From fdf92e550e54dd7a5de1aa05f924fd2c873db75f Mon Sep 17 00:00:00 2001 From: Karson Date: Thu, 18 Dec 2025 11:44:41 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E8=8F=9C=E5=8D=95=E8=A7=84?= =?UTF-8?q?=E5=88=99=E6=94=AF=E6=8C=81=E5=AD=90=E8=B7=AF=E5=BE=84=E6=A3=80?= =?UTF-8?q?=E6=B5=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/common/controller/Backend.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/application/common/controller/Backend.php b/application/common/controller/Backend.php index 97ae42e5..9f9df101 100644 --- a/application/common/controller/Backend.php +++ b/application/common/controller/Backend.php @@ -152,14 +152,18 @@ class Backend extends Controller $url = $url ? $url : $this->request->url(); if (in_array($this->request->pathinfo(), ['/', 'index/index'])) { $this->redirect('index/login', [], 302, ['referer' => $url]); - exit; } $this->error(__('Please login first'), url('index/login', ['url' => $url])); } // 判断是否需要验证权限 if (!$this->auth->match($this->noNeedRight)) { // 判断控制器和方法是否有对应权限 - if (!$this->auth->check($path)) { + $subpath = str_replace('.', '/', $this->request->path()); + // 判断当前路径和子路径是否都无权限 + $hasPathPermission = $this->auth->check($path); + $hasSubpathPermission = ($path === $subpath) ? $hasPathPermission : $this->auth->check($subpath); + + if (!$hasPathPermission && !$hasSubpathPermission) { Hook::listen('admin_nopermission', $this); $this->error(__('You have no permission'), ''); } @@ -583,7 +587,7 @@ class Backend extends Controller } $result['pid'] = isset($item['pid']) ? $item['pid'] : (isset($item['parent_id']) ? $item['parent_id'] : 0); // 修改为安全的htmlentities调用,兼容php8+版本 - $result = array_map(function($value) { + $result = array_map(function ($value) { return $value === null ? '' : htmlentities((string)$value); }, $result); $list[] = $result;