|
Discuz 7.2坑爹集錦-PHP篇3........
類型: 變量使用
坑爹指數(shù): ★★★
代碼:- include/post.func.php=216
- $anew['perm'] = $allowsetattachperm ? $anew['perm'] : 0;
- 代碼: include/post.func.php=472
- $attach['perm'] = $allowsetattachperm ? intval($attachperm[$key]) : 0;
-------------------------------------------------------------------------------------------------------------------------
類型: 變量使用
坑爹指數(shù): ★★
代碼: pm.php=47
Php代碼- $pmstatus = uc_pm_checknew($discuz_uid, 4);
- $filter = !emptyempty($filter) && in_array($filter, array('newpm', 'privatepm', 'announcepm')) ? $filter : ($pmstatus['newpm'] ? 'newpm' : 'privatepm');
- $pmstatus = uc_pm_checknew($discuz_uid, 4);
- $filter = !empty($filter) && in_array($filter, array('newpm', 'privatepm', 'announcepm')) ? $filter : ($pmstatus['newpm'] ? 'newpm' : 'privatepm');
-------------------------------------------------------------------------------------------------------------------------
類型: 變量使用
坑爹指數(shù): ★★
代碼: pm.php=61
Php代碼- foreach($ucdata['data'] as $pm) {
- ....
- }
- foreach($ucdata['data'] as $pm) {
- ....
- }
雖然PHP是若類型��,但好歹對函數(shù)返回值先做個判斷再操作吧���。偷懶也就少些幾行代碼�����,可調(diào)試維護(hù)時花的時間就多了���。
-------------------------------------------------------------------------------------------------------------------------
類型: 字符處理
坑爹指數(shù): ★★★★
癥狀: 邊欄模塊最新帖最新回復(fù)對標(biāo)題中單引號顯示為'
點評: 不知道為何一直沒修復(fù)這個bug,難道是我修改其他代碼關(guān)聯(lián)影響到這兒�����?反正根源是DZ在入庫時htmlspecialchars()只對雙引號處理而未對單引號轉(zhuǎn)義
FIX: 修改如下文件調(diào)用帶ENT_QUOTES參數(shù)的htmlspecialchars()函數(shù)來替代str_replace()函數(shù)處理
Php代碼- include/request.func.php
- $datalist[$data['tid']]['subject'] = isset($data['subject']) ? str_replace('\\\'', ''', addslashes($data['subject'])) : NULL;
- include/request.func.php
- $datalist[$data['tid']]['subject'] = isset($data['subject']) ? str_replace('\\\'', ''', addslashes($data['subject'])) : NULL;
Php代碼- $datalist[$data['tid']]['subject'] = isset($data['subject']) ? htmlspecialchars(htmlspecialchars_decode($data['subject']), ENT_QUOTES) : NULL;
- 然后修改global.func.php, ucs/mode/base.php, ucclient/mode/base.php的cutstr()函數(shù):
- //$string = str_replace(array('&', '"', '<', '>', '''), array('&', '"', '<', '>', '\''), $string);
- $string = htmlspecialchars_decode($string, ENT_QUOTES);
- ....
- //$strcut = str_replace(array('&', '"', '<', '>', '\''), array('&', '"', '<', '>', '''), $strcut);
- $strcut = htmlspecialchars($strcut, ENT_QUOTES);
- $datalist[$data['tid']]['subject'] = isset($data['subject']) ? htmlspecialchars(htmlspecialchars_decode($data['subject']), ENT_QUOTES) : NULL;
- 然后修改global.func.php, ucs/mode/base.php, ucclient/mode/base.php的cutstr()函數(shù):
- //$string = str_replace(array('&', '"', '<', '>', '''), array('&', '"', '<', '>', '\''), $string);
- $string = htmlspecialchars_decode($string, ENT_QUOTES);
- ....
- //$strcut = str_replace(array('&', '"', '<', '>', '\''), array('&', '"', '<', '>', '''), $strcut);
- $strcut = htmlspecialchars($strcut, ENT_QUOTES);
類型: 頁面效果
坑爹指數(shù): ★
癥狀: 當(dāng)bbcodeoff時帖子中‘最后修改’的標(biāo)簽混亂
FIX: include/discuzcode.func.php: 添加一段判斷
line126開始的判斷拆分開
Php代碼- if(!$bbcodeoff && $allowbbcode) {// line126
- ....
- } // line201
- if(!$bbcodeoff && $allowbbcode) {// line126
- ....
- } // line201
Php代碼- if($allowbbcode) { // line126
- if (!$bbcodeoff) {
- .....
- }
- // 添加開始
- elseif ($bbcodeoff && substr($message, 0, 5) === '[i=s]') { // allow parse '[i=s]last modified by [/i]' even if bbcodeoff
- $message = preg_replace('/^\[i=s\](.*)\[\/i\]/', '<i class="pstatus">\\1</i>', $message );
- } //添加結(jié)束
- } // line201+n
- if($allowbbcode) { // line126
- if (!$bbcodeoff) {
- .....
- }
- // 添加開始
- elseif ($bbcodeoff && substr($message, 0, 5) === '[i=s]') { // allow parse '[i=s]last modified by [/i]' even if bbcodeoff
- $message = preg_replace('/^\[i=s\](.*)\[\/i\]/', '<i class="pstatus">\\1</i>', $message );
- } //添加結(jié)束
- } // line201+n
類型: 邏輯錯誤
坑爹指數(shù): ★★★★
代碼: topicadmin.php ~320 分割主題
Php代碼- $db->query("UPDATE {$tablepre}posts SET first='1', subject='$subject' WHERE fid='$waiting_fid' AND pid='".$splitauthors[0]['pid']."'" );
- $db->query("UPDATE {$tablepre}posts SET first='1', subject='$subject' WHERE fid='$waiting_fid' AND pid='".$splitauthors[0]['pid']."'" );
FIX: line327
Php代碼
$db->query("UPDATE {$tablepre}posts SET subject='".addslashes($thread['subject'])."' WHERE pid='$fpost[pid]'");
$db->query("UPDATE {$tablepre}posts SET subject='".addslashes($thread['subject'])."' WHERE pid='$fpost[pid]'");
修改為
Php代碼
$db->query("UPDATE {$tablepre}posts SET first=1, subject='".addslashes($thread['subject'])."' WHERE pid='$fpost[pid]'");
$db->query("UPDATE {$tablepre}posts SET first=1, subject='".addslashes($thread['subject'])."' WHERE pid='$fpost[pid]'");
-------------------------------------------------------------------------------------------------------------------------
類型: 執(zhí)行流程
坑爹指數(shù): ★★★
代碼: include/common.inc.php 349
Php代碼
$forum = $db->fetch_first("SELECT t.tid, t.closed,".(defined('SQL_ADD_THREAD') ? SQL_ADD_THREAD : '')." f.*, ff.* $accessadd1 $modadd1, f.fid AS fid
FROM {$tablepre}threads t ....
$tid = $forum['tid'];
$forum = $db->fetch_first("SELECT t.tid, t.closed,".(defined('SQL_ADD_THREAD') ? SQL_ADD_THREAD : '')." f.*, ff.* $accessadd1 $modadd1, f.fid AS fid
FROM {$tablepre}threads t ....
$tid = $forum['tid']; 點評: 如果查詢結(jié)果空$forum將會false�,不做判斷而直接賦值給$tid會出錯,否則就可能要繼續(xù)執(zhí)行到后繼的viewthreads.php中的判斷���,浪費(fèi)系統(tǒng)資源�����。另外viewthreads.php 也未對$tid判斷即以此為條件直接查詢��,徒增DB負(fù)擔(dān)(MySQL會有 ‘Impossible WHERE noticed after reading const tables’ )
FIX: 應(yīng)該查詢結(jié)束后立即對$forum做判斷并設(shè)置一個變量作標(biāo)志再考慮給$tid賦值然后在當(dāng)前頁面最底部判斷����,如果標(biāo)志真則立即輸出404頭直接退出���。
-------------------------------------------------------------------------------------------------------------------------
類型: 未知
坑爹指數(shù): ★★★★
代碼: uc_client/model/note.php=64
Php代碼- foreach((array)$this->apps as $appid => $app) {
- $appid = $app['appid']; <---------??
- if($appid == intval($appid)) {
- if($appids && !in_array($appid, $appids)) {
- $appadd[] = 'app'.$appid."='1'";
- } else {
- $varadd[] = "('noteexists{$appid}', '1')";
- }
- }
- }
- foreach((array)$this->apps as $appid => $app) {
- $appid = $app['appid']; <---------??
- if($appid == intval($appid)) {
- if($appids && !in_array($appid, $appids)) {
- $appadd[] = 'app'.$appid."='1'";
- } else {
- $varadd[] = "('noteexists{$appid}', '1')";
- }
- }
- }
FIX: 以我類人猿的智商估計可能是這樣:
Php代碼- foreach((array)$this->apps as $appid => $app) {
- if(intval($appid) == $app['appid']) { // 幫你精簡一行代碼
- if($appids && !in_array($appid, $appids)) {
- $appadd[] = 'app'.$appid."='1'";
- } else {
- $varadd[] = "('noteexists{$appid}', '1')";
- }
- }
- }
- foreach((array)$this->apps as $appid => $app) {
- if(intval($appid) == $app['appid']) { // 幫你精簡一行代碼
- if($appids && !in_array($appid, $appids)) {
- $appadd[] = 'app'.$appid."='1'";
- } else {
- $varadd[] = "('noteexists{$appid}', '1')";
- }
- }
- }
補(bǔ)充個優(yōu)化PHP的:
如果你的服務(wù)器http server支持Gzip/deflate壓縮�����,那么就使用http serer提供的功能�����,并到后臺���,全局-優(yōu)化設(shè)置-服務(wù)器優(yōu)化把“頁面 Gzip 壓縮”選項設(shè)定為否。
如果設(shè)定“是”�,那么將使用DZ提供的一個gzip PHP插件來實現(xiàn)壓縮頁面。缺點是耗費(fèi)PHP腳本執(zhí)行時間�,對于nginx+php-fpm模式運(yùn)行更容易出現(xiàn)502錯誤。
版權(quán)曾經(jīng)擁有�����,歡迎網(wǎng)上分享
|
免費(fèi)注冊
發(fā)表于 2012-01-13 10:51
