hitsword
/
fastadmin
mirror of https://gitee.com/karson/fastadmin.git
1
0
Fork 0
Code Issues Releases Wiki Activity

修复上传文件后缀判断错误的BUG 

修复Token永久有效期判断错误的BUG
修复getUserinfo返回错误token的BUG
pull/59/head v1.0.0.20180417_beta
Karson 2018-04-17 22:08:46 +08:00
parent 8dd699f699
commit f035876bfb
8 changed files with 24 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
application/admin/controller/Ajax.php
View File

@ -65,10 +65,16 @@ class Ajax extends Backend
$suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION)); $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION));
$suffix = $suffix ? $suffix : 'file'; $suffix = $suffix ? $suffix : 'file';
$mimetypeArr = explode(',', $upload['mimetype']); $mimetypeArr = explode(',', strtolower($upload['mimetype']));
$typeArr = explode('/', $fileInfo['type']); $typeArr = explode('/', $fileInfo['type']);
//验证文件后缀 //验证文件后缀
if ($upload['mimetype'] !== '*' && !in_array($suffix, $mimetypeArr) && !in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr)) { if ($upload['mimetype'] !== '*' &&
(
!in_array($suffix, $mimetypeArr)
|| (stripos($typeArr[0] . '/', $upload['mimetype']) !== false && (!in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr)))
)
) {
$this->error(__('Uploaded file format is limited')); $this->error(__('Uploaded file format is limited'));
} }
$replaceArr = [ $replaceArr = [

11
application/api/controller/Common.php
View File

@ -75,11 +75,16 @@ class Common extends Api
$suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION)); $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION));
$suffix = $suffix ? $suffix : 'file'; $suffix = $suffix ? $suffix : 'file';
$mimetypeArr = explode(',', $upload['mimetype']); $mimetypeArr = explode(',', strtolower($upload['mimetype']));
$typeArr = explode('/', $fileInfo['type']); $typeArr = explode('/', $fileInfo['type']);
//验证文件后缀 //验证文件后缀
if ($upload['mimetype'] !== '*' && !in_array($suffix, $mimetypeArr) && !in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr)) if ($upload['mimetype'] !== '*' &&
{ (
!in_array($suffix, $mimetypeArr)
|| (stripos($typeArr[0] . '/', $upload['mimetype']) !== false && (!in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr)))
)
) {
$this->error(__('Uploaded file format is limited')); $this->error(__('Uploaded file format is limited'));
} }
$replaceArr = [ $replaceArr = [

2
application/common/library/Auth.php
View File

@ -416,7 +416,7 @@ class Auth
$data = $this->_user->toArray(); $data = $this->_user->toArray();
$allowFields = $this->getAllowFields(); $allowFields = $this->getAllowFields();
$userinfo = array_intersect_key($data, array_flip($allowFields)); $userinfo = array_intersect_key($data, array_flip($allowFields));
$userinfo['token'] = $this->getToken(); $userinfo = array_merge($userinfo, Token::get($this->_token));
return $userinfo; return $userinfo;
} }

4
application/common/library/token/driver/Mysql.php
View File

@ -47,7 +47,7 @@ class Mysql extends Driver
*/ */
public function set($token, $user_id, $expire = null) public function set($token, $user_id, $expire = null)
{ {
$expiretime = !is_null($expire) ? time() + $expire : ($expire === 0 ? 0 : time() + $this->options['expire']); $expiretime = !is_null($expire) && $expire !== 0 ? time() + $expire : 0;
$token = $this->getEncryptedToken($token); $token = $this->getEncryptedToken($token);
$this->handler->insert(['token' => $token, 'user_id' => $user_id, 'createtime' => time(), 'expiretime' => $expiretime]); $this->handler->insert(['token' => $token, 'user_id' => $user_id, 'createtime' => time(), 'expiretime' => $expiretime]);
return TRUE; return TRUE;
@ -66,7 +66,7 @@ class Mysql extends Driver
//返回未加密的token给客户端使用 //返回未加密的token给客户端使用
$data['token'] = $token; $data['token'] = $token;
//返回剩余有效时间 //返回剩余有效时间
$data['expired_in'] = $this->getExpiredIn($data['expiretime']); $data['expires_in'] = $this->getExpiredIn($data['expiretime']);
return $data; return $data;
} else { } else {
self::delete($token); self::delete($token);

4
application/config.php
View File

@ -260,7 +260,7 @@ return [
//是否开启前台会员中心 //是否开启前台会员中心
'usercenter' => true, 'usercenter' => true,
//登录验证码 //登录验证码
'login_captcha' => true, 'login_captcha' => false,
//登录失败超过10则1天后重试 //登录失败超过10则1天后重试
'login_failure_retry' => true, 'login_failure_retry' => true,
//是否同一账号同一时间只能在一个地方登录 //是否同一账号同一时间只能在一个地方登录
@ -270,7 +270,7 @@ return [
//自动检测更新 //自动检测更新
'checkupdate' => false, 'checkupdate' => false,
//版本号 //版本号
'version' => '1.0.0.20180406_beta', 'version' => '1.0.0.20180417_beta',
//API接口地址 //API接口地址
'api_url' => 'https://api.fastadmin.net', 'api_url' => 'https://api.fastadmin.net',
], ],

2
application/extra/upload.php
View File

@ -21,7 +21,7 @@ return [
/** /**
* 可上传的文件类型 * 可上传的文件类型
*/ */
'mimetype' => '*', 'mimetype' => 'jpg,png,bmp,jpeg,gif,zip,rar,xls,xlsx',
/** /**
* 是否支持批量上传 * 是否支持批量上传
*/ */

2
public/assets/js/require-backend.min.js vendored
View File

@ -9701,7 +9701,7 @@ define('table',['jquery', 'bootstrap', 'moment', 'moment/locale/zh-cn', 'bootstr
return html; return html;
}, },
url: function (value, row, index) { url: function (value, row, index) {
return '<div class="input-group input-group-sm" style="width:250px;"><input type="text" class="form-control input-sm" value="' + value + '"><span class="input-group-btn input-group-sm"><a href="' + value + '" target="_blank" class="btn btn-default btn-sm"><i class="fa fa-link"></i></a></span></div>'; return '<div class="input-group input-group-sm" style="width:250px;margin:0 auto;"><input type="text" class="form-control input-sm" value="' + value + '"><span class="input-group-btn input-group-sm"><a href="' + value + '" target="_blank" class="btn btn-default btn-sm"><i class="fa fa-link"></i></a></span></div>';
}, },
search: function (value, row, index) { search: function (value, row, index) {
return '<a href="javascript:;" class="searchit" data-field="' + this.field + '" data-value="' + value + '">' + value + '</a>'; return '<a href="javascript:;" class="searchit" data-field="' + this.field + '" data-value="' + value + '">' + value + '</a>';

2
public/assets/js/require-table.js
View File

@ -397,7 +397,7 @@ define(['jquery', 'bootstrap', 'moment', 'moment/locale/zh-cn', 'bootstrap-table
return html; return html;
}, },
url: function (value, row, index) { url: function (value, row, index) {
return '<div class="input-group input-group-sm" style="width:250px;"><input type="text" class="form-control input-sm" value="' + value + '"><span class="input-group-btn input-group-sm"><a href="' + value + '" target="_blank" class="btn btn-default btn-sm"><i class="fa fa-link"></i></a></span></div>'; return '<div class="input-group input-group-sm" style="width:250px;margin:0 auto;"><input type="text" class="form-control input-sm" value="' + value + '"><span class="input-group-btn input-group-sm"><a href="' + value + '" target="_blank" class="btn btn-default btn-sm"><i class="fa fa-link"></i></a></span></div>';
}, },
search: function (value, row, index) { search: function (value, row, index) {
return '<a href="javascript:;" class="searchit" data-field="' + this.field + '" data-value="' + value + '">' + value + '</a>'; return '<a href="javascript:;" class="searchit" data-field="' + this.field + '" data-value="' + value + '">' + value + '</a>';