diff --git a/application/admin/behavior/AdminLog.php b/application/admin/behavior/AdminLog.php index f5bcd3c9..2a7afc72 100644 --- a/application/admin/behavior/AdminLog.php +++ b/application/admin/behavior/AdminLog.php @@ -4,7 +4,7 @@ namespace app\admin\behavior; class AdminLog { - public function run(&$params) + public function run(&$response) { //只记录POST请求的日志 if (request()->isPost() && config('fastadmin.auto_record_log')) { diff --git a/application/admin/controller/auth/Adminlog.php b/application/admin/controller/auth/Adminlog.php index 9ed148ce..1d8cc810 100644 --- a/application/admin/controller/auth/Adminlog.php +++ b/application/admin/controller/auth/Adminlog.php @@ -53,6 +53,7 @@ class Adminlog extends Backend $query->where('admin_id', 'in', $childrenAdminIds); } }) + ->field('content,useragent', true) ->order($sort, $order) ->paginate($limit); diff --git a/application/admin/model/AdminLog.php b/application/admin/model/AdminLog.php index faf7e562..07e33036 100644 --- a/application/admin/model/AdminLog.php +++ b/application/admin/model/AdminLog.php @@ -41,8 +41,8 @@ class AdminLog extends Model /** * 记录日志 - * @param string $title - * @param string $content + * @param string $title 日志标题 + * @param string $content 日志内容 */ public static function record($title = '', $content = '') { @@ -50,6 +50,9 @@ class AdminLog extends Model $admin_id = $auth->isLogin() ? $auth->id : 0; $username = $auth->isLogin() ? $auth->username : __('Unknown'); + // 设置过滤函数 + request()->filter('trim,strip_tags,htmlspecialchars'); + $controllername = Loader::parseName(request()->controller()); $actionname = strtolower(request()->action()); $path = str_replace('.', '/', $controllername) . '/' . $actionname; @@ -60,12 +63,12 @@ class AdminLog extends Model } } } - $content = $content ? $content : self::$content; + $content = $content ?: self::$content; if (!$content) { - $content = request()->param('', null, 'trim,strip_tags,htmlspecialchars'); + $content = request()->param('') ?: file_get_contents("php://input"); $content = self::getPureContent($content); } - $title = $title ? $title : self::$title; + $title = $title ?: self::$title; if (!$title) { $title = []; $breadcrumb = Auth::instance()->getBreadcrumb($path); @@ -77,18 +80,18 @@ class AdminLog extends Model self::create([ 'title' => $title, 'content' => !is_scalar($content) ? json_encode($content, JSON_UNESCAPED_UNICODE) : $content, - 'url' => substr(request()->url(), 0, 1500), + 'url' => substr(xss_clean(strip_tags(request()->url())), 0, 1500), 'admin_id' => $admin_id, 'username' => $username, 'useragent' => substr(request()->server('HTTP_USER_AGENT'), 0, 255), - 'ip' => request()->ip() + 'ip' => xss_clean(strip_tags(request()->ip())) ]); } /** * 获取已屏蔽关键信息的数据 * @param $content - * @return false|string + * @return array */ protected static function getPureContent($content) { diff --git a/public/assets/js/backend/auth/adminlog.js b/public/assets/js/backend/auth/adminlog.js index 58586172..f8b19988 100644 --- a/public/assets/js/backend/auth/adminlog.js +++ b/public/assets/js/backend/auth/adminlog.js @@ -29,7 +29,6 @@ define(['jquery', 'bootstrap', 'backend', 'table', 'form'], function ($, undefin {field: 'title', title: __('Title'), operate: 'LIKE %...%', placeholder: '模糊搜索'}, {field: 'url', title: __('Url'), formatter: Table.api.formatter.url}, {field: 'ip', title: __('IP'), events: Table.api.events.ip, formatter: Table.api.formatter.search}, - {field: 'browser', title: __('Browser'), operate: false, formatter: Controller.api.formatter.browser}, {field: 'createtime', title: __('Create time'), formatter: Table.api.formatter.datetime, operate: 'RANGE', addclass: 'datetimerange', sortable: true}, { field: 'operate', title: __('Operate'), table: table,