{"id":1218,"date":"2023-09-20T18:51:34","date_gmt":"2023-09-20T10:51:34","guid":{"rendered":"https:\/\/log.tanxiaodian.com\/?p=1218"},"modified":"2023-09-24T13:53:45","modified_gmt":"2023-09-24T05:53:45","slug":"%e5%af%b9discuz%e6%89%b9%e9%87%8f%e5%8f%91%e5%b8%96%e7%9a%84%e5%88%86%e6%9e%90","status":"publish","type":"post","link":"https:\/\/log.tanxiaodian.com\/?p=1218","title":{"rendered":"\u5bf9Discuz\u6279\u91cf\u53d1\u5e16\u7684\u5206\u6790"},"content":{"rendered":"\n

\u7b2c\u4e00\u6b65\u5148\u6d4b\u8bd5\u65e0\u9644\u4ef6\u53d1\u5e16
\u6b63\u5e38\u53d1\u5e16\u6d41\u7a0b\u5206\u6790
\u8868\u5355forum.php?mod=post&action=newthread&fid=3&extra=&topicsubmit=yes
\u8868\u5355\u63d0\u4ea4\u6309\u94ae\u540d :topicsubmit
\u4ee3\u7801\u5bfb\u627e
upload\\source\\module\\forum\\forum_post.php
206\u884c\u5bf9\u83b7\u53d6\u4e3b\u9898\u548c\u5185\u5bb9\u7684\u5904\u7406:
$subject = isset($_GET[‘subject’]) ? dhtmlspecialchars(censor(trim($_GET[‘subject’]), NULL, FALSE, FALSE)) : ”;
$subject = !empty($subject) ? str_replace(“\\t”, ‘ ‘, $subject) : $subject;
$message = isset($_GET[‘message’]) ? censor($_GET[‘message’], NULL, FALSE, FALSE) : ”;
$sortid = intval(getgpc(‘sortid’));<\/p>\n\n\n\n

316\u884c:<\/p>\n\n\n\n

require_once libfile(‘post\/newthread’, ‘include’);<\/h2>\n\n\n\n

upload\\source\\include\\post\\post_newthread.php
142\u884c\u5f00\u59cb\u67e5\u770b\u63d0\u4ea4\u540e\u5904\u7406=======================================================
160\u884c\u6ce8\u610f\u7ec4\u88c5\u5b58\u50a8\u5bf9\u8c61
$params = array(
‘subject’ => $subject, \/\/\u6807\u9898
‘message’ => $message, \/\/ \u5185\u5bb9
‘typeid’ => $typeid,
‘sortid’ => $sortid, \/\/\u5206\u7c7bid \u5982\u679c\u5e16\u5b50\u662f\u5206\u7c7b\u4fe1\u606f\u578b\u5e16\u5b50
‘special’ => $special, \/\/\u7279\u6b8a\u4e3b\u9898~~\u5982\u6295\u7968\u6216\u81ea\u5b9a\u4e49
);<\/p>\n\n\n\n

180\u884c\u5bf9$params\u8865\u5145\u4e86:
$params[‘publishdate’] = $publishdate;\/\/\u53d1\u5e03\u65f6\u95f4
$params[‘save’] = $_GET[‘save’];
$params[‘sticktopic’] = getgpc(‘sticktopic’);
$params[‘digest’] = getgpc(‘addtodigest’);
$params[‘readperm’] = $readperm;
$params[‘isanonymous’] = getgpc(‘isanonymous’);
$params[‘price’] = $_GET[‘price’];<\/p>\n\n\n\n

231\u884c\u5bf9$params\u8865\u5145\u4e86:
$params[‘typeexpiration’] = getgpc(‘typeexpiration’);
$params[‘ordertype’] = getgpc(‘ordertype’);
$params[‘hiddenreplies’] = getgpc(‘hiddenreplies’);
$params[‘allownoticeauthor’] = $_GET[‘allownoticeauthor’];
$params[‘tags’] = $_GET[‘tags’];
$params[‘bbcodeoff’] = getgpc(‘bbcodeoff’);
$params[‘smileyoff’] = getgpc(‘smileyoff’);
$params[‘parseurloff’] = getgpc(‘parseurloff’);
$params[‘usesig’] = $_GET[‘usesig’];
$params[‘htmlon’] = getgpc(‘htmlon’);<\/p>\n\n\n\n

276\u548c277\u884c:
$modthread->attach_before_methods(‘newthread’, $bfmethods);
$modthread->attach_after_methods(‘newthread’, $afmethods);
$return = $modthread->newthread($params);<\/p>\n\n\n\n

\u6a21\u578b\u7c7b:source\/class\/model\/model_forum_thread.php
38\u884cpublic function newthread($parameters)
61\u884c\u9632\u704c\u6c34\u9700\u8981\u6253\u6389<\/strong>
if(checkflood()) {
return $this->showmessage(‘post_flood_ctrl’, ”, array(‘floodctrl’ => $this->setting[‘floodctrl’]));
} elseif(checkmaxperhour(‘tid’)) {
return $this->showmessage(‘thread_flood_ctrl_threads_per_hour’, ”, array(‘threads_per_hour’ => $this->group[‘maxthreadsperhour’]));
}<\/p>\n\n\n\n

86\u884c:
<\/p>\n\n\n\n

\/\/\u4e3b\u9898\u5206\u7c7b\nif(!$this->param['typeid'] && !empty($this->forum['threadtypes']['required']) && !$this->param['special']) {\nreturn $this->showmessage('post_type_isnull');\n}    \n\/\/\u5206\u7c7b\u4fe1\u606f\n    if(!$this->param['sortid'] && !empty($this->forum['threadsorts']['required']) && !$this->param['special']) {\n        return $this->showmessage('post_sort_isnull');\n    }\n\n    \/\/\u7279\u6b8a\u4e3b\u9898\n    if(!$this->param['special'] && $this->param['price'] > 0 && floor($this->param['price'] * (1 - $this->setting['creditstax'])) == 0) {\n        return $this->showmessage('post_net_price_iszero');\n    }<\/code><\/pre>\n\n\n\n
240\u884c\u7531\u4e8e\u662f\u65b0\u5e16\u53ea\u4f1a\u8fdbif\u4e0d\u4f1a\u8fdbelse:
if($this->param[‘modnewthreads’]) {
updatemoderate(‘tid’, $this->tid);
C::t(‘forum_forum’)->update_forum_counter($this->forum[‘fid’], 0, 0, 1);
manage_addnotify(‘verifythread’);
return ‘post_newthread_mod_succeed’;
}<\/p>\n\n\n\n
\u7b2c\u4e8c\u6b65\u3001\u9644\u4ef6\u548c\u56fe\u7247\u5185\u5bb9
\u9644\u4ef6\u548c\u56fe\u7247\u5185\u5bb9\u7684\u731c\u6d4b:
\u5148\u4e0a\u4f20\u4e0a\u4f20\u5b8c\u6210\u8fd4\u56de\u9644\u4ef6id \u56fe\u7247id, \u7136\u540e\u7ec4\u88c5\u5185\u5bb9,\u7136\u540e\u8d70\u53d1\u5e16\u6d41\u7a0b<\/p>\n\n\n\n
<\/p>\n\n\n\n
\u5173\u4e8ewebupload.js\u4e2dconsole.log(22) \u8f93\u51fa\u5bfc\u81f4SWFUpload\u00a0\u5bf9\u8c61\u9519\u8bef\u7684\u5224\u65ad<\/strong><\/p>\n\n\n\n
\u5f53\u6211\u4ee5if(2){ alert(2)} \u8fd9\u6837\u7684\u683c\u5f0f\u505a\u8f93\u51fa\u8bca\u65ad\u7684\u65f6\u5019\u4ee5\u4e0a\u9519\u8bef\u6d88\u5931\u4e86,\u90a3\u4e48\u6211\u5224\u65ad\u5e94\u8be5\u662fconsole.log(3) \u5bfc\u81f4js\u5bf9\u8c61\u683c\u5f0f\u9519\u4e86\uff0c\u800cif(3){dddd}\u8fd9\u6837\u7684\u683c\u5f0f\u521a\u597d\u9002\u5e94js\u5bf9\u8c61\u683c\u5f0f<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\u7b2c\u4e00\u6b65\u5148\u6d4b\u8bd5\u65e0\u9644\u4ef6\u53d1\u5e16\u6b63\u5e38\u53d1\u5e16\u6d41\u7a0b\u5206\u6790\u8868\u5355foru…<\/p>\n
Continue reading\u5bf9Discuz\u6279\u91cf\u53d1\u5e16\u7684\u5206\u6790<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[152],"_links":{"self":[{"href":"https:\/\/log.tanxiaodian.com\/index.php?rest_route=\/wp\/v2\/posts\/1218"}],"collection":[{"href":"https:\/\/log.tanxiaodian.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/log.tanxiaodian.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/log.tanxiaodian.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/log.tanxiaodian.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1218"}],"version-history":[{"count":2,"href":"https:\/\/log.tanxiaodian.com\/index.php?rest_route=\/wp\/v2\/posts\/1218\/revisions"}],"predecessor-version":[{"id":1221,"href":"https:\/\/log.tanxiaodian.com\/index.php?rest_route=\/wp\/v2\/posts\/1218\/revisions\/1221"}],"wp:attachment":[{"href":"https:\/\/log.tanxiaodian.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/log.tanxiaodian.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/log.tanxiaodian.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}