PHPCMS发布页面的栏目选择问题
在PHPCMS的发布页面中有个BUG,即使编辑无权限访问某个栏目,但是也还都可以在发布页面的栏目下拉菜单中选择该栏目,并可以将文章发布到该栏目下。这个BUG如何修复呢?我们先来看看发布页面的下拉菜单是如何生成的。
发布页面的模板文件是在 /admin/templates/content_add.tpl.php,其表单是通过下面语句输出的:
if(is_array($forminfos['base']))
{
foreach($forminfos['base'] as $field=>$info)
{
}
}
线索找到了,就是 $forminfos 这个数组。这个数组实在 /admin/content.inc.php 这个文件中生成的,我们看看生成代码:
$data['catid'] = $catid; $data['template'] = isset($template_show) ? $template_show :$MODEL[$modelid]['template_show']; require CACHE_MODEL_PATH.'content_form.class.php'; $content_form = new content_form($modelid); $forminfos = $content_form->get($data);
把数组 $forminfos 打印出来可以发现,下拉菜单的代码保存在 $forminfos['base']['catid']['form'] 中:
<select name="info[catid]" id="catid"><option value="96" >扶贫动态</option><option value="95" >通知公告</option><option value="35" >最新动态</option><option value="36" selected>新闻</option><option value="37" >爱心捐助</option><option value="83" >捐助纪实</option><option value="38" >爱心回馈</option><option value="40" >捐款名单</option><option value="41" >紧急求助</option><option value="73" >帮助中心</option><option value="74" >友情连接</option><option value="43" >对口地区</option><option value="44" >新闻动态</option><option value="45" >援建项目</option><option value="47" >爱心捐助</option><option value="48" >情系三峡</option><option value="50" >新闻专区</option><option value="51" >爱心捐助</option><option value="52" >政策动态</option><option value="53" >结对帮扶</option><option value="54" >援建项目</option><option value="56" >扶贫现状</option><option value="57" >扶助对象</option><option value="58" >新闻动态</option><option value="59" >爱心捐助</option><option value="60" >扶贫项目</option><option value="62" >基金简介</option><option value="64" >募捐情况</option><option value="65" >基金用途</option><option value="66" >账户情况</option><option value="67" >新闻动态</option><option value="68" >义工</option><option value="69" >政策法规</option><option value="87" >顶新闻栏</option><option value="88" >顶新闻栏</option><option value="89" >顶新闻栏</option><option value="98" >顶新闻栏</option><option value="99" >顶新闻栏</option></select><input type="hidden" name="old_catid" value="36"> <a href=\'\' class="jqModal" onclick="$(\'.jqmWindow\').show();"/> [同时发布到其他栏目]</a>
还是投机了一把,只要把里面的数字正则抽取出来,进行权限验证,没权限的unset掉,余下的再组合到一起,重新生成 $forminfos['base']['catid']['form'] 即可:
$data['catid'] = $catid;
$data['template'] = isset($template_show) ? $template_show :$MODEL[$modelid]['template_show'];
require CACHE_MODEL_PATH.'content_form.class.php';
$content_form = new content_form($modelid);
$forminfos = $content_form->get($data);
// 判断权限
preg_match_all("//", $forminfos['base']['catid']['form'], $matches['str']);
preg_match_all("/[1-9]\d/", $forminfos['base']['catid']['form'], $matches['num']);
foreach($matches['num'][0] as $key=>$value)
{
$allow_manage = $priv_role->check('catid', $matches['num'][0][$key], 'manage');
if(!$allow_manage)
{
unset($matches['num'][0][$key]);
unset($matches['str'][0][$key]);
}
}
foreach($matches['str'][0] as $key=>$value)
{
$opstr .= $matches['str'][0][$key];
}
$forminfos['base']['catid']['form'] = preg_replace('//', $opstr, $forminfos['base']['catid']['form']);
投机成分很高,仅作参考。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP regular expression validation: number format detection
Mar 21, 2024 am 09:45 AM
PHP regular expression verification: Number format detection When writing PHP programs, it is often necessary to verify the data entered by the user. One of the common verifications is to check whether the data conforms to the specified number format. In PHP, you can use regular expressions to achieve this kind of validation. This article will introduce how to use PHP regular expressions to verify number formats and provide specific code examples. First, let’s look at common number format validation requirements: Integers: only contain numbers 0-9, can start with a plus or minus sign, and do not contain decimal points. floating point
How to validate email address in Golang using regular expression?
May 31, 2024 pm 01:04 PM
To validate email addresses in Golang using regular expressions, follow these steps: Use regexp.MustCompile to create a regular expression pattern that matches valid email address formats. Use the MatchString function to check whether a string matches a pattern. This pattern covers most valid email address formats, including: Local usernames can contain letters, numbers, and special characters: !.#$%&'*+/=?^_{|}~-`Domain names must contain at least One letter, followed by letters, numbers, or hyphens. The top-level domain (TLD) cannot be longer than 63 characters.
PHP regular expressions: exact matching and exclusion of fuzzy inclusions
Feb 28, 2024 pm 01:03 PM
PHP Regular Expressions: Exact Matching and Exclusion Fuzzy inclusion regular expressions are a powerful text matching tool that can help programmers perform efficient search, replacement and filtering when processing text. In PHP, regular expressions are also widely used in string processing and data matching. This article will focus on how to perform exact matching and exclude fuzzy inclusion operations in PHP, and will illustrate it with specific code examples. Exact match Exact match means matching only strings that meet the exact condition, not any variations or extra words.
How to match timestamps using regular expressions in Go?
Jun 02, 2024 am 09:00 AM
In Go, you can use regular expressions to match timestamps: compile a regular expression string, such as the one used to match ISO8601 timestamps: ^\d{4}-\d{2}-\d{2}T \d{2}:\d{2}:\d{2}(\.\d+)?(Z|[+-][0-9]{2}:[0-9]{2})$ . Use the regexp.MatchString function to check if a string matches a regular expression.
What framework is phpcms?
Apr 20, 2024 pm 10:51 PM
PHP CMS is a PHP-based open source content management system for managing website content. Its features include ease of use, powerful functionality, scalability, high security, and free open source. It can save time, improve website quality, enhance collaboration and reduce development costs, and is widely used in various websites such as news websites, blogs, corporate websites, e-commerce websites and community forums.
How to verify password using regular expression in Go?
Jun 02, 2024 pm 07:31 PM
The method of using regular expressions to verify passwords in Go is as follows: Define a regular expression pattern that meets the minimum password requirements: at least 8 characters, including lowercase letters, uppercase letters, numbers, and special characters. Compile regular expression patterns using the MustCompile function from the regexp package. Use the MatchString method to test whether the input string matches a regular expression pattern.
How to detect URL with regular expression in Golang?
May 31, 2024 am 10:32 AM
The steps to detect URLs in Golang using regular expressions are as follows: Compile the regular expression pattern using regexp.MustCompile(pattern). Pattern needs to match protocol, hostname, port (optional), path (optional) and query parameters (optional). Use regexp.MatchString(pattern,url) to detect whether the URL matches the pattern.
Gradually master the practical skills of Java regular expression syntax
Jan 09, 2024 pm 07:09 PM
Learn practical tips for Java regular expression syntax, step by step, with specific code examples. Regular expressions are a powerful tool that can be used for pattern matching and replacement of strings. In Java, string operations can be easily handled using regular expressions. This article will introduce you to some practical tips about Java regular expression syntax and provide specific code examples. Basic matching patterns for regular expressions in Java use the java.util.regex package. To use regular expressions, you can use Patter
