diff --git a/core/class/perm/perm_check.php b/core/class/perm/perm_check.php
index 9cfa360a..ba84f2e7 100644
--- a/core/class/perm/perm_check.php
+++ b/core/class/perm/perm_check.php
@@ -161,7 +161,7 @@ function groupPerm($fid,$action,$gid){ //判断容器有没有指定的权限
//$arr=array('uid','gid','desktop');其中这几项必须
function checkperm($action,$arr,$bz=''){ //检查某个图标是否有权限;
global $_G;
- if ($arr['preview']) {
+ if ($arr['preview'] && ($action=='read') || $action=='copy' || $action=='download') {
return true;
}
if($_G['uid']<1){ //游客没有权限
diff --git a/core/class/table/table_resources.php b/core/class/table/table_resources.php
index 80adea2a..2c1a1bb6 100644
--- a/core/class/table/table_resources.php
+++ b/core/class/table/table_resources.php
@@ -889,6 +889,8 @@ public function get_property_by_rid($rids, $contains = true)
if ($currentfolder = C::t('folder')->fetch($fileinfo['oid'])) {
$fileinfo['isgroup'] = ($currentfolder['flag'] == 'organization') ? true : false;
}
+ } elseif ($fileinfo['type'] == 'link') {
+ $fileinfo['type'] = lang('type_link');
} elseif ($fileinfo['ext']) {
$fileinfo['type'] = getFileTypeName($fileinfo['type'], $fileinfo['ext']);
} else {
diff --git a/core/function/function_core.php b/core/function/function_core.php
index 33b83c64..18b2343b 100644
--- a/core/function/function_core.php
+++ b/core/function/function_core.php
@@ -364,7 +364,7 @@ function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0, $ckey_
}
if ($operation == 'DECODE') {
- if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26) . $keyb), 0, 16)) {
+ if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) === substr(md5(substr($result, 26) . $keyb), 0, 16)) {
return substr($result, 26);
} else {
return '';
@@ -1621,22 +1621,19 @@ function getexpiration()
return mktime(0, 0, 0, $date['mon'], $date['mday'], $date['year']) + 86400;
}
-function return_bytes($val)
-{
- $val = trim($val);
- $last = strtolower($val{strlen($val) - 1});
- switch ($last) {
- case 'g':
- $val *= 1024;
- case 'm':
- $val *= 1024;
- case 'k':
- $val *= 1024;
- }
- return $val;
+function return_bytes($val) {
+ $last = strtolower($val[strlen($val)-1]);
+ if (!is_numeric($val)) {
+ $val = substr(trim($val), 0, -1);
+ }
+ switch($last) {
+ case 'g': $val *= 1024;
+ case 'm': $val *= 1024;
+ case 'k': $val *= 1024;
+ }
+ return $val;
}
-
function getimgthumbname($fileStr, $extend = '.thumb.jpg', $holdOldExt = true)
{
if (empty($fileStr)) {
@@ -1673,7 +1670,7 @@ function strhash($string, $operation = 'DECODE', $key = '')
{
$key = md5($key != '' ? $key : getglobal('authkey'));
if ($operation == 'DECODE') {
- $hashcode = gzuncompress(base64_decode(($string)));
+ $hashcode = gzuncompress(base64_decode($string));
$string = substr($hashcode, 0, -16);
$hash = substr($hashcode, -16);
unset($hashcode);
diff --git a/core/function/function_message.php b/core/function/function_message.php
index a8aa2ee0..f69e5183 100644
--- a/core/function/function_message.php
+++ b/core/function/function_message.php
@@ -71,8 +71,6 @@ function dshowmessage($message, $url_forward = '', $values = array(), $extrapara
if(!empty($_G['inajax'])) {
$handlekey = $_GET['handlekey'] = !empty($_GET['handlekey']) ? dhtmlspecialchars($_GET['handlekey']) : '';
$param['handle'] = true;
- }
- if(!empty($_G['inajax'])) {
$param['msgtype'] = empty($_GET['ajaxmenu']) && (empty($_POST) || !empty($_GET['nopost'])) ? 2 : 3;
}
if($url_forward) {
diff --git a/core/template/default/common/header_common.htm b/core/template/default/common/header_common.htm
index 06936bfb..6266ae9e 100644
--- a/core/template/default/common/header_common.htm
+++ b/core/template/default/common/header_common.htm
@@ -3,7 +3,7 @@
- <!--{if !empty($navtitle)}-->$navtitle - <!--{/if}--><!--{if !empty($_G[setting][sitename])}--> $_G[setting][sitename] - <!--{/if}-->
+ <!--{if !empty($navtitle)}-->$navtitle - <!--{/if}-->$_G[setting][sitename]
diff --git a/core/template/default/common/header_simple_start.htm b/core/template/default/common/header_simple_start.htm
index 463c228b..6874018b 100644
--- a/core/template/default/common/header_simple_start.htm
+++ b/core/template/default/common/header_simple_start.htm
@@ -4,7 +4,7 @@
-<!--{if !empty($navtitle)}-->$navtitle - <!--{/if}-->$_G[setting][sitename]
+<!--{if !empty($navtitle)}-->$navtitle - <!--{/if}-->$_G[setting][sitename]
diff --git a/share.php b/share.php
index d3926eca..5ea7bdee 100644
--- a/share.php
+++ b/share.php
@@ -33,6 +33,10 @@
}
$icoarr['icoid'] = $_GET['s'];
}
+ if ($icoarr['type'] == 'link') {
+ @header('Location: '.$icoarr['url']);
+ exit();
+ }
$imageexts=array('jpg','jpeg','png','gif'); //图片使用;
$filename=$icoarr['name'];//rtrim($_GET['n'],'.dzz');
$ext=$icoarr['ext'];//strtolower(substr(strrchr($filename, '.'), 1, 10));
diff --git a/static/js/common.js b/static/js/common.js
index b33240fe..8e72adba 100644
--- a/static/js/common.js
+++ b/static/js/common.js
@@ -1122,7 +1122,9 @@ function showMenu(v) {
if(_all.length) {
for(j = 0; j < _all.length; j++) {
if((!_all[j]['type'] || _all[j]['type'] != 'hidden') && hasshow(_all[j])) {
- _all[j].className += ' hidefocus';
+ if(_all[j].className.indexOf('hidefocus') == -1) {
+ _all[j].className += ' hidefocus';
+ }
_all[j].focus();
focused = true;
var cobj = _all[j];
diff --git a/user/space/about.php b/user/space/about.php
index e8de686a..c7f87259 100644
--- a/user/space/about.php
+++ b/user/space/about.php
@@ -10,7 +10,7 @@
exit('Access Denied');
}
$about=array();
-$identify=$_GET['modname'];
+$identify = filter_var($_GET['modname'], FILTER_SANITIZE_STRING);
$ismobile=helper_browser::ismobile();
$appConfig=DZZ_ROOT.'./dzz/'.$identify.'/config/config.php';
if($identify && file_exists($appConfig)){
@@ -41,4 +41,4 @@
} else {
include template('about');
}
-exit();
\ No newline at end of file
+exit();