no commit message

README.md

@@ -6,11 +6,11 @@
 官网网站：http://www.rockoa.com/  
 源码仅供学习二次开发使用，禁止二次发布，禁止用于商业用途出售等(违者必究)  
 版权：Copyright @2016-2023 信呼开发团队  
-版本整理时间：2023-08-22 23:59:59  
-版本号：V2.6.0   
+版本整理时间：2023-12-22 23:59:59  
+版本号：V2.6.2   
 
 
-### V2.6.0更新说明
+### V2.6.2更新说明
 1、完善系统安全性。  
 2、更多升级日志详见：http://www.rockoa.com/view_core.html  
 

config/version.php

@@ -1,3 +1,3 @@
 <?php
-//版本2.6.0嘿嘿
-return '2.6.0';
+//版本2.6.2，2023-12-22
+return '2.6.2';

include/chajian/inputChajian.php

@@ -367,7 +367,7 @@ class inputChajian extends Chajian
 		if(!$fopt && ($type=='rockcombo' || $type=='checkboxall' || $type=='radio')){
 			$_ars = explode(',', $datanum);
 			$fopt = $this->option->getselectdata($_ars[0], isset($_ars[2]));
-			$fvad = 'name';
+			$fvad = 'nameo';
 			if(isset($_ars[1])&&($_ars[1]=='value'||$_ars[1]=='id'||$_ars[1]=='num'))$fvad=$_ars[1];
 			
 			if($fopt){

include/chajian/rockeditChajian.php

@@ -78,13 +78,16 @@ class rockeditChajian extends Chajian{
 			$onlynum	= md5(''.$this->rock->jm->getRandkey().date('YmdHis').'file'.$id.'');
 			m('file')->update("`onlynum`='$onlynum'", $id);
 		}
+		$stype		= '0';//0wps,1onlyoffice
 		$urs 		= m('admin')->getone($this->adminid);
 		$barr 		= $this->getdata('file','change', array(
 			'filenum' 	=> $onlynum,
 			'optid'		=> $this->adminid,
+			'stype'		=> $stype,
 			'optname'	=> $this->rock->jm->base64encode($this->adminname),
 			'face'		=> $this->rock->jm->base64encode(m('admin')->getface($urs['face'])),
 		));
+		//$this->rock->debugs($barr,'rockedit');
 		if(!$barr['success'])return $barr;
 		$data 		= $barr['data'];
 		$type 		= $data['type'];
@@ -113,6 +116,7 @@ class rockeditChajian extends Chajian{
 			$url.= '&optid='.$this->adminid.'';
 			$url.= '&gokey='.$gokey.'';
 			$url.= '&otype='.$otype.'';
+			$url.= '&stype='.$stype.'';
 			if($otype==0){
 				$callurl = $this->rock->getouturl().'api.php?m=upload&a=upfilevb&fileid='.$id.'&adminid='.$this->adminid.'&token='.$admintoken.'';
 				$url.='&callurl='.$this->rock->jm->base64encode($callurl).'';

include/class/mysqliClass.php

@@ -6,6 +6,7 @@ class mysqliClass extends mysql{
 	protected function connect()
 	{
 		$this->errormsg	= '';
+		if(!class_exists('mysqli'))exit('操作数据库的php的扩展mysqli不存在');
 		$this->conn = @new mysqli($this->db_host,$this->db_user, $this->db_pass, $this->db_base);
 		if (mysqli_connect_errno()) {
 			$this->conn 	= null;

include/class/pdoClass.php

@@ -6,6 +6,7 @@ class pdoClass extends mysql{
 	protected function connect()
 	{
 		$this->errormsg	= '';
+		if(!class_exists('PDO'))exit('操作数据库的php的扩展PDO不存在');
 		try {
 			$this->conn = @new PDO('mysql:host='.$this->db_host.';dbname='.$this->db_base.'', $this->db_user, $this->db_pass);
 			$this->conn->query("SET NAMES 'utf8'");

webmain/flow/input/inputAction.php

@@ -312,6 +312,7 @@ class inputAction extends Action
 		$iszb		= $xu+1;
 		$farr		= m('flow_element')->getrows("`mid`='$modeid' and `islu`=1 and `iszb`=$iszb",'`name`,`fields`,`isbt`,`fieldstype`,`savewhere`,`dev`,`data`,`attr`','`sort`');
 		$sort 		= 0;
+		$zlen		= count($farr);
 		for($i=0; $i<$oi; $i++){
 			$sid  = (int)$this->post('sid'.$xu.'_'.$i.'');
 			$bos  = true;
@@ -320,13 +321,13 @@ class inputAction extends Action
 			foreach($farr as $k=>$rs){
 				$fid= $rs['fields'];
 				$flx= $rs['fieldstype'];
-				if(substr($fid,0,5)=='temp_')continue;
 				$na = ''.$fid.''.$xu.'_'.$i.'';
-				if(!isset($_POST[$na]))$bos=false;
+				//if(!isset($_POST[$na]))$bos=false;
+				$val= $this->post($na);
+				if(isempt($val))$wkz++;//空字段
+				if(substr($fid,0,5)=='temp_')continue;
 				if($bos){
-					$val= $this->post($na);
 					if($rs['isbt']==1 && isempt($val))$bos=false;
-					if(isempt($val))$wkz++;
 				}
 				if($bos){
 					$msy = $this->attrcheck($val,$rs['attr'], $this->checkobj);
@@ -348,7 +349,7 @@ class inputAction extends Action
 				if(!$bos)break;
 			}
 			if(!$bos)continue;
-			//if($wkz==$k+1)continue;
+			if($wkz==$zlen)continue;//全部都是空
 			$uaarr['sort'] 	= $sort;
 			$sort++;
 			$arr[] = $uaarr;

webmain/flow/input/mode_finhkdAction.php

@@ -7,7 +7,7 @@ class mode_finhkdClassAction extends inputAction{
 		$uid 	= $arr['uid'];
 		$money  = floatval($arr['money']);
 		$to 	= m('fina')->totaljie($uid, $id);
-		if($money > $to)return '还款金额超过需还金额';
+		if($money > floatval($to))return '还款金额超过需还金额';
 		
 		$rows['type'] = '3';//一定要是3，不能去掉
 		return array(
@@ -24,7 +24,7 @@ class mode_finhkdClassAction extends inputAction{
 	{
 		$mid 	= (int)$this->get('mid');
 		$moenky	= m('fina')->totaljie($this->adminid, $mid);
-		return ''.$moenky.'元';
+		return ''.$this->rock->number($moenky).'元';
 	}
 	
 	public function getlastAjax()

webmain/flow/input/mode_finpiaoAction.php

@@ -71,6 +71,12 @@ class mode_finpiaoClassAction extends inputAction{
 		if($hjrows['moneyzong']==0)$hjrows['moneyzong']='';
 		
 		$rows[] = $hjrows;
+		foreach($rows as $k=>$rs){
+			if($rs['moneyshou'])$rows[$k]['moneyshou'] = $this->rock->number($rs['moneyshou']);
+			if($rs['moneykai'])$rows[$k]['moneykai'] = $this->rock->number($rs['moneykai']);
+			if($rs['moneyzong'])$rows[$k]['moneyzong'] = $this->rock->number($rs['moneyzong']);
+		}
+		
 		$barr = array(
 			'rows' => $rows,
 			'dt1'  => $dt1,

webmain/flow/page/rock_page_flowmenu_script.php

@@ -40,7 +40,7 @@ bootparams.beforeload=function(){
 }
 
 c.initpage=function(){
-	$('#tdleft_{rand}').after('<td style="padding-right:10px"><select style="width:150px;"  class="form-control" id="modeid_{rand}" ><option value="0">请选择菜单</option></select></td>');
+	$('#tdleft_{rand}').after('<td style="padding-right:10px"><select style="width:200px;"  class="form-control" id="modeid_{rand}" ><option value="0">管理下级菜单请这里选择</option></select></td>');
 	$('#modeid_{rand}').change(function(){
 		a.setparams({pid:this.value},true);
 	});

webmain/main/goods/goodsAction.php

@@ -315,13 +315,16 @@ class goodsClassAction extends Action
 		$dgs 	= m('goods');
 		$typeb = array('0'		,'1'	  ,'2'		,'3', '4','5'); 
 		$typea = array('领用单' ,'采购单' ,'销售单'	,'调拨单', '归还单','退货单'); 
+		$biana = array('goodly' ,'caigou' ,'custxiao','diaobo', 'goodgh','tuihuo'); 
 		$chux  = array('0','2');
 		if($rows)foreach($rows as $k=>&$rs){
-			$rs['typev'] = $rs['type'];
-			$rs['type']  = arrvalue($typea, $rs['type']);
+			$rs['mknum']  = arrvalue($biana, $rs['type']);
+			$rs['typev']  = $rs['type'];
+			$rs['type']   = arrvalue($typea, $rs['type']);
 			$lx = 0; //入
 			if(in_array($rs['typev'],$chux))$lx=1;
 			$rs['state']  = $dgs->crkstate($rs['state'], $lx);
+			
 		}
 		return array(
 			'rows' 		=> $rows

webmain/main/goods/rock_goods_cropt.php

@@ -27,7 +27,10 @@ $(document).ready(function(){
 				var v='<a href="javascript:;" onclick="rukuope{rand}('+d.id+','+d.typev+')">去操作</a>';
 				return v;
 			}
-		}]
+		}],
+		itemdblclick:function(d){
+			if(d.mknum)openxiangs(d.type,d.mknum,d.id);
+		}
 	});
 	var c = {
 		search:function(){

webmain/main/userinfo/userinfoAction.php

@@ -93,8 +93,9 @@ class userinfoClassAction extends Action
 		$atatea = explode(',', '试用期,正式,实习生,兼职,临时工,离职');
 		$atrows = $this->option->getmnum('userstate');
 		foreach($atrows as $k1=>$rs1)if(!isempt($rs1['value']))$atatea[$rs1['value']] = $rs1['name'];
-		
+		$total = 0;
 		foreach($rows as $k=>$rs){
+			$total ++;
 			$year = '';
 			if(!$this->isempt($rs['workdate'])) $year = substr($rs['workdate'],0,4);
 			$rows[$k]['year'] = $year;
@@ -121,7 +122,7 @@ class userinfoClassAction extends Action
 		}
 		
 		$arr 	= array();
-		$total 	= $this->db->count;
+		//$total 	= $this->db->count;
 		foreach($rows as $k=>$rs){
 			$val = $rs[$type];
 			if($this->isempt($val))$val = '其他';
@@ -140,7 +141,7 @@ class userinfoClassAction extends Action
 
 		return array(
 			'rows' => $a,
-			'totalCound' => count($a)
+			'totalCount' => count($a)
 		);
 	}
 	

webmain/model/beifenModel.php

@@ -9,7 +9,8 @@ class beifenClassModel extends Model
 		$alltabls 	= $this->db->getalltable();
 		$nobeifne	= array(''.PREFIX.'log',''.PREFIX.'logintoken',''.PREFIX.'kqanay',''.PREFIX.'email_cont',''.PREFIX.'dailyfx',''.PREFIX.'todo',''.PREFIX.'city',''.PREFIX.'kqjcmd'); //不备份的表;
 		
-		$beidir 	= ''.UPDIR.'/data/'.date('Y.m.d.H.i.s').'.'.rand(1000,9999).'';
+		$beidir 	= ''.UPDIR.'/data/'.date('Y.m.d.H.i.s').'.';
+		$beidir    .= substr(str_shuffle(md5($this->rock->jm->getRandkey())),0,15);
 		foreach($alltabls as $tabs){
 			if(in_array($tabs, $nobeifne))continue;
 			$rows  	= $this->db->getall('select * from `'.$tabs.'`');

webmain/model/flow/caigouModel.php

@@ -5,21 +5,15 @@ class flow_caigouClassModel extends flowModel
 	
 	
 	private $goodsobj;
-	
+
 	public function initModel()
 	{
 		$this->goodsobj = m('goods');
 	}
 	
-	//审核完成处理,要通知仓库管理员出入库
+	//审核完成处理,是否直接出入库
 	protected function flowcheckfinsh($zt){
-		/*
-		m('goodss')->update('status='.$zt.'',"`mid`='$this->id'");
-		$aid  = '0';
-		$rows = m('goodss')->getall("`mid`='$this->id'",'aid');
-		foreach($rows as $k=>$rs)$aid.=','.$rs['aid'].'';
-		m('goods')->setstock($aid);
-		*/
+		if($zt==1)m('goods')->chukuopts($this->id, $this->modename);
 	}
 	
 	//作废或删除时

webmain/model/flow/goodlyModel.php

@@ -8,14 +8,9 @@ class flow_goodlyClassModel extends flowModel
 		$this->goodsobj = m('goods');
 	}
 	
-	//审核完成处理
+	//审核完成处理,是否直接出入库
 	protected function flowcheckfinsh($zt){
-		/*
-		m('goodss')->update('status='.$zt.'',"`mid`='$this->id'");
-		$aid  = '0';
-		$rows = m('goodss')->getall("`mid`='$this->id'",'aid');
-		foreach($rows as $k=>$rs)$aid.=','.$rs['aid'].'';
-		m('goods')->setstock($aid);*/
+		if($zt==1)m('goods')->chukuopts($this->id, $this->modename);
 	}
 
 	//作废或删除时
@@ -37,7 +32,7 @@ class flow_goodlyClassModel extends flowModel
 				if(!isempt($one['xinghao']))$name.='('.$one['xinghao'].')';
 				if($lx==1){
 					$rows[$k]['aid'] 	= $name;
-					$rows[$k]['count'] 	= 0-$rs['count']; //负数显示为正数
+					//$rows[$k]['count'] 	= 0-$rs['count']; //负数显示为正数
 					if(isset($rs['lygh'])){
 						$rows[$k]['lygh']=arrvalue($lygya, $rs['lygh']);
 						

webmain/model/flow/meetModel.php

@@ -280,6 +280,7 @@ class flow_meetClassModel extends flowModel
 	{
 		$rows 	= $this->getall("`state` in(0,1) and `type`=0 and `startdt` like '".$this->rock->date."%' and `status`=1");
 		$time	= time();
+		$tplnum	= m('option')->getval('meetsmstpltx', 'meettodo');
 		foreach($rows as $k=>$rs){
 			$this->adminmodel->setcompanyid($rs['comid']); //设置对应单位id
 			$zt 	= $rs['state'];
@@ -304,7 +305,7 @@ class flow_meetClassModel extends flowModel
 						$this->meettodos($rs, '您好，会议即将在'.$ssj.'分钟后的'.$dts[1].'开始，请准时参加。');//快到时间通知
 					
 						//短信通知
-						if($ssj<6)$this->sendsms($rs, 'meettodo', array(
+						if($ssj<6)$this->sendsms($rs, $tplnum, array(
 							'fenz' 		=> ''.$ssj.'',
 							'title' 	=> $rs['title'],
 							'time' 		=> $dts[1],

webmain/model/flow/workModel.php

@@ -3,6 +3,7 @@ class flow_workClassModel extends flowModel
 {
 	private $absfile = false;
 	private $statearr;
+	private $updatexm= false;
 
 	public function initModel()
 	{
@@ -107,7 +108,11 @@ class flow_workClassModel extends flowModel
 		$zt  = 0;
 		if(!isempt($this->rs['distid']))$zt = 3;//待执行的状态值
 		$this->updatestatus($zt);
-		
+		if($this->updatexm)m('work')->updateproject($this->rs['projectid']);
+	}
+	
+	protected function flowcheckfinsh($zt){
+		if($this->updatexm)m('work')->updateproject($this->rs['projectid']);
 	}
 	
 	protected function flowaddlog($a)

webmain/model/goodsModel.php

@@ -260,4 +260,95 @@ class goodsClassModel extends Model
 			return $varr;
 		}
 	}
+	
+	/**
+	*	直接操作出入库
+	*/
+	public function chukuopts($mid, $mknum)
+	{
+		$isru = m('option')->getval('wpautostock');
+		if($isru!='1')return;
+		$barr = $this->chukuopt($mid);
+		if(!$barr['success'])m('log')->addlogs('直接出入库', $mknum.'('.$mid.'):'.$barr['msg'], 2);
+	}
+	public function chukuopt($mid, $depotid=0)
+	{
+		$mrs 	= m('goodm')->getone("`id`='$mid' and `status`=1");
+		if(!$mrs)return returnerror('该单据还未审核完成，不能出入库操作');
+		$comid	= $mrs['comid'];
+		
+		if($depotid==0){
+			$where = '1=1';
+			if(ISMORECOM){
+				$where = 'comid='.$comid.'';
+			}
+			$grs = m('godepot')->getone($where);
+			if(!$grs)return returnerror('没有创建仓库');
+			$depotid = $grs['id'];
+		}
+		
+		$mtype = (int)$mrs['type']; //3就是调拨
+		$typv = (int)$mrs['type'];
+		
+		$typa = explode(',', '1,0,1,0,0,0');
+		$kina = explode(',', '0,0,1,3,1,4');
+		
+		if(!isset($typa[$typv]) || !isset($kina[$typv]))return returnerror('为设置出入库类型');
+		$type = $typa[$typv];
+		$kind = $kina[$typv];
+		
+		
+		//if($mtype==3 && $depotid==$mrs['custid'])return returnerror('调拨出入库仓库不能相同');
+		
+		$ndbs			= m('goodn');
+		
+		//读取已入库数量
+		$arwos = $ndbs->getall('`mid`='.$mid.' and `couns`<`count`');
+		
+		if(!$arwos)return returnerror('子表没用可出入库得');
+		
+		$arr['applydt'] = $this->rock->date;
+		$arr['type'] 	= $type;
+		$arr['kind'] 	= $kind;
+		$arr['depotid'] = $depotid;
+		$arr['explain'] = '';
+		$arr['uid'] 	= $this->adminid;
+		$arr['optid'] 	= $this->adminid;
+		$arr['optdt'] 	= $this->rock->now;
+		$arr['comid'] 	= $comid;
+		$arr['optname'] = $this->adminname;
+		$arr['status'] 	= 1;
+		$arr['mid'] 	= $mid;
+		
+		$aid = '0';
+		
+		foreach($arwos as $k1=>$rs1){
+			$count = floatval($rs1['count']) - floatval($rs1['couns']);
+			if($count<=0)continue;
+			$arr['type'] 	= $type;
+			$arr['depotid'] = $depotid;
+			$arr['aid'] 	= $rs1['aid'];
+			$arr['count'] 	= $count;
+			if($type==1)$arr['count'] = 0 - $arr['count'];//出库为负数
+			
+			$ussid = $this->db->record('[Q]goodss', $arr);
+			
+			if($ussid){
+				$ndbs->update('`couns`=`count`', $rs1['id']);
+			}
+			
+			if($mtype==3){
+				$arr['depotid'] = $mrs['custid']; //仓库
+				$arr['type'] 	= 1; //出库
+				$arr['count']	= 0 - $count;
+				$this->db->record('[Q]goodss', $arr);
+			}
+			
+			$aid.=','.$rs1['aid'].'';
+		}
+		
+		if($aid!='0')$this->setstock($aid);
+		$this->upstatem($mid);
+		return returnsuccess();
+	}
 }

webmain/model/workModel.php

@@ -11,4 +11,18 @@ class workClassModel extends Model
 		
 		return $to;
 	}
+	
+	//更新对应项目进度
+	public function updateproject($id)
+	{
+		$id    = (int)$id;
+		if($id==0)return;
+		$zshu  = $this->rows('`projectid`='.$id.' and `status`<>5');
+		$wcshu = $this->rows('`projectid`='.$id.' and `status`=1');
+		$blix  = '0';
+		if($zshu>0){
+			$blix = ($wcshu/$zshu) *100;
+		}
+		m('project')->update('progress='.$blix.'', $id);
+	}
 }

webmain/system/cogini/coginiAction.php

@@ -16,6 +16,7 @@ class coginiClassAction extends Action
 		if(getconfig('systype')=='demo')return returnerror('演示禁止操作');
 		$path = trim($this->post('path'));
 		if(!$path || !file_exists($path))return returnerror('无权限设置，请找到对应文件修改'.$path.'');
+		if(substr($path, -4)!='.ini')return returnerror('无效');
 		$cont = @file_get_contents($path);
 		if(!$cont)return returnerror('无权限获取'.$path.'内容');
 		$str  = '';

webmain/system/geren/gerenAction.php

@@ -44,9 +44,10 @@ class gerenClassAction extends Action
 		$dt1	= $this->post('dt1');
 		$dt2	= $this->post('dt2');
 		$where	 = 'and optid='.$this->adminid.'';
-		if($atype=='all'){
+		if($atype=='all' && $this->adminid == 1){
 			$where='';
 			if($this->adminid>1)$where=m('admin')->getcompanywhere(3);
+			
 		}
 		if($key!=''){
 			$where.=" and (`optname` like '%$key%' or `filename` like '%$key%' or `mtype`='$key')";

webmain/system/group/groupAction.php

@@ -4,7 +4,7 @@ class groupClassAction extends Action
 	public function groupusershow($table)
 	{
 		$s 		= 'and 1=2';
-		$gid 	= $this->post('gid','0');
+		$gid 	= (int)$this->post('gid','0');
 		if($gid>0){
 			$s = " and ( id in( select `sid` from `[Q]sjoin` where `type`='gu' and `mid`='$gid') or id in( select `mid` from `[Q]sjoin` where `type`='ug' and `sid`='$gid') )";
 		}
@@ -42,8 +42,8 @@ class groupClassAction extends Action
 	
 	public function saveuserAjax()
 	{
-		$gid 	= $this->post('gid','0');
-		$sid 	= $this->post('sid','0');
+		$gid 	= (int)$this->post('gid','0');
+		$sid 	= c('check')->onlynumber($this->post('sid','0'));
 		$dbs 	= m('sjoin');
 		$dbs->delete("`mid`='$gid' and `type`='gu' and `sid` in($sid)");
 		$this->db->insert('[Q]sjoin','`type`,`mid`,`sid`', "select 'gu','$gid',`id` from `[Q]admin` where `id` in($sid)", true);
@@ -53,8 +53,8 @@ class groupClassAction extends Action
 	
 	public function deluserAjax()
 	{
-		$gid 	= $this->post('gid','0');
-		$sid 	= $this->post('sid','0');
+		$gid 	= (int)$this->post('gid','0');
+		$sid 	= c('check')->onlynumber($this->post('sid','0'));
 		$dbs 	= m('sjoin');
 		$dbs->delete("`mid`='$gid' and `type`='gu' and `sid`='$sid'");
 		$dbs->delete("`sid`='$gid' and `type`='ug' and `mid`='$sid'");

webmain/system/sysfile/sysfileAction.php

@@ -96,7 +96,8 @@ class sysfileClassAction extends Action
 		if($str=$this->iscaozuo())return $str;
 		$path = $this->jm->base64decode($this->get('path'));
 		if(isempt($path))return '无效路径';
-		
+		$path = str_replace('\\','/', $path);
+		$path = str_replace(array('../','..'),'', $path);
 		if(!file_exists(ROOT_PATH.'/'.$path))return '文件不存在';
 		$pathinfo=pathinfo($path);
 		

webmain/task/api/asynrunAction.php

@@ -63,12 +63,13 @@ class asynrunClassAction extends apiAction
 		return m('flow')->initflow('hrsalary', $id)->todouser();
 	}
 	
-	//下载微信发送的图片到服务器
+	//下载微信发送的图片到服务器(弃用)
 	public function downwxpicAction()
 	{
-		$picurl = $this->rock->jm->uncrypt($this->get('picurl'));
-		$msgid  = $this->get('msgid');
-		return m('reim')->downwximg($picurl, $msgid);
+		//$picurl = $this->rock->jm->uncrypt($this->get('picurl'));
+		//$msgid  = $this->get('msgid');
+		//return m('reim')->downwximg($picurl, $msgid);
+		return 'noturl';
 	}
 	
 	//下载微信上媒体文件

webmain/task/api/uploadAction.php

@@ -476,6 +476,7 @@ class uploadClassAction extends apiAction
 	{
 		$data = array();
 		$fenlei = $this->jm->base64decode($this->get('fenlei'));
+		$fenlei = $this->rock->xssrepstr($this->rock->iconvsql($fenlei));
 		$where 	= m('admin')->getjoinstr('a.`receid`', $this->adminid, 1);
 		$sql 	= 'select a.`name`,a.`wtype`,b.`filepath`,b.`id` from `[Q]wordxie` a left join `[Q]file` b on a.`fileid`=b.`id` where a.`fenlei`=\''.$fenlei.'\' and a.`isgk`=1 and ('.$where.')';
 		$rows 	= $this->db->getall($sql);

webmain/we/ying/tpl_ying_daka.html

@@ -245,12 +245,16 @@ function paizhao(){
 				destinationType: 'base64',quality:80,
 				targetWidth:1000,targetHeight:1000
 			}, function(ret, err) {
-				if (ret) {
+				if (ret && ret.base64Data) {
 					imagecont= ret.base64Data;
+					if(imagecont.indexOf('data:')!=0)imagecont='data:image/jpg;base64,'+imagecont;
 					$('#paizhaoimg').parent().show();
 					get('paizhaoimg').src = imagecont;
 					get('pzbtnicons').className='icon-remove';
 					ispzs = true;
+				}else{
+					apicloud=false;
+					js.wx.alert('请用相机拍照再去选对应图片');
 				}
 			});
 		}else{

webmain/we/ying/tpl_ying_location.html

@@ -263,12 +263,16 @@ function paizhao(){
 				destinationType: 'base64',quality:80,
 				targetWidth:1000,targetHeight:1000
 			}, function(ret, err) {
-				if (ret) {
+				if (ret && ret.base64Data) {
 					imagecont= ret.base64Data;
+					if(imagecont.indexOf('data:')!=0)imagecont='data:image/jpg;base64,'+imagecont;
 					$('#paizhaoimg').parent().show();
 					get('paizhaoimg').src = imagecont;
 					get('pzbtnicons').className='icon-remove';
 					ispzs = true;
+				}else{
+					apicloud=false;
+					js.wx.alert('请用相机拍照再去选对应图片');
 				}
 			});
 		}else{