@ -770,67 +770,63 @@ class Widget_Contents_Post_Edit extends Widget_Abstract_Contents implements Widg */ public function deletePost() { - $cid = $this->request->filter('int')->cid; + $posts = $this->request->filter('int')->getArray('cid'); $deleteCount = 0; - if ($cid) { - /** 格式化文章主键 */ - $posts = is_array($cid) ? $cid : array($cid); - foreach ($posts as $post) { - // 删除插件接口 - $this->pluginHandle()->delete($post, $this); + foreach ($posts as $post) { + // 删除插件接口 + $this->pluginHandle()->delete($post, $this); - $condition = $this->db->sql()->where('cid = ?', $post); - $postObject = $this->db->fetchObject($this->db->select('status', 'type') - ->from('table.contents')->where('cid = ? AND type = ?', $post, 'post')); + $condition = $this->db->sql()->where('cid = ?', $post); + $postObject = $this->db->fetchObject($this->db->select('status', 'type') + ->from('table.contents')->where('cid = ? AND type = ?', $post, 'post')); - if ($this->isWriteable($condition) && + if ($this->isWriteable($condition) && $postObject && $this->delete($condition)) { - /** 删除分类 */ - $this->setCategories($post, array(), 'publish' == $postObject->status - && 'post' == $postObject->type); + /** 删除分类 */ + $this->setCategories($post, array(), 'publish' == $postObject->status + && 'post' == $postObject->type); - /** 删除标签 */ - $this->setTags($post, NULL, 'publish' == $postObject->status - && 'post' == $postObject->type); + /** 删除标签 */ + $this->setTags($post, NULL, 'publish' == $postObject->status + && 'post' == $postObject->type); - /** 删除评论 */ - $this->db->query($this->db->delete('table.comments') + /** 删除评论 */ + $this->db->query($this->db->delete('table.comments') ->where('cid = ?', $post)); - /** 解除附件关联 */ - $this->unAttach($post); + /** 解除附件关联 */ + $this->unAttach($post); - /** 删除草稿 */ - $draft = $this->db->fetchRow($this->db->select('cid') + /** 删除草稿 */ + $draft = $this->db->fetchRow($this->db->select('cid') ->from('table.contents') ->where('table.contents.parent = ? AND table.contents.type = ?', $post, 'post_draft') ->limit(1)); - /** 删除自定义字段 */ - $this->deleteFields($post); + /** 删除自定义字段 */ + $this->deleteFields($post); - if ($draft) { - $this->deleteDraft($draft['cid']); - $this->deleteFields($draft['cid']); - } - - // 完成删除插件接口 - $this->pluginHandle()->finishDelete($post, $this); - - $deleteCount ++; + if ($draft) { + $this->deleteDraft($draft['cid']); + $this->deleteFields($draft['cid']); } - unset($condition); + // 完成删除插件接口 + $this->pluginHandle()->finishDelete($post, $this); + + $deleteCount ++; } - // 清理标签 - if ($deleteCount > 0) { - $this->widget('Widget_Abstract_Metas')->clearTags(); - } + unset($condition); + } + + // 清理标签 + if ($deleteCount > 0) { + $this->widget('Widget_Abstract_Metas')->clearTags(); } /** 设置提示信息 */ @@ -849,29 +845,24 @@ class Widget_Contents_Post_Edit extends Widget_Abstract_Contents implements Widg */ public function deletePostDraft() { - $cid = $this->request->filter('int')->cid; + $posts = $this->request->filter('int')->getArray('cid'); $deleteCount = 0; - - if ($cid) { - /** 格式化文章主键 */ - $posts = is_array($cid) ? $cid : array($cid); - - foreach ($posts as $post) { - /** 删除草稿 */ - $draft = $this->db->fetchRow($this->db->select('cid') + + foreach ($posts as $post) { + /** 删除草稿 */ + $draft = $this->db->fetchRow($this->db->select('cid') ->from('table.contents') ->where('table.contents.parent = ? AND table.contents.type = ?', $post, 'post_draft') ->limit(1)); - if ($draft) { - $this->deleteDraft($draft['cid']); - $this->deleteFields($draft['cid']); - $deleteCount ++; - } + if ($draft) { + $this->deleteDraft($draft['cid']); + $this->deleteFields($draft['cid']); + $deleteCount ++; } } - + /** 设置提示信息 */ $this->widget('Widget_Notice')->set($deleteCount > 0 ? _t('草稿已经被删除') : _t('没有草稿被删除'), $deleteCount > 0 ? 'success' : 'notice'); diff --git a/var/Widget/Metas/Category/Edit.php b/var/Widget/Metas/Category/Edit.php index a63fa6f4..6ff55b3c 100644 --- a/var/Widget/Metas/Category/Edit.php +++ b/var/Widget/Metas/Category/Edit.php @@ -305,18 +305,16 @@ class Widget_Metas_Category_Edit extends Widget_Abstract_Metas implements Widget */ public function deleteCategory() { - $categories = $this->request->filter('int')->mid; + $categories = $this->request->filter('int')->getArray('mid'); $deleteCount = 0; - if ($categories && is_array($categories)) { - foreach ($categories as $category) { - $parent = $this->db->fetchObject($this->select()->where('mid = ?', $category))->parent; + foreach ($categories as $category) { + $parent = $this->db->fetchObject($this->select()->where('mid = ?', $category))->parent; - if ($this->delete($this->db->sql()->where('mid = ?', $category))) { - $this->db->query($this->db->delete('table.relationships')->where('mid = ?', $category)); - $this->update(array('parent' => $parent), $this->db->sql()->where('parent = ?', $category)); - $deleteCount ++; - } + if ($this->delete($this->db->sql()->where('mid = ?', $category))) { + $this->db->query($this->db->delete('table.relationships')->where('mid = ?', $category)); + $this->update(array('parent' => $parent), $this->db->sql()->where('parent = ?', $category)); + $deleteCount ++; } } @@ -347,9 +345,9 @@ class Widget_Metas_Category_Edit extends Widget_Abstract_Metas implements Widget } $merge = $this->request->merge; - $categories = $this->request->filter('int')->mid; + $categories = $this->request->filter('int')->getArray('mid'); - if ($categories && is_array($categories)) { + if ($categories) { $this->merge($merge, 'category', $categories); /** 提示信息 */ @@ -370,8 +368,8 @@ class Widget_Metas_Category_Edit extends Widget_Abstract_Metas implements Widget */ public function sortCategory() { - $categories = $this->request->filter('int')->mid; - if ($categories && is_array($categories)) { + $categories = $this->request->filter('int')->getArray('mid'); + if ($categories) { $this->sort($categories, 'category'); } @@ -391,8 +389,8 @@ class Widget_Metas_Category_Edit extends Widget_Abstract_Metas implements Widget */ public function refreshCategory() { - $categories = $this->request->filter('int')->mid; - if ($categories && is_array($categories)) { + $categories = $this->request->filter('int')->getArray('mid'); + if ($categories) { foreach ($categories as $category) { $this->refreshCountByTypeAndStatus($category, 'post', 'publish'); } @@ -445,8 +443,8 @@ class Widget_Metas_Category_Edit extends Widget_Abstract_Metas implements Widget /** * 获取菜单标题 * - * @access public * @return string + * @throws Typecho_Widget_Exception */ public function getMenuTitle() { diff --git a/var/Widget/Metas/Tag/Edit.php b/var/Widget/Metas/Tag/Edit.php index d8beb1d5..17fc1e0d 100644 --- a/var/Widget/Metas/Tag/Edit.php +++ b/var/Widget/Metas/Tag/Edit.php @@ -306,9 +306,9 @@ class Widget_Metas_Tag_Edit extends Widget_Abstract_Metas implements Widget_Inte $this->response->goBack(); } - $tags = $this->request->filter('int')->mid; + $tags = $this->request->filter('int')->getArray('mid'); - if ($tags && is_array($tags)) { + if ($tags) { $this->merge($merge, 'tag', $tags); /** 提示信息 */ @@ -329,8 +329,8 @@ class Widget_Metas_Tag_Edit extends Widget_Abstract_Metas implements Widget_Inte */ public function refreshTag() { - $tags = $this->request->filter('int')->mid; - if ($tags && is_array($tags)) { + $tags = $this->request->filter('int')->getArray('mid'); + if ($tags) { foreach ($tags as $tag) { $this->refreshCountByTypeAndStatus($tag, 'post', 'publish'); } diff --git a/var/Widget/Users/Edit.php b/var/Widget/Users/Edit.php index 14206648..a5de7937 100644 --- a/var/Widget/Users/Edit.php +++ b/var/Widget/Users/Edit.php @@ -268,18 +268,16 @@ class Widget_Users_Edit extends Widget_Abstract_Users implements Widget_Interfac */ public function deleteUser() { - $users = $this->request->uid; + $users = $this->request->filter('int')->getArray('uid'); $deleteCount = 0; - if ($users && is_array($users)) { - foreach ($users as $user) { - if (1 == $user) { - continue; - } + foreach ($users as $user) { + if (1 == $user || $user == $this->user->id) { + continue; + } - if ($this->delete($this->db->sql()->where('uid = ?', $user))) { - $deleteCount ++; - } + if ($this->delete($this->db->sql()->where('uid = ?', $user))) { + $deleteCount ++; } } From 90e2c085420daec2f0f2f7704ce269a46ecf8d02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Tue, 11 Mar 2014 23:29:58 +0800 Subject: [PATCH 07/23] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=B8=AA=E4=BA=BA?= =?UTF-8?q?=E8=B5=84=E6=96=99=E6=98=B5=E7=A7=B0=E5=8F=AF=E8=83=BD=E5=AF=BC?= =?UTF-8?q?=E8=87=B4=E7=9A=84xss?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Widget/Users/Profile.php | 1 + 1 file changed, 1 insertion(+) diff --git a/var/Widget/Users/Profile.php b/var/Widget/Users/Profile.php index 80b6b8ec..f997a993 100644 --- a/var/Widget/Users/Profile.php +++ b/var/Widget/Users/Profile.php @@ -74,6 +74,7 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface /** 给表单增加规则 */ $screenName->addRule(array($this, 'screenNameExists'), _t('昵称已经存在')); + $screenName->addRule('xssCheck', _t('请不要在昵称中使用特殊字符')); $url->addRule('url', _t('个人主页地址格式错误')); $mail->addRule('required', _t('必须填写电子邮箱')); $mail->addRule(array($this, 'mailExists'), _t('电子邮箱地址已经存在')); From f7cb1a1d49c2596b963c4075c10e93c8e213016c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Wed, 12 Mar 2014 11:29:54 +0800 Subject: [PATCH 08/23] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E7=94=B5=E5=AD=90?= =?UTF-8?q?=E9=82=AE=E7=AE=B1=E8=BF=87=E6=BB=A4=E4=B8=8D=E4=B8=A5=E5=8F=AF?= =?UTF-8?q?=E8=83=BD=E9=80=A0=E6=88=90=E7=9A=84xss?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Typecho/Validate.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/var/Typecho/Validate.php b/var/Typecho/Validate.php index 8bf2dc02..f899b855 100644 --- a/var/Typecho/Validate.php +++ b/var/Typecho/Validate.php @@ -209,7 +209,7 @@ class Typecho_Validate */ public function email($str) { - return preg_match("/^[^@\s<&>]+@([-a-z0-9]+\.)+[a-z]{2,}$/i", $str); + return preg_match("/^[_a-z0-9-\.]+@([-a-z0-9]+\.)+[a-z]{2,}$/i", $str); } /** From 7ee9b8b60a6908736323de6fbcff3f8a80712198 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Wed, 12 Mar 2014 12:58:44 +0800 Subject: [PATCH 09/23] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E4=BD=BF=E7=94=A8?= =?UTF-8?q?=E4=B8=8D=E5=90=88=E6=B3=95=E7=9A=84utf-8=E5=AD=97=E7=AC=A6?= =?UTF-8?q?=E4=B8=B2=E5=AF=BC=E8=87=B4=E7=9A=84=E6=95=B0=E6=8D=AE=E5=88=A4?= =?UTF-8?q?=E6=96=AD=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Typecho/Common.php | 42 ++++--- var/Typecho/Request.php | 111 +++++++----------- var/Typecho/Response.php | 5 +- .../Widget/Helper/Form/Element/Hidden.php | 2 +- .../Widget/Helper/Form/Element/Password.php | 2 +- .../Widget/Helper/Form/Element/Text.php | 2 +- .../Widget/Helper/Form/Element/Textarea.php | 2 +- var/Widget/Contents/Post/Edit.php | 9 +- var/Widget/Options/Discussion.php | 4 +- var/Widget/Options/General.php | 3 +- var/Widget/Users/Edit.php | 2 +- 11 files changed, 90 insertions(+), 94 deletions(-) diff --git a/var/Typecho/Common.php b/var/Typecho/Common.php index 76706401..e561d4e9 100644 --- a/var/Typecho/Common.php +++ b/var/Typecho/Common.php @@ -9,6 +9,8 @@ * @version $Id$ */ +define('__TYPECHO_MB_SUPPORTED__', function_exists('mb_get_info')); + /** * Typecho公用方法 * @@ -103,7 +105,7 @@ class Typecho_Common * @param mixed $matches * @static * @access public - * @return void + * @return bool */ public static function __filterAttrs($matches) { @@ -242,20 +244,9 @@ class Typecho_Common */ public static function exceptionHandle(Exception $exception) { - //$obHandles = ob_list_handlers(); - @ob_end_clean(); - /* - if (in_array('ob_gzhandler', $obHandles)) { - ob_start('ob_gzhandler'); - } else { - ob_start(); - } - */ - if (defined('__TYPECHO_DEBUG__')) { - //@ob_clean(); echo nl2br($exception->__toString()); } else { if (404 == $exception->getCode() && !empty(self::$exceptionHandle)) { @@ -279,6 +270,7 @@ class Typecho_Common public static function error($exception) { $isException = is_object($exception); + $message = ''; if ($isException) { $code = $exception->getCode(); @@ -743,7 +735,7 @@ EOF; $iLength = self::strLen($str) - $start; $tLength = $length < $iLength ? ($length - self::strLen($trim)) : $length; - if (function_exists('mb_get_info')) { + if (__TYPECHO_MB_SUPPORTED__) { $str = mb_substr($str, $start, $tLength, self::$charset); } else { if ('UTF-8' == strtoupper(self::$charset)) { @@ -767,7 +759,7 @@ EOF; */ public static function strLen($str) { - if (function_exists('mb_get_info')) { + if (__TYPECHO_MB_SUPPORTED__) { return mb_strlen($str, self::$charset); } else { return 'UTF-8' == strtoupper(self::$charset) @@ -775,6 +767,26 @@ EOF; } } + /** + * 检查是否为合法的编码数据 + * + * @param string|array $str + * @return boolean + */ + public static function checkStrEncoding($str) + { + if (is_array($str)) { + return array_map(array('Typecho_Common', 'checkStrEncoding'), $str); + } + + if (__TYPECHO_MB_SUPPORTED__) { + return mb_check_encoding($str, self::$charset); + } else { + // just support utf-8 + return preg_match('//u', $str); + } + } + /** * 生成缩略名 * @@ -792,7 +804,7 @@ EOF; return $default; } - if (function_exists('mb_regex_encoding')) { + if (__TYPECHO_MB_SUPPORTED__) { mb_regex_encoding(self::$charset); mb_ereg_search_init($str, "[\w" . preg_quote('_-') . "]+"); $result = mb_ereg_search(); diff --git a/var/Typecho/Request.php b/var/Typecho/Request.php index 0f6272f0..54dd0eae 100644 --- a/var/Typecho/Request.php +++ b/var/Typecho/Request.php @@ -7,6 +7,8 @@ * @version $Id$ */ +define('__TYPECHO_FILTER_SUPPORTED__', function_exists('filter_var')); + /** * 服务器请求处理类 * @@ -23,6 +25,13 @@ class Typecho_Request */ private $_params = array(); + /** + * 参数是否已经处理过 + * + * @var bool + */ + private $_paramsParsed = false; + /** * 路径信息 * @@ -95,6 +104,13 @@ class Typecho_Request */ private static $_instance = NULL; + /** + * 全部的http数据 + * + * @var bool|array + */ + private static $_httpParams = false; + /** * 当前过滤器 * @@ -146,9 +162,10 @@ class Typecho_Request $value = is_array($value) ? array_map($filter, $value) : call_user_func($filter, $value); } + + $this->_filter = array(); } - $this->_filter = array(); return $value; } @@ -160,9 +177,9 @@ class Typecho_Request */ private function _checkIp($ip) { - if (function_exists('filter_var')) { - return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) - || filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); + if (__TYPECHO_FILTER_SUPPORTED__) { + return false !== (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) + || filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)); } return preg_match("/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/", $ip) @@ -180,6 +197,17 @@ class Typecho_Request return preg_match("/^[_a-z0-9- ,:;=#@\.\(\)\/\+\*\?]+$/i", $agent); } + /** + * 初始化变量 + */ + public function __construct() + { + if (false === self::$_httpParams) { + self::$_httpParams = array_filter(array_merge($_POST, $_GET), + array('Typecho_Common', 'checkStrEncoding')); + } + } + /** * 设置过滤器 * @@ -219,9 +247,8 @@ class Typecho_Request */ public function __isset($key) { - return isset($_GET[$key]) - || isset($_POST[$key]) - || $this->isSetParam($key); + return isset(self::$_httpParams[$key]) + || isset($this->_params[$key]); } /** @@ -238,11 +265,8 @@ class Typecho_Request case isset($this->_params[$key]): $value = $this->_params[$key]; break; - case isset($_GET[$key]): - $value = $_GET[$key]; - break; - case isset($_POST[$key]): - $value = $_POST[$key]; + case isset(self::$_httpParams[$key]): + $value = self::$_httpParams[$key]; break; default: $value = $default; @@ -250,7 +274,7 @@ class Typecho_Request } $value = !is_array($value) && strlen($value) > 0 ? $value : $default; - return $this->_filter ? $this->_applyFilter($value) : $value; + return $this->_applyFilter($value); } /** @@ -261,22 +285,11 @@ class Typecho_Request */ public function getArray($key) { - $result = array(); - - switch (true) { - case isset($_GET[$key]): - $result = $_GET[$key]; - break; - case isset($_POST[$key]): - $result = $_POST[$key]; - break; - default: - break; - } + $result = isset(self::$_httpParams[$key]) ? self::$_httpParams[$key] : array(); $result = is_array($result) ? $result : (strlen($result) > 0 ? array($result) : array()); - return $this->_filter ? $this->_applyFilter($result) : $result; + return $this->_applyFilter($result); } /** @@ -298,21 +311,6 @@ class Typecho_Request return $result; } - /** - * 获取指定的http传递参数 - * - * @access public - * @param string $key 指定的参数 - * @param mixed $default 默认的参数 - * @return mixed - */ - public function getParam($key, $default = NULL) - { - $value = isset($this->_params[$key]) ? $this->_params[$key] : $default; - $value = is_array($value) || strlen($value) > 0 ? $value : $default; - return $this->_filter ? $this->_applyFilter($value) : $value; - } - /** * 设置http传递参数 * @@ -323,31 +321,9 @@ class Typecho_Request */ public function setParam($name, $value) { - $this->_params[$name] = $value; - } - - /** - * 删除参数 - * - * @access public - * @param string $name 指定的参数 - * @return void - */ - public function unSetParam($name) - { - unset($this->_params[$name]); - } - - /** - * 参数是否存在 - * - * @access public - * @param string $key 指定的参数 - * @return boolean - */ - public function isSetParam($key) - { - return isset($this->_params[$key]); + if (Typecho_Common::checkStrEncoding($value)) { + $this->_params[$name] = $value; + } } /** @@ -365,7 +341,8 @@ class Typecho_Request $params = $out; } - $this->_params = array_merge($this->_params, $params); + $this->_params = array_merge($this->_params, + array_filter($params, array('Typecho_Common', 'checkStrEncoding'))); } /** diff --git a/var/Typecho/Response.php b/var/Typecho/Response.php index 540f9391..d84ec613 100644 --- a/var/Typecho/Response.php +++ b/var/Typecho/Response.php @@ -142,7 +142,7 @@ class Typecho_Response * 获取字符集 * * @access public - * @return void + * @return string */ public function getCharset() { @@ -258,9 +258,8 @@ class Typecho_Response * 返回来路 * * @access public - * @param string $anchor 附加地址 + * @param string $suffix 附加地址 * @param string $default 默认来路 - * @return void */ public function goBack($suffix = NULL, $default = NULL) { diff --git a/var/Typecho/Widget/Helper/Form/Element/Hidden.php b/var/Typecho/Widget/Helper/Form/Element/Hidden.php index 382d0bb1..c3c92149 100644 --- a/var/Typecho/Widget/Helper/Form/Element/Hidden.php +++ b/var/Typecho/Widget/Helper/Form/Element/Hidden.php @@ -57,6 +57,6 @@ class Typecho_Widget_Helper_Form_Element_Hidden extends Typecho_Widget_Helper_Fo */ protected function _value($value) { - $this->input->setAttribute('value', $value); + $this->input->setAttribute('value', htmlspecialchars($value)); } } diff --git a/var/Typecho/Widget/Helper/Form/Element/Password.php b/var/Typecho/Widget/Helper/Form/Element/Password.php index 21481b78..347a540e 100644 --- a/var/Typecho/Widget/Helper/Form/Element/Password.php +++ b/var/Typecho/Widget/Helper/Form/Element/Password.php @@ -47,6 +47,6 @@ class Typecho_Widget_Helper_Form_Element_Password extends Typecho_Widget_Helper_ */ protected function _value($value) { - $this->input->setAttribute('value', $value); + $this->input->setAttribute('value', htmlspecialchars($value)); } } diff --git a/var/Typecho/Widget/Helper/Form/Element/Text.php b/var/Typecho/Widget/Helper/Form/Element/Text.php index 390d3efc..78d1939c 100644 --- a/var/Typecho/Widget/Helper/Form/Element/Text.php +++ b/var/Typecho/Widget/Helper/Form/Element/Text.php @@ -48,6 +48,6 @@ class Typecho_Widget_Helper_Form_Element_Text extends Typecho_Widget_Helper_Form */ protected function _value($value) { - $this->input->setAttribute('value', $value); + $this->input->setAttribute('value', htmlspecialchars($value)); } } diff --git a/var/Typecho/Widget/Helper/Form/Element/Textarea.php b/var/Typecho/Widget/Helper/Form/Element/Textarea.php index b984bdc1..ec5adacd 100644 --- a/var/Typecho/Widget/Helper/Form/Element/Textarea.php +++ b/var/Typecho/Widget/Helper/Form/Element/Textarea.php @@ -47,6 +47,6 @@ class Typecho_Widget_Helper_Form_Element_Textarea extends Typecho_Widget_Helper_ */ protected function _value($value) { - $this->input->html($value); + $this->input->html(htmlspecialchars($value)); } } diff --git a/var/Widget/Contents/Post/Edit.php b/var/Widget/Contents/Post/Edit.php index b844d42d..9a337f94 100644 --- a/var/Widget/Contents/Post/Edit.php +++ b/var/Widget/Contents/Post/Edit.php @@ -92,7 +92,11 @@ class Widget_Contents_Post_Edit extends Widget_Abstract_Contents implements Widg $fields = array(); if (!empty($this->request->fieldNames)) { - $data = $this->request->from('fieldNames', 'fieldTypes', 'fieldValues'); + $data = array( + 'fieldNames' => $this->request->getArray('fieldNames'), + 'fieldTypes' => $this->request->getArray('fieldTypes'), + 'fieldValues' => $this->request->getArray('fieldValues') + ); foreach ($data['fieldNames'] as $key => $val) { if (empty($val)) { continue; @@ -701,8 +705,9 @@ class Widget_Contents_Post_Edit extends Widget_Abstract_Contents implements Widg public function writePost() { $contents = $this->request->from('password', 'allowComment', - 'allowPing', 'allowFeed', 'slug', 'category', 'tags', 'text', 'visibility'); + 'allowPing', 'allowFeed', 'slug', 'tags', 'text', 'visibility'); + $contents['category'] = $this->request->getArray('category'); $contents['title'] = $this->request->get('title', _t('未命名文档')); $contents['created'] = $this->getCreated(); diff --git a/var/Widget/Options/Discussion.php b/var/Widget/Options/Discussion.php index 74bdfacc..ca330a34 100644 --- a/var/Widget/Options/Discussion.php +++ b/var/Widget/Options/Discussion.php @@ -183,9 +183,11 @@ class Widget_Options_Discussion extends Widget_Abstract_Options implements Widge $this->response->goBack(); } - $settings = $this->request->from('commentDateFormat', 'commentsListSize', 'commentsShow', 'commentsPost', 'commentsPageSize', 'commentsPageDisplay', 'commentsAvatar', + $settings = $this->request->from('commentDateFormat', 'commentsListSize', 'commentsPageSize', 'commentsPageDisplay', 'commentsAvatar', 'commentsOrder', 'commentsMaxNestingLevels', 'commentsUrlNofollow', 'commentsPostTimeout', 'commentsUniqueIpInterval', 'commentsWhitelist', 'commentsRequireMail', 'commentsAvatarRating', 'commentsPostTimeout', 'commentsPostInterval', 'commentsRequireModeration', 'commentsRequireURL', 'commentsHTMLTagAllowed', 'commentsStopWords', 'commentsIpBlackList'); + $settings['commentsShow'] = $this->request->getArray('commentsShow'); + $settings['commentsPost'] = $this->request->getArray('commentsPost'); $settings['commentsShowCommentOnly'] = $this->isEnableByCheckbox($settings['commentsShow'], 'commentsShowCommentOnly'); $settings['commentsMarkdown'] = $this->isEnableByCheckbox($settings['commentsShow'], 'commentsMarkdown'); diff --git a/var/Widget/Options/General.php b/var/Widget/Options/General.php index f8e89269..00709365 100644 --- a/var/Widget/Options/General.php +++ b/var/Widget/Options/General.php @@ -148,7 +148,8 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I $this->response->goBack(); } - $settings = $this->request->from('title', 'siteUrl', 'description', 'keywords', 'allowRegister', 'timezone', 'attachmentTypes'); + $settings = $this->request->from('title', 'siteUrl', 'description', 'keywords', 'allowRegister', 'timezone'); + $settings['attachmentTypes'] = $this->request->getArray('attachmentTypes'); $settings['siteUrl'] = rtrim($settings['siteUrl'], '/'); $attachmentTypes = array(); diff --git a/var/Widget/Users/Edit.php b/var/Widget/Users/Edit.php index a5de7937..e2e04d16 100644 --- a/var/Widget/Users/Edit.php +++ b/var/Widget/Users/Edit.php @@ -78,7 +78,7 @@ class Widget_Users_Edit extends Widget_Abstract_Users implements Widget_Interfac ->from('table.users') ->where('uid = ?', $uid)->limit(1)); - return $user ? true : false; + return !empty($user); } /** From a64a492886a9dd7011e0747bdbece8e006b29463 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Wed, 12 Mar 2014 15:14:04 +0800 Subject: [PATCH 10/23] =?UTF-8?q?=E5=9C=A8helper=E4=B8=AD=E5=BC=95?= =?UTF-8?q?=E5=85=A5security=E5=AF=B9=E8=B1=A1=EF=BC=8C=E5=BB=BA=E8=AE=AE?= =?UTF-8?q?=E6=8F=92=E4=BB=B6=E4=B8=AD=E4=BD=BF=E7=94=A8=E5=AE=83=EF=BC=8C?= =?UTF-8?q?=E4=BB=A5=E9=99=8D=E4=BD=8Exss=E9=A3=8E=E9=99=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Helper.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/var/Helper.php b/var/Helper.php index f9073d6a..cb43cf4c 100644 --- a/var/Helper.php +++ b/var/Helper.php @@ -21,6 +21,16 @@ class Helper return Typecho_Widget::widget('Widget_Options'); } + /** + * 获取Widget_Security对象 + * + * @return Widget_Security + */ + public static function security() + { + return Typecho_Widget::widget('Widget_Security'); + } + /** * 强行删除某个插件 * From 3149169953f422c138a111ecad1b947a264e2192 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Thu, 13 Mar 2014 12:11:21 +0800 Subject: [PATCH 11/23] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E7=BC=96=E8=BE=91?= =?UTF-8?q?=E5=99=A8=E8=87=AA=E5=8A=A8=E8=AF=86=E5=88=AB=E9=93=BE=E6=8E=A5?= =?UTF-8?q?=E6=97=B6=E5=8F=AF=E8=83=BD=E9=94=99=E8=AF=AF=E5=9C=B0=E6=B7=BB?= =?UTF-8?q?=E5=8A=A0=E6=9F=90=E4=BA=9B=E6=A0=B7=E5=BC=8F=E5=9C=B0bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- admin/js/pagedown.js | 5 ++++- var/Helper.php | 13 +++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/admin/js/pagedown.js b/admin/js/pagedown.js index 2c96211b..ecd60010 100644 --- a/admin/js/pagedown.js +++ b/admin/js/pagedown.js @@ -1296,7 +1296,10 @@ else // autolink anything like - var replacer = function (wholematch, m1) { return "" + pluginHooks.plainLinkText(m1) + ""; } + var replacer = function (wholematch, m1) { + var html = "" + pluginHooks.plainLinkText(m1) + ""; + return "~K" + (g_html_blocks.push(html) - 1) + "K"; + } text = text.replace(/<((https?|ftp):[^'">\s]+)>/gi, replacer); // Email addresses: diff --git a/var/Helper.php b/var/Helper.php index cb43cf4c..d1079bc5 100644 --- a/var/Helper.php +++ b/var/Helper.php @@ -105,7 +105,7 @@ class Helper * @param string $widget 组件名称 * @param string $action 组件动作 * @param string $after 在某个路由后面 - * @return void + * @return integer */ public static function addRoute($name, $url, $widget, $action = NULL, $after = NULL) { @@ -183,8 +183,8 @@ class Helper * 删除action扩展 * * @access public - * @param unknown $actionName - * @return unknown + * @param string $actionName + * @return Typecho_Widget */ public static function removeAction($actionName) { @@ -255,7 +255,7 @@ class Helper * @param string $subTitle 面板副标题 * @param string $level 进入权限 * @param boolean $hidden 是否隐藏 - * @param boolean $addLink 新增项目链接, 会显示在页面标题之后 + * @param string $addLink 新增项目链接, 会显示在页面标题之后 * @return integer */ public static function addPanel($index, $fileName, $title, $subTitle, $level, $hidden = false, $addLink = '') @@ -316,7 +316,8 @@ class Helper * 获取面板url * * @access public - * @return unknown + * @param string $fileName + * @return string */ public static function url($fileName) { @@ -329,7 +330,7 @@ class Helper * @access public * @static * @param mixed $pluginName 插件名称 - * @param mixed array $settings 变量键值对 + * @param array $settings 变量键值对 * @param bool $isPersonal. (default: false) 是否为私人变量 * @return void */ From 625adb839515e33886c9bb3602687a25d2c829db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Thu, 13 Mar 2014 12:25:23 +0800 Subject: [PATCH 12/23] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E6=9F=90=E4=BA=9B?= =?UTF-8?q?=E5=AD=98=E5=82=A8=E5=9E=8Bxss=E3=80=82=E3=80=82=E3=80=82?= =?UTF-8?q?=E4=B8=AA=E4=BA=BA=E8=AE=A4=E4=B8=BA=E6=9C=89=E7=82=B9=E9=B8=A1?= =?UTF-8?q?=E8=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Widget/Options/General.php | 7 ++++--- var/Widget/Options/Reading.php | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/var/Widget/Options/General.php b/var/Widget/Options/General.php index 00709365..23085cd7 100644 --- a/var/Widget/Options/General.php +++ b/var/Widget/Options/General.php @@ -36,7 +36,8 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I /** 站点名称 */ $title = new Typecho_Widget_Helper_Form_Element_Text('title', NULL, $this->options->title, _t('站点名称'), _t('站点的名称将显示在网页的标题处.')); $title->input->setAttribute('class', 'w-100'); - $form->addInput($title->addRule('required', _t('请填写站点名称'))); + $form->addInput($title->addRule('required', _t('请填写站点名称')) + ->addRule('xssCheck', _t('请不要在站点名称中使用特殊字符'))); /** 站点地址 */ $siteUrl = new Typecho_Widget_Helper_Form_Element_Text('siteUrl', NULL, $this->options->originalSiteUrl, _t('站点地址'), _t('站点地址主要用于生成内容的永久链接.') @@ -49,11 +50,11 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I /** 站点描述 */ $description = new Typecho_Widget_Helper_Form_Element_Text('description', NULL, $this->options->description, _t('站点描述'), _t('站点描述将显示在网页代码的头部.')); - $form->addInput($description); + $form->addInput($description->addRule('xssCheck', _t('请不要在站点描述中使用特殊字符'))); /** 关键词 */ $keywords = new Typecho_Widget_Helper_Form_Element_Text('keywords', NULL, $this->options->keywords, _t('关键词'), _t('请以半角逗号 "," 分割多个关键字.')); - $form->addInput($keywords); + $form->addInput($keywords->addRule('xssCheck', _t('请不要在关键词中使用特殊字符'))); /** 注册 */ $allowRegister = new Typecho_Widget_Helper_Form_Element_Radio('allowRegister', array('0' => _t('不允许'), '1' => _t('允许')), $this->options->allowRegister, _t('是否允许注册'), diff --git a/var/Widget/Options/Reading.php b/var/Widget/Options/Reading.php index 20ef9b68..84262a82 100644 --- a/var/Widget/Options/Reading.php +++ b/var/Widget/Options/Reading.php @@ -39,7 +39,7 @@ class Widget_Options_Reading extends Widget_Options_Permalink . _t('在某些主题中这个格式可能不会生效, 因为主题作者可以自定义日期格式.') . '
' . _t('请参考 PHP 日期格式写法.')); $postDateFormat->input->setAttribute('class', 'w-40 mono'); - $form->addInput($postDateFormat); + $form->addInput($postDateFormat->addRule('xssCheck', _t('请不要在日期格式中使用特殊字符'))); //首页显示 $frontPageParts = explode(':', $this->options->frontPage); From 5dda5a5980c43c62368d580f232c9afb9b1a2737 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Thu, 13 Mar 2014 13:44:37 +0800 Subject: [PATCH 13/23] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=BC=BA=E5=88=B6?= =?UTF-8?q?=E5=90=AF=E7=94=A8rewrite=E6=97=B6=E5=8F=AF=E8=83=BD=E8=A2=AB?= =?UTF-8?q?=E6=8C=A1=E4=BD=8F=E7=9A=84bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Widget/Options/Permalink.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/var/Widget/Options/Permalink.php b/var/Widget/Options/Permalink.php index e545b074..ef3ebd8e 100644 --- a/var/Widget/Options/Permalink.php +++ b/var/Widget/Options/Permalink.php @@ -222,7 +222,8 @@ RewriteRule . {$basePath}index.php [L] . _t('请调整你的目录权限, 或者手动创建一个.htaccess文件.') . ''; } - $errorStr .= '
' . _t('如果你仍然想启用此功能, 请点击这里', Typecho_Common::url('index.php/action/options-permalink?do=enableRewriteAnyway', $this->options->siteUrl)); + $errorStr .= '
' . _t('如果你仍然想启用此功能, 请点击这里', + $this->security->getTokenUrl(Typecho_Common::url('index.php/action/options-permalink?do=enableRewriteAnyway', $this->options->siteUrl))); $form->addInput($rewrite->addRule(array($this, 'checkRewrite'), $errorStr)); $patterns = array('/archives/[cid:digital]/' => _t('默认风格') . ' /archives/{cid}/', From 8c28fda45672485dfaca82b2fbbfd50d9accaa90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Thu, 13 Mar 2014 19:24:15 +0800 Subject: [PATCH 14/23] fix #206 --- var/Typecho/I18n/GetText.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/var/Typecho/I18n/GetText.php b/var/Typecho/I18n/GetText.php index 36aa5498..2b45503a 100644 --- a/var/Typecho/I18n/GetText.php +++ b/var/Typecho/I18n/GetText.php @@ -162,7 +162,7 @@ class Typecho_I18n_GetText $this->table_translations = $this->readintarray($this->total * 2); if ($this->enable_cache) { - $this->cache_translations = array (); + $this->cache_translations = array ('' => NULL); /* read all strings in the cache */ for ($i = 0; $i < $this->total; $i++) { if ($this->table_originals[$i * 2 + 1] > 0) { @@ -303,7 +303,7 @@ class Typecho_I18n_GetText } else { $header = $this->get_translation_string(0); } - if (eregi("plural-forms: ([^\n]*)\n", $header, $regs)) + if (preg_match("/plural\-forms: ([^\n]*)\n/i", $header, $regs)) $expr = $regs[1]; else $expr = "nplurals=2; plural=n == 1 ? 0 : 1;"; From c4c915bcc4440f8c76c8b6862dd4170a7df6fc6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Thu, 13 Mar 2014 23:05:22 +0800 Subject: [PATCH 15/23] =?UTF-8?q?=E4=B8=8D=E5=85=81=E8=AE=B8=E4=B8=8A?= =?UTF-8?q?=E4=BC=A0=E5=8F=AF=E6=89=A7=E8=A1=8C=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Widget/Options/General.php | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/var/Widget/Options/General.php b/var/Widget/Options/General.php index 23085cd7..641fe022 100644 --- a/var/Widget/Options/General.php +++ b/var/Widget/Options/General.php @@ -136,6 +136,17 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I return $form; } + /** + * 过滤掉可执行的后缀名 + * + * @param string $ext + * @return boolean + */ + public function removeShell($ext) + { + return !preg_match("/^(php|php4|php5|sh|asp|jsp|rb|py|pl|dll|exe|bat)$/i", $ext); + } + /** * 执行更新动作 * @@ -166,9 +177,10 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I $attachmentTypes[] = '@doc@'; } - $attachmentTypesOther = $this->request->filter('trim')->attachmentTypesOther; + $attachmentTypesOther = $this->request->filter('trim', 'strtolower')->attachmentTypesOther; if ($this->isEnableByCheckbox($settings['attachmentTypes'], '@other@') && !empty($attachmentTypesOther)) { - $attachmentTypes[] = implode(',', array_map('trim', explode(',', $attachmentTypesOther))); + $attachmentTypes[] = implode(',', + array_filter(array_map('trim', explode(',', $attachmentTypesOther)), array($this, 'removeShell'))); } $settings['attachmentTypes'] = implode(',', $attachmentTypes); From 308c1beb1691477d2c2f2b2fadd40e8b78dd718d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Fri, 14 Mar 2014 15:09:34 +0800 Subject: [PATCH 16/23] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E6=92=B0=E5=86=99?= =?UTF-8?q?=E6=96=87=E7=AB=A0=E6=B7=BB=E5=8A=A0=E6=A0=87=E7=AD=BE=E6=97=B6?= =?UTF-8?q?=E5=8F=AF=E8=83=BD=E5=87=BA=E7=8E=B0=E7=9A=84=E9=9D=9E=E6=B3=95?= =?UTF-8?q?=E5=AD=97=E7=AC=A6=20=E4=BF=AE=E6=AD=A3cookie=E5=AF=B9=E6=95=B0?= =?UTF-8?q?=E7=BB=84=E7=9A=84=E8=BF=87=E6=BB=A4=E4=B8=8D=E4=B8=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Typecho/Common.php | 6 +++--- var/Typecho/Cookie.php | 25 ++++-------------------- var/Typecho/Request.php | 8 -------- var/Typecho/Validate.php | 32 +++++++++++++++---------------- var/Widget/Contents/Post/Edit.php | 9 +++++++++ var/Widget/Metas/Tag/Edit.php | 2 +- 6 files changed, 33 insertions(+), 49 deletions(-) diff --git a/var/Typecho/Common.php b/var/Typecho/Common.php index e561d4e9..8fad579a 100644 --- a/var/Typecho/Common.php +++ b/var/Typecho/Common.php @@ -635,12 +635,12 @@ EOF; { //~ 针对location的xss过滤, 因为其特殊性无法使用removeXSS函数 //~ fix issue 66 - $params = parse_url(str_replace(array("\r", "\n"), '', $url)); + $params = parse_url(str_replace(array("\r", "\n", "\t", ' '), '', $url)); /** 禁止非法的协议跳转 */ if (isset($params['scheme'])) { if (!in_array($params['scheme'], array('http', 'https'))) { - return; + return '/'; } } @@ -904,7 +904,7 @@ EOF; * * @access public * @param integer $length 字符串长度 - * @param string $specialChars 是否有特殊字符 + * @param boolean $specialChars 是否有特殊字符 * @return string */ public static function randString($length, $specialChars = false) diff --git a/var/Typecho/Cookie.php b/var/Typecho/Cookie.php index d6284120..78aaf849 100644 --- a/var/Typecho/Cookie.php +++ b/var/Typecho/Cookie.php @@ -54,7 +54,7 @@ class Typecho_Cookie * 获取前缀 * * @access public - * @return void + * @return string */ public static function getPrefix() { @@ -73,7 +73,7 @@ class Typecho_Cookie { $key = self::$_prefix . $key; $value = isset($_COOKIE[$key]) ? $_COOKIE[$key] : (isset($_POST[$key]) ? $_POST[$key] : $default); - return $value; + return is_array($value) ? $default : $value; } /** @@ -88,16 +88,7 @@ class Typecho_Cookie public static function set($key, $value, $expire = 0) { $key = self::$_prefix . $key; - - /** 对数组型COOKIE的写入支持 */ - if (is_array($value)) { - foreach ($value as $name => $val) { - setrawcookie("{$key}[{$name}]", rawurlencode($val), $expire, self::$_path); - } - } else { - setrawcookie($key, rawurlencode($value), $expire, self::$_path); - } - + setrawcookie($key, rawurlencode($value), $expire, self::$_path); $_COOKIE[$key] = $value; } @@ -115,15 +106,7 @@ class Typecho_Cookie return; } - /** 对数组型COOKIE的删除支持 */ - if (is_array($_COOKIE[$key])) { - foreach ($_COOKIE[$key] as $name => $val) { - setcookie("{$key}[{$name}]", '', time() - 2592000, self::$_path); - } - } else { - setcookie($key, '', time() - 2592000, self::$_path); - } - + setcookie($key, '', time() - 2592000, self::$_path); unset($_COOKIE[$key]); } } diff --git a/var/Typecho/Request.php b/var/Typecho/Request.php index 54dd0eae..ecd66743 100644 --- a/var/Typecho/Request.php +++ b/var/Typecho/Request.php @@ -12,7 +12,6 @@ define('__TYPECHO_FILTER_SUPPORTED__', function_exists('filter_var')); /** * 服务器请求处理类 * - * TODO getSiteUrl * @package Request */ class Typecho_Request @@ -25,13 +24,6 @@ class Typecho_Request */ private $_params = array(); - /** - * 参数是否已经处理过 - * - * @var bool - */ - private $_paramsParsed = false; - /** * 路径信息 * diff --git a/var/Typecho/Validate.php b/var/Typecho/Validate.php index f899b855..e8620ffe 100644 --- a/var/Typecho/Validate.php +++ b/var/Typecho/Validate.php @@ -144,7 +144,7 @@ class Typecho_Validate * @param integer $length 最小长度 * @return boolean */ - public function minLength($str, $length) + public static function minLength($str, $length) { return (Typecho_Common::strLen($str) >= $length); } @@ -182,7 +182,7 @@ class Typecho_Validate * @param array $params 枚举值 * @return unknown */ - public function enum($str, array $params) + public static function enum($str, array $params) { $keys = array_flip($params); return isset($keys[$str]); @@ -191,11 +191,11 @@ class Typecho_Validate /** * Max Length * - * @access public - * @param string - * @return boolean + * @param $str + * @param $length + * @return bool */ - public function maxLength($str, $length) + public static function maxLength($str, $length) { return (Typecho_Common::strLen($str) < $length); } @@ -207,7 +207,7 @@ class Typecho_Validate * @param string * @return boolean */ - public function email($str) + public static function email($str) { return preg_match("/^[_a-z0-9-\.]+@([-a-z0-9]+\.)+[a-z]{2,}$/i", $str); } @@ -219,7 +219,7 @@ class Typecho_Validate * @param string $str * @return boolean */ - public function url($str) + public static function url($str) { $parts = @parse_url($str); if (!$parts) { @@ -238,7 +238,7 @@ class Typecho_Validate * @param string * @return boolean */ - public function alpha($str) + public static function alpha($str) { return preg_match("/^([a-z])+$/i", $str) ? true : false; } @@ -250,7 +250,7 @@ class Typecho_Validate * @param string * @return boolean */ - public function alphaNumeric($str) + public static function alphaNumeric($str) { return preg_match("/^([a-z0-9])+$/i", $str); } @@ -262,7 +262,7 @@ class Typecho_Validate * @param string * @return boolean */ - public function alphaDash($str) + public static function alphaDash($str) { return preg_match("/^([_a-z0-9-])+$/i", $str) ? true : false; } @@ -274,7 +274,7 @@ class Typecho_Validate * @param string $str * @return boolean */ - public function xssCheck($str) + public static function xssCheck($str) { $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; @@ -291,7 +291,7 @@ class Typecho_Validate $str = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $str); // with a ; } - return !preg_match('/(\(|\)|\\\|"|<|>|[\x00-\x08]|[\x0b-\x0c]|[\x0e-\x19])/', $str); + return !preg_match('/(\(|\)|\\\|"|<|>|[\x00-\x08]|[\x0b-\x0c]|[\x0e-\x19]|' . "\r|\n|\t" . ')/', $str); } /** @@ -301,9 +301,9 @@ class Typecho_Validate * @param integer * @return boolean */ - public function isFloat($str) + public static function isFloat($str) { - return ereg("^[0-9\.]+$", $str); + return preg_match("/^[0-9\.]+$/", $str); } /** @@ -313,7 +313,7 @@ class Typecho_Validate * @param string * @return boolean */ - public function isInteger($str) + public static function isInteger($str) { return is_numeric($str); } diff --git a/var/Widget/Contents/Post/Edit.php b/var/Widget/Contents/Post/Edit.php index 9a337f94..df97997a 100644 --- a/var/Widget/Contents/Post/Edit.php +++ b/var/Widget/Contents/Post/Edit.php @@ -589,6 +589,7 @@ class Widget_Contents_Post_Edit extends Widget_Abstract_Contents implements Widg { $tags = str_replace(',', ',', $tags); $tags = array_unique(array_map('trim', explode(',', $tags))); + $tags = array_filter($tags, array('Typecho_Validate', 'xssCheck')); /** 取出已有tag */ $existTags = Typecho_Common::arrayFlatten($this->db->fetchAll( @@ -601,6 +602,10 @@ class Widget_Contents_Post_Edit extends Widget_Abstract_Contents implements Widg /** 删除已有tag */ if ($existTags) { foreach ($existTags as $tag) { + if (0 == strlen($tag)) { + continue; + } + $this->db->query($this->db->delete('table.relationships') ->where('cid = ?', $cid) ->where('mid = ?', $tag)); @@ -619,6 +624,10 @@ class Widget_Contents_Post_Edit extends Widget_Abstract_Contents implements Widg /** 插入tag */ if ($insertTags) { foreach ($insertTags as $tag) { + if (0 == strlen($tag)) { + continue; + } + $this->db->query($this->db->insert('table.relationships') ->rows(array( 'mid' => $tag, diff --git a/var/Widget/Metas/Tag/Edit.php b/var/Widget/Metas/Tag/Edit.php index 17fc1e0d..ec0f9081 100644 --- a/var/Widget/Metas/Tag/Edit.php +++ b/var/Widget/Metas/Tag/Edit.php @@ -267,7 +267,7 @@ class Widget_Metas_Tag_Edit extends Widget_Abstract_Metas implements Widget_Inte */ public function deleteTag() { - $tags = $this->request->filter('int')->mid; + $tags = $this->request->filter('int')->getArray('mid'); $deleteCount = 0; if ($tags && is_array($tags)) { From 15927ad775f0a2b4eea1e878d1888d55ceb1e74b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Fri, 14 Mar 2014 16:11:28 +0800 Subject: [PATCH 17/23] =?UTF-8?q?=E5=A2=9E=E5=8A=A0token=E4=BF=9D=E6=8A=A4?= =?UTF-8?q?=20=E9=98=B2=E5=9E=83=E5=9C=BE=E8=AF=84=E8=AE=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install.php | 1 + var/Typecho/Common.php | 2 +- var/Upgrade.php | 16 +++++++++++++++- var/Widget/Abstract/Contents.php | 5 +++-- var/Widget/Archive.php | 11 ++++++----- var/Widget/Feedback.php | 3 +++ var/Widget/Login.php | 3 +++ var/Widget/Options.php | 8 +++++--- var/Widget/Options/General.php | 8 ++++++-- var/Widget/Register.php | 3 +++ var/Widget/Security.php | 30 +++++++++++++++--------------- 11 files changed, 61 insertions(+), 29 deletions(-) diff --git a/install.php b/install.php index 27d8a721..14f1b2ad 100644 --- a/install.php +++ b/install.php @@ -307,6 +307,7 @@ list($prefixVersion, $suffixVersion) = explode('/', $currentVersion); $installDb->query($installDb->insert('table.options')->rows(array('name' => 'actionTable', 'user' => 0, 'value' => 'a:0:{}'))); $installDb->query($installDb->insert('table.options')->rows(array('name' => 'panelTable', 'user' => 0, 'value' => 'a:0:{}'))); $installDb->query($installDb->insert('table.options')->rows(array('name' => 'attachmentTypes', 'user' => 0, 'value' => '@image@'))); + $installDb->query($installDb->insert('table.options')->rows(array('name' => 'secret', 'user' => 0, 'value' => Typecho_Common::randString(32, true)))); /** 初始分类 */ $installDb->query($installDb->insert('table.metas')->rows(array('name' => _t('默认分类'), 'slug' => 'default', 'type' => 'category', 'description' => _t('只是一个默认分类'), diff --git a/var/Typecho/Common.php b/var/Typecho/Common.php index 8fad579a..3f2da629 100644 --- a/var/Typecho/Common.php +++ b/var/Typecho/Common.php @@ -22,7 +22,7 @@ define('__TYPECHO_MB_SUPPORTED__', function_exists('mb_get_info')); class Typecho_Common { /** 程序版本 */ - const VERSION = '0.9/14.2.24'; + const VERSION = '0.9/14.3.14'; /** * 锁定的代码块 diff --git a/var/Upgrade.php b/var/Upgrade.php index a09dc4e2..aea5d788 100644 --- a/var/Upgrade.php +++ b/var/Upgrade.php @@ -1161,5 +1161,19 @@ Typecho_Date::setTimezoneOffset($options->timezone); break; } } -} + + /** + * v0_9r14_3_14 + * + * @param mixed $db + * @param mixed $options + * @access public + * @return void + */ + public function v0_9r14_3_14($db, $options) + { + $db->query($db->insert('table.options') + ->rows(array('name' => 'secret', 'user' => 0, 'value' => Typecho_Common::randString(32, true)))); + } +} diff --git a/var/Widget/Abstract/Contents.php b/var/Widget/Abstract/Contents.php index 9f0517f2..5c4bc757 100644 --- a/var/Widget/Abstract/Contents.php +++ b/var/Widget/Abstract/Contents.php @@ -717,7 +717,7 @@ class Widget_Abstract_Contents extends Widget_Abstract /** 处理密码保护流程 */ if (!empty($value['password']) && - $value['password'] != $this->request->protectPassword && + $value['password'] != Typecho_Cookie::get('protectPassword') && $value['authorId'] != $this->user->uid && !$this->user->pass('editor', true)) { $value['hidden'] = true; @@ -732,7 +732,8 @@ class Widget_Abstract_Contents extends Widget_Abstract /** 如果访问权限被禁止 */ if ($value['hidden']) { - $value['text'] = '
' . + $value['text'] = '' . '

' . _t('请输入密码访问') . '

' . '

' . diff --git a/var/Widget/Archive.php b/var/Widget/Archive.php index e1951ac9..a0d42bda 100644 --- a/var/Widget/Archive.php +++ b/var/Widget/Archive.php @@ -292,7 +292,7 @@ class Widget_Archive extends Widget_Abstract_Contents * 评论地址 * * @access protected - * @return void + * @return string */ protected function ___commentUrl() { @@ -306,7 +306,7 @@ class Widget_Archive extends Widget_Abstract_Contents $commentUrl .= '?parent=' . $reply; } - return $commentUrl; + return $this->security->getTokenUrl($commentUrl); } /** @@ -320,7 +320,7 @@ class Widget_Archive extends Widget_Abstract_Contents } /** - * @param $_archiveSlug the $_archiveSlug to set + * @param string $archiveSlug the $_archiveSlug to set */ public function setArchiveSlug($archiveSlug) { @@ -328,7 +328,7 @@ class Widget_Archive extends Widget_Abstract_Contents } /** - * @param $_archiveSingle the $_archiveSingle to set + * @param string $archiveSingle the $_archiveSingle to set */ public function setArchiveSingle($archiveSingle) { @@ -795,6 +795,7 @@ class Widget_Archive extends Widget_Abstract_Contents /** 保存密码至cookie */ if ($this->request->isPost() && isset($this->request->protectPassword)) { + $this->security->protect(); Typecho_Cookie::set('protectPassword', $this->request->protectPassword, 0); } @@ -1475,7 +1476,7 @@ class Widget_Archive extends Widget_Abstract_Contents * 获取回响归档对象 * * @access public - * @return void + * @return Widget_Comments_Ping */ public function pings() { diff --git a/var/Widget/Feedback.php b/var/Widget/Feedback.php index 0489ef7c..a0c2c9b6 100644 --- a/var/Widget/Feedback.php +++ b/var/Widget/Feedback.php @@ -37,6 +37,9 @@ class Widget_Feedback extends Widget_Abstract_Comments implements Widget_Interfa */ private function comment() { + // 使用安全模块保护 + $this->security->protect(); + $comment = array( 'cid' => $this->_content->cid, 'created' => $this->options->gmtTime, diff --git a/var/Widget/Login.php b/var/Widget/Login.php index 6d2568b4..597a559b 100644 --- a/var/Widget/Login.php +++ b/var/Widget/Login.php @@ -28,6 +28,9 @@ class Widget_Login extends Widget_Abstract_Users implements Widget_Interface_Do */ public function action() { + // protect + $this->security->protect(); + /** 如果已经登录 */ if ($this->user->hasLogin()) { /** 直接返回 */ diff --git a/var/Widget/Options.php b/var/Widget/Options.php index a893f019..c569447a 100644 --- a/var/Widget/Options.php +++ b/var/Widget/Options.php @@ -201,8 +201,9 @@ class Widget_Options extends Typecho_Widget */ protected function ___loginAction() { - return Typecho_Router::url('do', array('action' => 'login', 'widget' => 'Login'), - Typecho_Common::url('index.php', $this->rootUrl)); + return $this->widget('Widget_Security')->getTokenUrl( + Typecho_Router::url('do', array('action' => 'login', 'widget' => 'Login'), + Typecho_Common::url('index.php', $this->rootUrl))); } /** @@ -224,7 +225,8 @@ class Widget_Options extends Typecho_Widget */ protected function ___registerAction() { - return Typecho_Router::url('do', array('action' => 'register', 'widget' => 'Register'), $this->index); + return $this->widget('Widget_Security')->getTokenUrl( + Typecho_Router::url('do', array('action' => 'register', 'widget' => 'Register'), $this->index)); } /** diff --git a/var/Widget/Options/General.php b/var/Widget/Options/General.php index 641fe022..c3c777dc 100644 --- a/var/Widget/Options/General.php +++ b/var/Widget/Options/General.php @@ -179,8 +179,12 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I $attachmentTypesOther = $this->request->filter('trim', 'strtolower')->attachmentTypesOther; if ($this->isEnableByCheckbox($settings['attachmentTypes'], '@other@') && !empty($attachmentTypesOther)) { - $attachmentTypes[] = implode(',', - array_filter(array_map('trim', explode(',', $attachmentTypesOther)), array($this, 'removeShell'))); + $types = implode(',', array_filter(array_map('trim', + explode(',', $attachmentTypesOther)), array($this, 'removeShell'))); + + if (!empty($types)) { + $attachmentTypes[] = $types; + } } $settings['attachmentTypes'] = implode(',', $attachmentTypes); diff --git a/var/Widget/Register.php b/var/Widget/Register.php index 10e2d672..abd3af2d 100644 --- a/var/Widget/Register.php +++ b/var/Widget/Register.php @@ -17,6 +17,9 @@ class Widget_Register extends Widget_Abstract_Users implements Widget_Interface_ */ public function action() { + // protect + $this->security->protect(); + /** 如果已经登录 */ if ($this->user->hasLogin() || !$this->options->allowRegister) { /** 直接返回 */ diff --git a/var/Widget/Security.php b/var/Widget/Security.php index a3aacc4b..e1562e8d 100644 --- a/var/Widget/Security.php +++ b/var/Widget/Security.php @@ -30,13 +30,21 @@ class Widget_Security extends Typecho_Widget $this->_options = $this->widget('Widget_Options'); $user = $this->widget('Widget_User'); - $token = uniqid(); + $this->_token = $this->_options->secret; if ($user->hasLogin()) { - $token = $user->authCode . '&' . $user->uid - . '&' . $this->request->getRequestUrl(); + $this->_token .= '&' . $user->authCode . '&' . $user->uid; } + } - $this->_token = md5($token); + /** + * 获取token + * + * @param string $suffix 后缀 + * @return string + */ + public function getToken($suffix) + { + return md5($this->_token . '&' . $suffix); } /** @@ -54,7 +62,7 @@ class Widget_Security extends Typecho_Widget parse_str($parts['query'], $params); } - $params['_'] = $this->_token; + $params['_'] = $this->getToken($this->request->getRequestUrl()); $parts['query'] = http_build_query($params); return Typecho_Common::buildUrl($parts); @@ -66,16 +74,8 @@ class Widget_Security extends Typecho_Widget */ public function protect() { - $user = $this->widget('Widget_User'); - $token = uniqid(); - if ($user->hasLogin()) { - $token = $user->authCode . '&' . $user->uid - . '&' . $this->request->getReferer(); - } - - if ($this->request->get('_') != md5($token)) { - $this->widget('Widget_Notice')->set(_t('一次不安全的跳转已经被阻止')); - $this->response->redirect($this->_options->adminUrl); + if ($this->request->get('_') != $this->getToken($this->request->getReferer())) { + $this->response->goBack(); } } From 23e1e04cd73b9d4190925740585db4f53f78172e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Fri, 14 Mar 2014 16:14:03 +0800 Subject: [PATCH 18/23] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=87=AA=E5=AE=9A?= =?UTF-8?q?=E4=B9=89=E5=AD=97=E6=AE=B5=E6=B6=88=E5=A4=B1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Widget/Contents/Post/Edit.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/var/Widget/Contents/Post/Edit.php b/var/Widget/Contents/Post/Edit.php index df97997a..861157a6 100644 --- a/var/Widget/Contents/Post/Edit.php +++ b/var/Widget/Contents/Post/Edit.php @@ -90,8 +90,9 @@ class Widget_Contents_Post_Edit extends Widget_Abstract_Contents implements Widg protected function getFields() { $fields = array(); + $fieldNames = $this->request->getArray('fieldNames'); - if (!empty($this->request->fieldNames)) { + if (!empty($fieldNames)) { $data = array( 'fieldNames' => $this->request->getArray('fieldNames'), 'fieldTypes' => $this->request->getArray('fieldTypes'), From b4c903f82bc8a1766f62e1786648a1b421d02101 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Sat, 15 Mar 2014 11:36:53 +0800 Subject: [PATCH 19/23] fix #208 --- install.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/install.php b/install.php index 14f1b2ad..a666b176 100644 --- a/install.php +++ b/install.php @@ -60,6 +60,18 @@ if (!isset($_GET['finish']) && file_exists(__TYPECHO_ROOT_DIR__ . '/config.inc.p exit; } +// 挡掉可能的跨站请求 +if (!empty($_GET) || !empty($_POST)) { + if (empty($_SERVER['HTTP_REFERER')) { + exit; + } + + $parts = parse_url($_SERVER); + if (empty($parts['host']) || $_SERVER['HTTP_HOST'] != $parts['host']) { + exit; + } +} + /** * 获取传递参数 * @@ -205,6 +217,7 @@ list($prefixVersion, $suffixVersion) = explode('/', $currentVersion); if (isset($_REQUEST['user']) && isset($_REQUEST['password'])) { $loginUrl = _u() . '/index.php/action/login?name=' . urlencode(_r('user')) . '&password=' . urlencode(_r('password')) . '&referer=' . _u() . '/admin/index.php'; + $loginUrl = Typecho_Widget::widget('Widget_Security')->getTokenUrl($loginUrl); } else { $loginUrl = _u() . '/admin/index.php'; } From f1b7f58ddc3f14ad9c84a142de0df79d412a1c25 Mon Sep 17 00:00:00 2001 From: byends Date: Sat, 15 Mar 2014 11:56:08 +0800 Subject: [PATCH 20/23] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=BF=9D=E5=AD=98?= =?UTF-8?q?=E4=B8=AA=E4=BA=BA=E8=B5=84=E6=96=99=E4=B8=AD=E2=80=9C=E9=BB=98?= =?UTF-8?q?=E8=AE=A4=E5=85=81=E8=AE=B8=E2=80=9D=E9=80=89=E9=A1=B9=E5=A4=B1?= =?UTF-8?q?=E6=95=88=E7=9A=84BUG?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Widget/Users/Profile.php | 74 +++++++++++++++++------------------- 1 file changed, 35 insertions(+), 39 deletions(-) diff --git a/var/Widget/Users/Profile.php b/var/Widget/Users/Profile.php index f997a993..05a677e2 100644 --- a/var/Widget/Users/Profile.php +++ b/var/Widget/Users/Profile.php @@ -43,11 +43,11 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface { /** 构建表格 */ $form = new Typecho_Widget_Helper_Form($this->security->getIndex('/action/users-profile'), - Typecho_Widget_Helper_Form::POST_METHOD); + Typecho_Widget_Helper_Form::POST_METHOD); /** 用户昵称 */ $screenName = new Typecho_Widget_Helper_Form_Element_Text('screenName', NULL, NULL, _t('昵称'), _t('用户昵称可以与用户名不同, 用于前台显示.') - . '
' . _t('如果你将此项留空, 将默认使用用户名.')); + . '
' . _t('如果你将此项留空, 将默认使用用户名.')); $form->addInput($screenName); /** 个人主页地址 */ @@ -56,7 +56,7 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface /** 电子邮箱地址 */ $mail = new Typecho_Widget_Helper_Form_Element_Text('mail', NULL, NULL, _t('电子邮箱地址 *'), _t('电子邮箱地址将作为此用户的主要联系方式.') - . '
' . _t('请不要与系统中现有的电子邮箱地址重复.')); + . '
' . _t('请不要与系统中现有的电子邮箱地址重复.')); $form->addInput($mail); /** 用户动作 */ @@ -93,20 +93,20 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface { /** 构建表格 */ $form = new Typecho_Widget_Helper_Form($this->security->getIndex('/action/users-profile'), - Typecho_Widget_Helper_Form::POST_METHOD); + Typecho_Widget_Helper_Form::POST_METHOD); - /** 自动保存 */ + /** 撰写设置 */ $markdown = new Typecho_Widget_Helper_Form_Element_Radio('markdown', - array('0' => _t('关闭'), '1' => _t('打开')), - $this->options->markdown, _t('使用 Markdown 语法编辑和解析内容'), - _t('使用 Markdown 语法能够使您的撰写过程更加简便直观.') - . '
' . _t('此功能开启不会影响以前没有使用 Markdown 语法编辑的内容.')); + array('0' => _t('关闭'), '1' => _t('打开')), + $this->options->markdown, _t('使用 Markdown 语法编辑和解析内容'), + _t('使用 Markdown 语法能够使您的撰写过程更加简便直观.') + . '
' . _t('此功能开启不会影响以前没有使用 Markdown 语法编辑的内容.')); $form->addInput($markdown); /** 自动保存 */ $autoSave = new Typecho_Widget_Helper_Form_Element_Radio('autoSave', - array('0' => _t('关闭'), '1' => _t('打开')), - $this->options->autoSave, _t('自动保存'), _t('自动保存功能可以更好地保护你的文章不会丢失.')); + array('0' => _t('关闭'), '1' => _t('打开')), + $this->options->autoSave, _t('自动保存'), _t('自动保存功能可以更好地保护你的文章不会丢失.')); $form->addInput($autoSave); /** 默认允许 */ @@ -124,8 +124,8 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface } $defaultAllow = new Typecho_Widget_Helper_Form_Element_Checkbox('defaultAllow', - array('comment' => _t('可以被评论'), 'ping' => _t('可以被引用'), 'feed' => _t('出现在聚合中')), - $allow, _t('默认允许'), _t('设置你经常使用的默认允许权限')); + array('comment' => _t('可以被评论'), 'ping' => _t('可以被引用'), 'feed' => _t('出现在聚合中')), + $allow, _t('默认允许'), _t('设置你经常使用的默认允许权限')); $form->addInput($defaultAllow); /** 用户动作 */ @@ -154,7 +154,7 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface { /** 构建表格 */ $form = new Typecho_Widget_Helper_Form($this->security->getIndex('/action/users-profile'), - Typecho_Widget_Helper_Form::POST_METHOD); + Typecho_Widget_Helper_Form::POST_METHOD); $form->setAttribute('name', $pluginName); $form->setAttribute('id', $pluginName); @@ -189,7 +189,7 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface if ($plugins->personalConfig) { echo '

' . $plugins->title . '

'; list($pluginFileName, $className) = Typecho_Plugin::portal($plugins->name, - __TYPECHO_ROOT_DIR__ . '/' . __TYPECHO_PLUGIN_DIR__); + __TYPECHO_ROOT_DIR__ . '/' . __TYPECHO_PLUGIN_DIR__); $form = $this->personalForm($plugins->name, $className, $pluginFileName, $group); if ($this->user->pass($group, true)) { @@ -209,11 +209,11 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface { /** 构建表格 */ $form = new Typecho_Widget_Helper_Form($this->security->getIndex('/action/users-profile'), - Typecho_Widget_Helper_Form::POST_METHOD); + Typecho_Widget_Helper_Form::POST_METHOD); /** 用户密码 */ $password = new Typecho_Widget_Helper_Form_Element_Password('password', NULL, NULL, _t('用户密码'), _t('为此用户分配一个密码.') - . '
' . _t('建议使用特殊字符与字母、数字的混编样式,以增加系统安全性.')); + . '
' . _t('建议使用特殊字符与字母、数字的混编样式,以增加系统安全性.')); $password->input->setAttribute('class', 'w-60'); $form->addInput($password); @@ -277,27 +277,23 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface { $settings['autoSave'] = $this->request->autoSave ? 1 : 0; $settings['markdown'] = $this->request->markdown ? 1 : 0; + $defaultAllow = $this->request->getArray('defaultAllow'); - $settings['defaultAllowComment'] = is_array($this->request->defaultAllow) - && in_array('comment', $this->request->defaultAllow) ? 1 : 0; - - $settings['defaultAllowPing'] = is_array($this->request->defaultAllow) - && in_array('ping', $this->request->defaultAllow) ? 1 : 0; - - $settings['defaultAllowFeed'] = is_array($this->request->defaultAllow) - && in_array('feed', $this->request->defaultAllow) ? 1 : 0; + $settings['defaultAllowComment'] = in_array('comment', $defaultAllow) ? 1 : 0; + $settings['defaultAllowPing'] = in_array('ping', $defaultAllow) ? 1 : 0; + $settings['defaultAllowFeed'] = in_array('feed', $defaultAllow) ? 1 : 0; foreach ($settings as $name => $value) { if ($this->db->fetchObject($this->db->select(array('COUNT(*)' => 'num')) - ->from('table.options')->where('name = ? AND user = ?', $name, $this->user->uid))->num > 0) { + ->from('table.options')->where('name = ? AND user = ?', $name, $this->user->uid))->num > 0) { $this->widget('Widget_Abstract_Options') - ->update(array('value' => $value), $this->db->sql()->where('name = ? AND user = ?', $name, $this->user->uid)); + ->update(array('value' => $value), $this->db->sql()->where('name = ? AND user = ?', $name, $this->user->uid)); } else { $this->widget('Widget_Abstract_Options')->insert(array( - 'name' => $name, - 'value' => $value, - 'user' => $this->user->uid - )); + 'name' => $name, + 'value' => $value, + 'user' => $this->user->uid + )); } } @@ -322,7 +318,7 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface /** 更新数据 */ $this->update(array('password' => $password), - $this->db->sql()->where('uid = ?', $this->user->uid)); + $this->db->sql()->where('uid = ?', $this->user->uid)); /** 设置高亮 */ $this->widget('Widget_Notice')->highlight('user-' . $this->user->uid); @@ -351,7 +347,7 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface /** 获取插件入口 */ list($pluginFileName, $className) = Typecho_Plugin::portal($this->request->plugin, - __TYPECHO_ROOT_DIR__ . '/' . __TYPECHO_PLUGIN_DIR__); + __TYPECHO_ROOT_DIR__ . '/' . __TYPECHO_PLUGIN_DIR__); $info = Typecho_Plugin::parseInfo($pluginFileName); if (!$info['personalConfig'] || !isset($activatedPlugins[$pluginName])) { @@ -372,15 +368,15 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface if (!$this->personalConfigHandle($className, $settings)) { if ($this->db->fetchObject($this->db->select(array('COUNT(*)' => 'num')) - ->from('table.options')->where('name = ? AND user = ?', $name, $this->user->uid))->num > 0) { + ->from('table.options')->where('name = ? AND user = ?', $name, $this->user->uid))->num > 0) { $this->widget('Widget_Abstract_Options') - ->update(array('value' => serialize($settings)), $this->db->sql()->where('name = ? AND user = ?', $name, $this->user->uid)); + ->update(array('value' => serialize($settings)), $this->db->sql()->where('name = ? AND user = ?', $name, $this->user->uid)); } else { $this->widget('Widget_Abstract_Options')->insert(array( - 'name' => $name, - 'value' => serialize($settings), - 'user' => $this->user->uid - )); + 'name' => $name, + 'value' => serialize($settings), + 'user' => $this->user->uid + )); } } From 8e0b3565a303388b0e85cf1289f39bf150cfd2fd Mon Sep 17 00:00:00 2001 From: byends Date: Sat, 15 Mar 2014 12:01:38 +0800 Subject: [PATCH 21/23] =?UTF-8?q?=E6=95=B4=E7=90=86=E4=BB=A3=E7=A0=81?= =?UTF-8?q?=E6=A0=BC=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Widget/Users/Profile.php | 60 ++++++++++++++++++------------------ 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/var/Widget/Users/Profile.php b/var/Widget/Users/Profile.php index 05a677e2..963f0203 100644 --- a/var/Widget/Users/Profile.php +++ b/var/Widget/Users/Profile.php @@ -43,11 +43,11 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface { /** 构建表格 */ $form = new Typecho_Widget_Helper_Form($this->security->getIndex('/action/users-profile'), - Typecho_Widget_Helper_Form::POST_METHOD); + Typecho_Widget_Helper_Form::POST_METHOD); /** 用户昵称 */ $screenName = new Typecho_Widget_Helper_Form_Element_Text('screenName', NULL, NULL, _t('昵称'), _t('用户昵称可以与用户名不同, 用于前台显示.') - . '
' . _t('如果你将此项留空, 将默认使用用户名.')); + . '
' . _t('如果你将此项留空, 将默认使用用户名.')); $form->addInput($screenName); /** 个人主页地址 */ @@ -56,7 +56,7 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface /** 电子邮箱地址 */ $mail = new Typecho_Widget_Helper_Form_Element_Text('mail', NULL, NULL, _t('电子邮箱地址 *'), _t('电子邮箱地址将作为此用户的主要联系方式.') - . '
' . _t('请不要与系统中现有的电子邮箱地址重复.')); + . '
' . _t('请不要与系统中现有的电子邮箱地址重复.')); $form->addInput($mail); /** 用户动作 */ @@ -93,20 +93,20 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface { /** 构建表格 */ $form = new Typecho_Widget_Helper_Form($this->security->getIndex('/action/users-profile'), - Typecho_Widget_Helper_Form::POST_METHOD); + Typecho_Widget_Helper_Form::POST_METHOD); /** 撰写设置 */ $markdown = new Typecho_Widget_Helper_Form_Element_Radio('markdown', - array('0' => _t('关闭'), '1' => _t('打开')), - $this->options->markdown, _t('使用 Markdown 语法编辑和解析内容'), - _t('使用 Markdown 语法能够使您的撰写过程更加简便直观.') - . '
' . _t('此功能开启不会影响以前没有使用 Markdown 语法编辑的内容.')); + array('0' => _t('关闭'), '1' => _t('打开')), + $this->options->markdown, _t('使用 Markdown 语法编辑和解析内容'), + _t('使用 Markdown 语法能够使您的撰写过程更加简便直观.') + . '
' . _t('此功能开启不会影响以前没有使用 Markdown 语法编辑的内容.')); $form->addInput($markdown); /** 自动保存 */ $autoSave = new Typecho_Widget_Helper_Form_Element_Radio('autoSave', - array('0' => _t('关闭'), '1' => _t('打开')), - $this->options->autoSave, _t('自动保存'), _t('自动保存功能可以更好地保护你的文章不会丢失.')); + array('0' => _t('关闭'), '1' => _t('打开')), + $this->options->autoSave, _t('自动保存'), _t('自动保存功能可以更好地保护你的文章不会丢失.')); $form->addInput($autoSave); /** 默认允许 */ @@ -124,8 +124,8 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface } $defaultAllow = new Typecho_Widget_Helper_Form_Element_Checkbox('defaultAllow', - array('comment' => _t('可以被评论'), 'ping' => _t('可以被引用'), 'feed' => _t('出现在聚合中')), - $allow, _t('默认允许'), _t('设置你经常使用的默认允许权限')); + array('comment' => _t('可以被评论'), 'ping' => _t('可以被引用'), 'feed' => _t('出现在聚合中')), + $allow, _t('默认允许'), _t('设置你经常使用的默认允许权限')); $form->addInput($defaultAllow); /** 用户动作 */ @@ -154,7 +154,7 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface { /** 构建表格 */ $form = new Typecho_Widget_Helper_Form($this->security->getIndex('/action/users-profile'), - Typecho_Widget_Helper_Form::POST_METHOD); + Typecho_Widget_Helper_Form::POST_METHOD); $form->setAttribute('name', $pluginName); $form->setAttribute('id', $pluginName); @@ -189,7 +189,7 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface if ($plugins->personalConfig) { echo '

' . $plugins->title . '

'; list($pluginFileName, $className) = Typecho_Plugin::portal($plugins->name, - __TYPECHO_ROOT_DIR__ . '/' . __TYPECHO_PLUGIN_DIR__); + __TYPECHO_ROOT_DIR__ . '/' . __TYPECHO_PLUGIN_DIR__); $form = $this->personalForm($plugins->name, $className, $pluginFileName, $group); if ($this->user->pass($group, true)) { @@ -209,11 +209,11 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface { /** 构建表格 */ $form = new Typecho_Widget_Helper_Form($this->security->getIndex('/action/users-profile'), - Typecho_Widget_Helper_Form::POST_METHOD); + Typecho_Widget_Helper_Form::POST_METHOD); /** 用户密码 */ $password = new Typecho_Widget_Helper_Form_Element_Password('password', NULL, NULL, _t('用户密码'), _t('为此用户分配一个密码.') - . '
' . _t('建议使用特殊字符与字母、数字的混编样式,以增加系统安全性.')); + . '
' . _t('建议使用特殊字符与字母、数字的混编样式,以增加系统安全性.')); $password->input->setAttribute('class', 'w-60'); $form->addInput($password); @@ -285,15 +285,15 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface foreach ($settings as $name => $value) { if ($this->db->fetchObject($this->db->select(array('COUNT(*)' => 'num')) - ->from('table.options')->where('name = ? AND user = ?', $name, $this->user->uid))->num > 0) { + ->from('table.options')->where('name = ? AND user = ?', $name, $this->user->uid))->num > 0) { $this->widget('Widget_Abstract_Options') - ->update(array('value' => $value), $this->db->sql()->where('name = ? AND user = ?', $name, $this->user->uid)); + ->update(array('value' => $value), $this->db->sql()->where('name = ? AND user = ?', $name, $this->user->uid)); } else { $this->widget('Widget_Abstract_Options')->insert(array( - 'name' => $name, - 'value' => $value, - 'user' => $this->user->uid - )); + 'name' => $name, + 'value' => $value, + 'user' => $this->user->uid + )); } } @@ -318,7 +318,7 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface /** 更新数据 */ $this->update(array('password' => $password), - $this->db->sql()->where('uid = ?', $this->user->uid)); + $this->db->sql()->where('uid = ?', $this->user->uid)); /** 设置高亮 */ $this->widget('Widget_Notice')->highlight('user-' . $this->user->uid); @@ -347,7 +347,7 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface /** 获取插件入口 */ list($pluginFileName, $className) = Typecho_Plugin::portal($this->request->plugin, - __TYPECHO_ROOT_DIR__ . '/' . __TYPECHO_PLUGIN_DIR__); + __TYPECHO_ROOT_DIR__ . '/' . __TYPECHO_PLUGIN_DIR__); $info = Typecho_Plugin::parseInfo($pluginFileName); if (!$info['personalConfig'] || !isset($activatedPlugins[$pluginName])) { @@ -368,15 +368,15 @@ class Widget_Users_Profile extends Widget_Users_Edit implements Widget_Interface if (!$this->personalConfigHandle($className, $settings)) { if ($this->db->fetchObject($this->db->select(array('COUNT(*)' => 'num')) - ->from('table.options')->where('name = ? AND user = ?', $name, $this->user->uid))->num > 0) { + ->from('table.options')->where('name = ? AND user = ?', $name, $this->user->uid))->num > 0) { $this->widget('Widget_Abstract_Options') - ->update(array('value' => serialize($settings)), $this->db->sql()->where('name = ? AND user = ?', $name, $this->user->uid)); + ->update(array('value' => serialize($settings)), $this->db->sql()->where('name = ? AND user = ?', $name, $this->user->uid)); } else { $this->widget('Widget_Abstract_Options')->insert(array( - 'name' => $name, - 'value' => serialize($settings), - 'user' => $this->user->uid - )); + 'name' => $name, + 'value' => serialize($settings), + 'user' => $this->user->uid + )); } } From ee4e4838cd05d56b392d4a909022eee4b7e1d087 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Sat, 15 Mar 2014 22:46:46 +0800 Subject: [PATCH 22/23] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E9=93=BE=E6=8E=A5?= =?UTF-8?q?=E8=B7=B3=E8=BD=AC=E5=88=A4=E6=96=AD=E4=B8=8D=E5=AE=8C=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- admin/common-js.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/common-js.php b/admin/common-js.php index 5ee4ba1a..812bee9c 100644 --- a/admin/common-js.php +++ b/admin/common-js.php @@ -92,7 +92,7 @@ $('a').each(function () { var t = $(this), href = t.attr('href'); - if ((href.length > 1 && href[0] == '#') + if ((href && href[0] == '#') || /^adminUrl, '/'); ?>.*$/.exec(href) || /^index), '/'), 0, -1); ?>action\/[_a-zA-Z0-9\/]+.*$/.exec(href)) { return; From 81f46ae06faa664f1db5f42ee4bce2a8786384b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Sat, 15 Mar 2014 22:50:17 +0800 Subject: [PATCH 23/23] =?UTF-8?q?=E4=BD=BF=E7=94=A8=E4=B8=A5=E7=AD=89?= =?UTF-8?q?=E4=BA=8E=E6=9D=A5=E4=BF=AE=E5=A4=8D=E6=9F=90=E4=BA=9B=E6=9E=81?= =?UTF-8?q?=E7=AB=AF=E6=83=85=E5=86=B5=E4=B8=8B=E5=AF=86=E7=A0=81=E5=8F=AF?= =?UTF-8?q?=E8=A2=AB=E7=BB=95=E8=BF=87=E7=9A=84=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Typecho/Common.php | 4 ++-- var/Widget/Abstract/Contents.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/var/Typecho/Common.php b/var/Typecho/Common.php index 3f2da629..3642f327 100644 --- a/var/Typecho/Common.php +++ b/var/Typecho/Common.php @@ -967,9 +967,9 @@ EOF; { if ('$T$' == substr($to, 0, 3)) { $salt = substr($to, 3, 9); - return self::hash($from, $salt) == $to; + return self::hash($from, $salt) === $to; } else { - return md5($from) == $to; + return md5($from) === $to; } } diff --git a/var/Widget/Abstract/Contents.php b/var/Widget/Abstract/Contents.php index 5c4bc757..27da5841 100644 --- a/var/Widget/Abstract/Contents.php +++ b/var/Widget/Abstract/Contents.php @@ -717,7 +717,7 @@ class Widget_Abstract_Contents extends Widget_Abstract /** 处理密码保护流程 */ if (!empty($value['password']) && - $value['password'] != Typecho_Cookie::get('protectPassword') && + $value['password'] !== Typecho_Cookie::get('protectPassword') && $value['authorId'] != $this->user->uid && !$this->user->pass('editor', true)) { $value['hidden'] = true;