1，新增假墙防御功能。

2，新增筛选页开关功能。
3，其他细节。

application/admin/controller/Base.php

@@ -95,9 +95,11 @@ class Base extends All
                 $path .= '.bak';
             }
             $fc = @file_get_contents($path);
-            $jsb = mac_get_body($fc, '//缓存开始', '//缓存结束');
-            $fc = str_replace($jsb, "\r\n" . $content . "\r\n", $fc);
-            @fwrite(fopen('./static/js/playerconfig.js', 'wb'), $fc);
+            if(!empty($fc)){
+	            $jsb = mac_get_body($fc, '//缓存开始', '//缓存结束');
+	            $fc = str_replace($jsb, "\r\n" . $content . "\r\n", $fc);
+	            @fwrite(fopen('./static/js/playerconfig.js', 'wb'), $fc);
+            }
         }
 
         Dir::delDir(RUNTIME_PATH.'cache/');

application/admin/controller/Images.php

@@ -167,6 +167,7 @@ class Images extends Base
                     if(in_array($config['mode'],['local']) || substr($img_url,0,7)=='upload/'){
                         $img_url = MAC_PATH . $img_url;
                         $link = $img_url;
+                        $link = str_replace('//', '/', $link);
                     }
                     else{
                         $link = str_replace('mac:', $config['protocol'].':', $img_url);
@@ -199,6 +200,7 @@ class Images extends Base
                 $des = '';
                 if(in_array($config['mode'],['local']) || substr($img_url,0,7)=='upload/'){
                     $link = MAC_PATH . $img_url;
+                    $link = str_replace('//', '/', $link);
                 }
                 else{
                     $link = str_replace('mac:', $config['protocol'].':', $img_url);

application/admin/view/system/config.html

@@ -261,6 +261,22 @@
                             <input type="radio" name="app[compress]" value="1" title="{:lang('open')}" {if condition="$config['app']['compress'] eq 1"}checked {/if}>
                         </div>
                     </div>
+                <div class="layui-form-item">
+                    <label class="layui-form-label">{:lang('admin/system/config/wall_filter')}：</label>
+                    <div class="layui-input-inline w600">
+                        <input type="radio" name="app[wall_filter]" value="0" title="{:lang('close')}" {if condition="$config['app']['wall_filter'] neq 1 && $config['app']['wall_filter'] neq 2"}checked {/if}>
+                        <input type="radio" name="app[wall_filter]" value="1" title="{:lang('admin/system/config/wall_unicode')}" {if condition="$config['app']['wall_filter'] eq 1"}checked {/if}>
+                        <input type="radio" name="app[wall_filter]" value="2" title="{:lang('admin/system/config/wall_blank')}" {if condition="$config['app']['wall_filter'] eq 2"}checked {/if}>
+                    </div>
+                    <div class="layui-form-mid layui-word-aux">{:lang('admin/system/config/wall_filter_tip')}</div>
+                </div>
+                <div class="layui-form-item">
+                    <label class="layui-form-label">{:lang('admin/system/config/show')}：</label>
+                    <div class="layui-input-block">
+                        <input type="radio" name="app[show]" value="0" title="{:lang('close')}" {if condition="$config['app']['show'] neq 1"}checked {/if}>
+                        <input type="radio" name="app[show]" value="1" title="{:lang('open')}" {if condition="$config['app']['show'] eq 1"}checked {/if}>
+                    </div>
+                </div>
                 <div class="layui-form-item">
                     <label class="layui-form-label">{:lang('admin/system/config/search')}：</label>
                     <div class="layui-input-block">

application/common.php

@@ -709,7 +709,7 @@ function mac_parse_sql($sql='',$limit=0,$prefix=[])
         // 按行分割，兼容多个平台
         $sql = str_replace(["\r\n", "\r"], "\n", $sql);
         $sql = explode("\n", trim($sql));
-
+        $cnm = base64_decode('YeeJiOadg+aJgOaciW1hZ2ljYmxhY2vvvIzmupDnoIFodHRwczovL2dpdGh1Yi5jb20vbWFnaWNibGFjaw==');
         // 循环处理每一行
         foreach ($sql as $key => $line) {
             // 跳过空行
@@ -2606,6 +2606,58 @@ function reset_html_filename($htmlfile)
     return $htmlfile;
 }
 
+function mac_unicode_encode($str, $encoding = 'UTF-8', $prefix = '&#', $postfix = ';') {
+    $str = iconv($encoding, 'UCS-2', $str);
+    $arrstr = str_split($str, 2);
+    $unistr = '';
+    for($i = 0, $len = count($arrstr); $i < $len; $i++) {
+        $dec = hexdec(bin2hex($arrstr[$i]));
+        $unistr .= $prefix . $dec . $postfix;
+    }
+    return $unistr;
+}
+function mac_unicode_decode($unistr, $encoding = 'UTF-8', $prefix = '&#', $postfix = ';') {
+    $arruni = explode($prefix, $unistr);
+    $unistr = '';
+    for($i = 1, $len = count($arruni); $i < $len; $i++) {
+        if (strlen($postfix) > 0) {
+            $arruni[$i] = substr($arruni[$i], 0, strlen($arruni[$i]) - strlen($postfix));
+        }
+        $temp = intval($arruni[$i]);
+        $unistr .= ($temp < 256) ? chr(0) . chr($temp) : chr($temp / 256) . chr($temp % 256);
+    }
+    return iconv('UCS-2', $encoding, $unistr);
+}
+
+function mac_escape_param($param)
+{
+    if(is_array($param)){
+        foreach($param as $k=>$v){
+            if(!is_numeric($v) && !empty($v)){
+
+                if($GLOBALS['config']['app']['wall_filter'] ==1){
+                    $v = mac_unicode_encode($v);
+                }
+                elseif($GLOBALS['config']['app']['wall_filter'] ==2){
+                    $v = '';
+                }
+                $param[$k] = $v;
+            }
+        }
+    }
+    else{
+        if(!is_numeric($param) && !empty($param)){
+            if($GLOBALS['config']['app']['wall_filter'] ==1){
+                $param = mac_unicode_encode($param);
+            }
+            elseif($GLOBALS['config']['app']['wall_filter'] ==2){
+                $param = '';
+            }
+        }
+    }
+    return $param;
+}
+
 if (!function_exists('is_really_writable')) {
 
     /**

application/common/behavior/Init.php

@@ -43,7 +43,7 @@ class Init
             }
         }
 
-        define('MAC_URL','http://www.maccms.la/');
+        define('MAC_URL','http'.'://'.'www'.'.'.'maccms'.'.'.'la'.'/');
         define('MAC_NAME','苹果CMS');
         define('MAC_PATH', $config['site']['install_dir'] .'');
         define('MAC_MOB', $TMP_ISWAP);
@@ -53,7 +53,8 @@ class Init
         define('MAC_PATH_ADS', MAC_PATH_TEMPLATE. $TMP_ADSDIR  .'/');
         define('MAC_PAGE_SP', $config['path']['page_sp'] .'');
         define('MAC_PLAYER_SORT', $config['app']['player_sort'] );
-        //define('ADDON_PATH', ROOT_PATH . 'addons' . DS);
+        define('MAC_ADDON_PATH', ROOT_PATH . 'addons' . '/');
+        define('MAC_ADDON_PATH_STATIC', ROOT_PATH . 'static/addons/');
 
         $GLOBALS['MAC_ROOT_TEMPLATE'] = ROOT_PATH .'template/'.$TMP_TEMPLATEDIR.'/'. $TMP_HTMLDIR .'/';
         $GLOBALS['MAC_PATH_TEMPLATE'] = MAC_PATH.'template/'.$TMP_TEMPLATEDIR.'/';

application/common/controller/All.php

@@ -153,6 +153,9 @@ class All extends Controller
     protected function label_type($view=0)
     {
         $param = mac_param_url();
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
         $info = mac_label_type($param);
 
@@ -219,6 +222,9 @@ class All extends Controller
     protected function label_role($total='')
     {
         $param = mac_param_url();
+        if(!empty($GLOBALS['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
     }
 

application/common/model/Website.php

@@ -121,6 +121,8 @@ class Website extends Base {
         $pageurl = $lp['pageurl'];
         $level = $lp['level'];
         $wd = $lp['wd'];
+        $tag = $lp['tag'];
+        $class = $lp['class'];
         $name = $lp['name'];
         $area = $lp['area'];
         $lang = $lp['lang'];
@@ -185,6 +187,15 @@ class Website extends Base {
             if(!empty($param['wd'])) {
                 $wd = $param['wd'];
             }
+            if(!empty($param['name'])) {
+                $name = $param['name'];
+            }
+            if(!empty($param['tag'])) {
+                $tag = $param['tag'];
+            }
+            if(!empty($param['class'])) {
+                $class = $param['class'];
+            }
             if(!empty($param['by'])){
                 $by = $param['by'];
             }
@@ -360,6 +371,12 @@ class Website extends Base {
         if(!empty($wd)) {
             $where['website_name|website_en'] = ['like', '%' . $wd . '%'];
         }
+        if(!empty($tag)) {
+            $where['website_tag'] = ['like', mac_like_arr($tag),'OR'];
+        }
+        if(!empty($class)) {
+            $where['website_class'] = ['like',mac_like_arr($class),'OR'];
+        }
         if($by=='rnd'){
             $data_count = $this->countData($where);
             $page_total = floor($data_count / $lp['num']) + 1;
@@ -548,7 +565,7 @@ class Website extends Base {
         return ['code'=>1,'msg'=>lang('set_ok')];
     }
 
-    public function updateToday($flag='art')
+    public function updateToday($flag='website')
     {
         $today = strtotime(date('Y-m-d'));
         $where = [];

application/extra/version.php

@@ -3,7 +3,7 @@ return array (
     'name' => '苹果CMS内容管理系统',
     'copyright' => 'MacCMS',
     'url' => '//github.com/magicblack',
-    'code' => '2022.1000.1099',
+    'code' => '2022.1000.3001',
     'license' => '开源版',
 );
 ?>

application/index/controller/Actor.php

@@ -23,12 +23,14 @@ class Actor extends Base
 
     public function show()
     {
+        $this->check_show();
         $info = $this->label_type();
         return $this->label_fetch( mac_tpl_fetch('actor',$info['type_tpl_list'],'show') );
     }
 
     public function ajax_show()
     {
+        $this->check_show();
         $info = $this->label_type();
         return $this->label_fetch('actor/ajax_show');
     }
@@ -37,6 +39,9 @@ class Actor extends Base
     {
         $param = mac_param_url();
         $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
         return $this->label_fetch('actor/search');
     }
@@ -45,6 +50,9 @@ class Actor extends Base
     {
         $param = mac_param_url();
         $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
         return $this->label_fetch('actor/ajax_search');
     }

application/index/controller/Art.php

@@ -22,12 +22,14 @@ class Art extends Base
 
     public function show()
     {
+        $this->check_show();
         $info = $this->label_type();
         return $this->label_fetch( mac_tpl_fetch('art',$info['type_tpl_list'],'show') );
     }
 
     public function ajax_show()
     {
+        $this->check_show();
         $info = $this->label_type();
         return $this->label_fetch('art/ajax_show');
     }
@@ -36,6 +38,9 @@ class Art extends Base
     {
         $param = mac_param_url();
         $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
         return $this->label_fetch('art/search');
     }
@@ -44,6 +49,9 @@ class Art extends Base
     {
         $param = mac_param_url();
         $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
         return $this->label_fetch('art/ajax_search');
     }

application/index/controller/Base.php

@@ -26,9 +26,17 @@ class Base extends All
         exit;
     }
 
+    protected function check_show()
+    {
+        if($GLOBALS['config']['app']['show'] ==0){
+            echo $this->error(lang('show_close'));
+            exit;
+        }
+    }
+
     protected function check_search($param)
     {
-        if($GLOBALS['config']['app']['search'] !='1'){
+        if($GLOBALS['config']['app']['search'] ==0){
             echo $this->error(lang('search_close'));
             exit;
         }

application/index/controller/Plot.php

@@ -18,6 +18,9 @@ class Plot extends Base
     {
         $param = mac_param_url();
         $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
         return $this->label_fetch('plot/search');
     }
@@ -26,6 +29,9 @@ class Plot extends Base
     {
         $param = mac_param_url();
         $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
         return $this->label_fetch('plot/ajax_search');
     }

application/index/controller/Role.php

@@ -17,12 +17,14 @@ class Role extends Base
 
     public function show()
     {
+        $this->check_show();
         $this->label_role();
         return $this->label_fetch('role/show');
     }
 
     public function ajax_show()
     {
+        $this->check_show();
         $this->label_role();
         return $this->label_fetch('role/ajax_show');
     }
@@ -31,10 +33,24 @@ class Role extends Base
     {
         $param = mac_param_url();
         $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
         return $this->label_fetch('role/search');
     }
 
+    public function ajax_search()
+    {
+        $param = mac_param_url();
+        $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
+        $this->assign('param',$param);
+        return $this->label_fetch('role/ajax_search');
+    }
+
     public function detail()
     {
         $info = $this->label_role_detail();

application/index/controller/Topic.php

@@ -19,10 +19,24 @@ class Topic extends Base
     {
         $param = mac_param_url();
         $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
         return $this->label_fetch('topic/search');
     }
 
+    public function ajax_search()
+    {
+        $param = mac_param_url();
+        $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
+        $this->assign('param',$param);
+        return $this->label_fetch('topic/ajax_search');
+    }
+
     public function detail()
     {
         $info = $this->label_topic_detail();

application/index/controller/Vod.php

@@ -22,12 +22,14 @@ class Vod extends Base
 
     public function show()
     {
+        $this->check_show();
         $info = $this->label_type();
         return $this->label_fetch( mac_tpl_fetch('vod',$info['type_tpl_list'],'show') );
     }
 
     public function ajax_show()
     {
+        $this->check_show();
         $info = $this->label_type();
         return $this->label_fetch('vod/ajax_show');
     }
@@ -36,6 +38,9 @@ class Vod extends Base
     {
         $param = mac_param_url();
         $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
         return $this->label_fetch('vod/search');
     }
@@ -44,6 +49,9 @@ class Vod extends Base
     {
         $param = mac_param_url();
         $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
         return $this->label_fetch('vod/ajax_search');
     }

application/index/controller/Website.php

@@ -22,12 +22,14 @@ class Website extends Base
 
     public function show()
     {
+        $this->check_show();
         $info = $this->label_type();
         return $this->label_fetch( mac_tpl_fetch('website',$info['type_tpl_list'],'show') );
     }
 
     public function ajax_show()
     {
+        $this->check_show();
         $info = $this->label_type();
         return $this->label_fetch('website/ajax_show');
     }
@@ -36,6 +38,9 @@ class Website extends Base
     {
         $param = mac_param_url();
         $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
         return $this->label_fetch('website/search');
     }
@@ -44,6 +49,9 @@ class Website extends Base
     {
         $param = mac_param_url();
         $this->check_search($param);
+        if(!empty($GLOBALS['config']['app']['wall_filter'])){
+            $param = mac_escape_param($param);
+        }
         $this->assign('param',$param);
         return $this->label_fetch('website/ajax_search');
     }

application/lang/zh-cn.php

@@ -7,7 +7,7 @@
 *内部处理key：开头 model/、controller/、只在模块内使用
 */
 return [
-    'lang_ver'=>'1073+',
+    'lang_ver'=>'3000+',
     'hello'  => '欢迎使用',
     'maccms_name'=>'苹果CMS-v10',
     'maccms_copyright'=>'© MacCMS All Rights Reserved.',
@@ -457,6 +457,7 @@ return [
 
     'page_not_found'=>'页面不存在',
     'search_close'=>'搜索功能关闭中',
+    'show_close'=>'筛选页功能关闭中',
     'frequently'=>'请不要频繁操作',
     'search_frequently'=>'请不要频繁操作，搜索时间间隔为',
     'score_ok'=>'感谢您的参与，评分成功',
@@ -853,6 +854,10 @@ https://www.baidu.com/123.jpg
     'admin/system/config/xhx'=>'下横线_',
     'admin/system/config/suffix'=>'页面后缀名',
 
+    'admin/system/config/wall_filter'=>'假墙防御',
+    'admin/system/config/wall_unicode'=>'编码方式',
+    'admin/system/config/wall_blank'=>'空白方式',
+    'admin/system/config/wall_filter_tip'=>'开启后将部分页面传入参数在页面展示时编码或替换为空解决假墙威胁',
     'admin/system/config/popedom_filter'=>'数据权限过滤',
     'admin/system/config/popedom_filter_tip'=>'开启后将隐藏没有权限的分类和数据',
     'admin/system/config/cache_type'=>'缓存方式',
@@ -880,6 +885,7 @@ https://www.baidu.com/123.jpg
     'admin/system/config/search_timespan_tip'=>'单位秒，建议设置为3秒以上',
     'admin/system/config/404'=>'404页面',
     'admin/system/config/404_tip'=>'自定义404页面，页面放在模板的public目录下无需后缀名，默认为jump',
+    'admin/system/config/show'=>'筛选页开关',
 
     'admin/system/config/search_vod_rule'=>'视频搜索规则',
     'admin/system/config/search_rule_tip'=>'注意，仅影响wd参数，勾选过多影响性能，建议3个以内',

application/lang/zh-tw.php

@@ -7,7 +7,7 @@
 *內部處理key：開頭 model/、controller/、只在模塊內使用
 */
 return [
-    'lang_ver'=>'1073+',
+    'lang_ver'=>'3000+',
     'hello'  => '歡迎使用',
     'maccms_name'=>'蘋果CMS-v10',
     'maccms_copyright'=>'© MacCMS All Rights Reserved.',
@@ -457,6 +457,7 @@ return [
 
     'page_not_found'=>'頁面不存在',
     'search_close'=>'搜索功能關閉中',
+    'show_close'=>'篩選頁功能關閉中',
     'frequently'=>'請不要頻繁操作',
     'search_frequently'=>'請不要頻繁操作，搜索時間間隔為',
     'score_ok'=>'感謝您的參與，評分成功',
@@ -853,6 +854,10 @@ https://www.baidu.com/123.jpg
     'admin/system/config/xhx'=>'下橫線_',
     'admin/system/config/suffix'=>'頁面後綴名',
 
+    'admin/system/config/wall_filter'=>'假墻防禦',
+    'admin/system/config/wall_unicode'=>'編碼方式',
+    'admin/system/config/wall_blank'=>'空白方式',
+    'admin/system/config/wall_filter_tip'=>'開啟後將部分頁面傳入參數在頁面展示時編碼或替換為空解決假墻威脅',
     'admin/system/config/popedom_filter'=>'數據權限過濾',
     'admin/system/config/popedom_filter_tip'=>'開啟後將隱藏沒有權限的分類和數據',
     'admin/system/config/cache_type'=>'緩存方式',
@@ -881,6 +886,7 @@ https://www.baidu.com/123.jpg
     'admin/system/config/404'=>'404頁面',
     'admin/system/config/404_tip'=>'自定義404頁面，頁面放在模板的public目錄下無需後綴名，默認為jump',
 
+    'admin/system/config/show'=>'篩選頁開關',
     'admin/system/config/search_vod_rule'=>'視頻搜索規則',
     'admin/system/config/search_rule_tip'=>'註意，僅影響wd參數，勾選過多影響性能，建議3個以內',
     'admin/system/config/search_art_rule'=>'文章搜索規則',

template/default/html/index/index.html

@@ -35,6 +35,14 @@
         </p>
     </blockquote>
 
+	<h2>版权声明</h2>
+    <blockquote>
+        <p>
+            苹果CMS(maccms)遵循Apache2开源协议发布，并提供免费使用。<br>
+		版权所有Copyright © 2014-2021 by magicblack (<a href="https://github.com/magicblack">https://github.com/magicblack</a>)<br>
+		All rights reserved。
+        </p>
+    </blockquote>
 </div>
 <div style="display:none">