依据版本:oblog 4.60 Final Build090610 (ACCESS)
今天登陆博客系统首页发现“最近热门评论”中所调用的日志竟然有全站加密的日志。查看该标签的源代码并与数据库中的字段对比发现,调用参数的语句不严密。
inc/syscode.asp 第620行
msql=”select top “&n&” topic,logfile,addtime,commentnum,iis,logid,classid,subjectid,author,userid from oblog_log where (IsSpecial = 0 OR IsSpecial IS NULL) And isdraft=0 and passcheck=1 And oblog_log.isdel=0 and (oblog_log.is_log_default_hidden=0 or oblog_log.is_log_default_hidden is null) “
应该修改成为
msql=”select top “&n&” topic,logfile,addtime,commentnum,iis,logid,classid,subjectid,author,userid from oblog_log where (IsSpecial = 0 OR IsSpecial = 0) And isdraft=0 and passcheck=1 And oblog_log.isdel=0 And blog_password=0 and (oblog_log.is_log_default_hidden=0 or oblog_log.is_log_default_hidden is null) “
这样就不会调用到全站加密用户的日志了!