fix email encode and format

2026-04-03 14:10:57 +08:00 · 2021-02-02 20:27:37 +08:00
parent 487d1a7948
commit dfaf0a9015
22 changed files with 235 additions and 71 deletions
--- a/README.md
+++ b/README.md
@@ -1,2 +1,2 @@
 ## Doc
-Visit [here](http://doc.nexusphp.cn/)
+Visit [here](http://doc.nexusphp.org/)
--- a/include/functions.php
+++ b/include/functions.php
@@ -1432,7 +1432,7 @@ function sent_mail($to,$fromname,$fromemail,$subject,$body,$type = "confirmation
        $message = (new Swift_Message($subject))
            ->setFrom($fromemail, $fromname)
            ->setTo([$to])
-            ->setBody($body)
+            ->setBody($body, 'text/html')
        ;

        // Send the message
@@ -2016,14 +2016,23 @@ function mkglobal($vars) {
 	return 1;
 }

-function tr($x,$y,$noesc=0,$relation='') {
+function tr($x,$y,$noesc=0,$relation='', $return = false) {
 	if ($noesc)
 	$a = $y;
 	else {
 		$a = htmlspecialchars($y);
 		$a = str_replace("\n", "<br />\n", $a);
 	}
-	print("<tr".( $relation ? " relation = \"$relation\"" : "")."><td class=\"rowhead nowrap\" valign=\"top\" align=\"right\">$x</td><td class=\"rowfollow\" valign=\"top\" align=\"left\">".$a."</td></tr>\n");
+//	$result = ("<tr".( $relation ? " relation = \"$relation\"" : "")."><td class=\"rowhead nowrap\" valign=\"top\" align=\"right\">$x</td><td class=\"rowfollow\" valign=\"top\" align=\"left\">".$a."</td></tr>\n");
+	$result = sprintf(
+	        '<tr%s><td class="rowhead nowrap" valign="top" align="right">%s</td><td class="rowfollow" valign="top" align="left">%s</td></tr>',
+            $relation ? sprintf(' relation="%s"', $relation) : '',
+            $x, $a
+    );
+	if ($return) {
+	    return $result;
+    }
+	print $result;
 }

 function tr_small($x,$y,$noesc=0,$relation='') {
--- a/public/cheaterbox.php
+++ b/public/cheaterbox.php
@@ -10,15 +10,15 @@ if (get_user_class() < $staffmem_class)


 if (!empty($_POST['setdealt'])) {
-	$res = sql_query ("SELECT id FROM cheaters WHERE dealtwith=0 AND id IN (" . implode(", ", $_POST[delcheater]) . ")");
+	$res = sql_query ("SELECT id FROM cheaters WHERE dealtwith=0 AND id IN (" . implode(", ", $_POST['delcheater']) . ")");
 	while ($arr = mysql_fetch_assoc($res))
-		sql_query ("UPDATE cheaters SET dealtwith=1, dealtby = $CURUSER[id] WHERE id = $arr[id]") or sqlerr();
+		sql_query ("UPDATE cheaters SET dealtwith=1, dealtby = {$CURUSER['id']} WHERE id = {$arr['id']}") or sqlerr();
 	$Cache->delete_value('staff_new_cheater_count');
 }
 elseif (!empty($_POST['delete'])) {
-	$res = sql_query ("SELECT id FROM cheaters WHERE id IN (" . implode(", ", $_POST[delcheater]) . ")");
+	$res = sql_query ("SELECT id FROM cheaters WHERE id IN (" . implode(", ", $_POST['delcheater']) . ")");
 	while ($arr = mysql_fetch_assoc($res))
-		sql_query ("DELETE from cheaters WHERE id = $arr[id]") or sqlerr();
+		sql_query ("DELETE from cheaters WHERE id = {$arr['id']}") or sqlerr();
 	$Cache->delete_value('staff_new_cheater_count');
 }

--- a/public/cheaters.php
+++ b/public/cheaters.php
@@ -24,7 +24,7 @@ if (!is_valid_user_class($class-2)) $class = '';
 $ratio = @$_GET['r'];
 if (!is_valid_id($ratio) && $ratio>=1 && $ratio<=7) $ratio = '';

-echo '<center><form method="get" action="'.$_SERVER["PHP_SELF"].'">';
+echo '<center><form method="get" action="'.$_SERVER["REQUEST_URI"].'">';
 begin_table();

 echo '<tr><th colspan="4">Important</th></tr><tr><td colspan="4" class="left">';
--- a/public/confirm_resend.php
+++ b/public/confirm_resend.php
@@ -82,7 +82,7 @@ http://$BASEURL/confirm_resend.php
 {$lang_confirm_resend['mail_five']}
 EOD;
 		
-	sent_mail($email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"signup",false,false,'',get_email_encode(get_langfolder_cookie()));
+	sent_mail($email,$SITENAME,$SITEEMAIL,$title,$body,"signup",false,false,'');
 	header("Location: " . get_protocol_prefix() . "$BASEURL/ok.php?type=signup&email=" . rawurlencode($email));
 }
 else
--- a/public/forummanage.php
+++ b/public/forummanage.php
@@ -49,7 +49,7 @@ elseif (isset($_POST['action']) && $_POST['action'] == "editforum") {
 	else{
 		sql_query("DELETE FROM forummods WHERE forumid=".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
 	}
-	sql_query("UPDATE forums SET sort = '" . $_POST['sort'] . "', name = " . sqlesc($_POST['name']). ", description = " . sqlesc($_POST['desc']). ", forid = ".sqlesc(($_POST['overforums'])).", minclassread = '" . $_POST['readclass'] . "', minclasswrite = '" . $_POST['writeclass'] . "', minclasscreate = '" . $_POST['createclass'] . "' where id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
+	sql_query("UPDATE forums SET sort = " . sqlesc($_POST['sort']) . ", name = " . sqlesc($_POST['name']). ", description = " . sqlesc($_POST['desc']). ", forid = ".sqlesc(($_POST['overforums'])).", minclassread = " . sqlesc($_POST['readclass']) . ", minclasswrite = " . sqlesc($_POST['writeclass']) . ", minclasscreate = " . sqlesc($_POST['createclass']) . " where id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
 	$Cache->delete_value('forums_list');
 	$Cache->delete_value('forum_moderator_array');
 	header("Location: forummanage.php");
@@ -64,7 +64,7 @@ elseif (isset($_POST['action']) && $_POST['action'] == "addforum") {
 		header("Location: " . get_protocol_prefix() . "$BASEURL/forummanage.php");
 		die();
 	}
-	sql_query("INSERT INTO forums (sort, name,  description, minclassread,  minclasswrite, minclasscreate, forid) VALUES(" . $_POST['sort'] . ", " . sqlesc($_POST['name']). ", " . sqlesc($_POST['desc']). ", " . $_POST['readclass'] . ", " . $_POST['writeclass'] . ", " . $_POST['createclass'] . ", ".sqlesc(($_POST['overforums'])).")") or sqlerr(__FILE__, __LINE__);
+	sql_query("INSERT INTO forums (sort, name,  description, minclassread,  minclasswrite, minclasscreate, forid) VALUES(" . sqlesc($_POST['sort']) . ", " . sqlesc($_POST['name']). ", " . sqlesc($_POST['desc']). ", " . sqlesc($_POST['readclass']) . ", " . sqlesc($_POST['writeclass']) . ", " . sqlesc($_POST['createclass']) . ", ".sqlesc(($_POST['overforums'])).")") or sqlerr(__FILE__, __LINE__);
 	$Cache->delete_value('forums_list');
 	if ($_POST["moderator"]){
 	$id = mysql_insert_id();
--- a/public/ipsearch.php
+++ b/public/ipsearch.php
@@ -54,7 +54,7 @@ else
 	begin_main_frame();

 	print("<h1 align=\"center\">".$lang_ipsearch['text_search_ip_history']."</h1>\n");
-	print("<form method=\"get\" action=\"".$_SERVER['PHP_SELF']."\">");
+	print("<form method=\"get\" action=\"\">");
 	print("<table align=center border=1 cellspacing=0 width=115 cellpadding=5>\n");
 	tr($lang_ipsearch['row_ip']."<font color=red>*</font>", "<input type=\"text\" name=\"ip\" size=\"40\" value=\"".htmlspecialchars($ip)."\" />", 1);
 	tr("<nobr>".$lang_ipsearch['row_subnet_mask']."</nobr>", "<input type=\"text\" name=\"mask\" size=\"40\" value=\"" . htmlspecialchars($mask) . "\" />", 1);
@@ -85,7 +85,7 @@ GROUP BY u.id
 	$page = intval($_GET["page"] ?? 0);
 	$perpage = 20;

-	list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "$_SERVER[PHP_SELF]?ip=$ip&mask=$mask&order=$order&");
+	list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "{$_SERVER['PHP_SELF']}?ip=$ip&mask=$mask&order=$order&");

 	if ($order == "added")
 		$orderby = "added DESC";
--- a/public/linksmanage.php
+++ b/public/linksmanage.php
@@ -4,7 +4,7 @@ dbconn();
 require_once(get_langfile_path());
 loggedinorreturn();
 //start apply for links
-if ($_GET['action'] == "apply")
+if (isset($_GET['action']) && $_GET['action'] == "apply")
 {
 if (get_user_class() >= $applylink_class){
 stdhead($lang_linksmanage['head_apply_for_links']);
@@ -38,7 +38,7 @@ begin_frame($lang_linksmanage['text_apply_for_links'], true,10,"100%","center");
 }
 else permissiondenied();
 }
-elseif ($_POST['action'] == "newapply")
+elseif (isset($_POST['action']) && $_POST['action'] == "newapply")
 {
 if (get_user_class() >= $applylink_class){
 $sitename = unesc($_POST["linkname"]);
@@ -80,7 +80,7 @@ else permissiondenied();
 elseif (get_user_class() < $linkmanage_class)
 	permissiondenied();
 else{
-if ($_GET['action'] == "del") {
+if (isset($_GET['action']) && $_GET['action'] == "del") {
 $id = intval($_GET['id'] ?? 0);
 if (!$id) { header("Location: linksmanage.php"); die();}
 $result = sql_query ("SELECT * FROM links where id = '".$id."'");
@@ -93,18 +93,18 @@ header("Location: linksmanage.php");
 die();
 }

-if ($_POST['action'] == "editlink") {
+if (isset($_POST['action']) && $_POST['action'] == "editlink") {
 	$name = ($_POST['linkname']);
 	$url = ($_POST['url']);
 	$title = ($_POST['title']);
 if (!$name && !$url && !$title) { header("Location: linksmanage.php"); die();}
-	sql_query("UPDATE links SET name = ".sqlesc($_POST['linkname']).", url = ".sqlesc($_POST['url']).", title = ".sqlesc($_POST['title'])." WHERE id = '".$_POST['id']."'") or sqlerr(__FILE__, __LINE__);
+	sql_query("UPDATE links SET name = ".sqlesc($_POST['linkname']).", url = ".sqlesc($_POST['url']).", title = ".sqlesc($_POST['title'])." WHERE id = ".sqlesc($_POST['id'])) or sqlerr(__FILE__, __LINE__);
 	$Cache->delete_value('links');
 header("Location: linksmanage.php");
 die();
 }

-if ($_POST['action'] == "add")
+if (isset($_POST['action']) && $_POST['action'] == "add")
 {
 	if ($_POST["linkname"] == "" || $_POST["url"] == "" || $_POST["title"] == "")
 	stderr($lang_linksmanage['std_error'], $lang_linksmanage['std_missing_form_data']);
@@ -142,12 +142,12 @@ echo "<tr><td class=colhead align=left>".$lang_linksmanage['text_site_name']."</
 $result = sql_query ("SELECT * FROM links ORDER BY id ASC");
 if ($row = mysql_fetch_array($result)) {
 do {
-echo "<tr><td>".$row["name"]."</td><td>".$row["url"]."</td><td>".$row["title"]. "</td><td align=center nowrap><b><a href=\"".$PHP_SELF."?action=edit&id=".$row["id"]."\">".$lang_linksmanage['text_edit']."</a>&nbsp;|&nbsp;<a href=\"javascript:confirm_delete('".$row["id"]."', '".$lang_linksmanage['js_sure_to_delete_link']."', '');\"><font color=red>".$lang_linksmanage['text_delete']."</font></a></b></td></tr>";
+echo "<tr><td>".$row["name"]."</td><td>".$row["url"]."</td><td>".$row["title"]. "</td><td align=center nowrap><b><a href=\"?action=edit&id=".$row["id"]."\">".$lang_linksmanage['text_edit']."</a>&nbsp;|&nbsp;<a href=\"javascript:confirm_delete('".$row["id"]."', '".$lang_linksmanage['js_sure_to_delete_link']."', '');\"><font color=red>".$lang_linksmanage['text_delete']."</font></a></b></td></tr>";
 } while($row = mysql_fetch_array($result));
 } else {print "<tr><td colspan=4>".$lang_linksmanage['text_no_links_found']."</td></tr>";}
 echo "</table>";
 ?>
-<?php if ($_GET['action'] == "edit") {
+<?php if (isset($_GET['action']) && $_GET['action'] == "edit") {
 $id = intval($_GET["id"] ?? 0);
 $result = sql_query ("SELECT * FROM links where id = ".sqlesc($id));
 if ($row = mysql_fetch_array($result)) {
--- a/public/location.php
+++ b/public/location.php
@@ -17,14 +17,14 @@ if($sure == "yes") {
 	$delid = $_GET['delid'];
 	$query = "DELETE FROM locations WHERE id=" .sqlesc($delid) . " LIMIT 1";
 	$sql = sql_query($query);
-	echo("Location successfuly removed, click <a class=altlink href=" . $_SERVER['PHP_SELF'] .">here</a> to go back.");
+	echo("Location successfuly removed, click <a class=altlink href=" . $_SERVER['REQUEST_URI'] .">here</a> to go back.");
 	end_frame();
 	stdfoot();
 	die();
 }
 $delid = intval($_GET['delid'] ?? 0);
 if($delid > 0) {
-	echo("Are you sure you would like to delete this Location?( <strong><a href='". $_SERVER['PHP_SELF'] . "?delid=$delid&sure=yes'>Yes!</a></strong> / <strong><a href='". $_SERVER['PHP_SELF'] . "'>No</a></strong> )");
+	echo("Are you sure you would like to delete this Location?( <strong><a href='". $_SERVER['REQUEST_URI'] . "?delid=$delid&sure=yes'>Yes!</a></strong> / <strong><a href='". $_SERVER['REQUEST_URI'] . "'>No</a></strong> )");
 	end_frame();
 	stdfoot();
 	die();
@@ -52,7 +52,7 @@ if($edited == 1) {
 			$sql = sql_query($query) or sqlerr(__FILE__, __LINE__);
 			if($sql) 
 			{
-				stdmsg("Success!","Location has been edited, click <a class=altlink href=" . $_SERVER['PHP_SELF'] .">here</a> to go back");
+				stdmsg("Success!","Location has been edited, click <a class=altlink href=" . $_SERVER['REQUEST_URI'] .">here</a> to go back");
 				stdfoot();
 				die();
 			}
@@ -83,7 +83,7 @@ if($editid > 0) {
 	$theory_downspeed = $row['theory_downspeed'];
 	$practical_downspeed = $row['practical_downspeed'];

-	echo("<form name='form1' method='get' action='" . $_SERVER['PHP_SELF'] . "'>");
+	echo("<form name='form1' method='get' action='" . $_SERVER['REQUEST_URI'] . "'>");
 	echo("<input type='hidden' name='id' value='$editid'><table class=main cellspacing=0 cellpadding=5 width=50%>");
 	echo("<tr><td class=colhead align=center colspan=2>Editing Locations</td><input type='hidden' name='edited' value='1'></tr>");
 	echo("<tr><td class=rowhead>Name:</td><td class=rowfollow align=left><input type='text' size=10 name='name' value='$name'></td></tr>");
@@ -137,7 +137,7 @@ if($add == 'true') {

 }

-echo("<form name='form1' method='get' action='" . $_SERVER['PHP_SELF'] . "'>");
+echo("<form name='form1' method='get' action='" . $_SERVER['REQUEST_URI'] . "'>");
 echo("<table class=main cellspacing=0 cellpadding=5 width=48% align= left>");
 echo("<tr><td class=colhead align=center colspan=2>Add New Locations</td></tr>");
 echo("<tr><td class=rowhead>Name:</td><td class=rowfollow align=left><input type='text' size=10 name='name'></td></tr>");
@@ -157,7 +157,7 @@ echo("</form>");
 $range_start_ip = $_GET['range_start_ip'] ?? '';
 $range_end_ip = $_GET['range_end_ip'] ?? '';

-echo("<form name='form2' method='get' action='" . $_SERVER['PHP_SELF'] . "'>");
+echo("<form name='form2' method='get' action='" . $_SERVER['REQUEST_URI'] . "'>");
 echo("<table class=main cellspacing=0 cellpadding=5 width=48% align=right>");
 echo("<tr><td class=colhead align=center colspan=2>Check IP Range</td></tr>");
 echo("<tr><td class=rowhead><nobr>Start IP:</nobr></td><td class=rowfollow align=left><input type='text' size=30 name='range_start_ip' value='" . $range_start_ip . "'></td></tr>");
@@ -233,8 +233,8 @@ while ($row = mysql_fetch_array($sql)) {
 	"<td class=rowfollow align=left>$practical_upspeed</td>" .
 	"<td class=rowfollow align=left>$theory_downspeed</td>" .
 	"<td class=rowfollow align=left>$practical_downspeed</td>" .
-	"<td class=rowfollow align=center><a href='" . $_SERVER['PHP_SELF'] . "?editid=$id'>Edit</a></td>".
-	"<td class=rowfollow align=center><a href='" . $_SERVER['PHP_SELF'] . "?delid=$id'>Remove</a></td>" .
+	"<td class=rowfollow align=center><a href='" . $_SERVER['REQUEST_URI'] . "?editid=$id'>Edit</a></td>".
+	"<td class=rowfollow align=center><a href='" . $_SERVER['REQUEST_URI'] . "?delid=$id'>Remove</a></td>" .
 	"</tr>");
 }
 print("</table>");
--- a/public/log.php
+++ b/public/log.php
@@ -32,7 +32,7 @@ function searchtable($title, $action, $opts = array()){
 		global $lang_log;
 		print("<table border=1 cellspacing=0 width=940 cellpadding=5>\n");
 		print("<tr><td class=colhead align=left>".$title."</td></tr>\n");
-		print("<tr><td class=toolbox align=left><form method=\"get\" action='" . $_SERVER['PHP_SELF'] . "'>\n");
+		print("<tr><td class=toolbox align=left><form method=\"get\" action='" . $_SERVER['REQUEST_URI'] . "'>\n");
 		print("<input type=\"text\" name=\"query\" style=\"width:500px\" value=\"".($_GET['query'] ?? '')."\">\n");
 		if ($opts) {
 			print($lang_log['text_in']."<select name=search>");
@@ -49,7 +49,7 @@ function additem($title, $action){
 		global $lang_log;
 		print("<table border=1 cellspacing=0 width=940 cellpadding=5>\n");
 		print("<tr><td class=colhead align=left>".$title."</td></tr>\n");
-		print("<tr><td class=toolbox align=left><form method=\"post\" action='" . $_SERVER['PHP_SELF'] . "'>\n");
+		print("<tr><td class=toolbox align=left><form method=\"post\" action='" . $_SERVER['REQUEST_URI'] . "'>\n");
 		print("<textarea name=\"txt\" style=\"width:500px\" rows=\"3\" >".$title."</textarea>\n");
 		print("<input type=\"hidden\" name=\"action\" value=".$action.">");
 		print("<input type=\"hidden\" name=\"do\" value=\"add\">");
@@ -63,7 +63,7 @@ function edititem($title, $action, $id){
 		if ($row = mysql_fetch_array($result)) {
 		print("<table border=1 cellspacing=0 width=940 cellpadding=5>\n");
 		print("<tr><td class=colhead align=left>".$title."</td></tr>\n");
-		print("<tr><td class=toolbox align=left><form method=\"post\" action='" . $_SERVER['PHP_SELF'] . "'>\n");
+		print("<tr><td class=toolbox align=left><form method=\"post\" action='" . $_SERVER['REQUEST_URI'] . "'>\n");
 		print("<textarea name=\"txt\" style=\"width:500px\" rows=\"3\" >".$row["txt"]."</textarea>\n");
 		print("<input type=\"hidden\" name=\"action\" value=".$action.">");
 		print("<input type=\"hidden\" name=\"do\" value=\"update\">");
@@ -209,7 +209,7 @@ else {
 			while ($arr = mysql_fetch_assoc($res))
 			{
 				$date = gettime($arr['added'],true,false);
-				print("<tr><td class=rowfollow align=center><nobr>$date</nobr></td><td class=rowfollow align=left>".format_comment($arr["txt"],true,false,true)."</td>".(get_user_class() >= $chrmanage_class ? "<td align=center nowrap><b><a href=\"".$_SERVER['PHP_SELF']."?action=chronicle&do=edit&id=".$arr["id"]."\">".$lang_log['text_edit']."</a>&nbsp;|&nbsp;<a href=\"".$_SERVER['PHP_SELF']."?action=chronicle&do=del&id=".$arr["id"]."\"><font color=red>".$lang_log['text_delete']."</font></a></b></td>" : "")."</tr>\n");
+				print("<tr><td class=rowfollow align=center><nobr>$date</nobr></td><td class=rowfollow align=left>".format_comment($arr["txt"],true,false,true)."</td>".(get_user_class() >= $chrmanage_class ? "<td align=center nowrap><b><a href=\"".$_SERVER['REQUEST_URI']."?action=chronicle&do=edit&id=".$arr["id"]."\">".$lang_log['text_edit']."</a>&nbsp;|&nbsp;<a href=\"".$_SERVER['REQUEST_URI']."?action=chronicle&do=del&id=".$arr["id"]."\"><font color=red>".$lang_log['text_delete']."</font></a></b></td>" : "")."</tr>\n");
 			}
 			print("</table>");
 			echo $pagerbottom;
--- a/public/massmail.php
+++ b/public/massmail.php
@@ -8,6 +8,9 @@ $class = intval($_POST["class"] ?? 0);
 	if ($class)
 		int_check($class,true);
 $or = $_POST["or"] ?? '';
+if (!in_array($or, ["<", ">", "=", "<=", ">="], true)) {
+    stderr("Error", "Invalid symbol!");
+}

 if ($_SERVER["REQUEST_METHOD"] == "POST")
 {
--- a/public/messages.php
+++ b/public/messages.php
@@ -677,7 +677,7 @@ $res = sql_query('SELECT * FROM pmboxes WHERE userid=' . sqlesc($CURUSER['id'])
 $place = $_GET['place'] ?? '';
 ?>
 <form action="messages.php" method="get">
-<input type="hidden" name="action" value="viewmailbox"><?php echo $lang_messages['text_search'] ?>&nbsp;&nbsp;<input id="searchinput" name="keyword" type="text" value="<?php echo $_GET['keyword'] ?? ''?>" style="width: 200px"/>
+<input type="hidden" name="action" value="viewmailbox"><?php echo $lang_messages['text_search'] ?>&nbsp;&nbsp;<input id="searchinput" name="keyword" type="text" value="<?php echo htmlspecialchars($_GET['keyword'] ?? '')?>" style="width: 200px"/>
 <?php echo $lang_messages['text_in'] ?>&nbsp;<select name="place">
 <option value="both" <?php echo ($place == 'both' ? " selected" : "")?>><?php echo $lang_messages['select_both'] ?></option>
 <option value="title" <?php echo ($place == 'title' ? " selected" : "")?>><?php echo $lang_messages['select_title'] ?></option>
--- a/public/nowarn.php
+++ b/public/nowarn.php
@@ -21,16 +21,16 @@ if (!empty($_POST["usernw"]))
 {
 $msg = sqlesc("Your Warning Has Been Removed By: " . $CURUSER['username'] . ".");
 $added = sqlesc(date("Y-m-d H:i:s"));
-$userid = implode(", ", $_POST[usernw]);
+$userid = implode(", ", $_POST['usernw']);
 //sql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);

-$r = sql_query("SELECT modcomment FROM users WHERE id IN (" . implode(", ", $_POST[usernw]) . ")")or sqlerr(__FILE__, __LINE__);
+$r = sql_query("SELECT modcomment FROM users WHERE id IN (" . implode(", ", $_POST['usernw']) . ")")or sqlerr(__FILE__, __LINE__);
 $user = mysql_fetch_array($r);
 $exmodcomment = $user["modcomment"];
 $modcomment = date("Y-m-d") . " - Warning Removed By " . $CURUSER['username'] . ".\n". $modcomment . $exmodcomment;
-sql_query("UPDATE users SET modcomment=" . sqlesc($modcomment) . " WHERE id IN (" . implode(", ", $_POST[usernw]) . ")") or sqlerr(__FILE__, __LINE__);
+sql_query("UPDATE users SET modcomment=" . sqlesc($modcomment) . " WHERE id IN (" . implode(", ", $_POST['usernw']) . ")") or sqlerr(__FILE__, __LINE__);

-$do="UPDATE users SET warned='no', warneduntil=null WHERE id IN (" . implode(", ", $_POST[usernw]) . ")";
+$do="UPDATE users SET warned='no', warneduntil=null WHERE id IN (" . implode(", ", $_POST['usernw']) . ")";
 $res=sql_query($do);}

 if (!empty($_POST["desact"])){
--- a/public/recover.php
+++ b/public/recover.php
@@ -54,7 +54,8 @@ http://$BASEURL/recover.php?id={$arr["id"]}&secret=$hash
 {$lang_recover['mail_four']}
 EOD;

-	sent_mail($arr["email"],$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"confirmation",true,false,'',get_email_encode(get_langfolder_cookie()));
+//	sent_mail($arr["email"],$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"confirmation",true,false,'',get_email_encode(get_langfolder_cookie()));
+	sent_mail($arr["email"],$SITENAME,$SITEEMAIL,$title,$body,"confirmation",true,false,'');

 }
 elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]) && isset($_GET["secret"]))
@@ -97,12 +98,11 @@ elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]
 <b><a href="javascript:void(null)" onclick="window.open('http://$BASEURL/login.php')">{$lang_recover['mail_here']}</a></b>
 {$lang_recover['mail_three_1']}
 <b><a href="http://www.google.com/support/bin/answer.py?answer=23852" target='_blank'>{$lang_confirm_resend['mail_google_answer']}</a></b>
-{$lang_recover['mail_three_2']}
 {$lang_recover['mail_two_four']}

 EOD;

-	sent_mail($email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"details",true,false,'',get_email_encode(get_langfolder_cookie()));
+	sent_mail($email,$SITENAME,$SITEEMAIL,$title,$body,"details",true,false,'');

 }
 else
--- a/public/searchsuggest.php
+++ b/public/searchsuggest.php
@@ -6,7 +6,7 @@ if (isset($_GET['q']) && $_GET['q'] != '')
 	$searchstr = trim($_GET['q']);
 	
 	$suggest_query = sql_query("SELECT keywords AS suggest, COUNT(*) AS count FROM suggest WHERE keywords LIKE " . sqlesc($searchstr . "%")." GROUP BY keywords ORDER BY count DESC, keywords DESC LIMIT 10");
-	$result = array($searchstr, array(), array());
+	$result = array(htmlspecialchars($searchstr), array(), array());
 	while($suggest = mysql_fetch_array($suggest_query)){
 		if (strlen($suggest['suggest']) > 25) continue;
 		$result[1][] = $suggest['suggest'];
--- a/public/settings.php
+++ b/public/settings.php
@@ -294,6 +294,64 @@ elseif ($action == 'securitysettings')	//security settings
 	tr($lang_settings['row_max_ips'],"<input type='text' style=\"width: 300px\" name=maxip value='" . ($SECURITY["maxip"] ? $SECURITY["maxip"] : "1")."'> ".$lang_settings['text_max_ips_note'], 1);
 	tr($lang_settings['row_max_login_attemps'],"<input type='text' style=\"width: 300px\" name=maxloginattempts value='" . ($SECURITY["maxloginattempts"] ? $SECURITY["maxloginattempts"] : "7")."'> ".$lang_settings['text_max_login_attemps_note'], 1);

+	$guestVisitRadios = [
+		[
+			'label' => '正常',
+			'value' => 'normal',
+		],
+		[
+			'label' => '展示指定页面',
+			'value' => 'static-page',
+			'target' => [
+				'type' => 'select',
+				'label' => '指定页面路径',
+				'options' => glob(ROOT_PATH . 'resources/static-pages/*'),
+			],
+		],
+		[
+			'label' => '展示自定义内容',
+			'value' => 'custom-content',
+			'target' => [
+				'type' => 'textarea',
+				'label' => '自定义内容',
+			],
+		],
+		[
+			'label' => '重定向到指定 URL',
+			'value' => 'redirect',
+			'target' => [
+				'type' => 'input',
+				'label' => '指定 URL',
+			],
+		],
+	];
+	$guestVisitHtmlArr = [];
+	$guestVisitTargetHtmlArr = [];
+	foreach($guestVisitRadios as $value) {
+		$guestVisitHtmlArr[] = sprintf(
+			'<label><input type="radio" name="guest_visit_type" value="%s" onclick="">%s</label>',
+			$value['value'], $value['label']
+		);
+		if (!empty($value['target']['type'])) {
+			$targetType = $value['target']['type'];
+			if ($targetType == 'input') {
+				$input = sprintf('<input type="text" name="guest_visit_value_%s" value="" style="width: 300px" />', $value['value']);
+				$guestVisitTargetHtmlArr[] = tr($value['target']['label'], $input, 1, '', true);
+			} elseif ($targetType == 'textarea') {
+
+			} elseif ($targetType == 'select') {
+				$select = sprintf('<select name="guest_visit_value_%s">', $value['value']);
+				foreach ($value['target']['options'] as $option) {
+					$select .= sprintf('<option value="%s">%s</option>', basename($option),  basename($option));
+				}
+				$select .= '</select>';
+				$guestVisitTargetHtmlArr[] = tr($value['target']['label'], $select, 1, '', true);
+			}
+		}
+	}
+	tr("游客访问", implode('<br/>', $guestVisitHtmlArr), 1);
+	print implode('', $guestVisitTargetHtmlArr);
+
 	tr($lang_settings['row_save_settings'],"<input type='submit' name='save' value='".$lang_settings['submit_save_settings']."'>", 1);
 	print ("</form>");
 }
--- a/public/shoutbox.php
+++ b/public/shoutbox.php
@@ -17,7 +17,7 @@ $refresh = ($CURUSER['sbrefresh'] ? $CURUSER['sbrefresh'] : 120)
 ?>
 <html><head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-<meta http-equiv="Refresh" content="<?php echo $refresh?>; url=<?php echo get_protocol_prefix() . $BASEURL?>/shoutbox.php?type=<?php echo $where?>">
+<meta http-equiv="Refresh" content="<?php echo $refresh?>; url=<?php echo get_protocol_prefix() . $BASEURL?>/shoutbox.php?type=<?php echo htmlspecialchars($where)?>">
 <link rel="stylesheet" href="<?php echo get_font_css_uri()?>" type="text/css">
 <link rel="stylesheet" href="<?php echo get_css_uri()."theme.css"?>" type="text/css">
 <link rel="stylesheet" href="styles/curtain_imageresizer.css" type="text/css">
--- a/public/staffbox.php
+++ b/public/staffbox.php
@@ -130,13 +130,13 @@ if ($action == "answermessage") {

        int_check($receiver,true);

-        $res = sql_query("SELECT * FROM users WHERE id=$receiver") or die(mysql_error());
+        $res = sql_query("SELECT * FROM users WHERE id=" . sqlesc($receiver)) or die(mysql_error());
        $user = mysql_fetch_assoc($res);

        if (!$user)
   		stderr($lang_staffbox['std_error'], $lang_staffbox['std_no_user_id']);

-        $res2 = sql_query("SELECT * FROM staffmessages WHERE id=$answeringto") or die(mysql_error());
+        $res2 = sql_query("SELECT * FROM staffmessages WHERE id=" . sqlesc($answeringto)) or die(mysql_error());
        $staffmsg = mysql_fetch_assoc($res2);
 	stdhead($lang_staffbox['head_answer_to_staff_pm']);
 	begin_main_frame();
--- a/public/takeconfirm.php
+++ b/public/takeconfirm.php
@@ -5,11 +5,11 @@ require_once(get_langfile_path());
 $id =  isset($_POST['id']) ? intval($_POST['id']) : (isset($_GET['id']) ? intval($_GET['id']) : die());
 int_check($id,true);
 $email = unesc(htmlspecialchars(trim($_POST["email"])));
-if(isset($_POST[conusr]))
-	sql_query("UPDATE users SET status = 'confirmed', editsecret = '' WHERE id IN (" . implode(", ", $_POST[conusr]) . ") AND status='pending'");
+if(isset($_POST['conusr']))
+	sql_query("UPDATE users SET status = 'confirmed', editsecret = '' WHERE id IN (" . implode(", ", $_POST['conusr']) . ") AND status='pending'");
 else
 	stderr($lang_takeconfirm['std_sorry'],$lang_takeconfirm['std_no_buddy_to_confirm'].
- "<a class=altlink href=invite.php?id=$CURUSER[id]>".$lang_takeconfirm['std_here_to_go_back'],false);		
+ "<a class=altlink href=invite.php?id={$CURUSER['id']}>".$lang_takeconfirm['std_here_to_go_back'],false);

 $title = $SITENAME.$lang_takeconfirm['mail_title'];
 $body = <<<EOD
@@ -20,7 +20,7 @@ http://$BASEURL/login.php
 EOD;

 //this mail is sent when the site is using admin(open/closed)/inviter(closed) confirmation and the admin/inviter confirmed the pending user
-sent_mail($email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"invite confirm",false,false,'',get_email_encode(get_langfolder_cookie()));
+sent_mail($email,$SITENAME,$SITEEMAIL,$title,$body,"invite confirm",false,false,'');

-header("Refresh: 0; url=invite.php?id=".htmlspecialchars($CURUSER[id]));
+header("Refresh: 0; url=invite.php?id=".htmlspecialchars($CURUSER['id']));
 ?>
--- a/public/takeinvite.php
+++ b/public/takeinvite.php
@@ -59,7 +59,7 @@ $body
 <br /><br />{$lang_takeinvite['mail_six']}
 EOD;

-sent_mail($email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$message),"invitesignup",false,false,'',get_email_encode(get_langfolder_cookie()));
+sent_mail($email,$SITENAME,$SITEEMAIL,$title,$message,"invitesignup",false,false,'');
 //this email is sent only when someone give out an invitation

 header("Refresh: 0; url=invite.php?id=".htmlspecialchars($id)."&sent=1");
--- a/public/usersearch.php
+++ b/public/usersearch.php
@@ -37,20 +37,20 @@ if ($_GET['h'])
 }
 else
 {
-	echo "<p align=center>(<a href='".$_SERVER["PHP_SELF"]."?h=1'>Instructions</a>)";
-	echo "&nbsp;-&nbsp;(<a href='".$_SERVER["PHP_SELF"]."'>Reset</a>)</p>\n";
+	echo "<p align=center>(<a href='".$_SERVER["REQUEST_URI"]."?h=1'>Instructions</a>)";
+	echo "&nbsp;-&nbsp;(<a href='".$_SERVER["REQUEST_URI"]."'>Reset</a>)</p>\n";
 }

 $highlight = " bgcolor=#BBAF9B";

 ?>

-<form method=get action=<?php echo $_SERVER["PHP_SELF"]?>>
+<form method=get action=<?php echo $_SERVER["REQUEST_URI"]?>>
 <table border="1" cellspacing="0" cellpadding="5">
 <tr>

  <td valign="middle" class=rowhead>Name:</td>
-  <td<?php echo $_GET['n']?$highlight:""?>><input name="n" type="text" value="<?php echo $_GET['n']?>" size=35></td>
+  <td<?php echo $_GET['n']?$highlight:""?>><input name="n" type="text" value="<?php echo htmlspecialchars($_GET['n'])?>" size=35></td>

  <td valign="middle" class=rowhead>Ratio:</td>
  <td<?php echo $_GET['r']?$highlight:""?>><select name="rt">
@@ -61,8 +61,8 @@ $highlight = " bgcolor=#BBAF9B";
 	}
 	?>
    </select>
-    <input name="r" type="text" value="<?php echo $_GET['r']?>" size="5" maxlength="4">
-    <input name="r2" type="text" value="<?php echo $_GET['r2']?>" size="5" maxlength="4"></td>
+    <input name="r" type="text" value="<?php echo htmlspecialchars($_GET['r'])?>" size="5" maxlength="4">
+    <input name="r2" type="text" value="<?php echo htmlspecialchars($_GET['r2'])?>" size="5" maxlength="4"></td>

  <td valign="middle" class=rowhead>Member status:</td>
  <td<?php echo $_GET['st']?$highlight:""?>><select name="st">
@@ -74,9 +74,9 @@ $highlight = " bgcolor=#BBAF9B";
    ?>
    </select></td></tr>
 <tr><td valign="middle" class=rowhead>Email:</td>
-  <td<?php echo $_GET['em']?$highlight:""?>><input name="em" type="text" value="<?php echo $_GET['em']?>" size="35"></td>
+  <td<?php echo $_GET['em']?$highlight:""?>><input name="em" type="text" value="<?php echo htmlspecialchars($_GET['em'])?>" size="35"></td>
  <td valign="middle" class=rowhead>IP:</td>
-  <td<?php echo $_GET['ip']?$highlight:""?>><input name="ip" type="text" value="<?php echo $_GET['ip']?>" maxlength="17"></td>
+  <td<?php echo $_GET['ip']?$highlight:""?>><input name="ip" type="text" value="<?php echo htmlspecialchars($_GET['ip'])?>" maxlength="17"></td>

  <td valign="middle" class=rowhead>Account status:</td>
  <td<?php echo $_GET['as']?$highlight:""?>><select name="as">
@@ -89,9 +89,9 @@ $highlight = " bgcolor=#BBAF9B";
    </select></td></tr>
 <tr>
  <td valign="middle" class=rowhead>Comment:</td>
-  <td<?php echo $_GET['co']?$highlight:""?>><input name="co" type="text" value="<?php echo $_GET['co']?>" size="35"></td>
+  <td<?php echo $_GET['co']?$highlight:""?>><input name="co" type="text" value="<?php echo htmlspecialchars($_GET['co'])?>" size="35"></td>
  <td valign="middle" class=rowhead>Mask:</td>
-  <td<?php echo $_GET['ma']?$highlight:""?>><input name="ma" type="text" value="<?php echo $_GET['ma']?>" maxlength="17"></td>
+  <td<?php echo $_GET['ma']?$highlight:""?>><input name="ma" type="text" value="<?php echo htmlspecialchars($_GET['ma'])?>" maxlength="17"></td>
  <td valign="middle" class=rowhead>Class:</td>
  <td<?php echo ($_GET['c'] && $_GET['c'] != 1)?$highlight:""?>><select name="c"><option value='1'>(any)</option>
 <?php
@@ -119,9 +119,9 @@ $highlight = " bgcolor=#BBAF9B";
 ?>
    </select>

-    <input name="d" type="text" value="<?php echo $_GET['d']?>" size="12" maxlength="10">
+    <input name="d" type="text" value="<?php echo htmlspecialchars($_GET['d'])?>" size="12" maxlength="10">

-    <input name="d2" type="text" value="<?php echo $_GET['d2']?>" size="12" maxlength="10"></td>
+    <input name="d2" type="text" value="<?php echo htmlspecialchars($_GET['d2'])?>" size="12" maxlength="10"></td>


  <td valign="middle" class=rowhead>Uploaded:</td>
@@ -135,9 +135,9 @@ $highlight = " bgcolor=#BBAF9B";
 ?>
    </select>

-    <input name="ul" type="text" id="ul" size="8" maxlength="7" value="<?php echo $_GET['ul']?>">
+    <input name="ul" type="text" id="ul" size="8" maxlength="7" value="<?php echo htmlspecialchars($_GET['ul'])?>">

-    <input name="ul2" type="text" id="ul2" size="8" maxlength="7" value="<?php echo $_GET['ul2']?>"></td>
+    <input name="ul2" type="text" id="ul2" size="8" maxlength="7" value="<?php echo htmlspecialchars($_GET['ul2'])?>"></td>
  <td valign="middle" class="rowhead">Donor:</td>

  <td<?php echo $_GET['do']?$highlight:""?>><select name="do">
@@ -161,9 +161,9 @@ $highlight = " bgcolor=#BBAF9B";
 ?>
  </select>

-  <input name="ls" type="text" value="<?php echo $_GET['ls']?>" size="12" maxlength="10">
+  <input name="ls" type="text" value="<?php echo htmlspecialchars($_GET['ls'])?>" size="12" maxlength="10">

-  <input name="ls2" type="text" value="<?php echo $_GET['ls2']?>" size="12" maxlength="10"></td>
+  <input name="ls2" type="text" value="<?php echo htmlspecialchars($_GET['ls2'])?>" size="12" maxlength="10"></td>
 	  <td valign="middle" class=rowhead>Downloaded:</td>

  <td<?php echo $_GET['dl']?$highlight:""?>><select name="dlt" id="dlt">
@@ -175,9 +175,9 @@ $highlight = " bgcolor=#BBAF9B";
 ?>
    </select>

-    <input name="dl" type="text" id="dl" size="8" maxlength="7" value="<?php echo $_GET['dl']?>">
+    <input name="dl" type="text" id="dl" size="8" maxlength="7" value="<?php echo htmlspecialchars($_GET['dl'])?>">

-    <input name="dl2" type="text" id="dl2" size="8" maxlength="7" value="<?php echo $_GET['dl2']?>"></td>
+    <input name="dl2" type="text" id="dl2" size="8" maxlength="7" value="<?php echo htmlspecialchars($_GET['dl2'])?>"></td>

 	<td valign="middle" class=rowhead>Warned:</td>

@@ -750,7 +750,7 @@ if (count($_GET) > 0 && !$_GET['h'])

  $perpage = 30;

-  list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"]."?".$q);
+  list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["REQUEST_URI"]."?".$q);

  $query .= $limit;

--- a/resources/static-pages/beian-aliyun.html
+++ b/resources/static-pages/beian-aliyun.html
@@ -0,0 +1,94 @@
+<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
+    <meta name="ahot-aplus" content="1">
+    <meta name="aplus-rate-ahot" content="0.5">
+    <title>阿里云备案阻断页</title>
+    <link rel="icon" href="https://img.alicdn.com/tfs/TB1_ZXuNcfpK1RjSZFOXXa6nFXa-32-32.ico" type="image/x-icon">
+    <meta name="data-spm" content="5176" />
+    <meta name="keywords" content="">
+    <meta name="description" content="">
+    <meta property="og:title" content="阿里云备案阻断页" />
+    <meta property="og:description" content="" />
+    <meta property="og:image" content="https://img.alicdn.com/tfs/TB1qNVdXlGw3KVjSZFDXXXWEpXa-620-620.png" />
+    <style>
+        body {
+            min-height:100vh;
+            margin:0;
+            padding:0;
+
+            background:#fff;
+        ;
+        }
+        .seo-html-content{
+            display:none!important;
+        }
+        @media screen and (max-width: 768px) {
+            body {
+                overflow-x: hidden;
+                font-size: 12px;
+            }
+        }
+
+        div.small-icon .cart-name{
+            display: none;
+        }
+
+    </style>
+    <script>
+        window.$PAGE_CONFIG = {
+            id:'142776',
+            env: 'production',
+            previewEnv: '',
+
+            PLUGINS: {},
+            renderEngine:1,
+            SOLUTION_HEADER_FOOTER_CONFG:{"headerSection":"完整头部","footerSection":"展示"}
+        };
+    </script>
+    <script>
+        if (window.innerWidth <= 768) {
+            var meta = document.querySelector('meta[name="viewport"]');
+            meta.content = 'width=375px,user-scalable=no,viewport-fit=cover';
+            meta.setAttribute('homon','true');
+        }
+    </script>
+</head>
+<body data-spm="14418478"><script  type="text/javascript">
+    (function  (d)  {
+        var  t=d.createElement("script");t.type="text/javascript";t.async=true;t.id="tb-beacon-aplus";
+        t.setAttribute("exparams","category=&userid=&aplus&yunid=35385%2a%2a%2a%2a%40qq%2ecom&yunpk=1700198864854652&channel=&cps=");
+        t.src="//g.alicdn.com/alilog/mlog/aplus_v2.js";
+        d.getElementsByTagName("head")[0].appendChild(t);
+    })(document);
+</script>
+<script src="https://www.aliyun.com/assets/publish/ace-base-assets"></script>
+<link rel="stylesheet" href="https://g.alicdn.com/homon/page-render/3.0.17/v1/index-pc.css" />
+<link rel="stylesheet" href="https://g.alicdn.com/??hmod/ace-beian-interdict/0.0.8/index.css" />
+<div id="J_fetch">
+<textarea style="display: none">
+    {}
+  </textarea>
+</div>
+<textarea id="J_data" style="display: none;">
+    [{"settings":{},"componentId":45592,"hidden":"false","fullName":"@ali/hmod-ace-beian-interdict","uuid":"1164210480","limitConfig":{},"version":"0.0.8","componentVersionId":328597,"name":"hmod-ace-beian-interdict"}]
+  </textarea>
+<div id="J_1164210480" style="top:-60px; position: relative;"></div>
+<div data-homon-module class="aliyun-module" data-section-id="" data-id="1164210480" data-spm="J_1164210480" data-module-id="1164210480" data-module-name="@ali/hmod-ace-beian-interdict" data-version="0.0.8" data-hidden="false" data-block-render="">
+</div>
+<div class="aliyun-module-config">
+<textarea class="aliyun-module-data" data-target="1164210480" style="display:none;">
+          {"cnConfig":{"title":"网站暂时无法访问","list":[{"cont":[{"text":"请等待网站备案后尝试访问。"}],"title":"如果您是网站普通访客："},{"title":"如果您是网站所有者，网站无法访问常见原因如下：","cont":[{"text":"1. 网站未完成备案、未在接入商完成备案接入。"},{"text":"2. 网站内容与备案信息不符、备案信息不准确、网站存在不适宜传播的内容等。"}]}],"subtitle":"该网站未根据工信部相关法律进行备案","gist":"法律依据：《非经营性互联网信息服务备案管理办法》","action":"点击进入备案管理平台","url":"https://beian.aliyun.com/"},"intlConfig":{"title":"The website is currently inaccessible...","list":[{"cont":[{"text":"Visit the website again after the website obtains an ICP filing."}],"title":"If you fail to access the website as a visitor:"},{"title":"If you fail to access the website as the website owner, the possible causes are as follows:","cont":[{"text":"1. You have not applied for an ICP filing for your website, or you have not added Alibaba Cloud to the ICP filing information as a service provider."},{"text":"2. The content that the website provides does not comply with the ICP filing information, the ICP filing information is inaccurate, or the website contains content that is not suitable for dissemination."}]}],"subtitle":"The website has not obtained an ICP filing according to the law of the Ministry of Industry and Information Technology of the People's Republic of China","gist":"Relevant law: Measures for the Archival Administration of Non-commercial Internet Information Services","action":"Click to go to the ICP filing management platform","url":"https://beian.aliyun.com/"},"styleConfig":{"width":""},"icon":"https://img.alicdn.com/tfs/TB1AqalCpY7gK0jSZKzXXaikpXa-370-254.png"}
+        </textarea>
+    <textarea class="aliyun-module-settings" data-target="1164210480" style="display:none;">
+          {"recommend":{"visibleMode":"default"},"anchor":{"visibleMode":"all"},"pc":{"background":"","horizontal":"默认","verticalNumber":0,"marginTop":"","marginBottom":"0","contentBackground":"","paddingHoz":"0","paddingTop":"0","paddingBottom":"0","backgroundImage":"","autoHeight":false},"h5":{"background":"","horizontal":"默认","verticalNumber":0,"marginTop":"0","marginBottom":"0","contentBackground":"","paddingHoz":"0","paddingTop":"0","paddingBottom":"0","backgroundImage":"","autoHeight":false}}
+        </textarea>
+</div>
+<script src="https://g.alicdn.com/??hmod/ace-beian-interdict/0.0.8/index.js,hmod/ace-beian-interdict/0.0.8/services.js"></script>
+<script src="https://g.alicdn.com/homon/page-render/3.0.17/v1/index-pc.js">
+</script>
+</body>
+</html>