--- fenglin/bbs/post_service.php 2025/04/04 07:56:29 1.2 +++ fenglin/bbs/post_service.php 2025/04/07 08:39:42 1.6 @@ -41,6 +41,39 @@ )); } + $r_title = split_line($title, "", 80, 1); + if ($title != $r_title) + { + $result_set["return"]["code"] = -1; + array_push($result_set["return"]["errorFields"], array( + "id" => "title", + "errMsg" => "超长已截断", + "updateValue" => $r_title, + )); + } + + $r_title = check_badwords($title, "****"); + if ($title != $r_title) + { + $result_set["return"]["code"] = -1; + array_push($result_set["return"]["errorFields"], array( + "id" => "title", + "errMsg" => "已过滤", + "updateValue" => $r_title, + )); + } + + $r_content = check_badwords($content, "****"); + if ($content != $r_content) + { + $result_set["return"]["code"] = -1; + array_push($result_set["return"]["errorFields"], array( + "id" => "content", + "errMsg" => "已过滤", + "updateValue" => $r_content, + )); + } + if ($emoji <= 0 || $emoji > $BBS_emoji_count) { $result_set["return"]["code"] = -1; @@ -65,8 +98,8 @@ exit(json_encode($result_set)); } - // Append sign - if ($sign_id > 0) + // Append sign for new post + if ($id == 0 && $sign_id > 0) { $sql = "SELECT sign_" . $sign_id . " AS sign FROM user_pubinfo WHERE UID = " . $_SESSION["BBS_uid"]; $rs = mysqli_query($db_conn, $sql); @@ -92,9 +125,7 @@ $content .= ("\n--\n※作者已于 " . date("Y-m-d H:i:s") . " 修改本文※\n"); } - // Filter badwords and truncate - $title = check_badwords(split_line($title, "", 80, 1)); - $content = check_badwords($content); + // Calculate length of content $length = str_length(LML($content, false, false, 1024)); // Initial variables @@ -365,8 +396,7 @@ // Get upload quota and used space $atta_id_list = "-1"; $attachment_count = (isset($_FILES['attachment']['error']) ? count($_FILES['attachment']['error']) : 0); - - if ($attachment_count >= $BBS_upload_count_limit) + if ($attachment_count > $BBS_upload_count_limit) { $result_set["return"]["code"] = -1; array_push($result_set["return"]["errorFields"], array( @@ -623,9 +653,8 @@ while ($row = mysqli_fetch_array($rs)) { //Send notification message - $msg_content = "[hide]SYS_Reply_Article[/hide]有人回复了您所发表/回复的主题文章,快来". - "[article " . $tid . "#" . $aid . "]看看[/article]《" . $r_title . "》吧!\n"; + "[article $aid]看看[/article]《" . $r_title . "》吧!\n"; $sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip) VALUES($BBS_sys_uid, " . $row["UID"] . ", '" . @@ -731,7 +760,6 @@ } // Set return path - $result_set["return"]["tid"] = $tid; $result_set["return"]["aid"] = $aid; $_SESSION["BBS_last_sub_tm"] = time();