Merge Official Patch 20151208

Author: branchzero

source/admincp/admincp_checktools.php

@@ -4,7 +4,7 @@
  *      [Discuz!] (C)2001-2099 Comsenz Inc.
  *      This is NOT a freeware, use is subject to license terms
  *
- *      $Id: admincp_checktools.php 31554 2012-09-07 08:49:56Z monkey $
+ *      $Id: admincp_checktools.php 35472 2015-08-03 09:06:22Z nemohou $
  */
 
 if(!defined('IN_DISCUZ') || !defined('IN_ADMINCP')) {
@@ -362,6 +362,14 @@
 
 	$settingnew = $_GET['settingnew'];
 	if(!empty($_GET['previewthumb'])) {
+		if(!is_dir($settingnew['imageimpath'])) {
+			$settingnew['imageimpath'] = '';
+		} else {
+			$settingnew['imageimpath'] = str_replace('\\', '/', $settingnew['imageimpath']);
+			if(!preg_match('/^[\!@#\$%\^&\(\)_\+\-\=\{\}\[\];\',\.\/\:\w\s]+$/', $settingnew['imageimpath'])) {
+				$settingnew['imageimpath'] = '';
+			}
+		}
 		$_G['setting']['imagelib'] = $settingnew['imagelib'];
 		$_G['setting']['imageimpath'] = $settingnew['imageimpath'];
 		$_G['setting']['thumbwidth'] = $settingnew['thumbwidth'];

source/admincp/admincp_cloudaddons.php

@@ -4,7 +4,7 @@
  *      [Discuz!] (C)2001-2099 Comsenz Inc.
  *      This is NOT a freeware, use is subject to license terms
  *
- *      $Id: admincp_cloudaddons.php 33369 2013-06-03 05:00:29Z andyzheng $
+ *      $Id: admincp_cloudaddons.php 35705 2015-12-01 06:14:33Z nemohou $
  */
 if(!defined('IN_DISCUZ') || !defined('IN_ADMINCP')) {
 	exit('Access Denied');
@@ -35,8 +35,7 @@
 } elseif($operation == 'download') {
 	$step = intval($_GET['step']);
 	$addoni = intval($_GET['i']);
-	$uniqueid = $_G['setting']['siteuniqueid'] ? $_G['setting']['siteuniqueid'] : C::t('common_setting')->fetch('siteuniqueid');
-	if(!$_GET['md5hash'] || md5($_GET['addonids'].md5($uniqueid.$_GET['timestamp'])) != $_GET['md5hash']) {
+	if(!$_GET['md5hash'] || md5($_GET['addonids'].md5(cloudaddons_getuniqueid().$_GET['timestamp'])) != $_GET['md5hash']) {
 		cpmsg('cloudaddons_validator_error', '', 'error');
 	}
 	$addonids = explode(',', $_GET['addonids']);

source/admincp/discuzfiles.md5

@@ -70,7 +70,7 @@ d41d8cd98f00b204e9800998ecf8427e *data/template/index.htm
 d41d8cd98f00b204e9800998ecf8427e *data/threadcache/index.htm
 0d673a9b9f136a7a6b6b25d4ff4bc1fd *./install
 08066574cc9c9cfa186b8e1a7ba35b5c *./source
-4eeab4f3170c81bab4c3df07e0d276d0 *source/discuz_version.php
+d774fb851c4ad4f88ea19469fd7353cf *source/discuz_version.php
 7215ee9c7d9dc229d2921a40e899ec5f *source/index.htm
 0a7896849dd83bbf64a31ccf11e58a17 *source/admincp/admincp_admingroup.php
 8896d084661345e3de22cb445536f2cb *source/admincp/admincp_adv.php
@@ -86,10 +86,10 @@ e48263dce4356396f52bfbcfb5071c64 *source/admincp/admincp_block.php
 dda34ea9edc3f37fb7f3c8bae9d587e0 *source/admincp/admincp_blogcategory.php
 20479a5ebcc8c8de3dac7a61764af979 *source/admincp/admincp_blogrecyclebin.php
 ac14d324de325ee9485caca992f796c1 *source/admincp/admincp_card.php
-5e0ea6696805c296eaa6fdd9f5ee8bf2 *source/admincp/admincp_checktools.php
+2ac5ca0a276104f1b12b2bab03ad27e2 *source/admincp/admincp_checktools.php
 b40bc52669c410d5fbedaaf37550fb01 *source/admincp/admincp_click.php
 85ef3aadb8fad22f669b99e44da52649 *source/admincp/admincp_cloud.php
-eafad7bb76a8672f771147a2f2b4d278 *source/admincp/admincp_cloudaddons.php
+50bbccf077a293c4f9ef5f9515a27d4a *source/admincp/admincp_cloudaddons.php
 a7564ff1d1d99de04603d6a6f588a6e5 *source/admincp/admincp_collection.php
 93c0cd010c921640c9bc5c06aa6c9394 *source/admincp/admincp_comment.php
 6558bce5672e89e7e974deb172fa4912 *source/admincp/admincp_counter.php
@@ -381,7 +381,7 @@ d41d8cd98f00b204e9800998ecf8427e *source/class/forum/index.htm
 79feb45e4626dbba96e19ea147fff3e2 *source/class/helper/helper_antitheft.php
 59220a31da954b7d2227f336dbb6f0c3 *source/class/helper/helper_attach.php
 7022fd0d4c037305b08aa3702a6add1e *source/class/helper/helper_dbtool.php
-0d82e5d1b0ab576c3e0168074fc484d7 *source/class/helper/helper_form.php
+b4a48768f230e623de4e45fe99241f55 *source/class/helper/helper_form.php
 f44c81f0cf86f12e234da0e7f03d11f0 *source/class/helper/helper_json.php
 cd6ed5c1af415245d93e3235c8ede908 *source/class/helper/helper_log.php
 5385476aea9b3fb11a4e82607755229e *source/class/helper/helper_makehtml.php
@@ -727,20 +727,20 @@ f9fabd8329b3a8a91c7a8996bd0bc4cc *source/class/task/task_profile.php
 d92c261612a6b18fa0f32c5832420258 *source/function/function_block.php
 fda0f9733c9d07e18ac8b6aa1f04a4ba *source/function/function_blog.php
 10152e216afcc2730c7961778fd2d36a *source/function/function_cache.php
-f5ff825bf0d19f9e00ae7dcf1f3acfea *source/function/function_cloudaddons.php
+f917245b79f202d4cc72f5542af42ff8 *source/function/function_cloudaddons.php
 77f06f33b827d1155c5c3c2f28bc7909 *source/function/function_collection.php
 90ee4789682564336c6043e19dc2dcb8 *source/function/function_comment.php
-d5a65d86d0bf5f3108fd585b54d19493 *source/function/function_core.php
+c404fdd625f0e359950b11e18d885a0f *source/function/function_core.php
 fca8f813316f070ad4026e06b938db1d *source/function/function_credit.php
 dc26872be5adc5364f42bc0335c4b504 *source/function/function_delete.php
-30bda91dc181cecb1d39315f57bd7c2a *source/function/function_discuzcode.php
+25f4f2b24b9a727183618d3e60a157e1 *source/function/function_discuzcode.php
 9270deaa36c685a3f408bb9cee2db317 *source/function/function_domain.php
 aaca86dc933b77a2313a4d463cf356a6 *source/function/function_ec_credit.php
 59dbdc54dc7367bb120babaceaace2c1 *source/function/function_editor.php
 ed60f1ffa5730c849ff679cf8fd5efcb *source/function/function_exif.php
 f04336160dae343fe6604156811d68ed *source/function/function_feed.php
 c47efcdd8ba9dcb0d7320c28eea4e086 *source/function/function_filesock.php
-dfd83566bf1ab8634155e0bf57ca51cd *source/function/function_followcode.php
+1cc0c56581f027b3d91a51d422a8d3ec *source/function/function_followcode.php
 1c962bafb265c3e1dbafd63a9e0da270 *source/function/function_forum.php
 53af5593f8b73b90b1a627c434310b8a *source/function/function_forumlist.php
 10758d44f84170af87ed5d0a4f15d657 *source/function/function_friend.php
@@ -1170,7 +1170,7 @@ cb51cfe16559084716000b0725fb111a *source/module/forum/forum_rss.php
 9eacb72a42d21156d35b2a8956cc0fdc *source/module/forum/forum_tag.php
 571fc4f66dc650cdf4548ff0d8d60e40 *source/module/forum/forum_topicadmin.php
 e7d4e8fed8d979a928cd8960eec25f2d *source/module/forum/forum_trade.php
-f05cca10355dfc9a24c981dc6f69e462 *source/module/forum/forum_viewthread.php
+06d43c18f22efc68a2a3de683e7fe1ab *source/module/forum/forum_viewthread.php
 d41d8cd98f00b204e9800998ecf8427e *source/module/forum/index.htm
 6ac2bc80c87d24ef37a87e02cf9f31cd *source/module/group/group_attentiongroup.php
 b15c4aa15189bfdc446e1459929c773f *source/module/group/group_index.php
@@ -1216,7 +1216,7 @@ b06844b70785922e2cb5100b9f958685 *source/module/misc/misc_ranklist.php
 1b7b4fdeb70502cbb855b32ae3e24d55 *source/module/misc/misc_seccode.php
 4206a5bc3be20b2294752c38bcb6b0a1 *source/module/misc/misc_secqaa.php
 8c5c539ef08c4ebad727020a04352103 *source/module/misc/misc_stat.php
-8919f1089311965d2a9eaa449c713674 *source/module/misc/misc_swfupload.php
+f9894157f4f320c958bbb16a07101106 *source/module/misc/misc_swfupload.php
 8cff67e3f9f57d6eec68f1fada15202f *source/module/misc/misc_tag.php
 b2e980162b4365aa940f4a2675e0cf68 *source/module/misc/misc_userstatus.php
 d41d8cd98f00b204e9800998ecf8427e *source/module/portal/index.htm
@@ -2481,7 +2481,7 @@ b7d9174d54261a48fb7854d55fcb7852 *static/js/admincp.js
 f619c8cbedf000f59d83d7ac61633767 *static/js/ajax.js
 f4c8df3bcee17f02b333a7375777fefa *static/js/at.js
 2d39b948d499baafb9102d32066b2cd8 *static/js/autoloadpage.js
-64de46a394e0ab04021efd942b244100 *static/js/bbcode.js
+87efdff43e4f794b4c1fb26394a6f0d7 *static/js/bbcode.js
 85b59b1b90ddaf58bdab571698539495 *static/js/calendar.js
 ec73c26f3b4b3e606c9acf9904af6626 *static/js/common.js
 ebd21b3e2d0ecd4346546d0cd629bf80 *static/js/common_diy.js
@@ -2963,7 +2963,7 @@ af55380c7b9fe10b851c44886e9d2d50 *template/default/home/spacecp_upload.htm
 9fb1f3dd6bae1647e1013e032a53267a *template/default/home/spacecp_usergroup.htm
 2acc665da23d785108539569d20a4954 *template/default/home/spacecp_usergroup_header.htm
 3c467ef9914518be03d6cb944ec67d52 *template/default/home/spacecp_videophoto.htm
-082ea59206f18e26752474e4f7f89b3e *template/default/member/getpasswd.htm
+9720e182ebdde207c689d1734392fdd2 *template/default/member/getpasswd.htm
 565e669f1d0f24519158a3f9ea7f4013 *template/default/member/login.htm
 8c03540906a485367438c4d822536b18 *template/default/member/login_simple.htm
 26cb5ca9b5c4a670b01a17a82897862e *template/default/member/register.htm

source/class/helper/helper_form.php

@@ -4,7 +4,7 @@
  *      [Discuz!] (C)2001-2099 Comsenz Inc.
  *      This is NOT a freeware, use is subject to license terms
  *
- *      $Id: helper_form.php 34543 2014-05-26 07:33:21Z nemohou $
+ *      $Id: helper_form.php 35375 2015-07-06 02:26:18Z nemohou $
  */
 
 if(!defined('IN_DISCUZ')) {
@@ -20,8 +20,7 @@ public static function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secq
 		} else {
 			global $_G;
 			if($allowget || ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && $_GET['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) ||
-				strncmp($_SERVER['HTTP_REFERER'], 'http://wsq.discuz.qq.com', 24) === 0 || strncmp($_SERVER['HTTP_REFERER'], 'http://m.wsq.qq.com', 19) === 0 ||
-				preg_replace("/https?:\/\/([^\:\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])))) {
+				strncmp($_SERVER['HTTP_REFERER'], 'http://wsq.discuz.qq.com/', 25) === 0 || preg_replace("/https?:\/\/([^\:\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])))) {
 				if(checkperm('seccode')) {
 					if($secqaacheck && !check_secqaa($_GET['secanswer'], $_GET['secqaahash'])) {
 						showmessage('submit_secqaa_invalid');

source/discuz_version.php

@@ -4,7 +4,7 @@
  *      [Discuz!] (C)2001-2099 Comsenz Inc.
  *      This is NOT a freeware, use is subject to license terms
  *
- *      $Id: discuz_version.php 35307 2015-06-09 02:15:04Z hypowang $
+ *      $Id: discuz_version.php 35711 2015-12-08 02:32:24Z hypowang $
  */
 
 if(!defined('IN_DISCUZ')) {
@@ -13,7 +13,7 @@
 
 if(!defined('DISCUZ_VERSION')) {
 	define('DISCUZ_VERSION', 'X3.2');
-	define('DISCUZ_RELEASE', '20150609');
+	define('DISCUZ_RELEASE', '20151208');
 	define('DISCUZ_FIXBUG', '32000000');
 }
 

source/function/function_cloudaddons.php

@@ -4,30 +4,54 @@
  *      [Discuz!] (C)2001-2099 Comsenz Inc.
  *      This is NOT a freeware, use is subject to license terms
  *
- *      $Id: function_cloudaddons.php 34586 2014-06-05 01:45:26Z nemohou $
+ *      $Id: function_cloudaddons.php 35704 2015-12-01 05:13:54Z nemohou $
  */
 
 if(!defined('IN_DISCUZ')) {
 	exit('Access Denied');
 }
 
-define('CLOUDADDONS_WEBSITE_URL', 'http://addon.discuz.com');
-define('CLOUDADDONS_DOWNLOAD_URL', 'http://addon.discuz.com/index.php');
-define('CLOUDADDONS_DOWNLOAD_IP', '');
-define('CLOUDADDONS_CHECK_URL', 'http://addon1.discuz.com');
-define('CLOUDADDONS_CHECK_IP', '');
+$addonsource = $_G['config']['addonsource'] ? $_G['config']['addonsource'] : ($_G['setting']['addon_source'] ? $_G['setting']['addon_source'] : array());
+$addon = $addonsource ?
+	$_G['config']['addon'][$addonsource] :
+	array(
+		'website_url' => 'http://addon.discuz.com',
+		'download_url' => 'http://addon.discuz.com/index.php',
+		'download_ip' => '',
+		'check_url' => 'http://addon1.discuz.com/md5/',
+		'check_ip' => '',
+	);
+
+define('CLOUDADDONS_WEBSITE_URL', $addon['website_url']);
+define('CLOUDADDONS_DOWNLOAD_URL', $addon['download_url']);
+define('CLOUDADDONS_DOWNLOAD_IP', $addon['download_ip']);
+define('CLOUDADDONS_CHECK_URL', $addon['check_url']);
+define('CLOUDADDONS_CHECK_IP', $addon['check_ip']);
 
 function cloudaddons_md5($file) {
-	return dfsockopen(CLOUDADDONS_CHECK_URL.'/md5/'.$file, 0, '', '', false, CLOUDADDONS_CHECK_IP, 60);
+	return dfsockopen(CLOUDADDONS_CHECK_URL.$file, 0, '', '', false, CLOUDADDONS_CHECK_IP, 60);
 }
 
+function cloudaddons_getuniqueid() {
+	global $_G;
+	if(CLOUDADDONS_WEBSITE_URL == 'http://addon.discuz.com') {
+		return $_G['setting']['siteuniqueid'] ? $_G['setting']['siteuniqueid'] : C::t('common_setting')->fetch('siteuniqueid');
+	} else {
+		if(!$_G['setting']['addon_uniqueid']) {
+			$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz';
+			$addonuniqueid = $chars[date('y')%60].$chars[date('n')].$chars[date('j')].$chars[date('G')].$chars[date('i')].$chars[date('s')].substr(md5($_G['clientip'].TIMESTAMP), 0, 4).random(6);
+			C::t('common_setting')->update('addon_uniqueid', $addonuniqueid);
+			require_once libfile('function/cache');
+			updatecache('setting');
+		}
+		return $_G['setting']['addon_uniqueid'];
+	}
+}
 function cloudaddons_url($extra) {
 	global $_G;
 
 	require_once DISCUZ_ROOT.'./source/discuz_version.php';
-
-	$uniqueid = $_G['setting']['siteuniqueid'] ? $_G['setting']['siteuniqueid'] : C::t('common_setting')->fetch('siteuniqueid');
-	$data = 'siteuniqueid='.rawurlencode($uniqueid).'&siteurl='.rawurlencode($_G['siteurl']).'&sitever='.DISCUZ_VERSION.'/'.DISCUZ_RELEASE.'&sitecharset='.CHARSET.'&mysiteid='.$_G['setting']['my_siteid'];
+	$data = 'siteuniqueid='.rawurlencode(cloudaddons_getuniqueid()).'&siteurl='.rawurlencode($_G['siteurl']).'&sitever='.DISCUZ_VERSION.'/'.DISCUZ_RELEASE.'&sitecharset='.CHARSET.'&mysiteid='.$_G['setting']['my_siteid'];
 	$param = 'data='.rawurlencode(base64_encode($data));
 	$param .= '&md5hash='.substr(md5($data.TIMESTAMP), 8, 8).'&timestamp='.TIMESTAMP;
 	return CLOUDADDONS_DOWNLOAD_URL.'?'.$param.$extra;
@@ -37,12 +61,6 @@ function cloudaddons_check() {
 	if(!function_exists('gzuncompress')) {
 		cpmsg('cloudaddons_check_gzuncompress_error', '', 'error');
 	}
-	if(dfsockopen(CLOUDADDONS_WEBSITE_URL.'/image/logo.png', 4, '', '', false, CLOUDADDONS_DOWNLOAD_IP, 60) !== chr(0x89).'PNG') {
-		cpmsg('cloudaddons_check_url_fopen_error', '', 'error');
-	}
-	if(dfsockopen(CLOUDADDONS_CHECK_URL.'/logo.png', 4, '', '', false, CLOUDADDONS_CHECK_IP, 60) !== chr(0x89).'PNG') {
-		cpmsg('cloudaddons_check_url_fopen_error', '', 'error');
-	}
 	foreach(array('download', 'addonmd5') as $path) {
 		$tmpdir = DISCUZ_ROOT.'./data/'.$path.'/'.random(5);
 		$tmpfile = $tmpdir.'/index.html';

source/function/function_core.php

@@ -4,7 +4,7 @@
  *      [Discuz!] (C)2001-2099 Comsenz Inc.
  *      This is NOT a freeware, use is subject to license terms
  *
- *      $Id: function_core.php 35297 2015-06-05 03:28:45Z hypowang $
+ *      $Id: function_core.php 35335 2015-06-17 01:57:38Z hypowang $
  */
 
 if(!defined('IN_DISCUZ')) {
@@ -518,6 +518,7 @@ function checktplrefresh($maintpl, $subtpl, $timecompare, $templateid, $cachefil
 
 function template($file, $templateid = 0, $tpldir = '', $gettplfile = 0, $primaltpl='') {
 	global $_G;
+
 	static $_init_style = false;
 	if($_init_style === false) {
 		C::app()->_init_style();
@@ -636,7 +637,6 @@ function template($file, $templateid = 0, $tpldir = '', $gettplfile = 0, $primal
 	if($gettplfile) {
 		return $tplfile;
 	}
-
 	checktplrefresh($tplfile, $tplfile, @filemtime(DISCUZ_ROOT.$cachefile), $templateid, $cachefile, $tpldir, $file);
 	return DISCUZ_ROOT.$cachefile;
 }
@@ -1524,7 +1524,7 @@ function dreferer($default = '') {
 	}
 
 	$_G['referer'] = durlencode($_G['referer']);
-	return$_G['referer'];
+	return $_G['referer'];
 }
 
 function ftpcmd($cmd, $arg1 = '') {