From 6015f074cbb88fbbcb8ffb8d3d4c8d1fcf6a4424 Mon Sep 17 00:00:00 2001
From: nanhaoluo <3075912108@qq.com>
Date: Fri, 16 Jan 2026 00:03:17 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E5=8F=91=E7=89=88?=
 =?UTF-8?q?=E5=89=8D=E4=BB=A3=E7=A0=81=E8=B4=A8=E9=87=8F=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 修复 functions.php 中 get_article_words() 函数的逻辑错误：循环中检查 $str 改为 $line
- 修复 argontheme.js 中 reply() 函数的 null/undefined 访问风险：添加元素存在性检查
- 修复 argontheme.js 中潜在的 XSS 风险：使用 .text() 替代 .html() 输出用户内容
- 修复 functions.php 中 post_analytics_info() 使用 HTTP 改为 HTTPS
- 删除临时分析文件（不应包含在发版中）
---
 argontheme.js | 15 ++++++++++-----
 functions.php |  4 ++--
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/argontheme.js b/argontheme.js
index 0f9d1bf..5a36622 100644
--- a/argontheme.js
+++ b/argontheme.js
@@ -932,12 +932,17 @@ if (argonConfig.waterflow_columns != "1") {
 		cancelEdit(false);
 		replying = true;
 		replyID = commentID;
-		$("#post_comment_reply_name").html($("#comment-" + commentID + " .comment-item-title > .comment-name")[0].innerHTML);
-		let preview = $("#comment-" + commentID + " .comment-item-text")[0].innerHTML;
-		if ($("#comment-" + commentID + " .comment-item-source")[0].innerHTML != ''){
-			preview = $("#comment-" + commentID + " .comment-item-source")[0].innerHTML.replace(/\n/g, "</br>");
+		let nameEl = $("#comment-" + commentID + " .comment-item-title > .comment-name")[0];
+		let textEl = $("#comment-" + commentID + " .comment-item-text")[0];
+		let sourceEl = $("#comment-" + commentID + " .comment-item-source")[0];
+		if (nameEl) {
+			$("#post_comment_reply_name").text(nameEl.textContent);
 		}
-		$("#post_comment_reply_preview").html(preview);
+		let preview = textEl ? textEl.textContent : '';
+		if (sourceEl && sourceEl.innerHTML !== '') {
+			preview = sourceEl.textContent;
+		}
+		$("#post_comment_reply_preview").text(preview);
 		if ($("#comment-" + commentID + " .comment-item-title .badge-private-comment").length > 0){
 			$("#post_comment").addClass("post-comment-force-privatemode-on");
 		}else{
diff --git a/functions.php b/functions.php
index 9e6e5f1..cf1b0be 100644
--- a/functions.php
+++ b/functions.php
@@ -836,7 +836,7 @@ function post_analytics_info(){
 				)
 			)
 		);
-		$result = file_get_contents('http://api.solstice23.top/argon_analytics/index.php?domain=' . urlencode($_SERVER['HTTP_HOST']) . '&version='. urlencode($GLOBALS['theme_version']), false, $contexts);
+		$result = @file_get_contents('https://api.solstice23.top/argon_analytics/index.php?domain=' . urlencode($_SERVER['HTTP_HOST']) . '&version='. urlencode($GLOBALS['theme_version']), false, $contexts);
 		update_option('argon_has_inited', 'true');
 		return $result;
 	}else{
@@ -1237,7 +1237,7 @@ function get_article_words($str){
 	foreach ($codeSegments as $codeSegment){
 		$codeLines = preg_split('/\r\n|\n|\r/', $codeSegment);
 		foreach ($codeLines as $line){
-			if (strlen(trim($str)) > 0){
+			if (strlen(trim($line)) > 0){
 				$codeTotal++;
 			}
 		}