1. 原本的dedecms是文章内描文本必须是设定的关键词与文档关键词相应对称,两边有才出现描文本。
代码:
/**
* 高亮问题修正, 排除alt title <a></a>直接的字符替换
*
* @param string $kw
* @param string $body
* @return string
*/
function ReplaceKeyword($kw,&$body)
{
global $cfg_cmspath;
$maxkey = 5;
$kws = explode(",",trim($kw));
//以分好为间隔符
$i=0;
$karr = $kaarr = $GLOBALS['replaced'] = array();
//暂时屏蔽超链接
$body = preg_replace("/(<a(.*))(>)(.*)(<)(\/a>)/isU", '\\1-]-\\4-[-\\6', $body);
foreach($kws as $k)
{
$k = trim($k);
if($k!="")
{
if($i > $maxkey)
{
break;
}
$myrow = $this->dsql->GetOne("select * from zuimoban_keywords where keyword='$k' And rpurl<>'' ");
if(is_array($myrow))
{
$karr[] = $k;
$GLOBALS['replaced'][$k] = 0;
$kaarr[] = "<a href='{$myrow['rpurl']}'><u>$k</u></a>";
}
$i++;
}
}
$body = preg_replace("/(^|>)([^<]+)(?=<|$)/sUe", "_highlight('\\2', \$karr, \$kaarr, '\\1')", $body);
//恢复超链接
$body = preg_replace("/(<a(.*))-\]-(.*)-\[-(\/a>)/isU", '\\1>\\3<\\4', $body);
return $body;
}
代码部分:
function ReplaceKeyword($kw,&$body)
{
global $cfg_cmspath;
$maxkey = 5;
$kws = explode(",",trim($kw)); //以分好为间隔符
$i=0;
$karr = $kaarr = $GLOBALS['replaced'] = array();
//暂时屏蔽超链接
$body = preg_replace("#(<a(.*))(>)(.*)(<)(\/a>)#isU", '\\1-]-\\4-[-\\6', $body);
/*
foreach($kws as $k)
{
$k = trim($k);
if($k!="")
{
if($i > $maxkey)
{
break;
}
$myrow = $this->dsql->GetOne("SELECT * FROM zuimoban_keywords WHERE keyword='$k' AND rpurl<>'' ");
if(is_array($myrow))
{
$karr[] = $k;
$GLOBALS['replaced'][$k] = 0;
$kaarr[] = "<a href='{$myrow['rpurl']}'><u>$k</u></a>";
}
$i++;
}
}
*/
$query = "SELECT * FROM zuimoban_keywords WHERE rpurl<>'' ORDER BY rank DESC";
$this->dsql->SetQuery($query);
$this->dsql->Execute();
while($row = $this->dsql->GetArray())
{
$key = trim($row['keyword']);
$key_url=trim($row['rpurl']);
$karr[] = $key;
$kaarr[] = "<a href='$key_url' target='_blank'><u>$key</u></a>";
}
// 这里可能会有错误
$body = @preg_replace("#(^|>)([^<]+)(?=<|$)#sUe", "_highlight('\\2', \$karr, \$kaarr, '\\1')", $body);
//恢复超链接
$body = preg_replace("#(<a(.*))-\]-(.*)-\[-(\/a>)#isU", '\\1>\\3<\\4', $body);
return $body;
}
从5.6 到5.7升级,如果不注意,很容易忽略到这个问题,进而蜘蛛来抓取,感觉页面又变化了,描写文本还有作弊嫌疑。K站呀,减权重呀!DEDECMS也不特别提醒下! 不是DEDECMS经常出漏洞,还真不想升级! 这次倒霉到了! 你呢?