mirror of https://gitee.com/karson/fastadmin.git
Merge branch 'develop' of gitee.com:karson/fastadmin into develop
Karson
commit
c846402a79
|
|
@ -163,7 +163,7 @@ class Api extends Command
|
||||||
if ($getting_namespace === true) {
|
if ($getting_namespace === true) {
|
||||||
|
|
||||||
//If the token is a string or the namespace separator...
|
//If the token is a string or the namespace separator...
|
||||||
if (is_array($token) && in_array($token[0], [T_STRING, T_NS_SEPARATOR])) {
|
if (is_array($token) && in_array($token[0], version_compare(PHP_VERSION, '8.0.0', '<') ? [T_STRING, T_NS_SEPARATOR] : [T_NAME_QUALIFIED])) {
|
||||||
|
|
||||||
//Append the token's value to the name of the namespace
|
//Append the token's value to the name of the namespace
|
||||||
$namespace .= $token[1];
|
$namespace .= $token[1];
|
||||||
|
|
|
||||||
|
|
@ -18,8 +18,8 @@ if (!function_exists('build_select')) {
|
||||||
*/
|
*/
|
||||||
function build_select($name, $options, $selected = [], $attr = [])
|
function build_select($name, $options, $selected = [], $attr = [])
|
||||||
{
|
{
|
||||||
$options = is_array($options) ? $options : explode(',', $options);
|
$options = is_array($options) ? $options : explode(',', $options ?? '');
|
||||||
$selected = is_array($selected) ? $selected : explode(',', $selected);
|
$selected = is_array($selected) ? $selected : explode(',', $selected ?? '');
|
||||||
return Form::select($name, $options, $selected, $attr);
|
return Form::select($name, $options, $selected, $attr);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -319,9 +319,8 @@ class Addon extends Backend
|
||||||
{
|
{
|
||||||
$offset = (int)$this->request->get("offset");
|
$offset = (int)$this->request->get("offset");
|
||||||
$limit = (int)$this->request->get("limit");
|
$limit = (int)$this->request->get("limit");
|
||||||
$filter = $this->request->get("filter");
|
$filter = $this->request->get("filter", '');
|
||||||
$search = $this->request->get("search");
|
$search = $this->request->get("search", '', 'strip_tags,htmlspecialchars');
|
||||||
$search = htmlspecialchars(strip_tags($search));
|
|
||||||
$onlineaddons = $this->getAddonList();
|
$onlineaddons = $this->getAddonList();
|
||||||
$filter = (array)json_decode($filter, true);
|
$filter = (array)json_decode($filter, true);
|
||||||
$addons = get_addon_list();
|
$addons = get_addon_list();
|
||||||
|
|
|
||||||
|
|
@ -66,7 +66,7 @@ class Index extends Backend
|
||||||
*/
|
*/
|
||||||
public function login()
|
public function login()
|
||||||
{
|
{
|
||||||
$url = $this->request->get('url', 'index/index');
|
$url = $this->request->get('url', 'index/index', 'url_clean');
|
||||||
if ($this->auth->isLogin()) {
|
if ($this->auth->isLogin()) {
|
||||||
$this->success(__("You've logged in, do not login again"), $url);
|
$this->success(__("You've logged in, do not login again"), $url);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ if (!function_exists('__')) {
|
||||||
/**
|
/**
|
||||||
* 获取语言变量值
|
* 获取语言变量值
|
||||||
* @param string $name 语言变量名
|
* @param string $name 语言变量名
|
||||||
* @param array $vars 动态变量值
|
* @param string | array $vars 动态变量值
|
||||||
* @param string $lang 语言
|
* @param string $lang 语言
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
|
|
@ -41,7 +41,7 @@ if (!function_exists('format_bytes')) {
|
||||||
function format_bytes($size, $delimiter = '', $precision = 2)
|
function format_bytes($size, $delimiter = '', $precision = 2)
|
||||||
{
|
{
|
||||||
$units = array('B', 'KB', 'MB', 'GB', 'TB', 'PB');
|
$units = array('B', 'KB', 'MB', 'GB', 'TB', 'PB');
|
||||||
for ($i = 0; $size >= 1024 && $i < 6; $i++) {
|
for ($i = 0; $size >= 1024 && $i < 5; $i++) {
|
||||||
$size /= 1024;
|
$size /= 1024;
|
||||||
}
|
}
|
||||||
return round($size, $precision) . $delimiter . $units[$i];
|
return round($size, $precision) . $delimiter . $units[$i];
|
||||||
|
|
@ -467,6 +467,19 @@ if (!function_exists('xss_clean')) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!function_exists('url_clean')) {
|
||||||
|
/**
|
||||||
|
* 清理URL
|
||||||
|
*/
|
||||||
|
function url_clean($url)
|
||||||
|
{
|
||||||
|
if (!check_url_allowed($url)) {
|
||||||
|
return '';
|
||||||
|
}
|
||||||
|
return xss_clean($url);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (!function_exists('check_ip_allowed')) {
|
if (!function_exists('check_ip_allowed')) {
|
||||||
/**
|
/**
|
||||||
* 检测IP是否允许
|
* 检测IP是否允许
|
||||||
|
|
@ -485,6 +498,36 @@ if (!function_exists('check_ip_allowed')) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!function_exists('check_url_allowed')) {
|
||||||
|
/**
|
||||||
|
* 检测URL是否允许
|
||||||
|
* @param string $url URL
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
function check_url_allowed($url = null)
|
||||||
|
{
|
||||||
|
//允许的主机列表
|
||||||
|
$allowedHostArr = [
|
||||||
|
strtolower(request()->host())
|
||||||
|
];
|
||||||
|
|
||||||
|
//如果是站内相对链接则允许
|
||||||
|
if (preg_match("/^[\/a-z][a-z0-9][a-z0-9\.\/]+\$/i", $url) && substr($url, 0, 2) !== '//') {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
//如果是站外链接则需要判断HOST是否允许
|
||||||
|
if (preg_match("/((http[s]?:\/\/)+(?>[a-z\-0-9]{2,}\.){1,}[a-z]{2,8})(?:\s|\/)/i", $url)) {
|
||||||
|
|
||||||
|
if (in_array(strtolower(parse_url($url, PHP_URL_HOST)), $allowedHostArr)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (!function_exists('build_suffix_image')) {
|
if (!function_exists('build_suffix_image')) {
|
||||||
/**
|
/**
|
||||||
* 生成文件后缀图片
|
* 生成文件后缀图片
|
||||||
|
|
|
||||||
|
|
@ -63,7 +63,7 @@ class Common
|
||||||
}
|
}
|
||||||
// 切换多语言
|
// 切换多语言
|
||||||
if (Config::get('lang_switch_on')) {
|
if (Config::get('lang_switch_on')) {
|
||||||
$lang = $request->get('lang');
|
$lang = $request->get('lang', '');
|
||||||
if (preg_match("/^([a-zA-Z\-_]{2,10})\$/i", $lang)) {
|
if (preg_match("/^([a-zA-Z\-_]{2,10})\$/i", $lang)) {
|
||||||
\think\Cookie::set('think_var', $lang);
|
\think\Cookie::set('think_var', $lang);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -129,9 +129,8 @@ class User extends Frontend
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//判断来源
|
//判断来源
|
||||||
$referer = $this->request->server('HTTP_REFERER');
|
$referer = $this->request->server('HTTP_REFERER', '', 'url_clean');
|
||||||
if (!$url && (strtolower(parse_url($referer, PHP_URL_HOST)) == strtolower($this->request->host()))
|
if (!$url && $referer && !preg_match("/(user\/login|user\/register|user\/logout)/i", $referer)) {
|
||||||
&& !preg_match("/(user\/login|user\/register|user\/logout)/i", $referer)) {
|
|
||||||
$url = $referer;
|
$url = $referer;
|
||||||
}
|
}
|
||||||
$this->view->assign('captchaType', config('fastadmin.user_register_captcha'));
|
$this->view->assign('captchaType', config('fastadmin.user_register_captcha'));
|
||||||
|
|
@ -147,7 +146,7 @@ class User extends Frontend
|
||||||
{
|
{
|
||||||
$url = $this->request->request('url', '', 'trim,xss_clean');
|
$url = $this->request->request('url', '', 'trim,xss_clean');
|
||||||
if ($this->auth->id) {
|
if ($this->auth->id) {
|
||||||
$this->success(__('You\'ve logged in, do not login again'), $url ? $url : url('user/index'));
|
$this->success(__('You\'ve logged in, do not login again'), $url ?: url('user/index'));
|
||||||
}
|
}
|
||||||
if ($this->request->isPost()) {
|
if ($this->request->isPost()) {
|
||||||
$account = $this->request->post('account');
|
$account = $this->request->post('account');
|
||||||
|
|
@ -175,7 +174,6 @@ class User extends Frontend
|
||||||
$result = $validate->check($data);
|
$result = $validate->check($data);
|
||||||
if (!$result) {
|
if (!$result) {
|
||||||
$this->error(__($validate->getError()), null, ['token' => $this->request->token()]);
|
$this->error(__($validate->getError()), null, ['token' => $this->request->token()]);
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
if ($this->auth->login($account, $password)) {
|
if ($this->auth->login($account, $password)) {
|
||||||
$this->success(__('Logged in successful'), $url ? $url : url('user/index'));
|
$this->success(__('Logged in successful'), $url ? $url : url('user/index'));
|
||||||
|
|
@ -184,9 +182,8 @@ class User extends Frontend
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//判断来源
|
//判断来源
|
||||||
$referer = $this->request->server('HTTP_REFERER');
|
$referer = $this->request->server('HTTP_REFERER', '', 'url_clean');
|
||||||
if (!$url && (strtolower(parse_url($referer, PHP_URL_HOST)) == strtolower($this->request->host()))
|
if (!$url && $referer && !preg_match("/(user\/login|user\/register|user\/logout)/i", $referer)) {
|
||||||
&& !preg_match("/(user\/login|user\/register|user\/logout)/i", $referer)) {
|
|
||||||
$url = $referer;
|
$url = $referer;
|
||||||
}
|
}
|
||||||
$this->view->assign('url', $url);
|
$this->view->assign('url', $url);
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@
|
||||||
"require": {
|
"require": {
|
||||||
"php": ">=7.2.0",
|
"php": ">=7.2.0",
|
||||||
"topthink/framework": "dev-master",
|
"topthink/framework": "dev-master",
|
||||||
"topthink/think-captcha": "^1.0",
|
"topthink/think-captcha": "^1.0.9",
|
||||||
"topthink/think-installer": "^1.0.14",
|
"topthink/think-installer": "^1.0.14",
|
||||||
"topthink/think-queue": "1.1.6",
|
"topthink/think-queue": "1.1.6",
|
||||||
"topthink/think-helper": "^1.0.7",
|
"topthink/think-helper": "^1.0.7",
|
||||||
|
|
@ -38,6 +38,10 @@
|
||||||
{
|
{
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://gitee.com/fastadminnet/framework.git"
|
"url": "https://gitee.com/fastadminnet/framework.git"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://gitee.com/fastadminnet/think-captcha.git"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue