2、修改extend.func.php文件,在其最后面添加如下代码:
//dedecms联动筛选功能 By 织梦技术研究中心 技术支持群:217479292 字符过滤函数
02function wwwcms_filter($str,$stype="inject") {
03 if ($stype=="inject") {
04 $str = str_replace(
05 array( "select", "insert", "update", "delete", "alter", "cas","union", "into", "load_file", "outfile", "create", "join", "where", "like","drop", "modify", "rename", "'", "/*", "*", "../", "./"),
06 array("","","","","","","","","","","","","","","","","","","","","",""),
07 $str);
08 } else if ($stype=="xss") {
09 $farr = array("/\s+/" ,
10 "/]*?)>/isU",
11 "/(]*)on[a-zA-Z]+\s*=([^>]*>)/isU",
12 );
13 $tarr = array(" ",
14 "",
15 "\\1\\2",
16 );
17 $str = preg_replace($farr, $tarr, $str);
18 $str = str_replace(
19 array( "", "'", "\"", ";", "/*", "*", "../", "./"),
20 array("<",">","","","","","","",""),
21 $str);
22 }
23 return $str;
24 }
25
26/**
27 * 载入自定义表单(用于发布)
28 *
29 * @access public
30 * @param string $fieldset 字段列表
31 * @param string $loadtype 载入类型
32 * @return string
33 */
34
35 function AddFilter($channelid, $type=1, $fieldsnamef, $defaulttid, $loadtype='autofield')
36 {
37 global $tid,$dsql,$id;
38 $tid = $defaulttid ? $defaulttid : $tid;
39 if ($id!="")
40 {
41 $tidsq = $dsql->GetOne(" Select typeid From `#【分隔符】@__archives` where id='$id' ");
42 $tid = $tidsq["typeid"];
43 }
44 $nofilter = (isset($_REQUEST['TotalResult']) ?"&TotalResult=".$_REQUEST['TotalResult'] : '').(isset($_REQUEST['PageNo']) ?"&PageNo=".$_REQUEST['PageNo'] : '');
45 $filterarr = wwwcms_filter(stripos($_SERVER['REQUEST_URI'], "list.php?tid=") ? str_replace($nofilter, '', $_SERVER['REQUEST_URI']) : $GLOBALS['cfg_cmsurl']."/plus/list.php?tid=".$tid);
46 $cInfos = $dsql->GetOne(" Select * From `#【分隔符】@__channeltype` where id='$channelid' ");
47 $fieldset=$cInfos['fieldset'];
48 $dtp = new DedeTagParse();
49 $dtp->SetNameSpace('field','');
50 $dtp->LoadSource($fieldset);
51 $dede_addonfields = '';
52 if(is_array($dtp->CTags))
53 {
54 foreach($dtp->CTags as $tid=>$ctag)
55 {
56 $fieldsname = $fieldsnamef ? explode(",", $fieldsnamef) : explode(",", $ctag->GetName());
57 if(($loadtype!='autofield' || ($loadtype=='autofield' && $ctag->GetAtt('autofield')==1)) && in_array($ctag->GetName(), $fieldsname) )
58 {
59 $href1 = explode($ctag->GetName().'=', $filterarr);
60 $href2 = explode('&', $href1[1]);
61 $fields_value = $href2[0];
62 $dede_addonfields .= '
63 switch ($type) {
64 case 1:
65 $dede_addonfields .= (preg_match("/&".$ctag->GetName()."=/is",$filterarr,$regm) ? 'GetName()."=".$fields_value,"",$filterarr).'">全部' : '全部').' ';
66
67 $addonfields_items = explode(",",$ctag->GetAtt('default'));
68 for ($i=0; $i
69 {
70 $href = stripos($filterarr,$ctag->GetName().'=') ? str_replace("=".$fields_value,"=".urlencode($addonfields_items[$i]),$filterarr) : $filterarr.'&'.$ctag->GetName().'='.urlencode($addonfields_items[$i]);//echo$href;
71 $dede_addonfields .= ($fields_value!=urlencode($addonfields_items[$i]) ? ''.$addonfields_items[$i].'' :''.$addonfields_items[$i].'')." ";
72 }
73 $dede_addonfields .= '
74 break;
75
76 case 2:
77 $dede_addonfields .= 'GetName().' οnchange="window.location=this.options[this.selectedIndex].value">
78 '.'GetName()."=".$fields_value,"",$filterarr).'">全部';
79 $addonfields_items = explode(",",$ctag->GetAtt('default'));
80 for ($i=0; $i
81 {
82 $href = stripos($filterarr,$ctag->GetName().'=') ? str_replace("=".$fields_value,"=".urlencode($addonfields_items[$i]),$filterarr) : $filterarr.'&'.$ctag->GetName().'='.urlencode($addonfields_items[$i]);
83 $dede_addonfields .= ''.$addonfields_items[$i].'
84 ';
85 }
86 $dede_addonfields .= '
87 ';
88 break;
89 }
90 }
91 }
92 }
93 echo $dede_addonfields;
94 }