wellcms
diff --git a/‎admin/route/content.php
Lines changed: 6 additions & 7 deletions b/‎admin/route/content.php
Lines changed: 6 additions & 7 deletions
diff --git a/‎admin/view/htm/comment_list.htm
Lines changed: 4 additions & 4 deletions b/‎admin/view/htm/comment_list.htm
Lines changed: 4 additions & 4 deletions
diff --git a/‎admin/view/htm/content_post.htm
Lines changed: 16 additions & 11 deletions b/‎admin/view/htm/content_post.htm
Lines changed: 16 additions & 11 deletions
diff --git a/‎admin/view/htm/other_cache.htm
Lines changed: 17 additions & 18 deletions b/‎admin/view/htm/other_cache.htm
Lines changed: 17 additions & 18 deletions
diff --git a/‎admin/view/htm/plugin_list.htm
Lines changed: 3 additions & 3 deletions b/‎admin/view/htm/plugin_list.htm
Lines changed: 3 additions & 3 deletions
diff --git a/‎admin/view/htm/plugin_read.htm
Lines changed: 4 additions & 3 deletions b/‎admin/view/htm/plugin_read.htm
Lines changed: 4 additions & 3 deletions
diff --git a/‎admin/view/htm/thread_post.inc.htm
Lines changed: 3 additions & 3 deletions b/‎admin/view/htm/thread_post.inc.htm
Lines changed: 3 additions & 3 deletions
diff --git a/‎index.inc.php
Lines changed: 1 addition & 1 deletion b/‎index.inc.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎install/install.sql
Lines changed: 2 additions & 2 deletions b/‎install/install.sql
Lines changed: 2 additions & 2 deletions
diff --git a/‎model/attach.func.php
Lines changed: 24 additions & 0 deletions b/‎model/attach.func.php
Lines changed: 24 additions & 0 deletions
@@ -272,7 +272,7 @@
                 empty($message) ? message('message', lang('please_input_message')) : xn_strlen($message) > 2028000 AND message('message', lang('message_too_long'));
 
                 // 过滤所有html标签
-                $_message = filter_all_html($message);
+                $_message = htmlspecialchars(filter_all_html($message), ENT_QUOTES);
 
                 // 过滤内容 关键词
 
@@ -541,7 +541,7 @@
                 $message = trim($message);
                 empty($message) ? message('message', lang('please_input_message')) : xn_strlen($message) > 2028000 AND message('message', lang('message_too_long'));
 
-                $_message = filter_all_html($message);
+                $_message = htmlspecialchars(filter_all_html($message), ENT_QUOTES);
                 // 过滤内容 关键词
 
                 // hook admin_content_update_post_message_center.php
@@ -691,7 +691,8 @@
                     $tag_json = $len ? xn_substr($tag_json, 0, $len) . '}' : '';
                 }
             }
-            $arr['tag'] = $tag_json != $thread['tag_fmt'] ? $tag_json : $thread['tag_fmt'];
+
+            $tag_json != $thread['tag'] AND $arr['tag'] = $tag_json;
 
             // hook admin_content_update_post_tag_after.php
 
@@ -721,10 +722,8 @@
 
             // hook admin_content_update_post_arr_after.php
 
-            if (!empty($arr)) {
-                FALSE === well_thread_update($tid, $arr) AND message(-1, lang('update_thread_failed'));
-                unset($arr);
-            }
+            !empty($arr) && FALSE === well_thread_update($tid, $arr) AND message(-1, lang('update_thread_failed'));
+            unset($arr);
 
             // hook admin_content_update_post_before.php
 
 
@@ -29,7 +29,7 @@
                                 </label>
                             </div>
                             <?php } ?>
-                            <!--{hook reply_list_inc_avatar_after.htm}-->
+                            <!--{hook admin_comment__list_inc_avatar_after.htm}-->
                             <div class="media-body">
                                 <div class="d-flex justify-content-between small text-muted">
                                     <div>
@@ -47,7 +47,7 @@
                                         <span class="date text-grey ml-2"><?php echo $_post['create_date_fmt'];?></span>
                                         <!--{hook admin_comment_list_inc_create_date_after.htm}-->
                                     </div>
-                                    <div class="text-right text-grey">
+                                    <div class="text-grey">
 
                                         <!--{hook admin_comment_list_inc_update_before.htm}-->
                                         <?php if($_post['allowupdate']) { ?>
@@ -63,11 +63,11 @@
 
                                     </div>
                                 </div>
-                                <div class="message mt-1 text-break">
+                                <div class="message mt-2 text-break">
 
                                     <!--{hook admin_comment_list_inc_subject_before.htm}-->
                                     <?php if('read' != $route && !empty($_post['subject'])) { ?>
-                                    <h6><a href="<?php echo ($conf['url_rewrite_on'] < 2 ? '../' : ''),url('read-' . $_post['tid'], '', 2);?>" target="_blank"><?php echo $_post['subject'];?></a></h6>
+                                    <h6 class="h6 text-break font-weight-bold"><a href="<?php echo ($conf['url_rewrite_on'] < 2 ? '../' : ''),url('read-' . $_post['tid'], '', 2);?>" target="_blank"><?php echo $_post['subject'];?></a></h6>
                                     <?php } ?>
                                     <!--{hook admin_comment_list_inc_subject_after.htm}-->
 
 
@@ -161,23 +161,24 @@
         var files = xn.get_files_from_event(e);
         if (!files) return;
 
-        var fid = jfid.val();
+        var fid = jfid.checked();
         var forum = forumlist[fid];
         var picture_size = forum.thumbnail;
 
         $.each_sync(files, function (i, callback) {
             var file = files[i];
             xn.upload_file(file, xn.url('attach-create-1', '', 2), {
-                is_image: 1,
-                convert: 1, /*转码*/
-                filetype: 'jpeg',   /*压缩类型*/
-                qulity: '0.7',  /*压缩比例*/
-                width: picture_size.width || "<?php echo $pic_width; ?>",
-                height: picture_size.height || "<?php echo $pic_height; ?>",
-                action: "<?php echo array_value($conf, 'upload_resize', 'clip'); ?>",
-                n: n,
-                mode: 1, /*缩略图*/
-                safe_token: safe_token
+                'fid': fid,
+                'is_image': 1,
+                'convert': 1, /*转码*/
+                'filetype': 'jpeg',   /*压缩类型*/
+                'qulity': '0.7',  /*压缩比例*/
+                'width': picture_size.width || "<?php echo $pic_width; ?>",
+                'height': picture_size.height || "<?php echo $pic_height; ?>",
+                'action': "<?php echo array_value($conf, 'upload_resize', 'clip'); ?>",
+                'n': n,
+                'mode': 1, /*缩略图*/
+                'safe_token': safe_token
             }, function (code, message) {
                 if (code != 0) return $.alert(message);
                 jassoc.attr('src', message.url);
@@ -301,6 +302,10 @@
 
     jform.find('[name="fid"]').checked(fid);
 
+    if ($(document.body).width() < 992) {
+        $('#nav-show').css({"position": "fixed", "top": "0", "bottom": "0", "right": "0", "margin-top": "3.625rem", "z-index": "1032"});
+    }
+
     $('#content').addClass('show');
     $('li.<?php echo $route;?>').addClass('active');
 </script>
 
@@ -1,5 +1,4 @@
 <?php include _include(ADMIN_PATH.'view/htm/header.inc.htm');?>
-
 <!--{hook admin_other_cache_start.htm}-->
 <div class="container-fluid">
 <div class="row">
@@ -8,20 +7,22 @@
 			<div class="card-body">
 				<form action="<?php echo url('other-cache', '', TRUE);?>" method="post" id="form">
 					<?php echo $input['safe_token'];?>
-					<div class="form-group row">
-						<label class="col-sm-6 form-control-label"><?php echo lang('admin_clear_tmp');?>：</label>
-						<div class="col-sm-6">
-							<?php echo $input['clear_tmp'];?>
-						</div>
-					</div>
-
-					<div class="form-group row">
-						<label class="col-sm-6 form-control-label"><?php echo lang('admin_clear_cache');?>：</label>
-						<div class="col-sm-6">
-							<?php echo $input['clear_cache'];?>
-						</div>
-					</div>
-
+					<div class="row">
+                        <div class="col-6 col-md-3 mx-auto">
+                            <div class="form-group d-flex justify-content-between">
+                                <label class="form-control-label"><?php echo lang('admin_clear_tmp');?>：</label>
+                                <div>
+                                    <?php echo $input['clear_tmp'];?>
+                                </div>
+                            </div>
+                            <div class="form-group d-flex d-flex justify-content-between">
+                                <label class="form-control-label"><?php echo lang('admin_clear_cache');?>：</label>
+                                <div>
+                                    <?php echo $input['clear_cache'];?>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
 					<div class="form-group row">
 						<div class="col-sm-12">
 							<button type="submit" class="btn btn-danger btn-block col-md-3 mx-auto" id="submit" data-loading-text="<?php echo lang('submiting');?>..."><?php echo lang('confirm');?></button>
@@ -33,10 +34,8 @@
 	</div>
 </div>
 </div>
-<!--{hook admin_other_cache_end.htm}-->
-	
+<!--{hook admin_other_cache_end.htm}-->	
 <?php include _include(ADMIN_PATH.'view/htm/footer.inc.htm');?>
-
 <script>
 var jform = $('#form');
 jform.on('submit', function() {
 
@@ -19,14 +19,14 @@
 
             <article class="d-flex thread" dir="<?php echo $dir; ?>">
                 <div class="d-none d-md-block mx-3">
-                    <a data-modal-title="<?php echo $plugin['name']; ?>" data-modal-size="lg" href="<?php echo url('plugin-read', array('dir'=>$dir), TRUE);?>">
+                    <a href="<?php echo url('plugin-read', array('dir'=>$dir), TRUE);?>">
                         <img src="<?php echo $plugin['icon_url']; ?>" width="54" height="54" />
                     </a>
                 </div>
                 <div class="col row p-0 m-0">
                     <div class="col-lg-3">
                         <p class="text-break font-weight-bold d-inline m-0">
-                            <a data-modal-title="<?php echo $plugin['name']; ?>" href="<?php echo url('plugin-read', array('dir'=>$dir), TRUE);?>" data-modal-size="lg">
+                            <a href="<?php echo url('plugin-read', array('dir'=>$dir), TRUE);?>">
                                 <?php echo $plugin['name']; ?>
                             </a>
                             <i class="icon-rmb mx-1"></i>
@@ -46,7 +46,7 @@
                         <div class="d-flex justify-content-start mb-3">
                             <!-- 付费查看详情 -->
                             <?php if('official_fee' == $action && !$plugin['downloaded']) { ?>
-                            <a role="button" data-modal-title="<?php echo $plugin['name']; ?>" data-modal-size="lg" class="btn btn-primary btn-sm buy mx-1" href="<?php echo url('plugin-read', array('dir'=>$dir), TRUE);?>"><?php echo lang('buy');?></a>
+                            <a role="button" class="btn btn-primary btn-sm buy mx-1" href="<?php echo url('plugin-read', array('dir'=>$dir), TRUE);?>"><?php echo lang('buy');?></a>
                             <?php } ?>
 
                             <?php if('official_free' == $action && !$plugin['downloaded']) { ?>
 
@@ -135,19 +135,20 @@ <h4>
 					<?php } ?>
 
 					<?php if($plugin['installed'] && !$plugin['enable'] && 1 != $plugin['type']) { ?>
-					<a role="button" class="btn btn-secondary mx-1" href="<?php echo url('plugin-enable', array('dir'=>$dir,'safe_token' => $safe_token), TRUE); ?>"><?php echo lang('enable');?></a>
+					<a role="button" class="install btn btn-secondary mx-1" data-href="<?php echo url('plugin-enable', array('dir'=>$dir,'safe_token' => $safe_token), TRUE); ?>" href="javascript:void(0);"><?php echo lang('enable');?></a>
 					<?php } ?>
 
 					<?php if($plugin['installed'] && 1 != $plugin['type']) { ?>
-					<a role="button" class="btn btn-danger mx-1 confirm" data-method="post" data-confirm-text="<?php echo lang('plugin_uninstall_confirm_tips', array('name'=>$plugin['name']));?>" href="<?php echo url('plugin-uninstall', array('dir'=>$dir,'safe_token' => $safe_token), TRUE); ?>"><?php echo lang('uninstall');?></a>
+                    <a role="button" class="uninstall btn btn-danger confirm mx-1" data-method="post" data-confirm-text="<?php echo lang('plugin_uninstall_confirm_tips', array('name'=>$plugin['name']));?>" href="<?php echo url('plugin-uninstall', array('dir'=> $dir, 'safe_token' => $safe_token), TRUE); ?>"><?php echo lang('uninstall');?></a>
 					<?php } ?>
 
                     <?php if($islocal && !$plugin['installed'] && 1 == $plugin['type']) { ?>
                     <a role="button" class="btn btn-primary mx-1 install" data-href="<?php echo url('plugin-theme', array('dir'=>$dir,'type'=>1,'safe_token' => $safe_token), TRUE);?>" href="javascript:void(0);"><?php echo lang('install');?></a>
+
                     <?php } ?>
 
                     <?php if($plugin['installed'] && 1 == $plugin['type']) { ?>
-                    <a role="button" class="btn btn-danger mx-1 uninstall" data-href="<?php echo url('plugin-theme', array('dir'=>$dir,'type'=>0,'safe_token' => $safe_token), TRUE);?>" href="javascript:void(0);"><?php echo lang('uninstall');?></a>
+                    <a role="button" class="uninstall btn btn-danger confirm mx-1" data-method="post" data-confirm-text="<?php echo lang('plugin_uninstall_confirm_tips', array('name'=>$plugin['name']));?>" data-href="<?php echo url('plugin-theme', array('dir'=>$dir,'type'=>0), TRUE);?>" href="javascript:void(0);"><?php echo lang('uninstall');?></a>
                     <?php } ?>
 
 					<?php if($plugin['have_upgrade']) { ?>
 
@@ -7,9 +7,9 @@
             <div class="form-group">
                 <!--{hook admin_thread_post_inc_fid_select_before.htm}-->
                 <select class="custom-select mr-1 w-auto" name="fid">
-                    <?php foreach ($columnlist as $forum) { ?>
-                    <option value="<?php echo $forum['fid']; ?>">
-                        <?php echo $forum['name']; ?>
+                    <?php foreach ($columnlist as $_column) { ?>
+                    <option value="<?php echo $_column['fid']; ?>">
+                        <?php echo $_column['name']; ?>
                     </option>
                     <?php } ?>
                 </select>
 
@@ -40,7 +40,7 @@
 $header = array(
     'title' => $conf['sitename'],
     'mobile_title' => '',
-    'mobile_link' => './',
+    'mobile_link' => $conf['path'],
     'keywords' => '',
     'description' => strip_tags($conf['sitebrief']),
     'navs' => array(),
 
@@ -134,7 +134,7 @@ CREATE TABLE `wellcms_kv` (
   `expiry` int(11) unsigned NOT NULL default '0',		# 过期时间
   PRIMARY KEY(`k`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
-INSERT INTO `wellcms_kv` (`k`, `v`, `expiry`) VALUES ('setting', '{"conf":{"name":"WellCMS Oriental Lion","version":"2.0.11","official_version":"2.0.11","last_version":"0","version_date":"0","installed":0,"setting":{"website_mode":2,"tpl_mode":0,"map":"map","verify_thread":0,"verify_post":0,"verify_special":0,"thumbnail_on":1,"save_image_on":1},"picture_size":{"width":170,"height":113},"theme":"","shield":[],"index_stickys":0,"index_flags":"0","index_flagstr":""}}', 0);
+INSERT INTO `wellcms_kv` (`k`, `v`, `expiry`) VALUES ('setting', '{"conf":{"name":"WellCMS Oriental Lion","version":"2.0.12","official_version":"2.0.12","last_version":"0","version_date":"0","installed":0,"setting":{"website_mode":2,"tpl_mode":0,"map":"map","verify_thread":0,"verify_post":0,"verify_special":0,"thumbnail_on":1,"save_image_on":1},"picture_size":{"width":170,"height":113},"theme":"","shield":[],"index_stickys":0,"index_flags":"0","index_flagstr":""}}', 0);
 
 # 缓存表 用来保存临时数据
 DROP TABLE IF EXISTS `wellcms_cache`;
@@ -261,7 +261,7 @@ CREATE TABLE `wellcms_website_flag_thread` (
 DROP TABLE IF EXISTS `wellcms_website_operate`;
 CREATE TABLE `wellcms_website_operate` (
   `logid` int(11) unsigned NOT NULL AUTO_INCREMENT,
-  `type` tinyint(3) NOT NULL DEFAULT '0', # 1删除 2移动 3置顶 4取消置顶 5禁止回复 6关闭 7打开 8操作人民币 9操作金币 10操作积分 11删除节点 12删除节点分类 13审核专题 14删除专题 15归类专题主题 16删除专题主题 17删除用户 18禁止用户 19编辑用户
+  `type` tinyint(3) NOT NULL DEFAULT '0', # 1删除 2移动 3置顶 4取消置顶 5禁止回复 6关闭 7打开 8操作人民币 9操作金币 10操作积分 11删除节点 12删除节点分类 13审核专题 14删除专题 15归类专题主题 16删除专题主题 17删除用户 18禁止用户 19编辑用户 20删除待审核主题 21删除退稿 22删除草稿 23删除待审核评论 24审核主题 25退稿 26审核评论
   `uid` int(11) unsigned NOT NULL DEFAULT '0', # 版主 uid
   `tid` int(11) unsigned NOT NULL DEFAULT '0', # 主题tid
   `pid` int(11) unsigned NOT NULL DEFAULT '0', # 评论pid
 
@@ -181,6 +181,30 @@ function well_attach_delete_by_tid($tid)
     return count($attachlist);
 }
 
+/*
+ * @param $tids 数组array(1,2,3)
+ * @param $n 图片和附件总数量
+ * @return int 返回清理数量
+ */
+function well_attach_delete_by_tids($tids, $n)
+{
+    global $conf;
+
+    $attachlist = well_attach__find(array('tid' => $tids), array('aid' => 1), 1, $n);
+    if (!$attachlist) return 0;
+
+    $aids = array();
+    foreach ($attachlist as $attach) {
+        $path = $conf['upload_path'] . 'website_attach/' . $attach['filename'];
+        is_file($path) AND unlink($path);
+        $aids[] = $attach['aid'];
+    }
+
+    well_attach__delete($aids);
+
+    return count($aids);
+}
+
 // 获取 $filelist $imagelist
 function well_attach_find_by_pid($pid)
 {