!35 fix github bug #736 #737

* fix github (#736) * fix github (#737) * 升级第三方包 * 优化后台验证码逻辑 * !34 update vendor/thinkcmf/cmf-app/src/admin/model/SlideItemModel.php. * fix #I5MRC5 * phpquery * Merge branch '6.0' of https://gitee.com/thinkcmf/ThinkCMF into 6.0 * 新增加`cmf_together`函数 * 本站用户页面操作启用，优化提示 * 管理员添加时间优化 * 修复语言包 * Merge branch '6.0' of https://gitee.com/thinkcmf/ThinkCMF into 6.0 * 修复幻灯片页面语言包缺失 * 修复github issues #722 * 6.0.8开工
thinkcmf · Sep 17, 2022 · b616361 · b616361
1 parent d525e6a
commit b616361
Show file tree

Hide file tree

Showing 122 changed files with 426 additions and 303 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,7 @@
-ThinkCMF 6.0.7 让你更自由地飞
+ThinkCMF 6.0.8 开发版
 ===============
-欢迎入坑，有问题请及时提交issue!
+**`6.0.8`正在紧张开发中，请不要用于正式环境！实际项目请下载最新正式版`6.0.7`**
+
 
 ### 主要特性
 * 框架协议依旧为`MIT`,让你更自由地飞
@@ -120,6 +121,9 @@ https://gitee.com/thinkcmf/docker
 5. `composer update`
 
 ### 更新日志
+#### 6.0.8 coding~
+* ...
+
 #### 6.0.7
 * 升级到`tp6.0.13`
 * 增加安装时检查API配置

diff --git a/composer.lock b/composer.lock
diff --git a/public/themes/admin_simpleboot3/admin/user/add.html b/public/themes/admin_simpleboot3/admin/user/add.html
@@ -37,6 +37,7 @@
 			</div>
 			<div class="form-group">
 				<div class="col-sm-offset-2 col-sm-10">
+					<input type="hidden" name="__token__" value="{:token()}" />
 					<button type="submit" class="btn btn-primary js-ajax-submit">{:lang('ADD')}</button>
 				</div>
 			</div>

diff --git a/public/themes/admin_simpleboot3/admin/user/edit.html b/public/themes/admin_simpleboot3/admin/user/edit.html
@@ -40,6 +40,7 @@
 			<div class="form-group">
 				<div class="col-sm-offset-2 col-sm-10">
 					<input type="hidden" name="id" value="{$id}" />
+					<input type="hidden" name="__token__" value="{:token()}" />
 					<button type="submit" class="btn btn-primary js-ajax-submit">{:lang('SAVE')}</button>
 					<a class="btn btn-default" href="javascript:history.back(-1);">{:lang('BACK')}</a>
 				</div>

diff --git a/vendor/chamilo/pclzip/pclzip.lib.php b/vendor/chamilo/pclzip/pclzip.lib.php
@@ -1,6 +1,6 @@
 <?php
 // --------------------------------------------------------------------------------
-// PhpConcept Library - Zip Module 2.8.2
+// PhpConcept Library - Zip Module 2.8.4
 // --------------------------------------------------------------------------------
 // License GNU/LGPL - Vincent Blavet - August 2009
 // http://www.phpconcept.net
@@ -3513,6 +3513,12 @@ public function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_al
             }
         }
 
+        // Patch for Zip Traversal vulnerability
+        if (strpos($p_entry['stored_filename'], '../') !== false || strpos($p_entry['stored_filename'], '..\\') !== false) {
+            $p_entry['stored_filename'] = basename($p_entry['stored_filename']);
+            $p_entry['filename'] = basename($p_entry['stored_filename']);
+        }
+
         // ----- Add the path
         if ($p_path != '') {
             $p_entry['filename'] = $p_path . "/" . $p_entry['filename'];

diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php
@@ -6,27 +6,27 @@
 $baseDir = dirname($vendorDir);
 
 return array(
-    'Callback' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php',
-    'CallbackBody' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php',
-    'CallbackParam' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php',
-    'CallbackParameterToReference' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php',
-    'CallbackReturnReference' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php',
-    'CallbackReturnValue' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php',
+    'Callback' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php',
+    'CallbackBody' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php',
+    'CallbackParam' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php',
+    'CallbackParameterToReference' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php',
+    'CallbackReturnReference' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php',
+    'CallbackReturnValue' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php',
     'Composer\\InstalledVersions' => $vendorDir . '/composer/InstalledVersions.php',
-    'DOMDocumentWrapper' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/DOMDocumentWrapper.php',
-    'DOMEvent' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/DOMEvent.php',
-    'ICallbackNamed' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php',
+    'DOMDocumentWrapper' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/DOMDocumentWrapper.php',
+    'DOMEvent' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/DOMEvent.php',
+    'ICallbackNamed' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php',
     'PclZip' => $vendorDir . '/chamilo/pclzip/pclzip.lib.php',
-    'phpQuery' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery.php',
-    'phpQueryEvents' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/phpQueryEvents.php',
-    'phpQueryObject' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/phpQueryObject.php',
-    'phpQueryObjectPlugin_Scripts' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/Scripts.php',
-    'phpQueryObjectPlugin_WebBrowser' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/WebBrowser.php',
-    'phpQueryObjectPlugin_example' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/example.php',
-    'phpQueryPlugin_Scripts' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/Scripts.php',
-    'phpQueryPlugin_WebBrowser' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/WebBrowser.php',
-    'phpQueryPlugin_example' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/example.php',
-    'phpQueryPlugins' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery.php',
+    'phpQuery' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery.php',
+    'phpQueryEvents' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/phpQueryEvents.php',
+    'phpQueryObject' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/phpQueryObject.php',
+    'phpQueryObjectPlugin_Scripts' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/Scripts.php',
+    'phpQueryObjectPlugin_WebBrowser' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/WebBrowser.php',
+    'phpQueryObjectPlugin_example' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/example.php',
+    'phpQueryPlugin_Scripts' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/Scripts.php',
+    'phpQueryPlugin_WebBrowser' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/WebBrowser.php',
+    'phpQueryPlugin_example' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/example.php',
+    'phpQueryPlugins' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery.php',
     'think\\App' => $vendorDir . '/thinkcmf/cmf/think/App.php',
     'think\\Console' => $vendorDir . '/thinkcmf/cmf/think/Console.php',
     'think\\Http' => $vendorDir . '/thinkcmf/cmf/think/Http.php',

diff --git a/vendor/composer/autoload_psr4.php b/vendor/composer/autoload_psr4.php
@@ -11,15 +11,15 @@
     'think\\trace\\' => array($vendorDir . '/topthink/think-trace/src'),
     'think\\migration\\' => array($vendorDir . '/xia/migration/src'),
     'think\\captcha\\' => array($vendorDir . '/thinkcmf/cmf-captcha/src'),
-    'think\\' => array($vendorDir . '/topthink/framework/src/think', $vendorDir . '/topthink/think-helper/src', $vendorDir . '/topthink/think-orm/src', $vendorDir . '/thinkcmf/cmf/think'),
+    'think\\' => array($vendorDir . '/thinkcmf/cmf/think', $vendorDir . '/topthink/framework/src/think', $vendorDir . '/topthink/think-helper/src', $vendorDir . '/topthink/think-orm/src'),
     'themes\\' => array($baseDir . '/public/themes'),
     'plugins\\' => array($baseDir . '/public/plugins'),
     'mindplay\\annotations\\' => array($vendorDir . '/mindplay/annotations/src/annotations'),
     'dir\\' => array($vendorDir . '/thinkcmf/cmf-extend/src/dir'),
     'cmf\\composer\\' => array($vendorDir . '/thinkcmf/cmf-root/src'),
     'cmf\\' => array($vendorDir . '/thinkcmf/cmf/src'),
     'app\\admin\\' => array($vendorDir . '/thinkcmf/cmf-appstore/src'),
-    'app\\' => array($baseDir . '/app', $vendorDir . '/thinkcmf/cmf-install/src', $vendorDir . '/thinkcmf/cmf-app/src'),
+    'app\\' => array($baseDir . '/app', $vendorDir . '/thinkcmf/cmf-app/src', $vendorDir . '/thinkcmf/cmf-install/src'),
     'api\\' => array($baseDir . '/api', $vendorDir . '/thinkcmf/cmf-api/src'),
     'Psr\\SimpleCache\\' => array($vendorDir . '/psr/simple-cache/src'),
     'Psr\\Log\\' => array($vendorDir . '/psr/log/Psr/Log'),