├── robots.txt ├── index.php ├── authtest.php ├── themes └── default │ ├── swf │ └── ZeroClipboard.swf │ ├── fonts │ ├── glyphicons-halflings-regular.eot │ ├── glyphicons-halflings-regular.ttf │ └── glyphicons-halflings-regular.woff │ ├── css │ ├── css.css │ └── style │ │ ├── style.css │ │ ├── print.css │ │ └── ie.css │ └── templates │ ├── notice.html │ ├── user_seting.html │ ├── menus.html │ ├── module.html │ ├── index.html │ ├── user_invite.html │ ├── project_create.html │ ├── login.html │ ├── project_viewcode.html │ ├── header.html │ ├── module_view.html │ ├── project_setcode.html │ ├── module_create.html │ └── module_set.html ├── captcha.php ├── .htaccess ├── source ├── global.func.php ├── index.php ├── common.php ├── do.php ├── keepsession.php ├── login.php ├── code.php ├── class │ ├── Captcha.class.php │ ├── Pager.class.php │ ├── Image.class.php │ └── DB.class.php ├── register.php ├── api.php └── user.php ├── libs ├── internals │ ├── core.get_microtime.php │ ├── core.get_include_path.php │ ├── core.process_compiled_include.php │ ├── core.write_compiled_resource.php │ ├── core.assign_smarty_interface.php │ ├── core.is_trusted.php │ ├── core.rmdir.php │ ├── core.write_file.php │ ├── core.smarty_include_php.php │ ├── core.display_debug_console.php │ ├── core.is_secure.php │ ├── core.assemble_plugin_filepath.php │ ├── core.load_resource_plugin.php │ ├── core.rm_auto.php │ ├── core.process_cached_inserts.php │ ├── core.get_php_resource.php │ ├── core.create_dir_structure.php │ ├── core.run_insert_handler.php │ ├── core.write_compiled_include.php │ ├── core.write_cache_file.php │ └── core.read_cache_file.php ├── plugins │ ├── modifier.lower.php │ ├── modifier.upper.php │ ├── modifier.indent.php │ ├── modifier.string_format.php │ ├── modifier.replace.php │ ├── modifier.wordwrap.php │ ├── modifier.cat.php │ ├── modifier.count_paragraphs.php │ ├── modifier.spacify.php │ ├── modifier.default.php │ ├── modifier.count_sentences.php │ ├── modifier.strip_tags.php │ ├── modifier.nl2br.php │ ├── modifier.strip.php │ ├── modifier.count_characters.php │ ├── modifier.count_words.php │ ├── shared.escape_special_chars.php │ ├── function.debug.php │ ├── function.popup_init.php │ ├── modifier.truncate_utf8.php │ ├── function.eval.php │ ├── modifier.capitalize.php │ ├── compiler.assign.php │ ├── function.assign_debug_info.php │ ├── shared.make_timestamp.php │ ├── modifier.regex_replace.php │ ├── modifier.truncate.php │ ├── modifier.date_format.php │ ├── function.counter.php │ ├── outputfilter.trimwhitespace.php │ ├── function.math.php │ ├── modifier.escape.php │ ├── modifier.debug_print_var.php │ ├── block.textformat.php │ ├── function.cycle.php │ ├── function.popup.php │ └── function.html_options.php └── debug.tpl ├── scripts └── keepsession.php ├── README.txt ├── templates_c ├── %%8E^8E8^8E89046B%%notice.html.php ├── %%79^79C^79CD1430%%user_seting.html.php ├── %%1A^1AB^1AB9BADF%%login.html.php ├── %%95^95A^95A55B08%%project_create.html.php ├── %%60^602^602CA7AB%%menus.html.php ├── %%71^714^714F4B17%%header.html.php ├── %%6D^6DE^6DE43985%%user_invite.html.php ├── %%77^774^774BE9C9%%index.html.php ├── %%4D^4D3^4D30CF2A%%project_viewcode.html.php └── %%78^781^7810E20E%%module_view.html.php ├── config.php └── init.php /robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: / -------------------------------------------------------------------------------- /index.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thickforest/xss_platform/HEAD/index.php -------------------------------------------------------------------------------- /authtest.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thickforest/xss_platform/HEAD/authtest.php -------------------------------------------------------------------------------- /themes/default/swf/ZeroClipboard.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thickforest/xss_platform/HEAD/themes/default/swf/ZeroClipboard.swf -------------------------------------------------------------------------------- /themes/default/fonts/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thickforest/xss_platform/HEAD/themes/default/fonts/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /themes/default/fonts/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thickforest/xss_platform/HEAD/themes/default/fonts/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /themes/default/fonts/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thickforest/xss_platform/HEAD/themes/default/fonts/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /captcha.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.htaccess: -------------------------------------------------------------------------------- 1 | RewriteEngine On 2 | RewriteBase / 3 | RewriteRule ^([0-9a-zA-Z]{6})$ /XSS/index.php?do=code&urlKey=$1 [L] 4 | RewriteRule ^do/auth/(\w+?)(/domain/([\w.]+?))?$ /XSS/index.php?do=do&auth=$1&domain=$3 [L] 5 | RewriteRule ^register/(.?)$ /XSS/index.php?do=register&key=$1 [L] 6 | RewriteRule ^register-validate/(.?)$ /XSS/index.php?do=register&act=validate&key=$1 [L] 7 | -------------------------------------------------------------------------------- /source/global.func.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /libs/internals/core.get_microtime.php: -------------------------------------------------------------------------------- 1 | 24 | -------------------------------------------------------------------------------- /themes/default/css/css.css: -------------------------------------------------------------------------------- 1 | body{font-family:"Helvetica Neue",Helvetica,"Hiragino Sans GB","Segoe UI","Microsoft Yahei",Tahoma,Arial,STHeiti,sans-serif;font-size:14px;line-height:1.428571429;color:#333;background-color:#fff;} 2 | html body{background:#fbfbfb;overflow-x:hidden;padding-top: 60px;} 3 | .form-signin { 4 | max-width: 330px; 5 | margin: 0 auto; 6 | } 7 | .form-register { 8 | max-width: 600px; 9 | margin: 0 auto; 10 | } 11 | a { 12 | padding-left: 1px; 13 | } 14 | a, a:hover { 15 | color: #77CCDD; 16 | text-decoration: none; 17 | } -------------------------------------------------------------------------------- /source/index.php: -------------------------------------------------------------------------------- 1 | userId<=0) $user->ToLogin(); 9 | 10 | include('common.php'); 11 | 12 | $smarty=InitSmarty(); 13 | $smarty->assign('do',$do); 14 | $smarty->assign('show',$show); 15 | $smarty->assign('url',$url); 16 | $smarty->assign('projects',$projects); 17 | $smarty->assign('modules',$modules); 18 | $smarty->display('index.html'); 19 | ?> -------------------------------------------------------------------------------- /scripts/keepsession.php: -------------------------------------------------------------------------------- 1 | Dataset("SELECT * FROM ".Tb('keepsession')); 10 | 11 | $f=new SaeFetchurl(); 12 | 13 | foreach($rows as $row){ 14 | if(time()>$row['updateTime']+300){ 15 | $f->setHeader("Cookie",urldecode($row['cookie'])); 16 | $con=$f->fetch($row['url']); 17 | $db->Execute("UPDATE ".Tb('keepsession')." SET updateTime='".time()."' WHERE id='{$row[id]}'"); 18 | } 19 | } 20 | ?> -------------------------------------------------------------------------------- /libs/plugins/modifier.lower.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: lower
14 | * Purpose: convert string to lowercase 15 | * @link http://smarty.php.net/manual/en/language.modifier.lower.php 16 | * lower (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @return string 20 | */ 21 | function smarty_modifier_lower($string) 22 | { 23 | return strtolower($string); 24 | } 25 | 26 | ?> 27 | -------------------------------------------------------------------------------- /libs/plugins/modifier.upper.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: upper
14 | * Purpose: convert string to uppercase 15 | * @link http://smarty.php.net/manual/en/language.modifier.upper.php 16 | * upper (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @return string 20 | */ 21 | function smarty_modifier_upper($string) 22 | { 23 | return strtoupper($string); 24 | } 25 | 26 | ?> 27 | -------------------------------------------------------------------------------- /libs/plugins/modifier.indent.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: indent
14 | * Purpose: indent lines of text 15 | * @link http://smarty.php.net/manual/en/language.modifier.indent.php 16 | * indent (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @param integer 20 | * @param string 21 | * @return string 22 | */ 23 | function smarty_modifier_indent($string,$chars=4,$char=" ") 24 | { 25 | return preg_replace('!^!m',str_repeat($char,$chars),$string); 26 | } 27 | 28 | ?> 29 | -------------------------------------------------------------------------------- /source/common.php: -------------------------------------------------------------------------------- 1 | Dataset("SELECT * FROM ".Tb('project')." WHERE userId='".$user->userId."' ORDER BY id dESC"); 12 | foreach($projects as $k=>$v){ 13 | $projects[$k]['contentNum']=$db->FirstValue("SELECT COUNT(*) FROM ".Tb('project_content')." WHERE projectId='{$v[id]}'"); 14 | } 15 | //模块 16 | $modules=$db->Dataset("SELECT * FROM ".Tb('module')." WHERE userId='".$user->userId."' OR (isOpen=1 AND isAudit=1) ORDER BY id dESC"); 17 | ?> -------------------------------------------------------------------------------- /libs/plugins/modifier.string_format.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: string_format
14 | * Purpose: format strings via sprintf 15 | * @link http://smarty.php.net/manual/en/language.modifier.string.format.php 16 | * string_format (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @param string 20 | * @return string 21 | */ 22 | function smarty_modifier_string_format($string, $format) 23 | { 24 | return sprintf($format, $string); 25 | } 26 | 27 | /* vim: set expandtab: */ 28 | 29 | ?> 30 | -------------------------------------------------------------------------------- /libs/plugins/modifier.replace.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: replace
14 | * Purpose: simple search/replace 15 | * @link http://smarty.php.net/manual/en/language.modifier.replace.php 16 | * replace (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @param string 20 | * @param string 21 | * @return string 22 | */ 23 | function smarty_modifier_replace($string, $search, $replace) 24 | { 25 | return str_replace($search, $replace, $string); 26 | } 27 | 28 | /* vim: set expandtab: */ 29 | 30 | ?> 31 | -------------------------------------------------------------------------------- /themes/default/css/style/style.css: -------------------------------------------------------------------------------- 1 | code { 2 | background-color: #F8F8F8; 3 | border: 1px solid #CCCCCC; 4 | color: #333333; 5 | display: block; 6 | font-family: Lucida Console,Courier New,Courier,mono,monospace; 7 | font-size: 12px; 8 | line-height: 18px; 9 | margin: 0 auto; 10 | overflow: auto; 11 | padding: 4px 8px; 12 | word-wrap: break-word; 13 | } 14 | 15 | .menus { padding:10px; width:150px; margin-right:10px; border:#e0e0e0 1px solid } 16 | .menus .menutitle { font-size:14px; font-weight:bold; width:100%;overflow: hidden } 17 | .menus .menutitle a { text-decoration:none } 18 | .menus .menutitle a.right { font-size:12px; font-weight: normal; } 19 | .menus ul,menus li { list-style:none } -------------------------------------------------------------------------------- /libs/plugins/modifier.wordwrap.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: wordwrap
14 | * Purpose: wrap a string of text at a given length 15 | * @link http://smarty.php.net/manual/en/language.modifier.wordwrap.php 16 | * wordwrap (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @param integer 20 | * @param string 21 | * @param boolean 22 | * @return string 23 | */ 24 | function smarty_modifier_wordwrap($string,$length=80,$break="\n",$cut=false) 25 | { 26 | return wordwrap($string,$length,$break,$cut); 27 | } 28 | 29 | ?> 30 | -------------------------------------------------------------------------------- /README.txt: -------------------------------------------------------------------------------- 1 | 原文: https://bbs.ichunqiu.com/thread-13187-1-1.html 2 | 3 | 本次整个项目所在目录: /var/www/html/XSS/ 4 | 5 | (1) 修改 config.php ,mysql数据库用户名密码 6 | 7 | (2) 导入xssplatform.sql,执行 8 | UPDATE oc_module SET code=REPLACE(code,'http://xsser.me','http://你的域名/XSS’); 9 | 10 | (3) 修改config.php 注册改为normal,自己先免邀请码注册一个 11 | 12 | 执行 13 | UPDATE `xss`.`oc_user` SET `adminLevel` = '1' WHERE `oc_user`.`id` =1 LIMIT 1; 14 | 升级为管理员 15 | 16 | 别忘了再改回 invite 17 | 18 | (4) 修改 /etc/apache2/apache2.conf 19 | 20 | 21 | Options FollowSymLinks 22 | AllowOverride All # 如果是None,则.htaccess 无效 23 | Require all granted 24 | 25 | 26 | 确认 apache2 加载 rewrite模块 27 | 28 | 确认.htaccess 的 /XSS/index.php 路径是否匹配 29 | 30 | (5) 短信提醒功能 31 | 32 | 修改 source/api.php 移动飞信帐号 33 | -------------------------------------------------------------------------------- /libs/plugins/modifier.cat.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: cat
14 | * Date: Feb 24, 2003 15 | * Purpose: catenate a value to a variable 16 | * Input: string to catenate 17 | * Example: {$var|cat:"foo"} 18 | * @link http://smarty.php.net/manual/en/language.modifier.cat.php cat 19 | * (Smarty online manual) 20 | * @author Monte Ohrt 21 | * @version 1.0 22 | * @param string 23 | * @param string 24 | * @return string 25 | */ 26 | function smarty_modifier_cat($string, $cat) 27 | { 28 | return $string . $cat; 29 | } 30 | 31 | /* vim: set expandtab: */ 32 | 33 | ?> 34 | -------------------------------------------------------------------------------- /libs/plugins/modifier.count_paragraphs.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: count_paragraphs
14 | * Purpose: count the number of paragraphs in a text 15 | * @link http://smarty.php.net/manual/en/language.modifier.count.paragraphs.php 16 | * count_paragraphs (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @return integer 20 | */ 21 | function smarty_modifier_count_paragraphs($string) 22 | { 23 | // count \r or \n characters 24 | return count(preg_split('/[\r\n]+/', $string)); 25 | } 26 | 27 | /* vim: set expandtab: */ 28 | 29 | ?> 30 | -------------------------------------------------------------------------------- /libs/plugins/modifier.spacify.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: spacify
14 | * Purpose: add spaces between characters in a string 15 | * @link http://smarty.php.net/manual/en/language.modifier.spacify.php 16 | * spacify (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @param string 20 | * @return string 21 | */ 22 | function smarty_modifier_spacify($string, $spacify_char = ' ') 23 | { 24 | return implode($spacify_char, 25 | preg_split('//', $string, -1, PREG_SPLIT_NO_EMPTY)); 26 | } 27 | 28 | /* vim: set expandtab: */ 29 | 30 | ?> 31 | -------------------------------------------------------------------------------- /libs/plugins/modifier.default.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: default
14 | * Purpose: designate default value for empty variables 15 | * @link http://smarty.php.net/manual/en/language.modifier.default.php 16 | * default (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @param string 20 | * @return string 21 | */ 22 | function smarty_modifier_default($string, $default = '') 23 | { 24 | if (!isset($string) || $string === '') 25 | return $default; 26 | else 27 | return $string; 28 | } 29 | 30 | /* vim: set expandtab: */ 31 | 32 | ?> 33 | -------------------------------------------------------------------------------- /libs/plugins/modifier.count_sentences.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: count_sentences 14 | * Purpose: count the number of sentences in a text 15 | * @link http://smarty.php.net/manual/en/language.modifier.count.paragraphs.php 16 | * count_sentences (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @return integer 20 | */ 21 | function smarty_modifier_count_sentences($string) 22 | { 23 | // find periods with a word before but not after. 24 | return preg_match_all('/[^\s]\.(?!\w)/', $string, $match); 25 | } 26 | 27 | /* vim: set expandtab: */ 28 | 29 | ?> 30 | -------------------------------------------------------------------------------- /libs/plugins/modifier.strip_tags.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: strip_tags
14 | * Purpose: strip html tags from text 15 | * @link http://smarty.php.net/manual/en/language.modifier.strip.tags.php 16 | * strip_tags (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @param boolean 20 | * @return string 21 | */ 22 | function smarty_modifier_strip_tags($string, $replace_with_space = true) 23 | { 24 | if ($replace_with_space) 25 | return preg_replace('!<[^>]*?>!', ' ', $string); 26 | else 27 | return strip_tags($string); 28 | } 29 | 30 | /* vim: set expandtab: */ 31 | 32 | ?> 33 | -------------------------------------------------------------------------------- /libs/plugins/modifier.nl2br.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: nl2br
14 | * Date: Feb 26, 2003 15 | * Purpose: convert \r\n, \r or \n to <
> 16 | * Input:
17 | * - contents = contents to replace 18 | * - preceed_test = if true, includes preceeding break tags 19 | * in replacement 20 | * Example: {$text|nl2br} 21 | * @link http://smarty.php.net/manual/en/language.modifier.nl2br.php 22 | * nl2br (Smarty online manual) 23 | * @version 1.0 24 | * @author Monte Ohrt 25 | * @param string 26 | * @return string 27 | */ 28 | function smarty_modifier_nl2br($string) 29 | { 30 | return nl2br($string); 31 | } 32 | 33 | /* vim: set expandtab: */ 34 | 35 | ?> 36 | -------------------------------------------------------------------------------- /libs/plugins/modifier.strip.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: strip
14 | * Purpose: Replace all repeated spaces, newlines, tabs 15 | * with a single space or supplied replacement string.
16 | * Example: {$var|strip} {$var|strip:" "} 17 | * Date: September 25th, 2002 18 | * @link http://smarty.php.net/manual/en/language.modifier.strip.php 19 | * strip (Smarty online manual) 20 | * @author Monte Ohrt 21 | * @version 1.0 22 | * @param string 23 | * @param string 24 | * @return string 25 | */ 26 | function smarty_modifier_strip($text, $replace = ' ') 27 | { 28 | return preg_replace('!\s+!', $replace, $text); 29 | } 30 | 31 | /* vim: set expandtab: */ 32 | 33 | ?> 34 | -------------------------------------------------------------------------------- /libs/plugins/modifier.count_characters.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: count_characteres
14 | * Purpose: count the number of characters in a text 15 | * @link http://smarty.php.net/manual/en/language.modifier.count.characters.php 16 | * count_characters (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @param boolean include whitespace in the character count 20 | * @return integer 21 | */ 22 | function smarty_modifier_count_characters($string, $include_spaces = false) 23 | { 24 | if ($include_spaces) 25 | return(strlen($string)); 26 | 27 | return preg_match_all("/[^\s]/",$string, $match); 28 | } 29 | 30 | /* vim: set expandtab: */ 31 | 32 | ?> 33 | -------------------------------------------------------------------------------- /libs/plugins/modifier.count_words.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: count_words
14 | * Purpose: count the number of words in a text 15 | * @link http://smarty.php.net/manual/en/language.modifier.count.words.php 16 | * count_words (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @return integer 20 | */ 21 | function smarty_modifier_count_words($string) 22 | { 23 | // split text by ' ',\r,\n,\f,\t 24 | $split_array = preg_split('/\s+/',$string); 25 | // count matches that contain alphanumerics 26 | $word_count = preg_grep('/[a-zA-Z0-9\\x80-\\xff]/', $split_array); 27 | 28 | return count($word_count); 29 | } 30 | 31 | /* vim: set expandtab: */ 32 | 33 | ?> 34 | -------------------------------------------------------------------------------- /libs/plugins/shared.escape_special_chars.php: -------------------------------------------------------------------------------- 1 | 13 | * Purpose: used by other smarty functions to escape 14 | * special chars except for already escaped ones 15 | * @author Monte Ohrt 16 | * @param string 17 | * @return string 18 | */ 19 | function smarty_function_escape_special_chars($string) 20 | { 21 | if(!is_array($string)) { 22 | $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); 23 | $string = htmlspecialchars($string); 24 | $string = str_replace(array('%%%SMARTY_START%%%','%%%SMARTY_END%%%'), array('&',';'), $string); 25 | } 26 | return $string; 27 | } 28 | 29 | /* vim: set expandtab: */ 30 | 31 | ?> 32 | -------------------------------------------------------------------------------- /libs/plugins/function.debug.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: debug
14 | * Date: July 1, 2002
15 | * Purpose: popup debug window 16 | * @link http://smarty.php.net/manual/en/language.function.debug.php {debug} 17 | * (Smarty online manual) 18 | * @author Monte Ohrt 19 | * @version 1.0 20 | * @param array 21 | * @param Smarty 22 | * @return string output from {@link Smarty::_generate_debug_output()} 23 | */ 24 | function smarty_function_debug($params, &$smarty) 25 | { 26 | if (isset($params['output'])) { 27 | $smarty->assign('_smarty_debug_output', $params['output']); 28 | } 29 | require_once(SMARTY_CORE_DIR . 'core.display_debug_console.php'); 30 | return smarty_core_display_debug_console(null, $smarty); 31 | } 32 | 33 | /* vim: set expandtab: */ 34 | 35 | ?> 36 | -------------------------------------------------------------------------------- /themes/default/templates/notice.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {$notice.str} 6 | 7 | 8 | 9 | 10 | 13 | 14 | 15 |
16 |
{$notice.str} {$notice.urltitle}
17 |
18 | 19 | -------------------------------------------------------------------------------- /source/do.php: -------------------------------------------------------------------------------- 1 | FirstRow("SELECT * FROM ".Tb('project')." WHERE authCode='{$auth}'"); 12 | if(empty($project)) exit('Auth Err.'); 13 | 14 | switch($act){ 15 | case 'content': 16 | default: 17 | $domain=Val('domain','GET'); 18 | $where=''; 19 | if(!empty($domain)) $where.=" AND domain='{$domain}'"; 20 | $contents=$db->FirstColumn("SELECT content FROM ".Tb('project_content')." WHERE projectId='{$project[id]}' {$where} ORDER BY id DESC"); 21 | $data=array(); 22 | foreach($contents as $k=>$v){ 23 | $row=array(); 24 | $v=(array)json_decode($v); 25 | $row['url']=$v['opener']?$v['opener']: $v['toplocation']; 26 | $row['cookie']=$v['cookie']; 27 | $data[]=$row; 28 | } 29 | echo JsonEncode($data); 30 | break; 31 | } 32 | ?> -------------------------------------------------------------------------------- /source/keepsession.php: -------------------------------------------------------------------------------- 1 | FirstRow("SELECT * FROM ".Tb('project')." WHERE urlKey='{$urlKey}'"); 15 | 16 | if(!empty($project) && !empty($url) && !empty($cookie)){ 17 | $hash=md5($url.$cookie); 18 | $existed=$db->FirstValue("SELECT COUNT(*) FROM ".Tb('keepsession')." WHERE hash='{$hash}'"); 19 | if($existed<=0){ 20 | //判断用户key session的请求数量 21 | $sum=$db->FirstValue("SELECT COUNT(*) FROM ".Tb('keepsession')." WHERE userId='{$project[userId]}'"); 22 | if($sum<10){ 23 | $sqlValues=array( 24 | 'projectId'=>$project['id'], 25 | 'userId'=>$project['userId'], 26 | 'url'=>$url, 27 | 'cookie'=>$cookie, 28 | 'hash'=>$hash, 29 | 'addTime'=>time(), 30 | 'updateTime'=>time() 31 | ); 32 | $db->AutoExecute(Tb('keepsession'),$sqlValues); 33 | } 34 | } 35 | } 36 | ?> -------------------------------------------------------------------------------- /libs/plugins/function.popup_init.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: popup_init
14 | * Purpose: initialize overlib 15 | * @link http://smarty.php.net/manual/en/language.function.popup.init.php {popup_init} 16 | * (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param array 19 | * @param Smarty 20 | * @return string 21 | */ 22 | function smarty_function_popup_init($params, &$smarty) 23 | { 24 | $zindex = 1000; 25 | 26 | if (!empty($params['zindex'])) { 27 | $zindex = $params['zindex']; 28 | } 29 | 30 | if (!empty($params['src'])) { 31 | return '' . "\n" 32 | . '' . "\n"; 33 | } else { 34 | $smarty->trigger_error("popup_init: missing src parameter"); 35 | } 36 | } 37 | 38 | /* vim: set expandtab: */ 39 | 40 | ?> 41 | -------------------------------------------------------------------------------- /libs/plugins/modifier.truncate_utf8.php: -------------------------------------------------------------------------------- 1 | 0)); $i++) 11 | { 12 | if($number = strpos(str_pad(decbin(ord(substr($string, $i, 1))), 8, '0', STR_PAD_LEFT), '0')) 13 | { 14 | if($length < 1.0) 15 | { 16 | break; 17 | } 18 | 19 | $result .= substr($string, $i, $number); 20 | 21 | $length -= 1.0; 22 | 23 | $i += $number - 1; 24 | } 25 | else 26 | { 27 | $result .= substr($string, $i, 1); 28 | 29 | $length -= 0.5; 30 | } 31 | } 32 | 33 | $result = htmlspecialchars($result, ENT_QUOTES, 'UTF-8'); 34 | 35 | if($i < $strlen) 36 | { 37 | $result .= $etc; 38 | } 39 | 40 | return $result; 41 | } 42 | ?> -------------------------------------------------------------------------------- /libs/internals/core.get_include_path.php: -------------------------------------------------------------------------------- 1 | 45 | -------------------------------------------------------------------------------- /libs/internals/core.process_compiled_include.php: -------------------------------------------------------------------------------- 1 | _cache_including; 20 | $smarty->_cache_including = true; 21 | 22 | $_return = $params['results']; 23 | 24 | foreach ($smarty->_cache_info['cache_serials'] as $_include_file_path=>$_cache_serial) { 25 | $smarty->_include($_include_file_path, true); 26 | } 27 | 28 | foreach ($smarty->_cache_info['cache_serials'] as $_include_file_path=>$_cache_serial) { 29 | $_return = preg_replace_callback('!(\{nocache\:('.$_cache_serial.')#(\d+)\})!s', 30 | array(&$smarty, '_process_compiled_include_callback'), 31 | $_return); 32 | } 33 | $smarty->_cache_including = $_cache_including; 34 | return $_return; 35 | } 36 | 37 | ?> 38 | -------------------------------------------------------------------------------- /libs/plugins/function.eval.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: eval
14 | * Purpose: evaluate a template variable as a template
15 | * @link http://smarty.php.net/manual/en/language.function.eval.php {eval} 16 | * (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param array 19 | * @param Smarty 20 | */ 21 | function smarty_function_eval($params, &$smarty) 22 | { 23 | 24 | if (!isset($params['var'])) { 25 | $smarty->trigger_error("eval: missing 'var' parameter"); 26 | return; 27 | } 28 | 29 | if($params['var'] == '') { 30 | return; 31 | } 32 | 33 | $smarty->_compile_source('evaluated template', $params['var'], $_var_compiled); 34 | 35 | ob_start(); 36 | $smarty->_eval('?>' . $_var_compiled); 37 | $_contents = ob_get_contents(); 38 | ob_end_clean(); 39 | 40 | if (!empty($params['assign'])) { 41 | $smarty->assign($params['assign'], $_contents); 42 | } else { 43 | return $_contents; 44 | } 45 | } 46 | 47 | /* vim: set expandtab: */ 48 | 49 | ?> 50 | -------------------------------------------------------------------------------- /libs/plugins/modifier.capitalize.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: capitalize
14 | * Purpose: capitalize words in the string 15 | * @link http://smarty.php.net/manual/en/language.modifiers.php#LANGUAGE.MODIFIER.CAPITALIZE 16 | * capitalize (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @return string 20 | */ 21 | function smarty_modifier_capitalize($string, $uc_digits = false) 22 | { 23 | smarty_modifier_capitalize_ucfirst(null, $uc_digits); 24 | return preg_replace_callback('!\'?\b\w(\w|\')*\b!', 'smarty_modifier_capitalize_ucfirst', $string); 25 | } 26 | 27 | function smarty_modifier_capitalize_ucfirst($string, $uc_digits = null) 28 | { 29 | static $_uc_digits = false; 30 | 31 | if(isset($uc_digits)) { 32 | $_uc_digits = $uc_digits; 33 | return; 34 | } 35 | 36 | if(substr($string[0],0,1) != "'" && !preg_match("!\d!",$string[0]) || $_uc_digits) 37 | return ucfirst($string[0]); 38 | else 39 | return $string[0]; 40 | } 41 | 42 | 43 | ?> 44 | -------------------------------------------------------------------------------- /libs/internals/core.write_compiled_resource.php: -------------------------------------------------------------------------------- 1 | compile_dir)) { 19 | // compile_dir not writable, see if it exists 20 | if(!@is_dir($smarty->compile_dir)) { 21 | $smarty->trigger_error('the $compile_dir \'' . $smarty->compile_dir . '\' does not exist, or is not a directory.', E_USER_ERROR); 22 | return false; 23 | } 24 | $smarty->trigger_error('unable to write to $compile_dir \'' . realpath($smarty->compile_dir) . '\'. Be sure $compile_dir is writable by the web server user.', E_USER_ERROR); 25 | return false; 26 | } 27 | */ 28 | $_params = array('filename' => $params['compile_path'], 'contents' => $params['compiled_content'], 'create_dirs' => true); 29 | require_once(SMARTY_CORE_DIR . 'core.write_file.php'); 30 | smarty_core_write_file($_params, $smarty); 31 | return true; 32 | } 33 | 34 | /* vim: set expandtab: */ 35 | 36 | ?> 37 | -------------------------------------------------------------------------------- /libs/plugins/compiler.assign.php: -------------------------------------------------------------------------------- 1 | 12 | * Name: assign
13 | * Purpose: assign a value to a template variable 14 | * @link http://smarty.php.net/manual/en/language.custom.functions.php#LANGUAGE.FUNCTION.ASSIGN {assign} 15 | * (Smarty online manual) 16 | * @author Monte Ohrt (initial author) 17 | * @author messju mohr (conversion to compiler function) 18 | * @param string containing var-attribute and value-attribute 19 | * @param Smarty_Compiler 20 | */ 21 | function smarty_compiler_assign($tag_attrs, &$compiler) 22 | { 23 | $_params = $compiler->_parse_attrs($tag_attrs); 24 | 25 | if (!isset($_params['var'])) { 26 | $compiler->_syntax_error("assign: missing 'var' parameter", E_USER_WARNING); 27 | return; 28 | } 29 | 30 | if (!isset($_params['value'])) { 31 | $compiler->_syntax_error("assign: missing 'value' parameter", E_USER_WARNING); 32 | return; 33 | } 34 | 35 | return "\$this->assign({$_params['var']}, {$_params['value']});"; 36 | } 37 | 38 | /* vim: set expandtab: */ 39 | 40 | ?> 41 | -------------------------------------------------------------------------------- /libs/plugins/function.assign_debug_info.php: -------------------------------------------------------------------------------- 1 | 12 | * Name: assign_debug_info
13 | * Purpose: assign debug info to the template
14 | * @author Monte Ohrt 15 | * @param array unused in this plugin, this plugin uses {@link Smarty::$_config}, 16 | * {@link Smarty::$_tpl_vars} and {@link Smarty::$_smarty_debug_info} 17 | * @param Smarty 18 | */ 19 | function smarty_function_assign_debug_info($params, &$smarty) 20 | { 21 | $assigned_vars = $smarty->_tpl_vars; 22 | ksort($assigned_vars); 23 | if (@is_array($smarty->_config[0])) { 24 | $config_vars = $smarty->_config[0]; 25 | ksort($config_vars); 26 | $smarty->assign("_debug_config_keys", array_keys($config_vars)); 27 | $smarty->assign("_debug_config_vals", array_values($config_vars)); 28 | } 29 | 30 | $included_templates = $smarty->_smarty_debug_info; 31 | 32 | $smarty->assign("_debug_keys", array_keys($assigned_vars)); 33 | $smarty->assign("_debug_vals", array_values($assigned_vars)); 34 | 35 | $smarty->assign("_debug_tpls", $included_templates); 36 | } 37 | 38 | /* vim: set expandtab: */ 39 | 40 | ?> 41 | -------------------------------------------------------------------------------- /libs/plugins/shared.make_timestamp.php: -------------------------------------------------------------------------------- 1 | 11 | * Purpose: used by other smarty functions to make a timestamp 12 | * from a string. 13 | * @author Monte Ohrt 14 | * @param string 15 | * @return string 16 | */ 17 | function smarty_make_timestamp($string) 18 | { 19 | if(empty($string)) { 20 | // use "now": 21 | $time = time(); 22 | 23 | } elseif (preg_match('/^\d{14}$/', $string)) { 24 | // it is mysql timestamp format of YYYYMMDDHHMMSS? 25 | $time = mktime(substr($string, 8, 2),substr($string, 10, 2),substr($string, 12, 2), 26 | substr($string, 4, 2),substr($string, 6, 2),substr($string, 0, 4)); 27 | 28 | } elseif (is_numeric($string)) { 29 | // it is a numeric string, we handle it as timestamp 30 | $time = (int)$string; 31 | 32 | } else { 33 | // strtotime should handle it 34 | $time = strtotime($string); 35 | if ($time == -1 || $time === false) { 36 | // strtotime() was not able to parse $string, use "now": 37 | $time = time(); 38 | } 39 | } 40 | return $time; 41 | 42 | } 43 | 44 | /* vim: set expandtab: */ 45 | 46 | ?> 47 | -------------------------------------------------------------------------------- /source/login.php: -------------------------------------------------------------------------------- 1 | userId<=0){ 25 | if($user->Login($username,$userpwd,$auto)){ 26 | ShowSuccess('登录成功'); 27 | }else{ 28 | ShowError('登录失败,请检查用户/邮箱或密码',$url['login']); 29 | } 30 | } 31 | break; 32 | case 'logout': 33 | if($user->Logout()){ 34 | ShowSuccess('成功退出'); 35 | } 36 | break; 37 | default: 38 | if($user->userId>0){ 39 | ShowError('已经登录'); 40 | } 41 | $smarty=InitSmarty(); 42 | $smarty->assign('do',$do); 43 | $smarty->assign('show',$show); 44 | $smarty->assign('url',$url); 45 | $smarty->display('login.html'); 46 | break; 47 | } 48 | ?> -------------------------------------------------------------------------------- /themes/default/css/style/print.css: -------------------------------------------------------------------------------- 1 | /* ----------------------------------------------------------------------- 2 | 3 | 4 | Blueprint CSS Framework 1.0.1 5 | http://blueprintcss.org 6 | 7 | * Copyright (c) 2007-Present. See LICENSE for more info. 8 | * See README for instructions on how to use Blueprint. 9 | * For credits and origins, see AUTHORS. 10 | * This is a compressed file. See the sources in the 'src' directory. 11 | 12 | ----------------------------------------------------------------------- */ 13 | 14 | /* print.css */ 15 | body {line-height:1.5;font-family:"Helvetica Neue", Arial, Helvetica, sans-serif;color:#000;background:none;font-size:10pt;} 16 | .container {background:none;} 17 | hr {background:#ccc;color:#ccc;width:100%;height:2px;margin:2em 0;padding:0;border:none;} 18 | hr.space {background:#fff;color:#fff;visibility:hidden;} 19 | h1, h2, h3, h4, h5, h6 {font-family:"Helvetica Neue", Arial, "Lucida Grande", sans-serif;} 20 | code {font:.9em "Courier New", Monaco, Courier, monospace;} 21 | a img {border:none;} 22 | p img.top {margin-top:0;} 23 | blockquote {margin:1.5em;padding:1em;font-style:italic;font-size:.9em;} 24 | .small {font-size:.9em;} 25 | .large {font-size:1.1em;} 26 | .quiet {color:#999;} 27 | .hide {display:none;} 28 | a:link, a:visited {background:transparent;font-weight:700;text-decoration:underline;} 29 | /*a:link:after, a:visited:after {content:" (" attr(href) ")";font-size:90%;}*/ -------------------------------------------------------------------------------- /libs/internals/core.assign_smarty_interface.php: -------------------------------------------------------------------------------- 1 | 12 | * Name: assign_smarty_interface
13 | * Purpose: assign the $smarty interface variable 14 | * @param array Format: null 15 | * @param Smarty 16 | */ 17 | function smarty_core_assign_smarty_interface($params, &$smarty) 18 | { 19 | if (isset($smarty->_smarty_vars) && isset($smarty->_smarty_vars['request'])) { 20 | return; 21 | } 22 | 23 | $_globals_map = array('g' => 'HTTP_GET_VARS', 24 | 'p' => 'HTTP_POST_VARS', 25 | 'c' => 'HTTP_COOKIE_VARS', 26 | 's' => 'HTTP_SERVER_VARS', 27 | 'e' => 'HTTP_ENV_VARS'); 28 | 29 | $_smarty_vars_request = array(); 30 | 31 | foreach (preg_split('!!', strtolower($smarty->request_vars_order)) as $_c) { 32 | if (isset($_globals_map[$_c])) { 33 | $_smarty_vars_request = array_merge($_smarty_vars_request, $GLOBALS[$_globals_map[$_c]]); 34 | } 35 | } 36 | $_smarty_vars_request = @array_merge($_smarty_vars_request, $GLOBALS['HTTP_SESSION_VARS']); 37 | 38 | $smarty->_smarty_vars['request'] = $_smarty_vars_request; 39 | } 40 | 41 | /* vim: set expandtab: */ 42 | 43 | ?> 44 | -------------------------------------------------------------------------------- /libs/plugins/modifier.regex_replace.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: regex_replace
14 | * Purpose: regular expression search/replace 15 | * @link http://smarty.php.net/manual/en/language.modifier.regex.replace.php 16 | * regex_replace (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @param string|array 20 | * @param string|array 21 | * @return string 22 | */ 23 | function smarty_modifier_regex_replace($string, $search, $replace) 24 | { 25 | if(is_array($search)) { 26 | foreach($search as $idx => $s) 27 | $search[$idx] = _smarty_regex_replace_check($s); 28 | } else { 29 | $search = _smarty_regex_replace_check($search); 30 | } 31 | 32 | return preg_replace($search, $replace, $string); 33 | } 34 | 35 | function _smarty_regex_replace_check($search) 36 | { 37 | if (($pos = strpos($search,"\0")) !== false) 38 | $search = substr($search,0,$pos); 39 | if (preg_match('!([a-zA-Z\s]+)$!s', $search, $match) && (strpos($match[1], 'e') !== false)) { 40 | /* remove eval-modifier from $search */ 41 | $search = substr($search, 0, -strlen($match[1])) . preg_replace('![e\s]+!', '', $match[1]); 42 | } 43 | return $search; 44 | } 45 | 46 | /* vim: set expandtab: */ 47 | 48 | ?> 49 | -------------------------------------------------------------------------------- /libs/internals/core.is_trusted.php: -------------------------------------------------------------------------------- 1 | trusted_dir)) { 23 | $_rp = realpath($params['resource_name']); 24 | foreach ((array)$smarty->trusted_dir as $curr_dir) { 25 | if (!empty($curr_dir) && is_readable ($curr_dir)) { 26 | $_cd = realpath($curr_dir); 27 | if (strncmp($_rp, $_cd, strlen($_cd)) == 0 28 | && substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { 29 | $_smarty_trusted = true; 30 | break; 31 | } 32 | } 33 | } 34 | } 35 | 36 | } else { 37 | // resource is not on local file system 38 | $_smarty_trusted = call_user_func_array($smarty->_plugins['resource'][$params['resource_type']][0][3], 39 | array($params['resource_name'], $smarty)); 40 | } 41 | 42 | return $_smarty_trusted; 43 | } 44 | 45 | /* vim: set expandtab: */ 46 | 47 | ?> 48 | -------------------------------------------------------------------------------- /templates_c/%%8E^8E8^8E89046B%%notice.html.php: -------------------------------------------------------------------------------- 1 | 3 | 4 | 5 | 6 | 7 | <?php echo $this->_tpl_vars['notice']['str']; ?> 8 | 9 | 11 | 13 | 15 | 17 | 21 | 22 | 23 |
24 |
_tpl_vars['notice']['str']; ?> 26 | _tpl_vars['notice']['urltitle']; ?> 28 |
29 |
30 | 31 | -------------------------------------------------------------------------------- /libs/plugins/modifier.truncate.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: truncate
14 | * Purpose: Truncate a string to a certain length if necessary, 15 | * optionally splitting in the middle of a word, and 16 | * appending the $etc string or inserting $etc into the middle. 17 | * @link http://smarty.php.net/manual/en/language.modifier.truncate.php 18 | * truncate (Smarty online manual) 19 | * @author Monte Ohrt 20 | * @param string 21 | * @param integer 22 | * @param string 23 | * @param boolean 24 | * @param boolean 25 | * @return string 26 | */ 27 | function smarty_modifier_truncate($string, $length = 80, $etc = '...', 28 | $break_words = false, $middle = false) 29 | { 30 | if ($length == 0) 31 | return ''; 32 | 33 | if (strlen($string) > $length) { 34 | $length -= min($length, strlen($etc)); 35 | if (!$break_words && !$middle) { 36 | $string = preg_replace('/\s+?(\S+)?$/', '', substr($string, 0, $length+1)); 37 | } 38 | if(!$middle) { 39 | return substr($string, 0, $length) . $etc; 40 | } else { 41 | return substr($string, 0, $length/2) . $etc . substr($string, -$length/2); 42 | } 43 | } else { 44 | return $string; 45 | } 46 | } 47 | 48 | /* vim: set expandtab: */ 49 | 50 | ?> 51 | -------------------------------------------------------------------------------- /themes/default/templates/user_seting.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | XSS Platform 6 | 7 | 8 | 9 | 10 | 11 | 12 | {literal} 13 | 22 | {/literal} 23 | 24 | 25 | {include file="header.html"} 26 |
27 | {include file="menus.html"} 28 |
29 |
30 |
个人设置
31 |
32 |
33 | 邮箱:{$email} 34 |
发送邮件提醒:{$input1} 35 |
36 |
37 | 手机: 38 |

39 | 发送短信提醒:{$input2} 40 | 41 |

42 |
43 |
44 |
45 | 46 | -------------------------------------------------------------------------------- /source/code.php: -------------------------------------------------------------------------------- 1 | FirstRow("SELECT * FROM ".Tb('project')." WHERE id='{$id}' OR urlKey='{$urlKey}'"); 17 | if(empty($project)) exit(); 18 | $moduleSetKeys=json_decode($project['moduleSetKeys'],true); 19 | /* 模块 begin */ 20 | $moduleIds=array(); 21 | if(!empty($project['modules'])) $moduleIds=json_decode($project['modules']); 22 | if(!empty($moduleIds)){ 23 | $modulesStr=implode(',',$moduleIds); 24 | $modules=$db->Dataset("SELECT * FROM ".Tb('module')." WHERE id IN ($modulesStr)"); 25 | if(!empty($modules)){ 26 | foreach($modules as $module){ 27 | $module['code']=str_replace('{projectId}',$project['urlKey'],$module['code']); 28 | //module里是否有配置的参数 29 | if(!empty($module['setkeys'])){ 30 | $setkeys=json_decode($module['setkeys'],true); 31 | foreach($setkeys as $setkey){ 32 | $module['code']=str_replace('{set.'.$setkey.'}',$moduleSetKeys["setkey_{$module[id]}_{$setkey}"],$module['code']); 33 | } 34 | } 35 | echo htmlspecialchars_decode($module['code'],ENT_QUOTES); 36 | } 37 | } 38 | } 39 | /* 模块 end */ 40 | /* 项目自定义代码 */ 41 | echo htmlspecialchars_decode($project['code'],ENT_QUOTES); 42 | ?> -------------------------------------------------------------------------------- /themes/default/templates/menus.html: -------------------------------------------------------------------------------- 1 |
2 |
3 |
我的项目创建
4 |
5 |
    6 | {foreach from=$projects item=v} 7 |
  • {$v.title}
    • 8 | {/foreach} 9 |
10 |
11 |
12 | 13 |
14 |
我的模块创建
15 |
16 |
    17 | {foreach from=$modules item=v} 18 | {if $v.isOpen==0 || ($v.isOpen==1 && $v.isAudit==0)} 19 |
  • {$v.title}
    • 20 | {/if} 21 | {/foreach} 22 |
23 |
24 |
25 | 26 |
27 |
公共模块
28 |
29 |
    30 | {foreach from=$modules item=v} 31 | {if $v.isOpen==1 && $v.isAudit==1} 32 |
  • {$v.title}
    • 33 | {/if} 34 | {/foreach} 35 |
36 |
37 |
38 |
-------------------------------------------------------------------------------- /libs/internals/core.rmdir.php: -------------------------------------------------------------------------------- 1 | keep root) 10 | * WARNING: no tests, it will try to remove what you tell it! 11 | * 12 | * @param string $dirname 13 | * @param integer $level 14 | * @param integer $exp_time 15 | * @return boolean 16 | */ 17 | 18 | // $dirname, $level = 1, $exp_time = null 19 | 20 | function smarty_core_rmdir($params, &$smarty) 21 | { 22 | if(!isset($params['level'])) { $params['level'] = 1; } 23 | if(!isset($params['exp_time'])) { $params['exp_time'] = null; } 24 | 25 | if($_handle = @opendir($params['dirname'])) { 26 | 27 | while (false !== ($_entry = readdir($_handle))) { 28 | if ($_entry != '.' && $_entry != '..') { 29 | if (@is_dir($params['dirname'] . DIRECTORY_SEPARATOR . $_entry)) { 30 | $_params = array( 31 | 'dirname' => $params['dirname'] . DIRECTORY_SEPARATOR . $_entry, 32 | 'level' => $params['level'] + 1, 33 | 'exp_time' => $params['exp_time'] 34 | ); 35 | smarty_core_rmdir($_params, $smarty); 36 | } 37 | else { 38 | $smarty->_unlink($params['dirname'] . DIRECTORY_SEPARATOR . $_entry, $params['exp_time']); 39 | } 40 | } 41 | } 42 | closedir($_handle); 43 | } 44 | 45 | if ($params['level']) { 46 | return @rmdir($params['dirname']); 47 | } 48 | return (bool)$_handle; 49 | 50 | } 51 | 52 | /* vim: set expandtab: */ 53 | 54 | ?> 55 | -------------------------------------------------------------------------------- /source/class/Captcha.class.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | XSS Platform 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | {include file="header.html"} 15 |
16 | {include file="menus.html"} 17 |
18 |
19 |
我的模块创建模块
20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | {foreach from=$modules item=v} 31 | 32 | 33 | 34 | 35 | 39 | 40 | {/foreach} 41 | 42 |
模块名称模块描述创建时间操作
{$v.title}{$v.description}{$v.addTime|date_format:'%Y-%m-%d'} 36 | 配置   37 | 删除 38 |
43 |
44 |
45 |
46 | 47 | -------------------------------------------------------------------------------- /libs/internals/core.write_file.php: -------------------------------------------------------------------------------- 1 | $_dirname); 22 | require_once(SMARTY_CORE_DIR . 'core.create_dir_structure.php'); 23 | smarty_core_create_dir_structure($_params, $smarty); 24 | } 25 | 26 | // write to tmp file, then rename it to avoid file locking race condition 27 | $_tmp_file = tempnam($_dirname, 'wrt'); 28 | 29 | if (!($fd = @fopen($_tmp_file, 'wb'))) { 30 | $_tmp_file = $_dirname . DIRECTORY_SEPARATOR . uniqid('wrt'); 31 | if (!($fd = @fopen($_tmp_file, 'wb'))) { 32 | $smarty->trigger_error("problem writing temporary file '$_tmp_file'"); 33 | return false; 34 | } 35 | } 36 | 37 | fwrite($fd, $params['contents']); 38 | fclose($fd); 39 | 40 | if (DIRECTORY_SEPARATOR == '\\' || !@rename($_tmp_file, $params['filename'])) { 41 | // On platforms and filesystems that cannot overwrite with rename() 42 | // delete the file before renaming it -- because windows always suffers 43 | // this, it is short-circuited to avoid the initial rename() attempt 44 | @unlink($params['filename']); 45 | @rename($_tmp_file, $params['filename']); 46 | } 47 | @chmod($params['filename'], $smarty->_file_perms); 48 | 49 | return true; 50 | } 51 | 52 | /* vim: set expandtab: */ 53 | 54 | ?> -------------------------------------------------------------------------------- /themes/default/templates/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | XSS Platform 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | {include file="header.html"} 15 |
16 | {include file="menus.html"} 17 |
18 |
19 |
我的项目创建项目
20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | {foreach from=$projects item=v} 32 | 33 | 34 | 35 | 36 | 37 | 40 | 41 | {/foreach} 42 | 43 |
项目名称项目描述内容数创建时间操作
{$v.title}{$v.description}{$v.contentNum}{$v.addTime|date_format:'%Y-%m-%d'} 38 | 删除 39 |
44 |
45 | 46 |
47 |
48 | 49 | -------------------------------------------------------------------------------- /config.php: -------------------------------------------------------------------------------- 1 | '枫林sec内部XSS平台', //网站名 36 | 'sitedesc' =>'盲打天下', //一句话简介 37 | 'keywords' =>'xss', //keywords 38 | 'description' =>'', //description 39 | 'adminmail' =>'ohlinge@163.com' //管理员邮箱 40 | ); 41 | 42 | /* 积分等级设置 */ 43 | $config['point']=array( 44 | 'award'=>array( 45 | 'publish' =>2, 46 | 'comment' =>2, 47 | 'invitereg' =>10 //邀请注册奖励 48 | ) 49 | ); 50 | 51 | /* 其它设置 */ 52 | $config['timezone'] ='Asia/Shanghai'; //时区,如UTC 53 | $config['expires'] =3600; //过期时长(秒) 54 | $config['debug'] =false; //调试模式(是否显示程序、数据库等错误) 55 | ?> 56 | -------------------------------------------------------------------------------- /libs/internals/core.smarty_include_php.php: -------------------------------------------------------------------------------- 1 | $params['smarty_file']); 24 | require_once(SMARTY_CORE_DIR . 'core.get_php_resource.php'); 25 | smarty_core_get_php_resource($_params, $smarty); 26 | $_smarty_resource_type = $_params['resource_type']; 27 | $_smarty_php_resource = $_params['php_resource']; 28 | 29 | if (!empty($params['smarty_assign'])) { 30 | ob_start(); 31 | if ($_smarty_resource_type == 'file') { 32 | $smarty->_include($_smarty_php_resource, $params['smarty_once'], $params['smarty_include_vars']); 33 | } else { 34 | $smarty->_eval($_smarty_php_resource, $params['smarty_include_vars']); 35 | } 36 | $smarty->assign($params['smarty_assign'], ob_get_contents()); 37 | ob_end_clean(); 38 | } else { 39 | if ($_smarty_resource_type == 'file') { 40 | $smarty->_include($_smarty_php_resource, $params['smarty_once'], $params['smarty_include_vars']); 41 | } else { 42 | $smarty->_eval($_smarty_php_resource, $params['smarty_include_vars']); 43 | } 44 | } 45 | } 46 | 47 | 48 | /* vim: set expandtab: */ 49 | 50 | ?> 51 | -------------------------------------------------------------------------------- /libs/internals/core.display_debug_console.php: -------------------------------------------------------------------------------- 1 | 12 | * Name: display_debug_console
13 | * Purpose: display the javascript debug console window 14 | * @param array Format: null 15 | * @param Smarty 16 | */ 17 | function smarty_core_display_debug_console($params, &$smarty) 18 | { 19 | // we must force compile the debug template in case the environment 20 | // changed between separate applications. 21 | 22 | if(empty($smarty->debug_tpl)) { 23 | // set path to debug template from SMARTY_DIR 24 | $smarty->debug_tpl = SMARTY_DIR . 'debug.tpl'; 25 | if($smarty->security && is_file($smarty->debug_tpl)) { 26 | $smarty->secure_dir[] = realpath($smarty->debug_tpl); 27 | } 28 | $smarty->debug_tpl = 'file:' . SMARTY_DIR . 'debug.tpl'; 29 | } 30 | 31 | $_ldelim_orig = $smarty->left_delimiter; 32 | $_rdelim_orig = $smarty->right_delimiter; 33 | 34 | $smarty->left_delimiter = '{'; 35 | $smarty->right_delimiter = '}'; 36 | 37 | $_compile_id_orig = $smarty->_compile_id; 38 | $smarty->_compile_id = null; 39 | 40 | $_compile_path = $smarty->_get_compile_path($smarty->debug_tpl); 41 | if ($smarty->_compile_resource($smarty->debug_tpl, $_compile_path)) 42 | { 43 | ob_start(); 44 | $smarty->_include($_compile_path); 45 | $_results = ob_get_contents(); 46 | ob_end_clean(); 47 | } else { 48 | $_results = ''; 49 | } 50 | 51 | $smarty->_compile_id = $_compile_id_orig; 52 | 53 | $smarty->left_delimiter = $_ldelim_orig; 54 | $smarty->right_delimiter = $_rdelim_orig; 55 | 56 | return $_results; 57 | } 58 | 59 | /* vim: set expandtab: */ 60 | 61 | ?> 62 | -------------------------------------------------------------------------------- /themes/default/templates/user_invite.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | XSS Platform 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | {include file="header.html"} 15 |
16 |
17 |
18 |
邀请码生成
19 |
20 |

未使用的邀请码

21 | 22 | 乌云币奖品邀请码 ({$codesWooyun|@count}) 23 | 生成奖品邀请码 24 | 25 | 26 | 27 | 28 | 29 | 30 | {foreach from=$codesWooyun item=v} 31 | 32 | 33 | 34 | {/foreach} 35 | 36 |
邀请码 (生成时间倒序排列)
{$v.code}
37 | 38 | 39 | 其它邀请码 ({$codesOther|@count})生成其它邀请码 40 | 41 | 42 | 43 | 44 | 45 | 46 | {foreach from=$codesOther item=v} 47 | 48 | 49 | 50 | {/foreach} 51 | 52 |
邀请码 (生成时间倒序排列)
{$v.code}
53 |
54 |
55 |
56 |
57 | 58 | -------------------------------------------------------------------------------- /libs/internals/core.is_secure.php: -------------------------------------------------------------------------------- 1 | security || $smarty->security_settings['INCLUDE_ANY']) { 21 | return true; 22 | } 23 | 24 | if ($params['resource_type'] == 'file') { 25 | $_rp = realpath($params['resource_name']); 26 | if (isset($params['resource_base_path'])) { 27 | foreach ((array)$params['resource_base_path'] as $curr_dir) { 28 | if ( ($_cd = realpath($curr_dir)) !== false && 29 | strncmp($_rp, $_cd, strlen($_cd)) == 0 && 30 | substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { 31 | return true; 32 | } 33 | } 34 | } 35 | if (!empty($smarty->secure_dir)) { 36 | foreach ((array)$smarty->secure_dir as $curr_dir) { 37 | if ( ($_cd = realpath($curr_dir)) !== false) { 38 | if($_cd == $_rp) { 39 | return true; 40 | } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && 41 | substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) { 42 | return true; 43 | } 44 | } 45 | } 46 | } 47 | } else { 48 | // resource is not on local file system 49 | return call_user_func_array( 50 | $smarty->_plugins['resource'][$params['resource_type']][0][2], 51 | array($params['resource_name'], &$smarty)); 52 | } 53 | 54 | return false; 55 | } 56 | 57 | /* vim: set expandtab: */ 58 | 59 | ?> 60 | -------------------------------------------------------------------------------- /libs/plugins/modifier.date_format.php: -------------------------------------------------------------------------------- 1 | _get_plugin_filepath('shared', 'make_timestamp'); 12 | /** 13 | * Smarty date_format modifier plugin 14 | * 15 | * Type: modifier
16 | * Name: date_format
17 | * Purpose: format datestamps via strftime
18 | * Input:
19 | * - string: input date string 20 | * - format: strftime format for output 21 | * - default_date: default date if $string is empty 22 | * @link http://smarty.php.net/manual/en/language.modifier.date.format.php 23 | * date_format (Smarty online manual) 24 | * @author Monte Ohrt 25 | * @param string 26 | * @param string 27 | * @param string 28 | * @return string|void 29 | * @uses smarty_make_timestamp() 30 | */ 31 | function smarty_modifier_date_format($string, $format = '%b %e, %Y', $default_date = '') 32 | { 33 | if ($string != '') { 34 | $timestamp = smarty_make_timestamp($string); 35 | } elseif ($default_date != '') { 36 | $timestamp = smarty_make_timestamp($default_date); 37 | } else { 38 | return; 39 | } 40 | if (DIRECTORY_SEPARATOR == '\\') { 41 | $_win_from = array('%D', '%h', '%n', '%r', '%R', '%t', '%T'); 42 | $_win_to = array('%m/%d/%y', '%b', "\n", '%I:%M:%S %p', '%H:%M', "\t", '%H:%M:%S'); 43 | if (strpos($format, '%e') !== false) { 44 | $_win_from[] = '%e'; 45 | $_win_to[] = sprintf('%\' 2d', date('j', $timestamp)); 46 | } 47 | if (strpos($format, '%l') !== false) { 48 | $_win_from[] = '%l'; 49 | $_win_to[] = sprintf('%\' 2d', date('h', $timestamp)); 50 | } 51 | $format = str_replace($_win_from, $_win_to, $format); 52 | } 53 | return strftime($format, $timestamp); 54 | } 55 | 56 | /* vim: set expandtab: */ 57 | 58 | ?> 59 | -------------------------------------------------------------------------------- /themes/default/css/style/ie.css: -------------------------------------------------------------------------------- 1 | /* ----------------------------------------------------------------------- 2 | 3 | 4 | Blueprint CSS Framework 1.0.1 5 | http://blueprintcss.org 6 | 7 | * Copyright (c) 2007-Present. See LICENSE for more info. 8 | * See README for instructions on how to use Blueprint. 9 | * For credits and origins, see AUTHORS. 10 | * This is a compressed file. See the sources in the 'src' directory. 11 | 12 | ----------------------------------------------------------------------- */ 13 | 14 | /* ie.css */ 15 | body {text-align:center;} 16 | .container {text-align:left;} 17 | * html .column, * html .span-1, * html .span-2, * html .span-3, * html .span-4, * html .span-5, * html .span-6, * html .span-7, * html .span-8, * html .span-9, * html .span-10, * html .span-11, * html .span-12, * html .span-13, * html .span-14, * html .span-15, * html .span-16, * html .span-17, * html .span-18, * html .span-19, * html .span-20, * html .span-21, * html .span-22, * html .span-23, * html .span-24 {display:inline;overflow-x:hidden;} 18 | * html legend {margin:0px -8px 16px 0;padding:0;} 19 | sup {vertical-align:text-top;} 20 | sub {vertical-align:text-bottom;} 21 | html>body p code {*white-space:normal;} 22 | hr {margin:-8px auto 11px;} 23 | img {-ms-interpolation-mode:bicubic;} 24 | .clearfix, .container {display:inline-block;} 25 | * html .clearfix, * html .container {height:1%;} 26 | fieldset {padding-top:0;} 27 | legend {margin-top:-0.2em;margin-bottom:1em;margin-left:-0.5em;} 28 | textarea {overflow:auto;} 29 | label {vertical-align:middle;position:relative;top:-0.25em;} 30 | input.text, input.title, textarea {background-color:#fff;border:1px solid #bbb;} 31 | input.text:focus, input.title:focus {border-color:#666;} 32 | input.text, input.title, textarea, select {margin:0.5em 0;} 33 | input.checkbox, input.radio {position:relative;top:.25em;} 34 | form.inline div, form.inline p {vertical-align:middle;} 35 | form.inline input.checkbox, form.inline input.radio, form.inline input.button, form.inline button {margin:0.5em 0;} 36 | button, input.button {position:relative;top:0.25em;} -------------------------------------------------------------------------------- /themes/default/templates/project_create.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | XSS Platform 6 | 7 | 8 | 9 | 10 | 11 | 12 | {literal} 13 | 26 | {/literal} 27 | 28 | 29 | {include file="header.html"} 30 |
31 | {include file="menus.html"} 32 |
33 |
34 |
创建项目
35 |
36 | 37 |
38 |
39 |

40 |
41 | 42 |

43 | 44 |

45 |
46 | 47 |

48 |

49 |    50 | 51 |

52 |
53 |
54 |
55 |
56 |
57 | 58 | 59 | -------------------------------------------------------------------------------- /libs/plugins/function.counter.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: counter
14 | * Purpose: print out a counter value 15 | * @author Monte Ohrt 16 | * @link http://smarty.php.net/manual/en/language.function.counter.php {counter} 17 | * (Smarty online manual) 18 | * @param array parameters 19 | * @param Smarty 20 | * @return string|null 21 | */ 22 | function smarty_function_counter($params, &$smarty) 23 | { 24 | static $counters = array(); 25 | 26 | $name = (isset($params['name'])) ? $params['name'] : 'default'; 27 | if (!isset($counters[$name])) { 28 | $counters[$name] = array( 29 | 'start'=>1, 30 | 'skip'=>1, 31 | 'direction'=>'up', 32 | 'count'=>1 33 | ); 34 | } 35 | $counter =& $counters[$name]; 36 | 37 | if (isset($params['start'])) { 38 | $counter['start'] = $counter['count'] = (int)$params['start']; 39 | } 40 | 41 | if (!empty($params['assign'])) { 42 | $counter['assign'] = $params['assign']; 43 | } 44 | 45 | if (isset($counter['assign'])) { 46 | $smarty->assign($counter['assign'], $counter['count']); 47 | } 48 | 49 | if (isset($params['print'])) { 50 | $print = (bool)$params['print']; 51 | } else { 52 | $print = empty($counter['assign']); 53 | } 54 | 55 | if ($print) { 56 | $retval = $counter['count']; 57 | } else { 58 | $retval = null; 59 | } 60 | 61 | if (isset($params['skip'])) { 62 | $counter['skip'] = $params['skip']; 63 | } 64 | 65 | if (isset($params['direction'])) { 66 | $counter['direction'] = $params['direction']; 67 | } 68 | 69 | if ($counter['direction'] == "down") 70 | $counter['count'] -= $counter['skip']; 71 | else 72 | $counter['count'] += $counter['skip']; 73 | 74 | return $retval; 75 | 76 | } 77 | 78 | /* vim: set expandtab: */ 79 | 80 | ?> 81 | -------------------------------------------------------------------------------- /themes/default/templates/login.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | XSS Platform 6 | 7 | 8 | 9 | 10 | 11 | 12 | {literal} 13 | 29 | {/literal} 30 | 31 | 32 | {include file="header.html"} 33 | 34 |
35 | 57 |
58 | 59 | -------------------------------------------------------------------------------- /libs/internals/core.assemble_plugin_filepath.php: -------------------------------------------------------------------------------- 1 | plugins_dir as $_plugin_dir) { 26 | 27 | $_plugin_filepath = $_plugin_dir . DIRECTORY_SEPARATOR . $_plugin_filename; 28 | 29 | // see if path is relative 30 | if (!preg_match("/^([\/\\\\]|[a-zA-Z]:[\/\\\\])/", $_plugin_dir)) { 31 | $_relative_paths[] = $_plugin_dir; 32 | // relative path, see if it is in the SMARTY_DIR 33 | if (@is_readable(SMARTY_DIR . $_plugin_filepath)) { 34 | $_return = SMARTY_DIR . $_plugin_filepath; 35 | break; 36 | } 37 | } 38 | // try relative to cwd (or absolute) 39 | if (@is_readable($_plugin_filepath)) { 40 | $_return = $_plugin_filepath; 41 | break; 42 | } 43 | } 44 | 45 | if($_return === false) { 46 | // still not found, try PHP include_path 47 | if(isset($_relative_paths)) { 48 | foreach ((array)$_relative_paths as $_plugin_dir) { 49 | 50 | $_plugin_filepath = $_plugin_dir . DIRECTORY_SEPARATOR . $_plugin_filename; 51 | 52 | $_params = array('file_path' => $_plugin_filepath); 53 | require_once(SMARTY_CORE_DIR . 'core.get_include_path.php'); 54 | if(smarty_core_get_include_path($_params, $smarty)) { 55 | $_return = $_params['new_file_path']; 56 | break; 57 | } 58 | } 59 | } 60 | } 61 | $_filepaths_cache[$_plugin_filename] = $_return; 62 | return $_return; 63 | } 64 | 65 | /* vim: set expandtab: */ 66 | 67 | ?> 68 | -------------------------------------------------------------------------------- /init.php: -------------------------------------------------------------------------------- 1 | userId>0){ 64 | $show['user']=array( 65 | 'userId' =>$user->userId, 66 | 'userName' =>$user->userName, 67 | 'adminLevel' =>$user->adminLevel, 68 | 'token' =>$user->token, 69 | 'avatarImg' =>$user->avatarImg, 70 | 'avatarImg_s' =>$user->avatarImg_s, 71 | 'signature' =>$user->signature 72 | ); 73 | } 74 | 75 | unset($config); //清理config 76 | ?> -------------------------------------------------------------------------------- /libs/internals/core.load_resource_plugin.php: -------------------------------------------------------------------------------- 1 | _plugins['resource'][$params['type']]; 26 | if (isset($_plugin)) { 27 | if (!$_plugin[1] && count($_plugin[0])) { 28 | $_plugin[1] = true; 29 | foreach ($_plugin[0] as $_plugin_func) { 30 | if (!is_callable($_plugin_func)) { 31 | $_plugin[1] = false; 32 | break; 33 | } 34 | } 35 | } 36 | 37 | if (!$_plugin[1]) { 38 | $smarty->_trigger_fatal_error("[plugin] resource '" . $params['type'] . "' is not implemented", null, null, __FILE__, __LINE__); 39 | } 40 | 41 | return; 42 | } 43 | 44 | $_plugin_file = $smarty->_get_plugin_filepath('resource', $params['type']); 45 | $_found = ($_plugin_file != false); 46 | 47 | if ($_found) { /* 48 | * If the plugin file is found, it -must- provide the properly named 49 | * plugin functions. 50 | */ 51 | include_once($_plugin_file); 52 | 53 | /* 54 | * Locate functions that we require the plugin to provide. 55 | */ 56 | $_resource_ops = array('source', 'timestamp', 'secure', 'trusted'); 57 | $_resource_funcs = array(); 58 | foreach ($_resource_ops as $_op) { 59 | $_plugin_func = 'smarty_resource_' . $params['type'] . '_' . $_op; 60 | if (!function_exists($_plugin_func)) { 61 | $smarty->_trigger_fatal_error("[plugin] function $_plugin_func() not found in $_plugin_file", null, null, __FILE__, __LINE__); 62 | return; 63 | } else { 64 | $_resource_funcs[] = $_plugin_func; 65 | } 66 | } 67 | 68 | $smarty->_plugins['resource'][$params['type']] = array($_resource_funcs, true); 69 | } 70 | } 71 | 72 | /* vim: set expandtab: */ 73 | 74 | ?> 75 | -------------------------------------------------------------------------------- /themes/default/templates/project_viewcode.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | XSS Platform 6 | 7 | 8 | 9 | 10 | 11 | 12 | {literal} 13 | 16 | {/literal} 17 | 18 | 19 | {include file="header.html"} 20 |
21 | {include file="menus.html"} 22 |
23 |
24 |
项目代码
25 |
26 |

项目名称: {$project.title}

27 |

28 | 29 | 

 30 | {$code}
 31 |
32 |

33 | 34 |

将如下代码植入怀疑出现xss的地方(注意'的转义),即可在 项目内容 观看XSS效果。

35 | 
 36 | {$scriptShow1}
 37 |
38 |

39 |

40 | 或者 41 |

42 |

43 | 

 44 | {$scriptShow2}
 45 |
46 |

47 | 48 |

49 | 50 | 再或者以你任何想要的方式插入 51 | 52 |

53 | 54 |

55 | 

 56 | {$codeurl}
 57 |
58 |

59 |

60 | *************************************************网址缩短************************************************* 61 |

62 |

63 | 64 | 再或者以你任何想要的方式插入 65 | 66 |

67 | 68 |

69 | 

 70 | {$shortShow1}
 71 |
72 |

73 |

74 | 75 | 再或者以你任何想要的方式插入 76 | 77 |

78 | 79 |

80 | 

 81 | {$shortShow2}
 82 |
83 |

84 | 85 |

86 | 87 | 再或者以你任何想要的方式插入 88 | 89 |

90 | 91 |

92 | 

 93 | {$shortShow3}
 94 |
95 |

96 | 97 |

98 | {if $ty=='create'} 99 | 100 | {else} 101 | 102 | {/if} 103 |

104 |
105 |
106 |
107 |
108 | 109 | -------------------------------------------------------------------------------- /templates_c/%%79^79C^79CD1430%%user_seting.html.php: -------------------------------------------------------------------------------- 1 | 3 | 4 | 5 | 6 | 7 | XSS Platform 8 | 9 | 11 | 13 | 15 | 17 | 19 | 21 | function CheckAll(obj){ 22 | if($(obj).is(":checked")){ 23 | $(".checon").attr("checked","checked"); 24 | }else{ 25 | $(".checon").removeAttr("checked"); 26 | } 27 | } 28 | 29 | '; ?> 30 | 31 | 32 | 33 | _tpl_vars; 34 | $this->_smarty_include(array('smarty_include_tpl_file' => "header.html", 'smarty_include_vars' => array())); 35 | $this->_tpl_vars = $_smarty_tpl_vars; 36 | unset($_smarty_tpl_vars); 37 | ?> 38 |
39 | _tpl_vars; 40 | $this->_smarty_include(array('smarty_include_tpl_file' => "menus.html", 'smarty_include_vars' => array())); 41 | $this->_tpl_vars = $_smarty_tpl_vars; 42 | unset($_smarty_tpl_vars); 43 | ?> 44 |
45 |
46 |
个人设置
47 |
49 |
50 | 邮箱:_tpl_vars['email']; ?> 51 | 52 |
发送邮件提醒:_tpl_vars['input1']; ?> 53 | 54 |
55 |
56 | 手机: 58 |

59 | 发送短信提醒:_tpl_vars['input2']; ?> 60 | 61 | 62 |

63 |
64 |
65 |
66 | 67 | -------------------------------------------------------------------------------- /themes/default/templates/header.html: -------------------------------------------------------------------------------- 1 |
2 |
3 |
4 | 9 | XSS Platform 10 |
11 |
12 | 19 | {if $show.user.userId<1} 20 | 29 | {/if} 30 | {if $show.user.userId>0} 31 | 47 | {/if} 48 |
49 |
50 |
-------------------------------------------------------------------------------- /libs/internals/core.rm_auto.php: -------------------------------------------------------------------------------- 1 | $params['auto_base'], 28 | 'level' => 0, 29 | 'exp_time' => $params['exp_time'] 30 | ); 31 | require_once(SMARTY_CORE_DIR . 'core.rmdir.php'); 32 | $_res = smarty_core_rmdir($_params, $smarty); 33 | } else { 34 | $_tname = $smarty->_get_auto_filename($params['auto_base'], $params['auto_source'], $params['auto_id']); 35 | 36 | if(isset($params['auto_source'])) { 37 | if (isset($params['extensions'])) { 38 | $_res = false; 39 | foreach ((array)$params['extensions'] as $_extension) 40 | $_res |= $smarty->_unlink($_tname.$_extension, $params['exp_time']); 41 | } else { 42 | $_res = $smarty->_unlink($_tname, $params['exp_time']); 43 | } 44 | } elseif ($smarty->use_sub_dirs) { 45 | $_params = array( 46 | 'dirname' => $_tname, 47 | 'level' => 1, 48 | 'exp_time' => $params['exp_time'] 49 | ); 50 | require_once(SMARTY_CORE_DIR . 'core.rmdir.php'); 51 | $_res = smarty_core_rmdir($_params, $smarty); 52 | } else { 53 | // remove matching file names 54 | $_handle = opendir($params['auto_base']); 55 | $_res = true; 56 | while (false !== ($_filename = readdir($_handle))) { 57 | if($_filename == '.' || $_filename == '..') { 58 | continue; 59 | } elseif (substr($params['auto_base'] . DIRECTORY_SEPARATOR . $_filename, 0, strlen($_tname)) == $_tname) { 60 | $_res &= (bool)$smarty->_unlink($params['auto_base'] . DIRECTORY_SEPARATOR . $_filename, $params['exp_time']); 61 | } 62 | } 63 | } 64 | } 65 | 66 | return $_res; 67 | } 68 | 69 | /* vim: set expandtab: */ 70 | 71 | ?> 72 | -------------------------------------------------------------------------------- /libs/internals/core.process_cached_inserts.php: -------------------------------------------------------------------------------- 1 | _smarty_md5.'{insert_cache (.*)}'.$smarty->_smarty_md5.'!Uis', 17 | $params['results'], $match); 18 | list($cached_inserts, $insert_args) = $match; 19 | 20 | for ($i = 0, $for_max = count($cached_inserts); $i < $for_max; $i++) { 21 | if ($smarty->debugging) { 22 | $_params = array(); 23 | require_once(SMARTY_CORE_DIR . 'core.get_microtime.php'); 24 | $debug_start_time = smarty_core_get_microtime($_params, $smarty); 25 | } 26 | 27 | $args = unserialize($insert_args[$i]); 28 | $name = $args['name']; 29 | 30 | if (isset($args['script'])) { 31 | $_params = array('resource_name' => $smarty->_dequote($args['script'])); 32 | require_once(SMARTY_CORE_DIR . 'core.get_php_resource.php'); 33 | if(!smarty_core_get_php_resource($_params, $smarty)) { 34 | return false; 35 | } 36 | $resource_type = $_params['resource_type']; 37 | $php_resource = $_params['php_resource']; 38 | 39 | 40 | if ($resource_type == 'file') { 41 | $smarty->_include($php_resource, true); 42 | } else { 43 | $smarty->_eval($php_resource); 44 | } 45 | } 46 | 47 | $function_name = $smarty->_plugins['insert'][$name][0]; 48 | if (empty($args['assign'])) { 49 | $replace = $function_name($args, $smarty); 50 | } else { 51 | $smarty->assign($args['assign'], $function_name($args, $smarty)); 52 | $replace = ''; 53 | } 54 | 55 | $params['results'] = substr_replace($params['results'], $replace, strpos($params['results'], $cached_inserts[$i]), strlen($cached_inserts[$i])); 56 | if ($smarty->debugging) { 57 | $_params = array(); 58 | require_once(SMARTY_CORE_DIR . 'core.get_microtime.php'); 59 | $smarty->_smarty_debug_info[] = array('type' => 'insert', 60 | 'filename' => 'insert_'.$name, 61 | 'depth' => $smarty->_inclusion_depth, 62 | 'exec_time' => smarty_core_get_microtime($_params, $smarty) - $debug_start_time); 63 | } 64 | } 65 | 66 | return $params['results']; 67 | } 68 | 69 | /* vim: set expandtab: */ 70 | 71 | ?> 72 | -------------------------------------------------------------------------------- /libs/internals/core.get_php_resource.php: -------------------------------------------------------------------------------- 1 | trusted_dir; 22 | $smarty->_parse_resource_name($params, $smarty); 23 | 24 | /* 25 | * Find out if the resource exists. 26 | */ 27 | 28 | if ($params['resource_type'] == 'file') { 29 | $_readable = false; 30 | if(file_exists($params['resource_name']) && is_readable($params['resource_name'])) { 31 | $_readable = true; 32 | } else { 33 | // test for file in include_path 34 | $_params = array('file_path' => $params['resource_name']); 35 | require_once(SMARTY_CORE_DIR . 'core.get_include_path.php'); 36 | if(smarty_core_get_include_path($_params, $smarty)) { 37 | $_include_path = $_params['new_file_path']; 38 | $_readable = true; 39 | } 40 | } 41 | } else if ($params['resource_type'] != 'file') { 42 | $_template_source = null; 43 | $_readable = is_callable($smarty->_plugins['resource'][$params['resource_type']][0][0]) 44 | && call_user_func_array($smarty->_plugins['resource'][$params['resource_type']][0][0], 45 | array($params['resource_name'], &$_template_source, &$smarty)); 46 | } 47 | 48 | /* 49 | * Set the error function, depending on which class calls us. 50 | */ 51 | if (method_exists($smarty, '_syntax_error')) { 52 | $_error_funcc = '_syntax_error'; 53 | } else { 54 | $_error_funcc = 'trigger_error'; 55 | } 56 | 57 | if ($_readable) { 58 | if ($smarty->security) { 59 | require_once(SMARTY_CORE_DIR . 'core.is_trusted.php'); 60 | if (!smarty_core_is_trusted($params, $smarty)) { 61 | $smarty->$_error_funcc('(secure mode) ' . $params['resource_type'] . ':' . $params['resource_name'] . ' is not trusted'); 62 | return false; 63 | } 64 | } 65 | } else { 66 | $smarty->$_error_funcc($params['resource_type'] . ':' . $params['resource_name'] . ' is not readable'); 67 | return false; 68 | } 69 | 70 | if ($params['resource_type'] == 'file') { 71 | $params['php_resource'] = $params['resource_name']; 72 | } else { 73 | $params['php_resource'] = $_template_source; 74 | } 75 | return true; 76 | } 77 | 78 | /* vim: set expandtab: */ 79 | 80 | ?> 81 | -------------------------------------------------------------------------------- /templates_c/%%1A^1AB^1AB9BADF%%login.html.php: -------------------------------------------------------------------------------- 1 | 3 | 4 | 5 | 6 | 7 | XSS Platform 8 | 9 | 11 | 13 | 15 | 17 | 19 | 21 | function Login(){ 22 | if($("#user").val()==""){ 23 | ShowError("用户名不能为空"); 24 | return false; 25 | } 26 | if($("#pwd").val()==""){ 27 | ShowError("密码不能为空"); 28 | return false; 29 | } 30 | } 31 | function ShowError(content){ 32 | $("#contentShow").attr("class","error"); 33 | $("#contentShow").html(content); 34 | } 35 | 36 | '; ?> 37 | 38 | 39 | 40 | _tpl_vars; 41 | $this->_smarty_include(array('smarty_include_tpl_file' => "header.html", 'smarty_include_vars' => array())); 42 | $this->_tpl_vars = $_smarty_tpl_vars; 43 | unset($_smarty_tpl_vars); 44 | ?> 45 | 46 |
47 | 70 |
71 | 72 | 73 | -------------------------------------------------------------------------------- /libs/internals/core.create_dir_structure.php: -------------------------------------------------------------------------------- 1 | _dir_perms) && !is_dir($_new_dir)) { 69 | //$smarty->trigger_error("problem creating directory '" . $_new_dir . "'"); 70 | //return false; 71 | } 72 | $_new_dir .= '/'; 73 | } 74 | } 75 | } 76 | 77 | /* vim: set expandtab: */ 78 | 79 | ?> 80 | -------------------------------------------------------------------------------- /templates_c/%%95^95A^95A55B08%%project_create.html.php: -------------------------------------------------------------------------------- 1 | 3 | 4 | 5 | 6 | 7 | XSS Platform 8 | 9 | 11 | 13 | 15 | 17 | 19 | 21 | function SubmitContent(){ 22 | if($("#title").val()==""){ 23 | ShowError("项目名称不能为空"); 24 | return false; 25 | } 26 | $("#contentForm").submit(); 27 | } 28 | function ShowError(content){ 29 | $("#contentShow").attr("class","alert alert-danger"); 30 | $("#contentShow").html(content); 31 | } 32 | 33 | '; ?> 34 | 35 | 36 | 37 | _tpl_vars; 38 | $this->_smarty_include(array('smarty_include_tpl_file' => "header.html", 'smarty_include_vars' => array())); 39 | $this->_tpl_vars = $_smarty_tpl_vars; 40 | unset($_smarty_tpl_vars); 41 | ?> 42 |
43 | _tpl_vars; 44 | $this->_smarty_include(array('smarty_include_tpl_file' => "menus.html", 'smarty_include_vars' => array())); 45 | $this->_tpl_vars = $_smarty_tpl_vars; 46 | unset($_smarty_tpl_vars); 47 | ?> 48 |
49 |
50 |
创建项目
51 |
53 | 55 |
56 |
57 |

58 |
59 | 60 |

61 | 62 |

63 |
64 | 65 |

66 |

67 |    68 | 69 |

70 |
71 |
72 |
73 |
74 |
75 | 76 | 77 | -------------------------------------------------------------------------------- /libs/internals/core.run_insert_handler.php: -------------------------------------------------------------------------------- 1 | debugging) { 19 | $_params = array(); 20 | $_debug_start_time = smarty_core_get_microtime($_params, $smarty); 21 | } 22 | 23 | if ($smarty->caching) { 24 | $_arg_string = serialize($params['args']); 25 | $_name = $params['args']['name']; 26 | if (!isset($smarty->_cache_info['insert_tags'][$_name])) { 27 | $smarty->_cache_info['insert_tags'][$_name] = array('insert', 28 | $_name, 29 | $smarty->_plugins['insert'][$_name][1], 30 | $smarty->_plugins['insert'][$_name][2], 31 | !empty($params['args']['script']) ? true : false); 32 | } 33 | return $smarty->_smarty_md5."{insert_cache $_arg_string}".$smarty->_smarty_md5; 34 | } else { 35 | if (isset($params['args']['script'])) { 36 | $_params = array('resource_name' => $smarty->_dequote($params['args']['script'])); 37 | require_once(SMARTY_CORE_DIR . 'core.get_php_resource.php'); 38 | if(!smarty_core_get_php_resource($_params, $smarty)) { 39 | return false; 40 | } 41 | 42 | if ($_params['resource_type'] == 'file') { 43 | $smarty->_include($_params['php_resource'], true); 44 | } else { 45 | $smarty->_eval($_params['php_resource']); 46 | } 47 | unset($params['args']['script']); 48 | } 49 | 50 | $_funcname = $smarty->_plugins['insert'][$params['args']['name']][0]; 51 | $_content = $_funcname($params['args'], $smarty); 52 | if ($smarty->debugging) { 53 | $_params = array(); 54 | require_once(SMARTY_CORE_DIR . 'core.get_microtime.php'); 55 | $smarty->_smarty_debug_info[] = array('type' => 'insert', 56 | 'filename' => 'insert_'.$params['args']['name'], 57 | 'depth' => $smarty->_inclusion_depth, 58 | 'exec_time' => smarty_core_get_microtime($_params, $smarty) - $_debug_start_time); 59 | } 60 | 61 | if (!empty($params['args']["assign"])) { 62 | $smarty->assign($params['args']["assign"], $_content); 63 | } else { 64 | return $_content; 65 | } 66 | } 67 | } 68 | 69 | /* vim: set expandtab: */ 70 | 71 | ?> 72 | -------------------------------------------------------------------------------- /libs/plugins/outputfilter.trimwhitespace.php: -------------------------------------------------------------------------------- 1 | 12 | * Type: outputfilter
13 | * Name: trimwhitespace
14 | * Date: Jan 25, 2003
15 | * Purpose: trim leading white space and blank lines from 16 | * template source after it gets interpreted, cleaning 17 | * up code and saving bandwidth. Does not affect 18 | * <
>
and blocks.
19 | * Install: Drop into the plugin directory, call 20 | * $smarty->load_filter('output','trimwhitespace'); 21 | * from application. 22 | * @author Monte Ohrt 23 | * @author Contributions from Lars Noschinski 24 | * @version 1.3 25 | * @param string 26 | * @param Smarty 27 | */ 28 | function smarty_outputfilter_trimwhitespace($source, &$smarty) 29 | { 30 | // Pull out the script blocks 31 | preg_match_all("!]*?>.*?!is", $source, $match); 32 | $_script_blocks = $match[0]; 33 | $source = preg_replace("!]*?>.*?!is", 34 | '@@@SMARTY:TRIM:SCRIPT@@@', $source); 35 | 36 | // Pull out the pre blocks 37 | preg_match_all("!]*?>.*?!is", $source, $match); 38 | $_pre_blocks = $match[0]; 39 | $source = preg_replace("!]*?>.*?!is", 40 | '@@@SMARTY:TRIM:PRE@@@', $source); 41 | 42 | // Pull out the textarea blocks 43 | preg_match_all("!]*?>.*?!is", $source, $match); 44 | $_textarea_blocks = $match[0]; 45 | $source = preg_replace("!]*?>.*?!is", 46 | '@@@SMARTY:TRIM:TEXTAREA@@@', $source); 47 | 48 | // remove all leading spaces, tabs and carriage returns NOT 49 | // preceeded by a php close tag. 50 | $source = trim(preg_replace('/((?)\n)[\s]+/m', '\1', $source)); 51 | 52 | // replace textarea blocks 53 | smarty_outputfilter_trimwhitespace_replace("@@@SMARTY:TRIM:TEXTAREA@@@",$_textarea_blocks, $source); 54 | 55 | // replace pre blocks 56 | smarty_outputfilter_trimwhitespace_replace("@@@SMARTY:TRIM:PRE@@@",$_pre_blocks, $source); 57 | 58 | // replace script blocks 59 | smarty_outputfilter_trimwhitespace_replace("@@@SMARTY:TRIM:SCRIPT@@@",$_script_blocks, $source); 60 | 61 | return $source; 62 | } 63 | 64 | function smarty_outputfilter_trimwhitespace_replace($search_str, $replace, &$subject) { 65 | $_len = strlen($search_str); 66 | $_pos = 0; 67 | for ($_i=0, $_count=count($replace); $_i<$_count; $_i++) 68 | if (($_pos=strpos($subject, $search_str, $_pos))!==false) 69 | $subject = substr_replace($subject, $replace[$_i], $_pos, $_len); 70 | else 71 | break; 72 | 73 | } 74 | 75 | ?> 76 | -------------------------------------------------------------------------------- /libs/plugins/function.math.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: math
14 | * Purpose: handle math computations in template
15 | * @link http://smarty.php.net/manual/en/language.function.math.php {math} 16 | * (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param array 19 | * @param Smarty 20 | * @return string 21 | */ 22 | function smarty_function_math($params, &$smarty) 23 | { 24 | // be sure equation parameter is present 25 | if (empty($params['equation'])) { 26 | $smarty->trigger_error("math: missing equation parameter"); 27 | return; 28 | } 29 | 30 | // strip out backticks, not necessary for math 31 | $equation = str_replace('`','',$params['equation']); 32 | 33 | // make sure parenthesis are balanced 34 | if (substr_count($equation,"(") != substr_count($equation,")")) { 35 | $smarty->trigger_error("math: unbalanced parenthesis"); 36 | return; 37 | } 38 | 39 | // match all vars in equation, make sure all are passed 40 | preg_match_all("!(?:0x[a-fA-F0-9]+)|([a-zA-Z][a-zA-Z0-9_]+)!",$equation, $match); 41 | $allowed_funcs = array('int','abs','ceil','cos','exp','floor','log','log10', 42 | 'max','min','pi','pow','rand','round','sin','sqrt','srand','tan'); 43 | 44 | foreach($match[1] as $curr_var) { 45 | if ($curr_var && !in_array($curr_var, array_keys($params)) && !in_array($curr_var, $allowed_funcs)) { 46 | $smarty->trigger_error("math: function call $curr_var not allowed"); 47 | return; 48 | } 49 | } 50 | 51 | foreach($params as $key => $val) { 52 | if ($key != "equation" && $key != "format" && $key != "assign") { 53 | // make sure value is not empty 54 | if (strlen($val)==0) { 55 | $smarty->trigger_error("math: parameter $key is empty"); 56 | return; 57 | } 58 | if (!is_numeric($val)) { 59 | $smarty->trigger_error("math: parameter $key: is not numeric"); 60 | return; 61 | } 62 | $equation = preg_replace("/\b$key\b/", " \$params['$key'] ", $equation); 63 | } 64 | } 65 | 66 | eval("\$smarty_math_result = ".$equation.";"); 67 | 68 | if (empty($params['format'])) { 69 | if (empty($params['assign'])) { 70 | return $smarty_math_result; 71 | } else { 72 | $smarty->assign($params['assign'],$smarty_math_result); 73 | } 74 | } else { 75 | if (empty($params['assign'])){ 76 | printf($params['format'],$smarty_math_result); 77 | } else { 78 | $smarty->assign($params['assign'],sprintf($params['format'],$smarty_math_result)); 79 | } 80 | } 81 | } 82 | 83 | /* vim: set expandtab: */ 84 | 85 | ?> 86 | -------------------------------------------------------------------------------- /themes/default/templates/module_view.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | XSS Platform 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | {include file="header.html"} 15 |
16 | {include file="menus.html"} 17 |
18 |
19 |
查看模块信息
20 |
21 | 22 | 23 |
24 |
25 |

26 |
27 | 28 |

29 |

30 |
31 | 32 |

33 |

34 |
35 |

    36 | {foreach from=$keys item=v} 37 |
  • {$v}
    • 38 | {/foreach} 39 |
40 |

41 |

42 |
43 |

    44 | {foreach from=$setkeys item=v} 45 |
  • {$v}
    • 46 | {/foreach} 47 |
48 |

49 |

50 | ({literal}{projectId}为项目id,{set.***}为***配置参数{/literal})
51 | 52 |

53 | {if $module.isOpen==0} 54 |

55 | 56 | 私有 57 | 公开 58 |
59 |

60 | {/if} 61 |

62 | 63 |

64 |
65 |
66 |
67 |
68 |
69 | 70 | -------------------------------------------------------------------------------- /templates_c/%%60^602^602CA7AB%%menus.html.php: -------------------------------------------------------------------------------- 1 | 3 |
4 |
5 |
我的项目创建
8 |
9 |
    10 | _tpl_vars['projects']; if (!is_array($_from) && !is_object($_from)) { settype($_from, 'array'); }if (count($_from)): 11 | foreach ($_from as $this->_tpl_vars['v']): 12 | ?> 13 |
  • _tpl_vars['v']['title']; ?> 16 |
    • 17 | 18 |
19 |
20 |
21 | 22 |
23 |
我的模块创建
26 |
27 |
    28 | _tpl_vars['modules']; if (!is_array($_from) && !is_object($_from)) { settype($_from, 'array'); }if (count($_from)): 29 | foreach ($_from as $this->_tpl_vars['v']): 30 | ?> 31 | _tpl_vars['v']['isOpen'] == 0 || ( $this->_tpl_vars['v']['isOpen'] == 1 && $this->_tpl_vars['v']['isAudit'] == 0 )): ?> 32 |
  • _tpl_vars['v']['title']; ?> 35 |
    • 36 | 37 | 38 |
39 |
40 |
41 | 42 |
43 |
公共模块
45 |
46 |
    47 | _tpl_vars['modules']; if (!is_array($_from) && !is_object($_from)) { settype($_from, 'array'); }if (count($_from)): 48 | foreach ($_from as $this->_tpl_vars['v']): 49 | ?> 50 | _tpl_vars['v']['isOpen'] == 1 && $this->_tpl_vars['v']['isAudit'] == 1): ?> 51 |
  • _tpl_vars['v']['title']; ?> 54 |
    • 55 | 56 | 57 |
58 |
59 |
60 |
-------------------------------------------------------------------------------- /templates_c/%%71^714^714F4B17%%header.html.php: -------------------------------------------------------------------------------- 1 | 3 | 
4 |
5 |
6 | 11 | XSS Platform 13 |
14 |
15 | 23 | _tpl_vars['show']['user']['userId'] < 1): ?> 24 | 35 | 36 | _tpl_vars['show']['user']['userId'] > 0): ?> 37 | 57 | 58 |
59 |
60 |
-------------------------------------------------------------------------------- /libs/plugins/modifier.escape.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: escape
14 | * Purpose: Escape the string according to escapement type 15 | * @link http://smarty.php.net/manual/en/language.modifier.escape.php 16 | * escape (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param string 19 | * @param html|htmlall|url|quotes|hex|hexentity|javascript 20 | * @return string 21 | */ 22 | function smarty_modifier_escape($string, $esc_type = 'html', $char_set = 'ISO-8859-1') 23 | { 24 | switch ($esc_type) { 25 | case 'html': 26 | return htmlspecialchars($string, ENT_QUOTES, $char_set); 27 | 28 | case 'htmlall': 29 | return htmlentities($string, ENT_QUOTES, $char_set); 30 | 31 | case 'url': 32 | return rawurlencode($string); 33 | 34 | case 'urlpathinfo': 35 | return str_replace('%2F','/',rawurlencode($string)); 36 | 37 | case 'quotes': 38 | // escape unescaped single quotes 39 | return preg_replace("%(?'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n',''<\/')); 66 | 67 | case 'mail': 68 | // safe way to display e-mail address on a web page 69 | return str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $string); 70 | 71 | case 'nonstd': 72 | // escape non-standard chars, such as ms document quotes 73 | $_res = ''; 74 | for($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) { 75 | $_ord = ord(substr($string, $_i, 1)); 76 | // non-standard char, escape it 77 | if($_ord >= 126){ 78 | $_res .= '&#' . $_ord . ';'; 79 | } 80 | else { 81 | $_res .= substr($string, $_i, 1); 82 | } 83 | } 84 | return $_res; 85 | 86 | default: 87 | return $string; 88 | } 89 | } 90 | 91 | /* vim: set expandtab: */ 92 | 93 | ?> 94 | -------------------------------------------------------------------------------- /templates_c/%%6D^6DE^6DE43985%%user_invite.html.php: -------------------------------------------------------------------------------- 1 | 3 | array(array('modifier', 'count', 'user_invite.html', 22, false),)), $this); ?> 5 | 6 | 7 | 8 | 9 | XSS Platform 10 | 11 | 13 | 15 | 17 | 19 | 21 | 22 | 23 | _tpl_vars; 24 | $this->_smarty_include(array('smarty_include_tpl_file' => "header.html", 'smarty_include_vars' => array())); 25 | $this->_tpl_vars = $_smarty_tpl_vars; 26 | unset($_smarty_tpl_vars); 27 | ?> 28 |
29 |
30 |
31 |
邀请码生成
32 |
33 |

未使用的邀请码

34 | 35 | 乌云币奖品邀请码 (_tpl_vars['codesWooyun']); ?> 36 | ) 37 | 生成奖品邀请码 39 | 40 | 41 | 42 | 43 | 44 | 45 | _tpl_vars['codesWooyun']; if (!is_array($_from) && !is_object($_from)) { settype($_from, 'array'); }if (count($_from)): 46 | foreach ($_from as $this->_tpl_vars['v']): 47 | ?> 48 | 49 | 51 | 52 | 53 | 54 |
邀请码 (生成时间倒序排列)
_tpl_vars['v']['code']; ?> 50 |
55 | 56 | 57 | 其它邀请码 (_tpl_vars['codesOther']); ?> 58 | )生成其它邀请码 60 | 61 | 62 | 63 | 64 | 65 | 66 | _tpl_vars['codesOther']; if (!is_array($_from) && !is_object($_from)) { settype($_from, 'array'); }if (count($_from)): 67 | foreach ($_from as $this->_tpl_vars['v']): 68 | ?> 69 | 70 | 72 | 73 | 74 | 75 |
邀请码 (生成时间倒序排列)
_tpl_vars['v']['code']; ?> 71 |
76 |
77 |
78 |
79 |
80 | 81 | -------------------------------------------------------------------------------- /libs/plugins/modifier.debug_print_var.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: debug_print_var
14 | * Purpose: formats variable contents for display in the console 15 | * @link http://smarty.php.net/manual/en/language.modifier.debug.print.var.php 16 | * debug_print_var (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param array|object 19 | * @param integer 20 | * @param integer 21 | * @return string 22 | */ 23 | function smarty_modifier_debug_print_var($var, $depth = 0, $length = 40) 24 | { 25 | $_replace = array( 26 | "\n" => '\n', 27 | "\r" => '\r', 28 | "\t" => '\t' 29 | ); 30 | 31 | switch (gettype($var)) { 32 | case 'array' : 33 | $results = 'Array (' . count($var) . ')'; 34 | foreach ($var as $curr_key => $curr_val) { 35 | $results .= '
' . str_repeat(' ', $depth * 2) 36 | . '' . strtr($curr_key, $_replace) . ' => ' 37 | . smarty_modifier_debug_print_var($curr_val, ++$depth, $length); 38 | $depth--; 39 | } 40 | break; 41 | case 'object' : 42 | $object_vars = get_object_vars($var); 43 | $results = '' . get_class($var) . ' Object (' . count($object_vars) . ')'; 44 | foreach ($object_vars as $curr_key => $curr_val) { 45 | $results .= '
' . str_repeat(' ', $depth * 2) 46 | . ' ->' . strtr($curr_key, $_replace) . ' = ' 47 | . smarty_modifier_debug_print_var($curr_val, ++$depth, $length); 48 | $depth--; 49 | } 50 | break; 51 | case 'boolean' : 52 | case 'NULL' : 53 | case 'resource' : 54 | if (true === $var) { 55 | $results = 'true'; 56 | } elseif (false === $var) { 57 | $results = 'false'; 58 | } elseif (null === $var) { 59 | $results = 'null'; 60 | } else { 61 | $results = htmlspecialchars((string) $var); 62 | } 63 | $results = '' . $results . ''; 64 | break; 65 | case 'integer' : 66 | case 'float' : 67 | $results = htmlspecialchars((string) $var); 68 | break; 69 | case 'string' : 70 | $results = strtr($var, $_replace); 71 | if (strlen($var) > $length ) { 72 | $results = substr($var, 0, $length - 3) . '...'; 73 | } 74 | $results = htmlspecialchars('"' . $results . '"'); 75 | break; 76 | case 'unknown type' : 77 | default : 78 | $results = strtr((string) $var, $_replace); 79 | if (strlen($results) > $length ) { 80 | $results = substr($results, 0, $length - 3) . '...'; 81 | } 82 | $results = htmlspecialchars($results); 83 | } 84 | 85 | return $results; 86 | } 87 | 88 | /* vim: set expandtab: */ 89 | 90 | ?> 91 | -------------------------------------------------------------------------------- /libs/plugins/block.textformat.php: -------------------------------------------------------------------------------- 1 | 12 | * Name: textformat
13 | * Purpose: format text a certain way with preset styles 14 | * or custom wrap/indent settings
15 | * @link http://smarty.php.net/manual/en/language.function.textformat.php {textformat} 16 | * (Smarty online manual) 17 | * @param array 18 | * 
 19 |  * Params:   style: string (email)
 20 |  *           indent: integer (0)
 21 |  *           wrap: integer (80)
 22 |  *           wrap_char string ("\n")
 23 |  *           indent_char: string (" ")
 24 |  *           wrap_boundary: boolean (true)
 25 |  *
26 | * @author Monte Ohrt 27 | * @param string contents of the block 28 | * @param Smarty clever simulation of a method 29 | * @return string string $content re-formatted 30 | */ 31 | function smarty_block_textformat($params, $content, &$smarty) 32 | { 33 | if (is_null($content)) { 34 | return; 35 | } 36 | 37 | $style = null; 38 | $indent = 0; 39 | $indent_first = 0; 40 | $indent_char = ' '; 41 | $wrap = 80; 42 | $wrap_char = "\n"; 43 | $wrap_cut = false; 44 | $assign = null; 45 | 46 | foreach ($params as $_key => $_val) { 47 | switch ($_key) { 48 | case 'style': 49 | case 'indent_char': 50 | case 'wrap_char': 51 | case 'assign': 52 | $$_key = (string)$_val; 53 | break; 54 | 55 | case 'indent': 56 | case 'indent_first': 57 | case 'wrap': 58 | $$_key = (int)$_val; 59 | break; 60 | 61 | case 'wrap_cut': 62 | $$_key = (bool)$_val; 63 | break; 64 | 65 | default: 66 | $smarty->trigger_error("textformat: unknown attribute '$_key'"); 67 | } 68 | } 69 | 70 | if ($style == 'email') { 71 | $wrap = 72; 72 | } 73 | 74 | // split into paragraphs 75 | $_paragraphs = preg_split('![\r\n][\r\n]!',$content); 76 | $_output = ''; 77 | 78 | for($_x = 0, $_y = count($_paragraphs); $_x < $_y; $_x++) { 79 | if ($_paragraphs[$_x] == '') { 80 | continue; 81 | } 82 | // convert mult. spaces & special chars to single space 83 | $_paragraphs[$_x] = preg_replace(array('!\s+!','!(^\s+)|(\s+$)!'), array(' ',''), $_paragraphs[$_x]); 84 | // indent first line 85 | if($indent_first > 0) { 86 | $_paragraphs[$_x] = str_repeat($indent_char, $indent_first) . $_paragraphs[$_x]; 87 | } 88 | // wordwrap sentences 89 | $_paragraphs[$_x] = wordwrap($_paragraphs[$_x], $wrap - $indent, $wrap_char, $wrap_cut); 90 | // indent lines 91 | if($indent > 0) { 92 | $_paragraphs[$_x] = preg_replace('!^!m', str_repeat($indent_char, $indent), $_paragraphs[$_x]); 93 | } 94 | } 95 | $_output = implode($wrap_char . $wrap_char, $_paragraphs); 96 | 97 | return $assign ? $smarty->assign($assign, $_output) : $_output; 98 | 99 | } 100 | 101 | /* vim: set expandtab: */ 102 | 103 | ?> 104 | -------------------------------------------------------------------------------- /templates_c/%%77^774^774BE9C9%%index.html.php: -------------------------------------------------------------------------------- 1 | 3 | array(array('modifier', 'date_format', 'index.html', 36, false),)), $this); ?> 5 | 6 | 7 | 8 | 9 | XSS Platform 10 | 11 | 13 | 15 | 17 | 19 | 21 | 22 | 23 | _tpl_vars; 24 | $this->_smarty_include(array('smarty_include_tpl_file' => "header.html", 'smarty_include_vars' => array())); 25 | $this->_tpl_vars = $_smarty_tpl_vars; 26 | unset($_smarty_tpl_vars); 27 | ?> 28 |
29 | _tpl_vars; 30 | $this->_smarty_include(array('smarty_include_tpl_file' => "menus.html", 'smarty_include_vars' => array())); 31 | $this->_tpl_vars = $_smarty_tpl_vars; 32 | unset($_smarty_tpl_vars); 33 | ?> 34 |
35 |
36 |
我的项目创建项目
38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | _tpl_vars['projects']; if (!is_array($_from) && !is_object($_from)) { settype($_from, 'array'); }if (count($_from)): 50 | foreach ($_from as $this->_tpl_vars['v']): 51 | ?> 52 | 53 | 57 | 59 | 61 | 63 | 69 | 70 | 71 | 72 |
项目名称项目描述内容数创建时间操作
_tpl_vars['v']['title']; ?> 56 | _tpl_vars['v']['description']; ?> 58 | _tpl_vars['v']['contentNum']; ?> 60 | _tpl_vars['v']['addTime'])) ? $this->_run_mod_handler('date_format', true, $_tmp, '%Y-%m-%d') : smarty_modifier_date_format($_tmp, '%Y-%m-%d')); ?> 62 | 64 | 删除 68 |
73 |
74 | 75 |
76 |
77 | 78 | -------------------------------------------------------------------------------- /source/class/Pager.class.php: -------------------------------------------------------------------------------- 1 | pNO=empty($pageNO) ? 1 : $pageNO; 15 | $this->pRN=intval($pRN); 16 | $this->pNavRN=empty($pNavRN) ? 5 : intval($pNavRN); 17 | $this->sql=$sql; 18 | $this->countSql=$countSql; 19 | $this->href=$href; 20 | $this->GetData(); 21 | $this->GetNav(); 22 | } 23 | /* data */ 24 | private function GetData(){ 25 | global $db; 26 | $this->sum=$db->FirstValue($this->countSql); 27 | $this->pSum=ceil($this->sum/$this->pRN); 28 | $this->data=$db->Dataset($this->sql.' LIMIT '.($this->pNO-1)*$this->pRN.','.$this->pRN); 29 | } 30 | /* page navigation */ 31 | private function GetNav(){ 32 | if(strrpos($this->href,'?')===false) $this->hrefC='?'; 33 | //first 34 | if($this->pSum>1 && $this->pNO>1) $this->nav.='首页'; 35 | //front 36 | if($this->pNO>1) $this->nav.='上一页'; 37 | //num 38 | if($this->pSum<=$this->pNavRN){ 39 | $this->PageNo(1,$this->pSum); 40 | }else{ 41 | if($this->pNO<$this->pNavRN){ 42 | $this->PageNo(1,$this->pNavRN); 43 | }elseif($this->pNO>=$this->pNavRN && $this->pNO<=$this->pSum-$this->pNavRN){ 44 | $this->PageNo($this->pNO-$this->pNavRN+1,$this->pNO+$this->pNavRN-1); 45 | }elseif($this->pNO>$this->pSum-$this->pNavRN){ 46 | $this->PageNo($this->pSum-$this->pNavRN,$this->pSum); 47 | } 48 | } 49 | //next 50 | if($this->pNO<$this->pSum) $this->nav.='下一页'; 51 | //last 52 | if($this->pSum>1 && $this->pNO<$this->pSum) $this->nav.='尾页'; 53 | } 54 | private function PageNo($first,$last){ 55 | for($i=$first;$i<=$last;$i++){ 56 | $this->pages[]=$i; 57 | if($this->pNO==$i) $this->nav.=''.$i.''; 58 | else $this->nav.=''.$i.''; 59 | } 60 | } 61 | /* page nav arr */ 62 | public static function GetPageNav($sum,$pNO=1,$hrefPrefix='',$pRN=20,$pNavRN=5){ 63 | $pNO=$pNO<=0 ? 1 : $pNO; 64 | $pSum=ceil($sum/$pRN); 65 | $pages=array(); 66 | if($pSum<=$pNavRN){ 67 | for($i=1;$i<=$pSum;$i++){ 68 | $pages[]=$i; 69 | } 70 | }else{ 71 | if($pNO<$pNavRN){ 72 | for($i=1;$i<=$pNavRN;$i++){ 73 | $pages[]=$i; 74 | } 75 | }elseif($pNO>=$pNavRN && $pNO<=$pSum-$pNavRN){ 76 | for($i=$pNO-$pNavRN+1;$i<=$pNO+$pNavRN-1;$i++){ 77 | $pages[]=$i; 78 | } 79 | }elseif($pNO>$pSum-$pNavRN){ 80 | for($i=$pSum-$pNavRN;$i<=$pSum;$i++){ 81 | $pages[]=$i; 82 | } 83 | } 84 | } 85 | $page=array( 86 | 'sum'=>$sum, 87 | 'pNO'=>$pNO, 88 | 'pSum'=>$pSum, 89 | 'hrefPrefix'=>$hrefPrefix, 90 | 'pages'=>$pages 91 | ); 92 | return $page; 93 | } 94 | } 95 | ?> -------------------------------------------------------------------------------- /templates_c/%%4D^4D3^4D30CF2A%%project_viewcode.html.php: -------------------------------------------------------------------------------- 1 | 3 | 4 | 5 | 6 | 7 | XSS Platform 8 | 9 | 11 | 13 | 15 | 17 | 19 | 21 | ul { margin:0} 22 | 23 | '; ?> 24 | 25 | 26 | 27 | _tpl_vars; 28 | $this->_smarty_include(array('smarty_include_tpl_file' => "header.html", 'smarty_include_vars' => array())); 29 | $this->_tpl_vars = $_smarty_tpl_vars; 30 | unset($_smarty_tpl_vars); 31 | ?> 32 |
33 | _tpl_vars; 34 | $this->_smarty_include(array('smarty_include_tpl_file' => "menus.html", 'smarty_include_vars' => array())); 35 | $this->_tpl_vars = $_smarty_tpl_vars; 36 | unset($_smarty_tpl_vars); 37 | ?> 38 |
39 |
40 |
项目代码
41 |
42 |

项目名称: _tpl_vars['project']['title']; ?> 43 |

44 |

45 | 46 | 

 47 | _tpl_vars['code']; ?>
 48 | 
 49 |
50 |

51 | 52 |

将如下代码植入怀疑出现xss的地方(注意'的转义),即可在 项目内容 观看XSS效果。

55 | 
 56 | _tpl_vars['scriptShow1']; ?>
 57 | 
 58 |
59 |

60 |

61 | 或者 62 |

63 |

64 | 

 65 | _tpl_vars['scriptShow2']; ?>
 66 | 
 67 |
68 |

69 | 70 |

71 | 72 | 再或者以你任何想要的方式插入 73 | 74 |

75 | 76 |

77 | 

 78 | _tpl_vars['codeurl']; ?>
 79 | 
 80 |
81 |

82 |

83 | 84 | *************************************************网址缩短************************************************* 85 |

86 |

87 | 88 | 再或者以你任何想要的方式插入 89 | 90 |

91 | 92 |

93 | 

 94 | _tpl_vars['shortShow1']; ?>
 95 | 
 96 |
97 |

98 | 99 | 100 |

101 | _tpl_vars['ty'] == 'create'): ?> 102 | 104 | 105 | 107 | 108 |

109 |
110 |
111 |
112 |
113 | 114 | -------------------------------------------------------------------------------- /source/class/Image.class.php: -------------------------------------------------------------------------------- 1 | imgObj=$imgObj; 14 | $this->imgType=FileSuffix($imgObj['name']); 15 | } 16 | } 17 | /** 18 | Upload 上传 19 | $imgName string 图片名称(上传到的位置) 20 | */ 21 | public function Upload($imgName=''){ 22 | if(empty($this->imgObj['tmp_name']) || $this->imgObj['size']<=0){ 23 | $this->error='图片上传未成功,请重新选择图片'; 24 | return false; 25 | } 26 | //判断图片格式 27 | if(!in_array($this->imgType,array('jpg','jpeg','png','gif')) || !in_array($this->imgObj['type'],array('image/jpeg','image/png','image/gif'))){ 28 | $this->error='图片格式不正确'; 29 | return false; 30 | } 31 | if(file_exists($imgName)) @unlink($imgName); 32 | //上传 33 | if(move_uploaded_file($this->imgObj['tmp_name'],$imgName)){ 34 | return true; 35 | }else{ 36 | $this->error='图片上传未成功,请重新选择图片'; 37 | return false; 38 | } 39 | } 40 | 41 | /** 42 | Resize 生成缩略图 43 | */ 44 | public static function Resize($oldImg,$width=200,$height=200,$newImg,$fixed=false){ 45 | if(!file_exists($oldImg)) return false; 46 | //生成图片处理对象 47 | $pathInfo=pathinfo($oldImg); 48 | $imgType=strtolower($pathInfo['extension']); 49 | switch($imgType){ 50 | case 'jpg': 51 | case 'jpeg': 52 | $im=@imagecreatefromjpeg($oldImg); 53 | break; 54 | case 'png': 55 | $im=@imagecreatefrompng($oldImg); 56 | break; 57 | case 'gif': 58 | $im=@imagecreatefromgif($oldImg); 59 | break; 60 | default: 61 | return false; 62 | break; 63 | } 64 | if($im){ 65 | $w=imagesx($im); 66 | $h=imagesy($im); 67 | //计算新宽,高 68 | if($w>$width || $h>$height){ 69 | if(!$fixed){ 70 | if($w>$width){ 71 | $widthRatio=$width/$w; 72 | }else{ 73 | $widthRatio=1; 74 | } 75 | if($h>$height){ 76 | $heightRatio=$height/$h; 77 | }else{ 78 | $heightRatio=1; 79 | } 80 | $ratio=$widthRatio<$heightRatio ? $widthRatio : $heightRatio; 81 | $newWidth=$w*$ratio; 82 | $newHeight=$h*$ratio; 83 | }else{ 84 | $newWidth=$width; 85 | $newHeight=$height; 86 | } 87 | }else{ 88 | return false; 89 | } 90 | //开始缩略 91 | if(function_exists('imagecopyresampled')){ 92 | $newim=imagecreatetruecolor($newWidth, $newHeight); 93 | imagecopyresampled($newim,$im,0,0,0,0,$newWidth,$newHeight,$w,$h); 94 | }else{ 95 | $newim=imagecreate($newWidth,$newHeight); 96 | imagecopyresized($newim,$im,0,0,0,0,$newWidth,$newHeight,$w,$h); 97 | } 98 | if(file_exists($newImg)) @unlink($newImg); 99 | switch($imgType){ 100 | case 'jpg': 101 | case 'jpeg': 102 | imagejpeg($newim,$newImg); 103 | break; 104 | case 'png': 105 | imagepng($newim,$newImg); 106 | break; 107 | case 'gif': 108 | imagegif($newim,$newImg); 109 | break; 110 | default: 111 | return false; 112 | break; 113 | } 114 | imagedestroy($newim); 115 | return true; 116 | }else{ 117 | return false; 118 | } 119 | } 120 | } 121 | ?> -------------------------------------------------------------------------------- /libs/internals/core.write_compiled_include.php: -------------------------------------------------------------------------------- 1 | caching && \!\$this->_cache_including\)\: echo \'\{nocache\:('.$params['cache_serial'].')#(\d+)\}\'; endif;'; 19 | $_tag_end = 'if \(\$this->caching && \!\$this->_cache_including\)\: echo \'\{/nocache\:(\\2)#(\\3)\}\'; endif;'; 20 | 21 | preg_match_all('!('.$_tag_start.'(.*)'.$_tag_end.')!Us', 22 | $params['compiled_content'], $_match_source, PREG_SET_ORDER); 23 | 24 | // no nocache-parts found: done 25 | if (count($_match_source)==0) return; 26 | 27 | // convert the matched php-code to functions 28 | $_include_compiled = "_version.", created on ".strftime("%Y-%m-%d %H:%M:%S")."\n"; 29 | $_include_compiled .= " compiled from " . strtr(urlencode($params['resource_name']), array('%2F'=>'/', '%3A'=>':')) . " */\n\n"; 30 | 31 | $_compile_path = $params['include_file_path']; 32 | 33 | $smarty->_cache_serials[$_compile_path] = $params['cache_serial']; 34 | $_include_compiled .= "\$this->_cache_serials['".$_compile_path."'] = '".$params['cache_serial']."';\n\n?>"; 35 | 36 | $_include_compiled .= $params['plugins_code']; 37 | $_include_compiled .= "= 5.0) ? '_smarty' : 'this'; 40 | for ($_i = 0, $_for_max = count($_match_source); $_i < $_for_max; $_i++) { 41 | $_match =& $_match_source[$_i]; 42 | $source = $_match[4]; 43 | if ($this_varname == '_smarty') { 44 | /* rename $this to $_smarty in the sourcecode */ 45 | $tokens = token_get_all('\n"; 81 | 82 | $_params = array('filename' => $_compile_path, 83 | 'contents' => $_include_compiled, 'create_dirs' => true); 84 | 85 | require_once(SMARTY_CORE_DIR . 'core.write_file.php'); 86 | smarty_core_write_file($_params, $smarty); 87 | return true; 88 | } 89 | 90 | 91 | ?> 92 | -------------------------------------------------------------------------------- /source/register.php: -------------------------------------------------------------------------------- 1 | tbPrefix.'user'; 18 | $userExisted=$db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE userName='{$username}'"); 19 | $emailExisted=$db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE email='{$email}'"); 20 | $keyError=0; 21 | if(REGISTER=='invite'){ 22 | //判断key是否有效 23 | $tbInviteReg=$db->tbPrefix.'invite_reg'; 24 | $inviteRow=$db->FirstRow("SELECT id,userId FROM {$tbInviteReg} WHERE inviteKey='{$key}' AND isUsed=0"); 25 | if(empty($inviteRow)) $keyError=1; 26 | } 27 | 28 | echo $userExisted.'|'.$emailExisted.'|'.$keyError; 29 | break; 30 | case 'submit': 31 | if($user->userId>0) ShowError('您已登录,不能进行注册'); 32 | $db=DBConnect(); 33 | $key=Val('key','POST'); 34 | if(!empty($key)){ 35 | $tbInviteReg=$db->tbPrefix.'invite_reg'; 36 | $inviteRow=$db->FirstRow("SELECT id,userId FROM {$tbInviteReg} WHERE inviteKey='{$key}' AND isUsed=0"); 37 | } 38 | if(REGISTER=='invite'){ 39 | if(empty($key)) ShowError('本站目前仅能邀请注册'); 40 | if(empty($inviteRow)) ShowError('你的邀请码不正确或已作废'); 41 | } 42 | $username=Val('user','POST'); 43 | $email=Val('email','POST'); 44 | $userpwd=Val('pwd','POST'); 45 | $phone=Val('phone','POST');//获取手机号 46 | //判断格式 47 | if(empty($username) || !preg_match('/^[\w\x{4e00}-\x{9fa5}]{2,20}$/u',$username)) ShowError('用户格式不正确',$url['register'],'重新填写'); 48 | if(empty($email) || !preg_match('/^(\w+\.)*?\w+@(\w+\.)+\w+$/',$email)) ShowError('邮箱格式不正确',$url['register'],'重新填写'); 49 | if(!empty($phone) && !preg_match('/^(\d{11})$/',$phone)) ShowError('手机格式不正确',$url['register'],'重新填写');//手机验证 50 | if(empty($userpwd) || !preg_match('/^.{6,20}$/',$userpwd)) ShowError('密码应为6-20位字符',$url['register'],'重新填写'); 51 | $tbUser=$db->tbPrefix.'user'; 52 | //用户是否存在 53 | $userExisted=$db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE userName='{$username}'"); 54 | if($userExisted>0) ShowError("用户{$username}已存在",$url['register'],'重新填写'); 55 | //邮箱是否存在 56 | $emailExisted=$db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE email='{$email}'"); 57 | if($emailExisted>0) ShowError("邮箱{$email}已存在",$url['register'],'重新填写'); 58 | //入库 59 | $executeArr=array('userName'=>$username,'userPwd'=>OCEncrypt($userpwd),'email'=>$email,'phone'=>$phone,'addTime'=>time()); 60 | if($db->AutoExecute($tbUser,$executeArr)){ 61 | if(!empty($inviteRow)){ 62 | $regUserId=$db->LastId(); 63 | $db->Execute("UPDATE {$tbInviteReg} SET isUsed=1,regUserId='{$regUserId}',regTime='".time()."' WHERE id='{$inviteRow[id]}'"); 64 | } 65 | //自动登录 66 | $user->Login($username,$userpwd,1); 67 | ShowSuccess('注册成功',$url['root']); 68 | }else{ 69 | ShowError('出错了,请与管理员联系'); 70 | } 71 | break; 72 | default: 73 | if($user->userId>0) ShowError('您已登录,不能进行注册!'); 74 | $key=Val('key','GET'); 75 | $smarty=InitSmarty(); 76 | $smarty->assign('do',$do); 77 | $smarty->assign('register',REGISTER); 78 | $smarty->assign('key',$key); 79 | $smarty->assign('show',$show); 80 | $smarty->assign('url',$url); 81 | $smarty->display('register.html'); 82 | break; 83 | } 84 | ?> -------------------------------------------------------------------------------- /themes/default/templates/project_setcode.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | XSS Platform 6 | 7 | 8 | 9 | 10 | 11 | 12 | 25 | 26 | 27 | {include file="header.html"} 28 |
29 | {include file="menus.html"} 30 |
31 |
32 |
配置代码
33 |
34 | 35 | 36 | 37 |
38 |
39 |

40 |
41 |

{$project.title}

42 |

43 |

44 |

    45 | {foreach from=$modulesCan key=k item=v} 46 |
  • {$v.title} 47 | 展开 48 | {if $v.setkeys|@count>0} 49 |
    50 | 需要配置的参数
    51 | {foreach from=$v.setkeys item=setkey} 52 | {if $v.id==1 && $setkey.key=='keepsession'} 53 | 无keepsession   54 | keepsession 55 | {else} 56 | {$setkey.key} :
    57 | {/if} 58 | {/foreach} 59 |
    60 | {/if} 61 | 65 |
    • 66 | {/foreach} 67 |
68 |

69 |

70 |
71 | 72 |

73 |

74 |    75 | 76 |

77 |
78 |
79 |
80 |
81 |
82 | 83 | -------------------------------------------------------------------------------- /libs/plugins/function.cycle.php: -------------------------------------------------------------------------------- 1 | 12 | * Name: cycle
13 | * Date: May 3, 2002
14 | * Purpose: cycle through given values
15 | * Input: 16 | * - name = name of cycle (optional) 17 | * - values = comma separated list of values to cycle, 18 | * or an array of values to cycle 19 | * (this can be left out for subsequent calls) 20 | * - reset = boolean - resets given var to true 21 | * - print = boolean - print var or not. default is true 22 | * - advance = boolean - whether or not to advance the cycle 23 | * - delimiter = the value delimiter, default is "," 24 | * - assign = boolean, assigns to template var instead of 25 | * printed. 26 | * 27 | * Examples:
28 | * 
 29 |  * {cycle values="#eeeeee,#d0d0d0d"}
 30 |  * {cycle name=row values="one,two,three" reset=true}
 31 |  * {cycle name=row}
 32 |  *
33 | * @link http://smarty.php.net/manual/en/language.function.cycle.php {cycle} 34 | * (Smarty online manual) 35 | * @author Monte Ohrt 36 | * @author credit to Mark Priatel 37 | * @author credit to Gerard 38 | * @author credit to Jason Sweat 39 | * @version 1.3 40 | * @param array 41 | * @param Smarty 42 | * @return string|null 43 | */ 44 | function smarty_function_cycle($params, &$smarty) 45 | { 46 | static $cycle_vars; 47 | 48 | $name = (empty($params['name'])) ? 'default' : $params['name']; 49 | $print = (isset($params['print'])) ? (bool)$params['print'] : true; 50 | $advance = (isset($params['advance'])) ? (bool)$params['advance'] : true; 51 | $reset = (isset($params['reset'])) ? (bool)$params['reset'] : false; 52 | 53 | if (!in_array('values', array_keys($params))) { 54 | if(!isset($cycle_vars[$name]['values'])) { 55 | $smarty->trigger_error("cycle: missing 'values' parameter"); 56 | return; 57 | } 58 | } else { 59 | if(isset($cycle_vars[$name]['values']) 60 | && $cycle_vars[$name]['values'] != $params['values'] ) { 61 | $cycle_vars[$name]['index'] = 0; 62 | } 63 | $cycle_vars[$name]['values'] = $params['values']; 64 | } 65 | 66 | $cycle_vars[$name]['delimiter'] = (isset($params['delimiter'])) ? $params['delimiter'] : ','; 67 | 68 | if(is_array($cycle_vars[$name]['values'])) { 69 | $cycle_array = $cycle_vars[$name]['values']; 70 | } else { 71 | $cycle_array = explode($cycle_vars[$name]['delimiter'],$cycle_vars[$name]['values']); 72 | } 73 | 74 | if(!isset($cycle_vars[$name]['index']) || $reset ) { 75 | $cycle_vars[$name]['index'] = 0; 76 | } 77 | 78 | if (isset($params['assign'])) { 79 | $print = false; 80 | $smarty->assign($params['assign'], $cycle_array[$cycle_vars[$name]['index']]); 81 | } 82 | 83 | if($print) { 84 | $retval = $cycle_array[$cycle_vars[$name]['index']]; 85 | } else { 86 | $retval = null; 87 | } 88 | 89 | if($advance) { 90 | if ( $cycle_vars[$name]['index'] >= count($cycle_array) -1 ) { 91 | $cycle_vars[$name]['index'] = 0; 92 | } else { 93 | $cycle_vars[$name]['index']++; 94 | } 95 | } 96 | 97 | return $retval; 98 | } 99 | 100 | /* vim: set expandtab: */ 101 | 102 | ?> 103 | -------------------------------------------------------------------------------- /source/api.php: -------------------------------------------------------------------------------- 1 | FirstRow("SELECT * FROM ".Tb('project')." WHERE urlKey='{$id}'"); 13 | if(empty($project)) exit(); 14 | //用户提供的content 15 | $content=array(); 16 | //待接收的key 17 | $keys=array(); 18 | /* 模块 begin */ 19 | $moduleIds=array(); 20 | if(!empty($project['modules'])) $moduleIds=json_decode($project['modules']); 21 | if(!empty($moduleIds)){ 22 | $modulesStr=implode(',',$moduleIds); 23 | $modules=$db->Dataset("SELECT * FROM ".Tb('module')." WHERE id IN ($modulesStr)"); 24 | if(!empty($modules)){ 25 | foreach($modules as $module){ 26 | if(!empty($module['keys'])) $keys=array_merge($keys,json_decode($module['keys'])); 27 | } 28 | } 29 | } 30 | /* 模块 end */ 31 | foreach($keys as $key){ 32 | $content[$key]=Val($key,'REQUEST'); 33 | } 34 | if(in_array('toplocation',$keys)){ 35 | $content['toplocation']=!empty($content['toplocation']) ? $content['toplocation'] : $content['location']; 36 | } 37 | 38 | $judgeCookie=in_array('cookie',$keys) ? true : false; 39 | /* cookie hash */ 40 | $cookieHash=md5($project['id'].'_'.$content['cookie'].'_'.$content['location'].'_'.$content['toplocation']); 41 | $cookieExisted=$db->FirstValue("SELECT COUNT(*) FROM ".Tb('project_content')." WHERE projectId='{$project[id]}' AND cookieHash='{$cookieHash}'"); 42 | if(!$judgeCookie || $cookieExisted<=0){ 43 | //服务器获取的content 44 | $serverContent=array(); 45 | $serverContent['HTTP_REFERER']=$_SERVER['HTTP_REFERER']; 46 | $referers=@parse_url($serverContent['HTTP_REFERER']); 47 | $domain=$referers['host']?$referers['host']: ''; 48 | $domain=StripStr($domain); 49 | $serverContent['HTTP_REFERER']=StripStr($_SERVER['HTTP_REFERER']); 50 | $serverContent['HTTP_USER_AGENT']=StripStr($_SERVER['HTTP_USER_AGENT']); 51 | $user_ip=$_SERVER['HTTP_X_FORWARDED_FOR']; 52 | if ($user_ip==''){ 53 | $user_ip=$_SERVER['REMOTE_ADDR']; 54 | } 55 | $serverContent['REMOTE_ADDR']=StripStr($user_ip); 56 | $values=array( 57 | 'projectId'=>$project['id'], 58 | 'content'=>JsonEncode($content), 59 | 'serverContent'=>JsonEncode($serverContent), 60 | 'domain'=>$domain, 61 | 'cookieHash'=>$cookieHash, 62 | 'num'=>1, 63 | 'addTime'=>time() 64 | ); 65 | $judgeCookie=in_array('cookie',$keys) ? true : false; 66 | 67 | /* cookie hash */ 68 | $Getcookie=$content['cookie']; 69 | //Getcookie在上面的变量里 70 | 71 | $db->AutoExecute(Tb('project_content'),$values); 72 | 73 | $uid = $project['userId']; 74 | $userInfo = $db->FirstRow("SELECT * FROM ".Tb('user')." WHERE id={$uid}"); 75 | $msg=explode("|",$userInfo['message']); 76 | if($userInfo['phone'] && $msg[1]==1){ 77 | SendSMS('150********','************',$userInfo['phone'],"尊敬的".$userInfo['userName'].",您在".URL_ROOT." 预订的猫饼干,Cookie:{$Getcookie}已经到货!详情请登录:".URL_ROOT." 查看!"); 78 | //参数:发送的飞信号 飞信密码 79 | } 80 | if($userInfo['email'] && $msg[0]==1){ 81 | $domain=explode("//", URL_ROOT); 82 | SendMail($userInfo['email'],"notification @ ".$domain[1] ,"尊敬的 ".$userInfo['userName']." ,您在 ".$domain[1]." 预订的零食
Cookie:{$Getcookie}
已经到货!
详情请登录:".URL_ROOT." 查看。"); 83 | } 84 | }else{ 85 | $db->Execute("UPDATE ".Tb('project_content')." SET num=num+1,updateTime='".time()."' WHERE projectId='{$project[id]}' AND cookieHash='{$cookieHash}'"); 86 | } 87 | 88 | header("Location: $_SERVER[HTTP_REFERER] "); 89 | } 90 | ?> 91 | -------------------------------------------------------------------------------- /libs/plugins/function.popup.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: popup
14 | * Purpose: make text pop up in windows via overlib 15 | * @link http://smarty.php.net/manual/en/language.function.popup.php {popup} 16 | * (Smarty online manual) 17 | * @author Monte Ohrt 18 | * @param array 19 | * @param Smarty 20 | * @return string 21 | */ 22 | function smarty_function_popup($params, &$smarty) 23 | { 24 | $append = ''; 25 | foreach ($params as $_key=>$_value) { 26 | switch ($_key) { 27 | case 'text': 28 | case 'trigger': 29 | case 'function': 30 | case 'inarray': 31 | $$_key = (string)$_value; 32 | if ($_key == 'function' || $_key == 'inarray') 33 | $append .= ',' . strtoupper($_key) . ",'$_value'"; 34 | break; 35 | 36 | case 'caption': 37 | case 'closetext': 38 | case 'status': 39 | $append .= ',' . strtoupper($_key) . ",'" . str_replace("'","\'",$_value) . "'"; 40 | break; 41 | 42 | case 'fgcolor': 43 | case 'bgcolor': 44 | case 'textcolor': 45 | case 'capcolor': 46 | case 'closecolor': 47 | case 'textfont': 48 | case 'captionfont': 49 | case 'closefont': 50 | case 'fgbackground': 51 | case 'bgbackground': 52 | case 'caparray': 53 | case 'capicon': 54 | case 'background': 55 | case 'frame': 56 | $append .= ',' . strtoupper($_key) . ",'$_value'"; 57 | break; 58 | 59 | case 'textsize': 60 | case 'captionsize': 61 | case 'closesize': 62 | case 'width': 63 | case 'height': 64 | case 'border': 65 | case 'offsetx': 66 | case 'offsety': 67 | case 'snapx': 68 | case 'snapy': 69 | case 'fixx': 70 | case 'fixy': 71 | case 'padx': 72 | case 'pady': 73 | case 'timeout': 74 | case 'delay': 75 | $append .= ',' . strtoupper($_key) . ",$_value"; 76 | break; 77 | 78 | case 'sticky': 79 | case 'left': 80 | case 'right': 81 | case 'center': 82 | case 'above': 83 | case 'below': 84 | case 'noclose': 85 | case 'autostatus': 86 | case 'autostatuscap': 87 | case 'fullhtml': 88 | case 'hauto': 89 | case 'vauto': 90 | case 'mouseoff': 91 | case 'followmouse': 92 | case 'closeclick': 93 | if ($_value) $append .= ',' . strtoupper($_key); 94 | break; 95 | 96 | default: 97 | $smarty->trigger_error("[popup] unknown parameter $_key", E_USER_WARNING); 98 | } 99 | } 100 | 101 | if (empty($text) && !isset($inarray) && empty($function)) { 102 | $smarty->trigger_error("overlib: attribute 'text' or 'inarray' or 'function' required"); 103 | return false; 104 | } 105 | 106 | if (empty($trigger)) { $trigger = "onmouseover"; } 107 | 108 | $retval = $trigger . '="return overlib(\''.preg_replace(array("!'!","![\r\n]!"),array("\'",'\r'),$text).'\''; 109 | $retval .= $append . ');"'; 110 | if ($trigger == 'onmouseover') 111 | $retval .= ' onmouseout="nd();"'; 112 | 113 | 114 | return $retval; 115 | } 116 | 117 | /* vim: set expandtab: */ 118 | 119 | ?> 120 | -------------------------------------------------------------------------------- /libs/internals/core.write_cache_file.php: -------------------------------------------------------------------------------- 1 | _cache_info['timestamp'] = time(); 26 | if ($smarty->cache_lifetime > -1){ 27 | // expiration set 28 | $smarty->_cache_info['expires'] = $smarty->_cache_info['timestamp'] + $smarty->cache_lifetime; 29 | } else { 30 | // cache will never expire 31 | $smarty->_cache_info['expires'] = -1; 32 | } 33 | 34 | // collapse nocache.../nocache-tags 35 | if (preg_match_all('!\{(/?)nocache\:[0-9a-f]{32}#\d+\}!', $params['results'], $match, PREG_PATTERN_ORDER)) { 36 | // remove everything between every pair of outermost noache.../nocache-tags 37 | // and replace it by a single nocache-tag 38 | // this new nocache-tag will be replaced by dynamic contents in 39 | // smarty_core_process_compiled_includes() on a cache-read 40 | 41 | $match_count = count($match[0]); 42 | $results = preg_split('!(\{/?nocache\:[0-9a-f]{32}#\d+\})!', $params['results'], -1, PREG_SPLIT_DELIM_CAPTURE); 43 | 44 | $level = 0; 45 | $j = 0; 46 | for ($i=0, $results_count = count($results); $i < $results_count && $j < $match_count; $i++) { 47 | if ($results[$i] == $match[0][$j]) { 48 | // nocache tag 49 | if ($match[1][$j]) { // closing tag 50 | $level--; 51 | unset($results[$i]); 52 | } else { // opening tag 53 | if ($level++ > 0) unset($results[$i]); 54 | } 55 | $j++; 56 | } elseif ($level > 0) { 57 | unset($results[$i]); 58 | } 59 | } 60 | $params['results'] = implode('', $results); 61 | } 62 | $smarty->_cache_info['cache_serials'] = $smarty->_cache_serials; 63 | 64 | // prepend the cache header info into cache file 65 | $_cache_info = serialize($smarty->_cache_info); 66 | $params['results'] = strlen($_cache_info) . "\n" . $_cache_info . $params['results']; 67 | 68 | if (!empty($smarty->cache_handler_func)) { 69 | // use cache_handler function 70 | call_user_func_array($smarty->cache_handler_func, 71 | array('write', &$smarty, &$params['results'], $params['tpl_file'], $params['cache_id'], $params['compile_id'], $smarty->_cache_info['expires'])); 72 | } else { 73 | // use local cache file 74 | 75 | if(!@is_writable($smarty->cache_dir)) { 76 | // cache_dir not writable, see if it exists 77 | if(!@is_dir($smarty->cache_dir)) { 78 | $smarty->trigger_error('the $cache_dir \'' . $smarty->cache_dir . '\' does not exist, or is not a directory.', E_USER_ERROR); 79 | return false; 80 | } 81 | $smarty->trigger_error('unable to write to $cache_dir \'' . realpath($smarty->cache_dir) . '\'. Be sure $cache_dir is writable by the web server user.', E_USER_ERROR); 82 | return false; 83 | } 84 | 85 | $_auto_id = $smarty->_get_auto_id($params['cache_id'], $params['compile_id']); 86 | $_cache_file = $smarty->_get_auto_filename($smarty->cache_dir, $params['tpl_file'], $_auto_id); 87 | $_params = array('filename' => $_cache_file, 'contents' => $params['results'], 'create_dirs' => true); 88 | require_once(SMARTY_CORE_DIR . 'core.write_file.php'); 89 | smarty_core_write_file($_params, $smarty); 90 | return true; 91 | } 92 | } 93 | 94 | /* vim: set expandtab: */ 95 | 96 | ?> 97 | -------------------------------------------------------------------------------- /libs/internals/core.read_cache_file.php: -------------------------------------------------------------------------------- 1 | force_compile) { 26 | // force compile enabled, always regenerate 27 | return false; 28 | } 29 | 30 | if (isset($content_cache[$params['tpl_file'].','.$params['cache_id'].','.$params['compile_id']])) { 31 | list($params['results'], $smarty->_cache_info) = $content_cache[$params['tpl_file'].','.$params['cache_id'].','.$params['compile_id']]; 32 | return true; 33 | } 34 | 35 | if (!empty($smarty->cache_handler_func)) { 36 | // use cache_handler function 37 | call_user_func_array($smarty->cache_handler_func, 38 | array('read', &$smarty, &$params['results'], $params['tpl_file'], $params['cache_id'], $params['compile_id'], null)); 39 | } else { 40 | // use local cache file 41 | $_auto_id = $smarty->_get_auto_id($params['cache_id'], $params['compile_id']); 42 | $_cache_file = $smarty->_get_auto_filename($smarty->cache_dir, $params['tpl_file'], $_auto_id); 43 | $params['results'] = $smarty->_read_file($_cache_file); 44 | } 45 | 46 | if (empty($params['results'])) { 47 | // nothing to parse (error?), regenerate cache 48 | return false; 49 | } 50 | 51 | $_contents = $params['results']; 52 | $_info_start = strpos($_contents, "\n") + 1; 53 | $_info_len = (int)substr($_contents, 0, $_info_start - 1); 54 | $_cache_info = unserialize(substr($_contents, $_info_start, $_info_len)); 55 | $params['results'] = substr($_contents, $_info_start + $_info_len); 56 | 57 | if ($smarty->caching == 2 && isset ($_cache_info['expires'])){ 58 | // caching by expiration time 59 | if ($_cache_info['expires'] > -1 && (time() > $_cache_info['expires'])) { 60 | // cache expired, regenerate 61 | return false; 62 | } 63 | } else { 64 | // caching by lifetime 65 | if ($smarty->cache_lifetime > -1 && (time() - $_cache_info['timestamp'] > $smarty->cache_lifetime)) { 66 | // cache expired, regenerate 67 | return false; 68 | } 69 | } 70 | 71 | if ($smarty->compile_check) { 72 | $_params = array('get_source' => false, 'quiet'=>true); 73 | foreach (array_keys($_cache_info['template']) as $_template_dep) { 74 | $_params['resource_name'] = $_template_dep; 75 | if (!$smarty->_fetch_resource_info($_params) || $_cache_info['timestamp'] < $_params['resource_timestamp']) { 76 | // template file has changed, regenerate cache 77 | return false; 78 | } 79 | } 80 | 81 | if (isset($_cache_info['config'])) { 82 | $_params = array('resource_base_path' => $smarty->config_dir, 'get_source' => false, 'quiet'=>true); 83 | foreach (array_keys($_cache_info['config']) as $_config_dep) { 84 | $_params['resource_name'] = $_config_dep; 85 | if (!$smarty->_fetch_resource_info($_params) || $_cache_info['timestamp'] < $_params['resource_timestamp']) { 86 | // config file has changed, regenerate cache 87 | return false; 88 | } 89 | } 90 | } 91 | } 92 | 93 | $content_cache[$params['tpl_file'].','.$params['cache_id'].','.$params['compile_id']] = array($params['results'], $_cache_info); 94 | 95 | $smarty->_cache_info = $_cache_info; 96 | return true; 97 | } 98 | 99 | /* vim: set expandtab: */ 100 | 101 | ?> 102 | -------------------------------------------------------------------------------- /libs/debug.tpl: -------------------------------------------------------------------------------- 1 | {* Smarty *} 2 | {* debug.tpl, last updated version 2.1.0 *} 3 | {assign_debug_info} 4 | {capture assign=debug_output} 5 | 6 | 7 | 8 | Smarty Debug Console 9 | {literal} 10 | 90 | {/literal} 91 | 92 | 93 | 94 |

Smarty Debug Console

95 | 96 |

included templates & config files (load time in seconds)

97 | 98 |
99 | {section name=templates loop=$_debug_tpls} 100 | {section name=indent loop=$_debug_tpls[templates].depth}   {/section} 101 | 102 | {$_debug_tpls[templates].filename|escape:html} 103 | {if isset($_debug_tpls[templates].exec_time)} 104 | 105 | ({$_debug_tpls[templates].exec_time|string_format:"%.5f"}) 106 | {if %templates.index% eq 0}(total){/if} 107 | 108 | {/if} 109 |
110 | {sectionelse} 111 |

no templates included

112 | {/section} 113 |
114 | 115 |

assigned template variables

116 | 117 | 118 | {section name=vars loop=$_debug_keys} 119 | 120 | 121 | 122 | {sectionelse} 123 | 124 | {/section} 125 |
{ldelim}${$_debug_keys[vars]|escape:'html'}{rdelim}{$_debug_vals[vars]|@debug_print_var}

no template variables assigned

126 | 127 |

assigned config file variables (outer template scope)

128 | 129 | 130 | {section name=config_vars loop=$_debug_config_keys} 131 | 132 | 133 | 134 | {sectionelse} 135 | 136 | {/section} 137 |
{ldelim}#{$_debug_config_keys[config_vars]|escape:'html'}#{rdelim}{$_debug_config_vals[config_vars]|@debug_print_var}

no config vars assigned

138 | 139 | 140 | {/capture} 141 | {if isset($_smarty_debug_output) and $_smarty_debug_output eq "html"} 142 | {$debug_output} 143 | {else} 144 | 157 | {/if} -------------------------------------------------------------------------------- /libs/plugins/function.html_options.php: -------------------------------------------------------------------------------- 1 | 13 | * Name: html_options
14 | * Input:
15 | * - name (optional) - string default "select" 16 | * - values (required if no options supplied) - array 17 | * - options (required if no values supplied) - associative array 18 | * - selected (optional) - string default not set 19 | * - output (required if not options supplied) - array 20 | * Purpose: Prints the list of