mirror of https://gitee.com/karson/fastadmin.git
Merge branch 'develop' of gitee.com:karson/fastadmin into develop
Karson
commit
c846402a79
|
|
@ -163,7 +163,7 @@ class Api extends Command
|
|||
if ($getting_namespace === true) {
|
||||
|
||||
//If the token is a string or the namespace separator...
|
||||
if (is_array($token) && in_array($token[0], [T_STRING, T_NS_SEPARATOR])) {
|
||||
if (is_array($token) && in_array($token[0], version_compare(PHP_VERSION, '8.0.0', '<') ? [T_STRING, T_NS_SEPARATOR] : [T_NAME_QUALIFIED])) {
|
||||
|
||||
//Append the token's value to the name of the namespace
|
||||
$namespace .= $token[1];
|
||||
|
|
|
|||
|
|
@ -18,8 +18,8 @@ if (!function_exists('build_select')) {
|
|||
*/
|
||||
function build_select($name, $options, $selected = [], $attr = [])
|
||||
{
|
||||
$options = is_array($options) ? $options : explode(',', $options);
|
||||
$selected = is_array($selected) ? $selected : explode(',', $selected);
|
||||
$options = is_array($options) ? $options : explode(',', $options ?? '');
|
||||
$selected = is_array($selected) ? $selected : explode(',', $selected ?? '');
|
||||
return Form::select($name, $options, $selected, $attr);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -319,9 +319,8 @@ class Addon extends Backend
|
|||
{
|
||||
$offset = (int)$this->request->get("offset");
|
||||
$limit = (int)$this->request->get("limit");
|
||||
$filter = $this->request->get("filter");
|
||||
$search = $this->request->get("search");
|
||||
$search = htmlspecialchars(strip_tags($search));
|
||||
$filter = $this->request->get("filter", '');
|
||||
$search = $this->request->get("search", '', 'strip_tags,htmlspecialchars');
|
||||
$onlineaddons = $this->getAddonList();
|
||||
$filter = (array)json_decode($filter, true);
|
||||
$addons = get_addon_list();
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ class Index extends Backend
|
|||
*/
|
||||
public function login()
|
||||
{
|
||||
$url = $this->request->get('url', 'index/index');
|
||||
$url = $this->request->get('url', 'index/index', 'url_clean');
|
||||
if ($this->auth->isLogin()) {
|
||||
$this->success(__("You've logged in, do not login again"), $url);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ if (!function_exists('__')) {
|
|||
/**
|
||||
* 获取语言变量值
|
||||
* @param string $name 语言变量名
|
||||
* @param array $vars 动态变量值
|
||||
* @param string | array $vars 动态变量值
|
||||
* @param string $lang 语言
|
||||
* @return mixed
|
||||
*/
|
||||
|
|
@ -41,7 +41,7 @@ if (!function_exists('format_bytes')) {
|
|||
function format_bytes($size, $delimiter = '', $precision = 2)
|
||||
{
|
||||
$units = array('B', 'KB', 'MB', 'GB', 'TB', 'PB');
|
||||
for ($i = 0; $size >= 1024 && $i < 6; $i++) {
|
||||
for ($i = 0; $size >= 1024 && $i < 5; $i++) {
|
||||
$size /= 1024;
|
||||
}
|
||||
return round($size, $precision) . $delimiter . $units[$i];
|
||||
|
|
@ -467,6 +467,19 @@ if (!function_exists('xss_clean')) {
|
|||
}
|
||||
}
|
||||
|
||||
if (!function_exists('url_clean')) {
|
||||
/**
|
||||
* 清理URL
|
||||
*/
|
||||
function url_clean($url)
|
||||
{
|
||||
if (!check_url_allowed($url)) {
|
||||
return '';
|
||||
}
|
||||
return xss_clean($url);
|
||||
}
|
||||
}
|
||||
|
||||
if (!function_exists('check_ip_allowed')) {
|
||||
/**
|
||||
* 检测IP是否允许
|
||||
|
|
@ -485,6 +498,36 @@ if (!function_exists('check_ip_allowed')) {
|
|||
}
|
||||
}
|
||||
|
||||
if (!function_exists('check_url_allowed')) {
|
||||
/**
|
||||
* 检测URL是否允许
|
||||
* @param string $url URL
|
||||
* @return bool
|
||||
*/
|
||||
function check_url_allowed($url = null)
|
||||
{
|
||||
//允许的主机列表
|
||||
$allowedHostArr = [
|
||||
strtolower(request()->host())
|
||||
];
|
||||
|
||||
//如果是站内相对链接则允许
|
||||
if (preg_match("/^[\/a-z][a-z0-9][a-z0-9\.\/]+\$/i", $url) && substr($url, 0, 2) !== '//') {
|
||||
return true;
|
||||
}
|
||||
|
||||
//如果是站外链接则需要判断HOST是否允许
|
||||
if (preg_match("/((http[s]?:\/\/)+(?>[a-z\-0-9]{2,}\.){1,}[a-z]{2,8})(?:\s|\/)/i", $url)) {
|
||||
|
||||
if (in_array(strtolower(parse_url($url, PHP_URL_HOST)), $allowedHostArr)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (!function_exists('build_suffix_image')) {
|
||||
/**
|
||||
* 生成文件后缀图片
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ class Common
|
|||
}
|
||||
// 切换多语言
|
||||
if (Config::get('lang_switch_on')) {
|
||||
$lang = $request->get('lang');
|
||||
$lang = $request->get('lang', '');
|
||||
if (preg_match("/^([a-zA-Z\-_]{2,10})\$/i", $lang)) {
|
||||
\think\Cookie::set('think_var', $lang);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -129,9 +129,8 @@ class User extends Frontend
|
|||
}
|
||||
}
|
||||
//判断来源
|
||||
$referer = $this->request->server('HTTP_REFERER');
|
||||
if (!$url && (strtolower(parse_url($referer, PHP_URL_HOST)) == strtolower($this->request->host()))
|
||||
&& !preg_match("/(user\/login|user\/register|user\/logout)/i", $referer)) {
|
||||
$referer = $this->request->server('HTTP_REFERER', '', 'url_clean');
|
||||
if (!$url && $referer && !preg_match("/(user\/login|user\/register|user\/logout)/i", $referer)) {
|
||||
$url = $referer;
|
||||
}
|
||||
$this->view->assign('captchaType', config('fastadmin.user_register_captcha'));
|
||||
|
|
@ -147,7 +146,7 @@ class User extends Frontend
|
|||
{
|
||||
$url = $this->request->request('url', '', 'trim,xss_clean');
|
||||
if ($this->auth->id) {
|
||||
$this->success(__('You\'ve logged in, do not login again'), $url ? $url : url('user/index'));
|
||||
$this->success(__('You\'ve logged in, do not login again'), $url ?: url('user/index'));
|
||||
}
|
||||
if ($this->request->isPost()) {
|
||||
$account = $this->request->post('account');
|
||||
|
|
@ -175,7 +174,6 @@ class User extends Frontend
|
|||
$result = $validate->check($data);
|
||||
if (!$result) {
|
||||
$this->error(__($validate->getError()), null, ['token' => $this->request->token()]);
|
||||
return false;
|
||||
}
|
||||
if ($this->auth->login($account, $password)) {
|
||||
$this->success(__('Logged in successful'), $url ? $url : url('user/index'));
|
||||
|
|
@ -184,9 +182,8 @@ class User extends Frontend
|
|||
}
|
||||
}
|
||||
//判断来源
|
||||
$referer = $this->request->server('HTTP_REFERER');
|
||||
if (!$url && (strtolower(parse_url($referer, PHP_URL_HOST)) == strtolower($this->request->host()))
|
||||
&& !preg_match("/(user\/login|user\/register|user\/logout)/i", $referer)) {
|
||||
$referer = $this->request->server('HTTP_REFERER', '', 'url_clean');
|
||||
if (!$url && $referer && !preg_match("/(user\/login|user\/register|user\/logout)/i", $referer)) {
|
||||
$url = $referer;
|
||||
}
|
||||
$this->view->assign('url', $url);
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
"require": {
|
||||
"php": ">=7.2.0",
|
||||
"topthink/framework": "dev-master",
|
||||
"topthink/think-captcha": "^1.0",
|
||||
"topthink/think-captcha": "^1.0.9",
|
||||
"topthink/think-installer": "^1.0.14",
|
||||
"topthink/think-queue": "1.1.6",
|
||||
"topthink/think-helper": "^1.0.7",
|
||||
|
|
@ -38,6 +38,10 @@
|
|||
{
|
||||
"type": "git",
|
||||
"url": "https://gitee.com/fastadminnet/framework.git"
|
||||
},
|
||||
{
|
||||
"type": "git",
|
||||
"url": "https://gitee.com/fastadminnet/think-captcha.git"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue