peihaoyu/TaoLer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复内容加密泄露

Browse Source
This commit is contained in:
taoser 2023-07-03 12:56:37 +08:00
parent 74ab2ac512
commit 0c2f0154a8
20 changed files with 71 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/404.html
View File

@ -6,7 +6,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="keywords" content="fly,layui,前端社区">
<meta name="description" content="Fly社区是模块化前端UI框架Layui的官网社区致力于为web开发提供强劲动力">
<link rel="stylesheet" href="/static/layui/css/layui.css">
<link rel="stylesheet" href="/layui-1/css/layui.css">
<link rel="stylesheet" href="/static/res/css/global.css" charset="utf-8">
</head>
<body>
@ -22,8 +22,8 @@
</div>
<include file="./footer" />
<script src="/static/layui/jquery.min.js" charset="utf-8"></script>
<script src="/static/layui/layui.js" charset="utf-8"></script>
<script src="/layui-1/jquery.min.js" charset="utf-8"></script>
<script src="/layui-1/layui.js" charset="utf-8"></script>
<script>
layui.cache.user = {

6
app/admin/controller/addon/Addons.php
View File

@ -337,13 +337,15 @@ class Addons extends AdminController
* @return string|Json
* @throws \Exception
*/
public function config($name)
public function config()
{
$name = input('name');
$config = get_addons_config($name);
// halt($config);
if(empty($config)) return json(['code'=>-1,'msg'=>'无配置项!无需操作']);
if(Request::isAjax()){
$params = Request::param('params/a',[],'trim');
// halt($params);
if ($params) {
foreach ($config as $k => &$v) {
if (isset($params[$k])) {
@ -369,7 +371,7 @@ class Addons extends AdminController
}
return json(['code'=>0,'msg'=>'配置成功!']);
}
//halt($config);
//模板引擎初始化
$view = ['formData'=>$config,'title'=>'title'];
View::assign($view);

18
app/common/model/Article.php
View File

@ -111,7 +111,7 @@ class Article extends Model
{
return Cache::remember('topArticle', function() use($num){
return $this::field('id,title,title_color,cate_id,user_id,content,create_time,is_top,pv,upzip,has_img,has_video,has_audio')
return $this::field('id,title,title_color,cate_id,user_id,content,create_time,is_top,pv,upzip,has_img,has_video,has_audio,read_type,art_pass')
->where([['is_top', '=', 1], ['status', '=', 1]])
->with([
'cate' => function ($query) {
@ -140,7 +140,7 @@ class Article extends Model
public function getArtList(int $num)
{
return Cache::remember('indexArticle', function() use($num){
return $this::field('id,title,title_color,cate_id,user_id,content,create_time,is_hot,pv,jie,upzip,has_img,has_video,has_audio,read_type')
return $this::field('id,title,title_color,cate_id,user_id,content,create_time,is_hot,pv,jie,upzip,has_img,has_video,has_audio,read_type,art_pass')
->with([
'cate' => function($query){
$query->where('delete_time',0)->field('id,catename,ename,detpl');
@ -247,7 +247,7 @@ class Article extends Model
$where[] = ['status', '=', 1];
return Cache::remember('cate_list_'.$ename.$type.$page, function() use($where,$page){
return $this::field('id,cate_id,user_id,title,content,title_color,create_time,is_top,is_hot,pv,jie,upzip,has_img,has_video,has_audio,read_type')
return $this::field('id,cate_id,user_id,title,content,title_color,create_time,is_top,is_hot,pv,jie,upzip,has_img,has_video,has_audio,read_type,art_pass')
->with([
'cate' => function($query) {
$query->field('id,catename,ename');
@ -383,7 +383,7 @@ class Article extends Model
// 获取所有帖子内容
public function getList(array $where, int $limit, int $page)
{
return $this::field('id,user_id,cate_id,title,content,is_top,is_hot,is_reply,status,update_time')
return $this::field('id,user_id,cate_id,title,content,is_top,is_hot,is_reply,status,update_time,read_type,art_pass')
->with([
'user' => function($query){
$query->field('id,name,user_img');
@ -411,5 +411,15 @@ class Article extends Model
return (string) url('article_detail',['id' => $data['id']]);
}
// 内容是否加密
public function getContentAttr($value, $data)
{
//解密
if($data['read_type'] == 1 && (session('art_pass_'.$data['id']) !== $data['art_pass'])) {
return '内容已加密!请输入正确密码查看!';
}
return $value;
}
}

5
app/index/controller/Article.php
View File

@ -79,11 +79,6 @@ class Article extends BaseController
if(is_null($artDetail)){
throw new \think\exception\HttpException(404, '无内容');
}
//加密
if($artDetail->read_type == 1 && session('art_pass_'.$id) != $artDetail->art_pass) {
$artDetail->content = '本文已加密!请输入正确密码查看!';
}
//被赞
$zanCount = Db::name('user_zan')->where('user_id', $artDetail['user_id'])->count('id');

12
app/index/controller/User.php
View File

@ -133,7 +133,7 @@ class User extends BaseController
$validate = new userValidate;
$result = $validate->scene('Set')->check($data);
if(!$result){
$this->error($validate->getError());
return json(['code'=>-1,'msg' =>$validate->getError()]);
} else {
//防止重复的email
$resEmail = Db::name('user')->where('email',$data['email'])->where('id','<>',$this->uid)->find();
@ -151,7 +151,7 @@ class User extends BaseController
Cache::tag('user')->clear();
return json(['code'=>0,'msg'=>'资料更新成功']);
} else {
$this->error($result);
return json(['code'=>-1,'msg' =>$result]);
}
}
}
@ -275,7 +275,8 @@ class User extends BaseController
$validate = new userValidate;
$res = $validate->scene('setPass')->check($data);
if(!$res){
return $this->error($validate->getError());
return json(['code'=>-1,'msg' =>$validate->getError()]);
}
$user = new userModel;
$result = $user->setpass($data);
@ -284,7 +285,7 @@ class User extends BaseController
Cookie::delete('auth');
return $this->success('密码修改成功 请登录', (string) url('login/index'));
} else {
return $this->error($result);
return json(['code'=>-1,'msg' =>$result]);
}
}
}
@ -298,9 +299,8 @@ class User extends BaseController
//Cookie::delete('user_id');
if(Session::has('user_id')){
return json(['code' => -1, 'msg' => '退出失败']);
} else {
return json(['code' => 200, 'msg' => '退出成功', 'url' => '/']);
}
return json(['code' => 200, 'msg' => '退出成功', 'url' => '/']);
}
}

5
app/install/data/taoler.sql
View File

@ -266,6 +266,11 @@ INSERT INTO `tao_auth_rule` VALUES (120, 'content.cate/edit', '编辑分类', 1,
INSERT INTO `tao_auth_rule` VALUES (121, 'content.cate/delete', '删除分类', 1, 1, 117, 2, '', 2, 50, '', 0, 0, 0);
INSERT INTO `tao_auth_rule` VALUES (122, 'content.cate/hot', '热点分类', 1, 1, 117, 2, '', 2, 50, '', 0, 0, 0);
INSERT INTO `tao_auth_rule` VALUES (123, 'content.cate/getAppNameView', '分类应用模板', 1, 1, 117, 2, '', 2, 50, '', 0, 0, 0);
INSERT INTO `tao_auth_rule` VALUES (124, 'content.tag/index', '标签管理', 1, 1, 4, 1, '', 1, 50, '', 0, 0, 0);
INSERT INTO `tao_auth_rule` VALUES (125, 'content.tag/list', '标签列表', 1, 1, 124, 2, '', 2, 50, '', 0, 0, 0);
INSERT INTO `tao_auth_rule` VALUES (126, 'content.tag/add', '添加标签', 1, 1, 124, 2, '', 2, 50, '', 0, 0, 0);
INSERT INTO `tao_auth_rule` VALUES (127, 'content.tag/edit', '编辑标签', 1, 1, 124, 2, '', 2, 50, '', 0, 0, 0);
INSERT INTO `tao_auth_rule` VALUES (128, 'content.tag/delete', '删除标签', 1, 1, 124, 2, '', 2, 50, '', 0, 0, 0);
-- ----------------------------
-- Table structure for tao_cate

14
composer.lock generated
View File

@ -2910,21 +2910,21 @@
},
{
"name": "workerman/phpsocket.io",
"version": "v1.1.17",
"version": "v1.1.18",
"source": {
"type": "git",
"url": "https://github.com/walkor/phpsocket.io.git",
"reference": "fb51151fd86414548e7cd9321c066c7b60983f8c"
"reference": "b89b3f2ed44f6f79fd9895e2d198b52b3fb4783b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/walkor/phpsocket.io/zipball/fb51151fd86414548e7cd9321c066c7b60983f8c",
"reference": "fb51151fd86414548e7cd9321c066c7b60983f8c",
"url": "https://api.github.com/repos/walkor/phpsocket.io/zipball/b89b3f2ed44f6f79fd9895e2d198b52b3fb4783b",
"reference": "b89b3f2ed44f6f79fd9895e2d198b52b3fb4783b",
"shasum": ""
},
"require": {
"workerman/channel": ">=1.0.0",
"workerman/workerman": ">=4.0.0"
"workerman/workerman": "^4.0.0"
},
"type": "library",
"autoload": {
@ -2942,7 +2942,7 @@
],
"support": {
"issues": "https://github.com/walkor/phpsocket.io/issues",
"source": "https://github.com/walkor/phpsocket.io/tree/v1.1.17"
"source": "https://github.com/walkor/phpsocket.io/tree/v1.1.18"
},
"funding": [
{
@ -2954,7 +2954,7 @@
"type": "patreon"
}
],
"time": "2023-06-08T06:07:20+00:00"
"time": "2023-06-16T01:41:34+00:00"
},
{
"name": "workerman/workerman",

2
config/taoler.php
View File

@ -16,7 +16,7 @@ return [
// 应用名,此项不可更改
'appname' => 'TaoLer',
// 版本配置
'version' => '2.3.8',
'version' => '2.3.9',
// 加盐
'salt' => 'taoler',
// 数据库备份目录

2
public/static/component/layui/css/layui.css
View File

File diff suppressed because one or more lines are too long

2
public/static/component/layui/layui.js
View File

File diff suppressed because one or more lines are too long

16
vendor/composer/installed.json vendored
View File

@ -3275,24 +3275,24 @@
},
{
"name": "workerman/phpsocket.io",
"version": "v1.1.17",
"version_normalized": "1.1.17.0",
"version": "v1.1.18",
"version_normalized": "1.1.18.0",
"source": {
"type": "git",
"url": "https://github.com/walkor/phpsocket.io.git",
"reference": "fb51151fd86414548e7cd9321c066c7b60983f8c"
"reference": "b89b3f2ed44f6f79fd9895e2d198b52b3fb4783b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/walkor/phpsocket.io/zipball/fb51151fd86414548e7cd9321c066c7b60983f8c",
"reference": "fb51151fd86414548e7cd9321c066c7b60983f8c",
"url": "https://api.github.com/repos/walkor/phpsocket.io/zipball/b89b3f2ed44f6f79fd9895e2d198b52b3fb4783b",
"reference": "b89b3f2ed44f6f79fd9895e2d198b52b3fb4783b",
"shasum": ""
},
"require": {
"workerman/channel": ">=1.0.0",
"workerman/workerman": ">=4.0.0"
"workerman/workerman": "^4.0.0"
},
"time": "2023-06-08T06:07:20+00:00",
"time": "2023-06-16T01:41:34+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
@ -3310,7 +3310,7 @@
],
"support": {
"issues": "https://github.com/walkor/phpsocket.io/issues",
"source": "https://github.com/walkor/phpsocket.io/tree/v1.1.17"
"source": "https://github.com/walkor/phpsocket.io/tree/v1.1.18"
},
"funding": [
{

10
vendor/composer/installed.php vendored
View File

@ -3,7 +3,7 @@
'name' => 'taoser/taoler',
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'reference' => 'f6d525db0665b6aa400834582aba220223d8244b',
'reference' => '4be45082e6e9bbe7fa38b4fca5566a08fe1a24a6',
'type' => 'project',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
@ -349,7 +349,7 @@
'taoser/taoler' => array(
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'reference' => 'f6d525db0665b6aa400834582aba220223d8244b',
'reference' => '4be45082e6e9bbe7fa38b4fca5566a08fe1a24a6',
'type' => 'project',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
@ -500,9 +500,9 @@
'dev_requirement' => false,
),
'workerman/phpsocket.io' => array(
'pretty_version' => 'v1.1.17',
'version' => '1.1.17.0',
'reference' => 'fb51151fd86414548e7cd9321c066c7b60983f8c',
'pretty_version' => 'v1.1.18',
'version' => '1.1.18.0',
'reference' => 'b89b3f2ed44f6f79fd9895e2d198b52b3fb4783b',
'type' => 'library',
'install_path' => __DIR__ . '/../workerman/phpsocket.io',
'aliases' => array(),

2
vendor/services.php vendored
View File

@ -1,5 +1,5 @@
<?php
// This file is automatically generated at:2023-06-12 14:28:07
// This file is automatically generated at:2023-06-29 09:57:38
declare (strict_types = 1);
return array (
0 => 'taoser\\addons\\Service',

2
vendor/workerman/phpsocket.io/composer.json vendored
View File

@ -5,7 +5,7 @@
"homepage": "http://www.workerman.net",
"license" : "MIT",
"require": {
"workerman/workerman" : ">=4.0.0",
"workerman/workerman" : "^4.0.0",
"workerman/channel" : ">=1.0.0"
},
"autoload": {

6
vendor/workerman/phpsocket.io/src/Engine/Protocols/WebSocket/RFC6455.php vendored
View File

@ -44,7 +44,7 @@ class RFC6455 implements \Workerman\Protocols\ProtocolInterface
* 检查包的完整性
* @param string $buffer
*/
public static function input(string $buffer, ConnectionInterface $connection): bool|int
public static function input($buffer, ConnectionInterface $connection)
{
// 数据长度
$recv_len = strlen($buffer);
@ -173,7 +173,7 @@ class RFC6455 implements \Workerman\Protocols\ProtocolInterface
* @param string $buffer
* @return string
*/
public static function encode(mixed $buffer, ConnectionInterface $connection): string
public static function encode($buffer, ConnectionInterface $connection)
{
$len = strlen($buffer);
if (empty($connection->websocketHandshake)) {
@ -210,7 +210,7 @@ class RFC6455 implements \Workerman\Protocols\ProtocolInterface
* @param string $buffer
* @return string
*/
public static function decode(string $buffer, ConnectionInterface $connection): mixed
public static function decode($buffer, ConnectionInterface $connection)
{
$len = $masks = $data = $decoded = null;
$len = ord($buffer[1]) & 127;

2
view/taoler/index/comment/edit.html
View File

@ -23,7 +23,7 @@
</div>
</form>
<script src="/static/jquery-3.6.0.min.js"></script>
<script src="/static/layui/layui.js"></script>
<script src="/layui-1/layui.js"></script>
{:hook('taonyeditor')}

4
view/taoler/index/login/login.html
View File

@ -94,5 +94,9 @@
return false;
});
});
// 更新验证码
layui.jquery('#captcha').on('click',function(){
layui.jquery('#captcha').attr('src', '{:captcha_src()}?'+Math.random());
})
</script>
{/block}

6
view/taoler/index/public/base.html
View File

@ -28,14 +28,14 @@
<meta property="og:site_name" content="{$sysInfo.webname}" />
{block name="ogimage"} {/block}
{block name="meta"}{/block}
<script src="/static/jquery-3.6.0.min.js"></script>
<script src="{$Request.domain}/static/layui/layui.js" charset="utf-8"></script>
<script src="{$Request.domain}/static/component/layui/layui.js" charset="utf-8"></script>
<script src="/static/res/mods/toast.js"></script>
<script src="/static/notify.js"></script>
<!-- 样式 -->
<link rel="canonical" href="{$Request.domain}{$Request.url}">
<link rel="stylesheet" href="{$Request.domain}/static/res/css/font_24081_qs69ykjbea.css" />
<link rel="stylesheet" href="{$Request.domain}/static/layui/css/layui.css">
<link rel="stylesheet" href="{$Request.domain}/static/component/layui/css/layui.css">
<link rel="stylesheet" href="{$Request.domain}/static/res/css/global.css">
<link rel="stylesheet" href="/static/component/pear/css/module/toast.css">
{block name="link"}{/block}

7
view/taoler/index/public/menu.html
View File

@ -70,12 +70,5 @@
</ul>
</div>
<!--
<div class="site-tree-mobile layui-hide">
<i class="layui-icon layui-icon-spread-left"></i>
</div>
<div class="site-mobile-shade"></div>
-->

6
view/taoler/index/public/user.html
View File

@ -16,17 +16,17 @@
<meta name="keywords" content="TaoLer社区">
<meta name="description" content="TaoLer社区是模块化前端UI框架社区致力于为web开发提供强劲动力">
<link rel="stylesheet" href="{$Request.domain}/static/res/css/font_24081_qs69ykjbea.css" />
<link rel="stylesheet" href="{$Request.domain}/static/layui/css/layui.css">
<link rel="stylesheet" href="{$Request.domain}/static/component/layui/css/layui.css">
<link rel="stylesheet" href="{$Request.domain}/static/res/css/global.css">
{block name="css"}{/block}
<script src="{$Request.domain}/static/layui/layui.js" charset="utf-8"></script>
<script src="/static/component/layui/layui.js" charset="utf-8"></script>
<script src="/static/notify.js"></script>
</head>
<body>
{include file="public/header" /}
<div class="layui-container fly-marginTop fly-user-main">
{include file="public/user-nav" /}
<div class="fly-panel fly-panel-user" pad20 style="padding-top:20px;">
<div class="fly-panel " pad20 style="padding-top:10px;">
{block name="content"}
{/block}
</div>