From 3c8b25a9bf71edd4ff3aebde2d74c335e9a2c01d Mon Sep 17 00:00:00 2001 From: F4NNIU Date: Fri, 13 Apr 2018 11:20:13 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E7=A0=81=E4=BA=91?= =?UTF-8?q?=E7=9A=84=E7=BD=91=E5=9D=80=E4=B8=BA=20gitee.com?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7cf44c77..4f01a754 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ https://demo.fastadmin.net 提 示:演示站数据无法进行删除和修改,只能新增,完整体验请下载源码安装体验 ## **界面截图** -![控制台](https://git.oschina.net/uploads/images/2017/0411/113717_e99ff3e7_10933.png "控制台") +![控制台](https://gitee.com/uploads/images/2017/0411/113717_e99ff3e7_10933.png "控制台") ## **问题反馈** @@ -61,7 +61,7 @@ weibo: [@karsonzhang](https://weibo.com/karsonzhang) Github: https://github.com/karsonzhang/fastadmin -Git@OSC: https://git.oschina.net/karson/fastadmin +Git@OSC: https://gitee.com/karson/fastadmin ## **特别鸣谢** From f035876bfba386bf8ca88d70a2186e40019f2e34 Mon Sep 17 00:00:00 2001 From: Karson Date: Tue, 17 Apr 2018 22:08:46 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=B8=8A=E4=BC=A0?= =?UTF-8?q?=E6=96=87=E4=BB=B6=E5=90=8E=E7=BC=80=E5=88=A4=E6=96=AD=E9=94=99?= =?UTF-8?q?=E8=AF=AF=E7=9A=84BUG=20=E4=BF=AE=E5=A4=8DToken=E6=B0=B8?= =?UTF-8?q?=E4=B9=85=E6=9C=89=E6=95=88=E6=9C=9F=E5=88=A4=E6=96=AD=E9=94=99?= =?UTF-8?q?=E8=AF=AF=E7=9A=84BUG=20=E4=BF=AE=E5=A4=8DgetUserinfo=E8=BF=94?= =?UTF-8?q?=E5=9B=9E=E9=94=99=E8=AF=AFtoken=E7=9A=84BUG?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/admin/controller/Ajax.php | 10 ++++++++-- application/api/controller/Common.php | 11 ++++++++--- application/common/library/Auth.php | 2 +- application/common/library/token/driver/Mysql.php | 4 ++-- application/config.php | 4 ++-- application/extra/upload.php | 2 +- public/assets/js/require-backend.min.js | 2 +- public/assets/js/require-table.js | 2 +- 8 files changed, 24 insertions(+), 13 deletions(-) diff --git a/application/admin/controller/Ajax.php b/application/admin/controller/Ajax.php index ed8d80e4..d7b4d005 100644 --- a/application/admin/controller/Ajax.php +++ b/application/admin/controller/Ajax.php @@ -65,10 +65,16 @@ class Ajax extends Backend $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION)); $suffix = $suffix ? $suffix : 'file'; - $mimetypeArr = explode(',', $upload['mimetype']); + $mimetypeArr = explode(',', strtolower($upload['mimetype'])); $typeArr = explode('/', $fileInfo['type']); + //验证文件后缀 - if ($upload['mimetype'] !== '*' && !in_array($suffix, $mimetypeArr) && !in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr)) { + if ($upload['mimetype'] !== '*' && + ( + !in_array($suffix, $mimetypeArr) + || (stripos($typeArr[0] . '/', $upload['mimetype']) !== false && (!in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr))) + ) + ) { $this->error(__('Uploaded file format is limited')); } $replaceArr = [ diff --git a/application/api/controller/Common.php b/application/api/controller/Common.php index 5df83291..4b87f5f6 100644 --- a/application/api/controller/Common.php +++ b/application/api/controller/Common.php @@ -75,11 +75,16 @@ class Common extends Api $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION)); $suffix = $suffix ? $suffix : 'file'; - $mimetypeArr = explode(',', $upload['mimetype']); + $mimetypeArr = explode(',', strtolower($upload['mimetype'])); $typeArr = explode('/', $fileInfo['type']); + //验证文件后缀 - if ($upload['mimetype'] !== '*' && !in_array($suffix, $mimetypeArr) && !in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr)) - { + if ($upload['mimetype'] !== '*' && + ( + !in_array($suffix, $mimetypeArr) + || (stripos($typeArr[0] . '/', $upload['mimetype']) !== false && (!in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr))) + ) + ) { $this->error(__('Uploaded file format is limited')); } $replaceArr = [ diff --git a/application/common/library/Auth.php b/application/common/library/Auth.php index b2b84874..382ea970 100644 --- a/application/common/library/Auth.php +++ b/application/common/library/Auth.php @@ -416,7 +416,7 @@ class Auth $data = $this->_user->toArray(); $allowFields = $this->getAllowFields(); $userinfo = array_intersect_key($data, array_flip($allowFields)); - $userinfo['token'] = $this->getToken(); + $userinfo = array_merge($userinfo, Token::get($this->_token)); return $userinfo; } diff --git a/application/common/library/token/driver/Mysql.php b/application/common/library/token/driver/Mysql.php index c61fcd6f..24f0827e 100644 --- a/application/common/library/token/driver/Mysql.php +++ b/application/common/library/token/driver/Mysql.php @@ -47,7 +47,7 @@ class Mysql extends Driver */ public function set($token, $user_id, $expire = null) { - $expiretime = !is_null($expire) ? time() + $expire : ($expire === 0 ? 0 : time() + $this->options['expire']); + $expiretime = !is_null($expire) && $expire !== 0 ? time() + $expire : 0; $token = $this->getEncryptedToken($token); $this->handler->insert(['token' => $token, 'user_id' => $user_id, 'createtime' => time(), 'expiretime' => $expiretime]); return TRUE; @@ -66,7 +66,7 @@ class Mysql extends Driver //返回未加密的token给客户端使用 $data['token'] = $token; //返回剩余有效时间 - $data['expired_in'] = $this->getExpiredIn($data['expiretime']); + $data['expires_in'] = $this->getExpiredIn($data['expiretime']); return $data; } else { self::delete($token); diff --git a/application/config.php b/application/config.php index 375c9e25..6c656f92 100755 --- a/application/config.php +++ b/application/config.php @@ -260,7 +260,7 @@ return [ //是否开启前台会员中心 'usercenter' => true, //登录验证码 - 'login_captcha' => true, + 'login_captcha' => false, //登录失败超过10则1天后重试 'login_failure_retry' => true, //是否同一账号同一时间只能在一个地方登录 @@ -270,7 +270,7 @@ return [ //自动检测更新 'checkupdate' => false, //版本号 - 'version' => '1.0.0.20180406_beta', + 'version' => '1.0.0.20180417_beta', //API接口地址 'api_url' => 'https://api.fastadmin.net', ], diff --git a/application/extra/upload.php b/application/extra/upload.php index e04fd0ca..5bfa25d0 100644 --- a/application/extra/upload.php +++ b/application/extra/upload.php @@ -21,7 +21,7 @@ return [ /** * 可上传的文件类型 */ - 'mimetype' => '*', + 'mimetype' => 'jpg,png,bmp,jpeg,gif,zip,rar,xls,xlsx', /** * 是否支持批量上传 */ diff --git a/public/assets/js/require-backend.min.js b/public/assets/js/require-backend.min.js index fb550ff5..51051193 100644 --- a/public/assets/js/require-backend.min.js +++ b/public/assets/js/require-backend.min.js @@ -9701,7 +9701,7 @@ define('table',['jquery', 'bootstrap', 'moment', 'moment/locale/zh-cn', 'bootstr return html; }, url: function (value, row, index) { - return '
'; + return '
'; }, search: function (value, row, index) { return '' + value + ''; diff --git a/public/assets/js/require-table.js b/public/assets/js/require-table.js index eb5013e6..2c685c58 100644 --- a/public/assets/js/require-table.js +++ b/public/assets/js/require-table.js @@ -397,7 +397,7 @@ define(['jquery', 'bootstrap', 'moment', 'moment/locale/zh-cn', 'bootstrap-table return html; }, url: function (value, row, index) { - return '
'; + return '
'; }, search: function (value, row, index) { return '' + value + '';