Skip to content
Permalink
Browse files Browse the repository at this point in the history
Security update / 安全更新
  • Loading branch information
star7th committed Dec 25, 2021
1 parent f6fca83 commit 3ff0c85
Show file tree
Hide file tree
Showing 18 changed files with 61 additions and 57 deletions.
Expand Up @@ -53,7 +53,7 @@ private function _get_member_num($item_members , $item_id){
public function deleteItem(){
$login_user = $this->checkLogin();
$this->checkAdmin();
$item_id = I("item_id/d");
$item_id = I("post.item_id/d");
$return = D("Item")->soft_delete_item($item_id);
if (!$return) {
$this->sendError(10101);
Expand All @@ -66,8 +66,8 @@ public function deleteItem(){
public function attorn(){
$login_user = $this->checkLogin();
$this->checkAdmin();
$username = I("username");
$item_id = I("item_id/d");
$username = I("post.username");
$item_id = I("post.item_id/d");

$item = D("Item")->where("item_id = '$item_id' ")->find();

Expand Down
12 changes: 6 additions & 6 deletions server/Application/Api/Controller/AdminUserController.class.php
Expand Up @@ -40,7 +40,7 @@ public function getList(){
public function deleteUser(){
$login_user = $this->checkLogin();
$this->checkAdmin();
$uid = I("uid/d");
$uid = I("post.uid/d");

if (D("Item")->where("uid = '$uid' and is_del = 0 ")->find()) {
$this->sendError(10101,"该用户名下还有项目,不允许删除。请先将其项目删除或者重新分配/转让");
Expand All @@ -58,7 +58,7 @@ public function deleteUser(){
public function changePassword(){
$login_user = $this->checkLogin();
$this->checkAdmin();
$uid = I("uid/d");
$uid = I("post.uid/d");
$new_password = I("new_password");

$return = D("User")->updatePwd($uid, $new_password);
Expand All @@ -74,10 +74,10 @@ public function changePassword(){
public function addUser(){
$login_user = $this->checkLogin();
$this->checkAdmin();
$username = I("username");
$password = I("password");
$uid = I("uid");
$name = I("name");
$username = I("post.username");
$password = I("post.password");
$uid = I("post.uid");
$name = I("post.name");
if(!$username){
$this->sendError(10101,'用户名不允许为空');
return ;
Expand Down
6 changes: 3 additions & 3 deletions server/Application/Api/Controller/CatalogController.class.php
Expand Up @@ -193,7 +193,7 @@ public function save(){

//删除目录
public function delete(){
$cat_id = I("cat_id/d")? I("cat_id/d") : 0;
$cat_id = I("post.cat_id/d")? I("post.cat_id/d") : 0;
$cat = D("Catalog")->where(" cat_id = '$cat_id' ")->find();
$item_id = $cat['item_id'];

Expand Down Expand Up @@ -266,8 +266,8 @@ public function getDefaultCat(){

//批量更新
public function batUpdate(){
$cats = I("cats");
$item_id = I("item_id/d");
$cats = I("post.cats");
$item_id = I("post.item_id/d");
$login_user = $this->checkLogin();
if (!$this->checkItemEdit($login_user['uid'] , $item_id)) {
$this->sendError(10103);
Expand Down
16 changes: 8 additions & 8 deletions server/Application/Api/Controller/ItemController.class.php
Expand Up @@ -269,7 +269,7 @@ public function detail(){
//更新项目信息
public function update(){
$login_user = $this->checkLogin();
$item_id = I("item_id/d");
$item_id = I("post.item_id/d");
$item_name = I("item_name");
$item_description = I("item_description");
$item_domain = I("item_domain");
Expand Down Expand Up @@ -311,8 +311,8 @@ public function attorn(){
$login_user = $this->checkLogin();

$username = I("username");
$item_id = I("item_id/d");
$password = I("password");
$item_id = I("post.item_id/d");
$password = I("post.password");

$item = D("Item")->where("item_id = '$item_id' ")->find();

Expand Down Expand Up @@ -381,7 +381,7 @@ public function delete(){
public function archive(){
$login_user = $this->checkLogin();

$item_id = I("item_id/d");
$item_id = I("post.item_id/d");
$password = I("password");

$item = D("Item")->where("item_id = '$item_id' ")->find();
Expand Down Expand Up @@ -430,7 +430,7 @@ public function resetKey(){

$login_user = $this->checkLogin();

$item_id = I("item_id/d");
$item_id = I("post.item_id/d");

$item = D("Item")->where("item_id = '$item_id' ")->find();

Expand Down Expand Up @@ -475,7 +475,7 @@ public function top(){

//验证访问密码
public function pwd(){
$item_id = I("item_id/d");
$item_id = I("post.item_id/d");
$password = I("password");
$v_code = I("v_code");
$refer_url = I('refer_url');
Expand Down Expand Up @@ -516,13 +516,13 @@ public function itemList(){
//新建项目
public function add(){
$login_user = $this->checkLogin();
$item_name = I("item_name");
$item_name = I("post.item_name");
$item_domain = I("item_domain") ? I("item_domain") : '';
$copy_item_id = I("copy_item_id");
$password = I("password");
$item_description = I("item_description");
$item_type = I("item_type") ? I("item_type") : 1 ;

if(!$item_name)return false;
if ($item_domain) {

if(!ctype_alnum($item_domain) || is_numeric($item_domain) ){
Expand Down
Expand Up @@ -10,10 +10,10 @@ class ItemGroupController extends BaseController {
public function save(){
$login_user = $this->checkLogin();

$group_name = I("group_name");
$item_ids = I("item_ids");
$id = I("id/d");

$group_name = I("post.group_name");
$item_ids = I("post.item_ids");
$id = I("post.id/d");
if(!$group_name)return false;
if ($id) {

D("ItemGroup")->where(" id = '$id' ")->save(array("group_name"=>$group_name,"item_ids"=>$item_ids));
Expand Down
Expand Up @@ -69,7 +69,7 @@ public function getList(){

//删除
public function delete(){
$item_id = I("item_id/d");
$item_id = I("post.item_id/d");
$id = I("id/d");
$login_user = $this->checkLogin();
$uid = $login_user['uid'] ;
Expand All @@ -89,9 +89,9 @@ public function delete(){

//根据name删除
public function deleteByName(){
$item_id = I("item_id/d");
$env_id = I("env_id/d");
$var_name = I("var_name");
$item_id = I("post.item_id/d");
$env_id = I("post.env_id/d");
$var_name = I("post.var_name");
$login_user = $this->checkLogin();
$uid = $login_user['uid'] ;
if(!$this->checkItemEdit($uid , $item_id)){
Expand Down
4 changes: 2 additions & 2 deletions server/Application/Api/Controller/MemberController.class.php
Expand Up @@ -7,7 +7,7 @@ class MemberController extends BaseController {
//保存
public function save(){
$member_group_id = I("member_group_id/d");
$item_id = I("item_id/d");
$item_id = I("post.item_id/d");
$cat_id = I("cat_id/d") ? I("cat_id/d") : 0 ;
$login_user = $this->checkLogin();
$uid = $login_user['uid'] ;
Expand Down Expand Up @@ -76,7 +76,7 @@ public function getList(){

//删除成员
public function delete(){
$item_id = I("item_id/d");
$item_id = I("post.item_id/d");
$login_user = $this->checkLogin();
$uid = $login_user['uid'] ;
if(!$this->checkItemManage($uid , $item_id)){
Expand Down
4 changes: 2 additions & 2 deletions server/Application/Api/Controller/PageController.class.php
Expand Up @@ -38,7 +38,7 @@ public function info(){
}
//删除页面
public function delete(){
$page_id = I("page_id/d")? I("page_id/d") : 0;
$page_id = I("post.page_id/d")? I("post.page_id/d") : 0;
$page = D("Page")->where(" page_id = '$page_id' ")->find();

$login_user = $this->checkLogin();
Expand Down Expand Up @@ -68,7 +68,7 @@ public function save(){
$is_urlencode = I("is_urlencode/d") ? I("is_urlencode/d") : 0 ; //页面内容是否经过了转义
$page_title = I("page_title") ?I("page_title") : L("default_title");
$page_comments = I("page_comments") ?I("page_comments") :'';
$page_content = I("page_content");
$page_content = I("post.page_content");
$cat_id = I("cat_id/d")? I("cat_id/d") : 0;
$item_id = I("item_id/d")? I("item_id/d") : 0;
$s_number = I("s_number/d")? I("s_number/d") : '';
Expand Down
12 changes: 6 additions & 6 deletions server/Application/Api/Controller/TeamController.class.php
Expand Up @@ -10,8 +10,8 @@ class TeamController extends BaseController {
public function save(){
$login_user = $this->checkLogin();

$team_name = I("team_name");
$id = I("id/d");
$team_name = I("post.team_name");
$id = I("post.id/d");

if ($id) {

Expand Down Expand Up @@ -60,7 +60,7 @@ public function getList(){

//删除
public function delete(){
$id = I("id/d")? I("id/d") : 0;
$id = I("post.id/d")? I("post.id/d") : 0;
$login_user = $this->checkLogin();
if ($id && $login_user['uid']) {
$ret = D("Team")->where(" id = '$id' and uid = '$login_user[uid]'")->delete();
Expand All @@ -81,9 +81,9 @@ public function delete(){
public function attorn(){
$login_user = $this->checkLogin();

$username = I("username");
$team_id = I("team_id/d");
$password = I("password");
$username = I("post.username");
$team_id = I("post.team_id/d");
$password = I("post.password");

$team = D("Team")->where("id = '$team_id' and uid = '$login_user[uid]' ")->find();

Expand Down
Expand Up @@ -11,8 +11,8 @@ public function save(){
$login_user = $this->checkLogin();
$uid = $login_user['uid'] ;

$item_id = I("item_id");
$team_id = I("team_id/d");
$item_id = I("post.item_id");
$team_id = I("post.team_id/d");
$item_id = \SQLite3::escapeString($item_id) ;
$teamInfo = D("Team")->where(" id = '$team_id' and uid = '$login_user[uid]' ")->find();
if (!$teamInfo) {
Expand Down Expand Up @@ -125,7 +125,7 @@ public function delete(){
$login_user = $this->checkLogin();
$uid = $login_user['uid'] ;

$id = I("id/d")? I("id/d") : 0;
$id = I("post.id/d")? I("post.id/d") : 0;
$teamItemInfo = D("TeamItem")->where(" id = '$id' ")->find();
$item_id = $teamItemInfo['item_id'] ;
$team_id = $teamItemInfo['team_id'] ;
Expand Down
Expand Up @@ -12,9 +12,9 @@ public function save(){
$login_user = $this->checkLogin();
$uid = $login_user['uid'] ;

$id = I("id/d");
$member_group_id = I("member_group_id/d");
$cat_id = I("cat_id/d");
$id = I("post.id/d");
$member_group_id = I("post.member_group_id/d");
$cat_id = I("post.cat_id/d");

$teamItemMemberInfo = D("TeamItemMember")->where(" id = '$id' ")->find();
$item_id = $teamItemMemberInfo['item_id'] ;
Expand Down
Expand Up @@ -10,8 +10,8 @@ class TeamMemberController extends BaseController {
public function save(){
$login_user = $this->checkLogin();

$member_username = I("member_username");
$team_id = I("team_id/d");
$member_username = I("post.member_username");
$team_id = I("post.team_id/d");

$teamInfo = D("Team")->where(" id = '$team_id' and uid = '$login_user[uid]' ")->find();
if (!$teamInfo) {
Expand Down
16 changes: 10 additions & 6 deletions server/Application/Api/Controller/UserController.class.php
Expand Up @@ -333,18 +333,22 @@ public function resetPassword(){
//退出登录
public function logout(){
$login_user = $this->checkLogin();
D("UserToken")->where(" uid = '$login_user[uid]' ")->save(array("token_expire"=>0));
session("login_user" , NULL);
cookie('cookie_token',NULL);
session(null);
$this->sendResult(array());
$confirm = I('post.confirm');
if($confirm){
D("UserToken")->where(" uid = '$login_user[uid]' ")->save(array("token_expire"=>0));
session("login_user" , NULL);
cookie('cookie_token',NULL);
session(null);
$this->sendResult(array());
}

}


public function updateInfo(){
$user = $this->checkLogin();
$uid = $user['uid'];
$name = I("name");
$name = I("post.name");

D("User")->where(" uid = '$uid' ")->save(array("name"=>$name));
$this->sendResult(array());
Expand Down
2 changes: 1 addition & 1 deletion web/index.html
Expand Up @@ -15,4 +15,4 @@
'server': window.location.protocol + '//' + window.location.host + window.location.pathname + '../server/index.php?s=',
// "lang" :'en'
'lang': 'zh-cn'
}</script><link href=./static/css/app.402e67a79481a3fbc621aea296015921.css rel=stylesheet></head><body class=grey-bg><div id=app></div><div style=display:none>本网站基于开源版showdoc搭建,仅供私人使用。如需访问showdoc官网,请在搜索引擎里搜索showdoc字样或者直接访问showdoc.com.cn</div><script type=text/javascript src=./static/js/manifest.3ad1d5771e9b13dbdad2.js></script><script type=text/javascript src=./static/js/vendor.1eb6213d11eb61d1bd46.js></script><script type=text/javascript src=./static/js/app.39a1324593e0733a770b.js></script></body></html>
}</script><link href=./static/css/app.b4b01daab1ab697980a5ba4e7c834c12.css rel=stylesheet></head><body class=grey-bg><div id=app></div><div style=display:none>本网站基于开源版showdoc搭建,仅供私人使用。如需访问showdoc官网,请在搜索引擎里搜索showdoc字样或者直接访问showdoc.com.cn</div><script type=text/javascript src=./static/js/manifest.3ad1d5771e9b13dbdad2.js></script><script type=text/javascript src=./static/js/vendor.1eb6213d11eb61d1bd46.js></script><script type=text/javascript src=./static/js/app.0f3e0258ed00cc7e74b9.js></script></body></html>

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions web/static/js/app.0f3e0258ed00cc7e74b9.js

Large diffs are not rendered by default.

1 change: 0 additions & 1 deletion web/static/js/app.39a1324593e0733a770b.js

This file was deleted.

4 changes: 2 additions & 2 deletions web_src/src/components/item/Index.vue
Expand Up @@ -510,8 +510,8 @@ export default {
localStorage.clear()
var params = new URLSearchParams()
that.axios.get(url, params).then(function(response) {
params.append('confirm', '1')
that.axios.post(url, params).then(function(response) {
if (response.data.error_code === 0) {
that.$router.push({
path: '/'
Expand Down

0 comments on commit 3ff0c85

Please sign in to comment.