diff --git a/application/admin/command/Crud/stubs/controllerindex.stub b/application/admin/command/Crud/stubs/controllerindex.stub
index 2771aa63..74470ca4 100755
--- a/application/admin/command/Crud/stubs/controllerindex.stub
+++ b/application/admin/command/Crud/stubs/controllerindex.stub
@@ -7,7 +7,7 @@
//当前是否为关联查询
$this->relationSearch = {%relationSearch%};
//设置过滤方法
- $this->request->filter(['strip_tags']);
+ $this->request->filter(['strip_tags', 'trim']);
if ($this->request->isAjax())
{
//如果发送的来源是Selectpage,则转发到Selectpage
diff --git a/application/admin/controller/Index.php b/application/admin/controller/Index.php
index 56f2b7e6..185200e8 100644
--- a/application/admin/controller/Index.php
+++ b/application/admin/controller/Index.php
@@ -22,6 +22,8 @@ class Index extends Backend
public function _initialize()
{
parent::_initialize();
+ //移除HTML标签
+ $this->request->filter('trim,strip_tags,htmlspecialchars');
}
/**
diff --git a/application/admin/library/Auth.php b/application/admin/library/Auth.php
index 1054e6e6..ed68db81 100644
--- a/application/admin/library/Auth.php
+++ b/application/admin/library/Auth.php
@@ -59,7 +59,7 @@ class Auth extends \fast\Auth
}
$admin->loginfailure = 0;
$admin->logintime = time();
- $admin->loginip = request()->ip(0, false);
+ $admin->loginip = request()->ip();
$admin->token = Random::uuid();
$admin->save();
Session::set("admin", $admin->toArray());
@@ -103,7 +103,7 @@ class Auth extends \fast\Auth
if ($key != md5(md5($id) . md5($keeptime) . md5($expiretime) . $admin->token)) {
return false;
}
- $ip = request()->ip(0, false);
+ $ip = request()->ip();
//IP有变动
if ($admin->loginip != $ip) {
return false;
@@ -183,11 +183,16 @@ class Auth extends \fast\Auth
if (Config::get('fastadmin.login_unique')) {
$my = Admin::get($admin['id']);
if (!$my || $my['token'] != $admin['token']) {
+ $this->logout();
return false;
}
}
- if (!isset($admin['loginip']) || $admin['loginip'] != request()->ip(0, false)) {
- return false;
+ //判断管理员IP是否变动
+ if (Config::get('fastadmin.loginip_check')) {
+ if (!isset($admin['loginip']) || $admin['loginip'] != request()->ip()) {
+ $this->logout();
+ return false;
+ }
}
$this->logined = true;
return true;
diff --git a/application/admin/model/AdminLog.php b/application/admin/model/AdminLog.php
index 5f951129..e0d92af7 100644
--- a/application/admin/model/AdminLog.php
+++ b/application/admin/model/AdminLog.php
@@ -35,7 +35,7 @@ class AdminLog extends Model
$username = $auth->isLogin() ? $auth->username : __('Unknown');
$content = self::$content;
if (!$content) {
- $content = request()->param();
+ $content = request()->param('', null, 'trim,strip_tags,htmlspecialchars');
foreach ($content as $k => $v) {
if (is_string($v) && strlen($v) > 200 || stripos($k, 'password') !== false) {
unset($content[$k]);
diff --git a/application/admin/view/addon/index.html b/application/admin/view/addon/index.html
index 0d5756b1..2c974c10 100644
--- a/application/admin/view/addon/index.html
+++ b/application/admin/view/addon/index.html
@@ -233,6 +233,7 @@
+
\ No newline at end of file
+
+
\ No newline at end of file
diff --git a/application/admin/view/auth/adminlog/detail.html b/application/admin/view/auth/adminlog/detail.html
index b63f9431..2adb9051 100644
--- a/application/admin/view/auth/adminlog/detail.html
+++ b/application/admin/view/auth/adminlog/detail.html
@@ -9,7 +9,7 @@
{volist name="row" id="vo" }
| {:__($key)} |
- {$vo} |
+ {$vo|htmlentities} |
{/volist}
diff --git a/application/common/library/Auth.php b/application/common/library/Auth.php
index 102199dc..5822241e 100644
--- a/application/common/library/Auth.php
+++ b/application/common/library/Auth.php
@@ -256,7 +256,7 @@ class Auth
try {
$salt = Random::alnum();
$newpassword = $this->getEncryptPassword($newpassword, $salt);
- $this->_user->save(['password' => $newpassword, 'salt' => $salt]);
+ $this->_user->save(['loginfailure' => 0, 'password' => $newpassword, 'salt' => $salt]);
Token::delete($this->_token);
//修改密码成功的事件
@@ -298,6 +298,8 @@ class Auth
//记录本次登录的IP和时间
$user->loginip = $ip;
$user->logintime = $time;
+ //重置登录失败次数
+ $user->loginfailure = 0;
$user->save();
diff --git a/application/config.php b/application/config.php
index cdd94936..64fda49a 100755
--- a/application/config.php
+++ b/application/config.php
@@ -265,6 +265,8 @@ return [
'login_failure_retry' => true,
//是否同一账号同一时间只能在一个地方登录
'login_unique' => false,
+ //是否开启IP变动检测
+ 'loginip_check' => true,
//登录页默认背景图
'login_background' => "/assets/img/loginbg.jpg",
//是否启用多级菜单导航
@@ -272,7 +274,7 @@ return [
//自动检测更新
'checkupdate' => false,
//版本号
- 'version' => '1.0.0.20190930_beta',
+ 'version' => '1.0.0.20191101_beta',
//API接口地址
'api_url' => 'https://api.fastadmin.net',
],
diff --git a/public/assets/js/backend/addon.js b/public/assets/js/backend/addon.js
index 1349bfeb..94e9d9a8 100644
--- a/public/assets/js/backend/addon.js
+++ b/public/assets/js/backend/addon.js
@@ -441,19 +441,17 @@ define(['jquery', 'bootstrap', 'backend', 'table', 'form', 'template'], function
var userinfo = Controller.api.userinfo.get();
var uid = userinfo ? userinfo.id : 0;
- if ($(that).data("type") !== 'free') {
- if (parseInt(uid) === 0) {
- return Layer.alert(__('Not login tips'), {
- title: __('Warning'),
- btn: [__('Login now'), __('Continue install')],
- yes: function (index, layero) {
- $(".btn-userinfo").trigger("click");
- },
- btn2: function () {
- install(name, version, false);
- }
- });
- }
+ if (parseInt(uid) === 0) {
+ return Layer.alert(__('Not login tips'), {
+ title: __('Warning'),
+ btn: [__('Login now')],
+ yes: function (index, layero) {
+ $(".btn-userinfo").trigger("click");
+ },
+ btn2: function () {
+ install(name, version, false);
+ }
+ });
}
install(name, version, false);
});
diff --git a/public/assets/js/fast.js b/public/assets/js/fast.js
index 388ebddd..695ab00d 100644
--- a/public/assets/js/fast.js
+++ b/public/assets/js/fast.js
@@ -83,7 +83,7 @@ define(['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, undefine
Fast.events.onAjaxError(ret, error);
}
}, options);
- $.ajax(options);
+ return $.ajax(options);
},
//修复URL
fixurl: function (url) {
diff --git a/public/assets/js/require-backend.min.js b/public/assets/js/require-backend.min.js
index 4c292c2a..2eb71276 100644
--- a/public/assets/js/require-backend.min.js
+++ b/public/assets/js/require-backend.min.js
@@ -743,7 +743,7 @@ define('fast',['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, u
Fast.events.onAjaxError(ret, error);
}
}, options);
- $.ajax(options);
+ return $.ajax(options);
},
//修复URL
fixurl: function (url) {
diff --git a/public/assets/js/require-frontend.min.js b/public/assets/js/require-frontend.min.js
index c2c58e0d..a9e17748 100644
--- a/public/assets/js/require-frontend.min.js
+++ b/public/assets/js/require-frontend.min.js
@@ -736,7 +736,7 @@ define('fast',['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, u
Fast.events.onAjaxError(ret, error);
}
}, options);
- $.ajax(options);
+ return $.ajax(options);
},
//修复URL
fixurl: function (url) {