Backend Development
PHP Tutorial
Column selection problem on PHPCMS publishing page_PHP tutorial
Column selection problem on PHPCMS publishing page_PHP tutorial
There is a BUG in the publishing page of PHPCMS. Even if the editor does not have permission to access a certain column, he can still select the column in the column drop-down menu on the publishing page and publish articles to this column. Down. How to fix this BUG? Let's first take a look at how the drop-down menu of the publishing page is generated.
The template file for publishing the page is in /admin/templates/content_add.tpl.php, and its form is output through the following statement:
if(is_array($forminfos['base']))
{
foreach($forminfos['base'] as $field=>$info)
{
}
}
The clue is found, it is the $forminfos array. This array is generated in the file /admin/content.inc.php. Let’s take a look at the generated code:
$data['catid'] = $catid; $data['template'] = isset($template_show) ? $template_show :$MODEL[$modelid]['template_show']; require CACHE_MODEL_PATH.'content_form.class.php'; $content_form = new content_form($modelid); $forminfos = $content_form->get($data);
Printing out the array $forminfos you can find that the code of the drop-down menu is saved in $forminfos['base']['catid']['form']:
<select name="info[catid]" id="catid"><option value="96" >扶贫动态</option><option value="95" >通知公告</option><option value="35" >最新动态</option><option value="36" selected>新闻</option><option value="37" >爱心捐助</option><option value="83" >捐助纪实</option><option value="38" >爱心回馈</option><option value="40" >捐款名单</option><option value="41" >紧急求助</option><option value="73" >帮助中心</option><option value="74" >友情连接</option><option value="43" >对口地区</option><option value="44" >新闻动态</option><option value="45" >援建项目</option><option value="47" >爱心捐助</option><option value="48" >情系三峡</option><option value="50" >新闻专区</option><option value="51" >爱心捐助</option><option value="52" >政策动态</option><option value="53" >结对帮扶</option><option value="54" >援建项目</option><option value="56" >扶贫现状</option><option value="57" >扶助对象</option><option value="58" >新闻动态</option><option value="59" >爱心捐助</option><option value="60" >扶贫项目</option><option value="62" >基金简介</option><option value="64" >募捐情况</option><option value="65" >基金用途</option><option value="66" >账户情况</option><option value="67" >新闻动态</option><option value="68" >义工</option><option value="69" >政策法规</option><option value="87" >顶新闻栏</option><option value="88" >顶新闻栏</option><option value="89" >顶新闻栏</option><option value="98" >顶新闻栏</option><option value="99" >顶新闻栏</option></select><input type="hidden" name="old_catid" value="36"> <a href=\'\' class="jqModal" onclick="$(\'.jqmWindow\').show();"/> [同时发布到其他栏目]</a>
I still speculated. I just need to extract the regular numbers inside, verify the permissions, unset those without permissions, and combine the rest together to regenerate $forminfos['base']['catid'][ 'form'] will do:
$data['catid'] = $catid;
$data['template'] = isset($template_show) ? $template_show :$MODEL[$modelid]['template_show'];
require CACHE_MODEL_PATH.'content_form.class.php';
$content_form = new content_form($modelid);
$forminfos = $content_form->get($data);
// 判断权限
preg_match_all("//", $forminfos['base']['catid']['form'], $matches['str']);
preg_match_all("/[1-9]\d/", $forminfos['base']['catid']['form'], $matches['num']);
foreach($matches['num'][0] as $key=>$value)
{
$allow_manage = $priv_role->check('catid', $matches['num'][0][$key], 'manage');
if(!$allow_manage)
{
unset($matches['num'][0][$key]);
unset($matches['str'][0][$key]);
}
}
foreach($matches['str'][0] as $key=>$value)
{
$opstr .= $matches['str'][0][$key];
}
$forminfos['base']['catid']['form'] = preg_replace('//', $opstr, $forminfos['base']['catid']['form']);
It is highly speculative and is for reference only.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP regular expression validation: number format detection
Mar 21, 2024 am 09:45 AM
PHP regular expression verification: Number format detection When writing PHP programs, it is often necessary to verify the data entered by the user. One of the common verifications is to check whether the data conforms to the specified number format. In PHP, you can use regular expressions to achieve this kind of validation. This article will introduce how to use PHP regular expressions to verify number formats and provide specific code examples. First, let’s look at common number format validation requirements: Integers: only contain numbers 0-9, can start with a plus or minus sign, and do not contain decimal points. floating point
How to validate email address in Golang using regular expression?
May 31, 2024 pm 01:04 PM
To validate email addresses in Golang using regular expressions, follow these steps: Use regexp.MustCompile to create a regular expression pattern that matches valid email address formats. Use the MatchString function to check whether a string matches a pattern. This pattern covers most valid email address formats, including: Local usernames can contain letters, numbers, and special characters: !.#$%&'*+/=?^_{|}~-`Domain names must contain at least One letter, followed by letters, numbers, or hyphens. The top-level domain (TLD) cannot be longer than 63 characters.
How to match timestamps using regular expressions in Go?
Jun 02, 2024 am 09:00 AM
In Go, you can use regular expressions to match timestamps: compile a regular expression string, such as the one used to match ISO8601 timestamps: ^\d{4}-\d{2}-\d{2}T \d{2}:\d{2}:\d{2}(\.\d+)?(Z|[+-][0-9]{2}:[0-9]{2})$ . Use the regexp.MatchString function to check if a string matches a regular expression.
PHP regular expressions: exact matching and exclusion of fuzzy inclusions
Feb 28, 2024 pm 01:03 PM
PHP Regular Expressions: Exact Matching and Exclusion Fuzzy inclusion regular expressions are a powerful text matching tool that can help programmers perform efficient search, replacement and filtering when processing text. In PHP, regular expressions are also widely used in string processing and data matching. This article will focus on how to perform exact matching and exclude fuzzy inclusion operations in PHP, and will illustrate it with specific code examples. Exact match Exact match means matching only strings that meet the exact condition, not any variations or extra words.
How to verify password using regular expression in Go?
Jun 02, 2024 pm 07:31 PM
The method of using regular expressions to verify passwords in Go is as follows: Define a regular expression pattern that meets the minimum password requirements: at least 8 characters, including lowercase letters, uppercase letters, numbers, and special characters. Compile regular expression patterns using the MustCompile function from the regexp package. Use the MatchString method to test whether the input string matches a regular expression pattern.
Chinese character filtering: PHP regular expression practice
Mar 24, 2024 pm 04:48 PM
PHP is a widely used programming language, especially popular in the field of web development. In the process of web development, we often encounter the need to filter and verify text input by users, among which character filtering is a very important operation. This article will introduce how to use regular expressions in PHP to implement Chinese character filtering, and give specific code examples. First of all, we need to clarify that the Unicode range of Chinese characters is from u4e00 to u9fa5, that is, all Chinese characters are in this range.
What framework is phpcms?
Apr 20, 2024 pm 10:51 PM
PHP CMS is a PHP-based open source content management system for managing website content. Its features include ease of use, powerful functionality, scalability, high security, and free open source. It can save time, improve website quality, enhance collaboration and reduce development costs, and is widely used in various websites such as news websites, blogs, corporate websites, e-commerce websites and community forums.
WeChat Login Integration Guide: PHPCMS Practical Combat
Mar 29, 2024 am 09:18 AM
Title: WeChat Login Integration Guide: PHPCMS in Action In today’s Internet era, social login has become one of the essential functions of a website. As one of the most popular social platforms in China, WeChat’s login function is also used by more and more websites. This article will introduce how to integrate the WeChat login function in the PHPCMS website and provide specific code examples. Step 1: Register a WeChat Open Platform Account First, we need to register a developer account on the WeChat Open Platform and apply for the corresponding development permissions. Log in [WeChat open platform]
