v2.8.1

icret · Apr 12, 2023 · 55a7c2e · 55a7c2e
1 parent 9a3780a
commit 55a7c2e
Show file tree

Hide file tree

Showing 11 changed files with 51 additions and 8 deletions.
diff --git a/admin/chart.php b/admin/chart.php
@@ -6,7 +6,7 @@
 require_once APP_ROOT . '/app/chart.php';
 
 // 检测登录和是否开启统计
-if (!$config['chart_on'] && !is_who_login('admin')) exit(header('Location: ' . $config['domain'] . '?hart#closed'));
+if (!$config['chart_on'] || !is_who_login('admin')) exit(header('Location: ' . $config['domain'] . '?hart#closed'));
 
 // 删除统计文件
 if (isset($_POST['del_total'])) {

diff --git a/admin/zui.chart.php b/admin/zui.chart.php
@@ -6,7 +6,7 @@
 require_once APP_ROOT . '/app/chart.php';
 
 // 检测是否开启统计
-if (!$config['chart_on']) exit(header('Location: ' . $config['domain'] . '?chart#closed'));
+if (!$config['chart_on'] || !is_who_login('admin')) exit(header('Location: ' . $config['domain'] . '?hart#closed'));
 
 // 检测登录
 if (!is_who_login('admin')) {

diff --git a/app/check.php b/app/check.php
@@ -1,4 +1,8 @@
 <?php
+
+/** 禁止直接访问 */
+defined('APP_ROOT') ?: exit;
+
 // 跳转安装
 if (!is_file(APP_ROOT . '/config/install.lock') and is_file(APP_ROOT . '/install/install.php')) {
     exit('<script type="text/javascript">window.location.href="' . get_whole_url('/') . '/install/index.php"</script>');

diff --git a/app/check_admin.inc.php b/app/check_admin.inc.php
@@ -1,4 +1,8 @@
 <?php
+
+/** 禁止直接访问 */
+defined('APP_ROOT') ?: exit;
+
 /*
 // 检查当前PHP版本是否大于7.0
 if (PHP_VERSION < 7) {

diff --git a/app/footer.php b/app/footer.php
@@ -2,6 +2,7 @@
 
 /** 禁止直接访问 */
 defined('APP_ROOT') ?: exit;
+
 /** 弹窗公告 */
 if ($config['notice_status'] > 0) : ?>
   <div class="modal fade" id="notice">

diff --git a/app/function.php b/app/function.php
@@ -32,7 +32,7 @@
 // 判断当前的系统类型是否为windows
 define('IS_WIN', strstr(PHP_OS, 'WIN') ? 1 : 0);
 // 定义当前版本
-define('APP_VERSION', '2.8.0');
+define('APP_VERSION', '2.8.1');
 
 /*---------------基础配置结束-------------------*/
 

diff --git a/app/total_files.php b/app/total_files.php
@@ -1,5 +1,8 @@
 <?php
 
+/** 禁止直接访问 */
+defined('APP_ROOT') ?: exit;
+
 /**
  * 统计文件
  *

diff --git a/app/upload.php b/app/upload.php
@@ -27,11 +27,12 @@
     ));
 }
 
-// sign
-if (empty($_POST['sign']) || $_POST['sign'] !== date('YmdH')) {
+// sign : 前端生成的时间戳 time() - $_POST['sign'] = 从选择文件到上传完毕的耗费时间
+if (empty($_POST['sign']) || time() - $_POST['sign'] > 12306) {
     exit(json_encode(array(
         "result"  => "failed",
-        "code"    => 403,
+		"code"    => 403,
+        "systime" => time(),
         "message" => "上传签名错误,请刷新重试",
     )));
 }

diff --git a/docs/update.md b/docs/update.md
@@ -1,3 +1,9 @@
+* 2023-04-12 v2.8.1
+- 修改上传签名生成方式
+- 修复一处绕过代码
+- 修复部分会曝露网站路径的代码
+- 增加检测cookie|Local storage
+
 * 2023-04-05 v2.8.0
 - 修复定时删除最小值不能为0
 - 修复上传完毕后多次点击复制失效

diff --git a/index.php b/index.php
@@ -130,7 +130,7 @@
     flash_swf_url: '<?php static_cdn(); ?>/public/static/zui/lib/uploader/Moxie.xap',
     // sign
     multipart_params: {
-      'sign': new Date().format("YYYYMMddhh"),
+      'sign': Date.now() / 1000,
     },
     // 预览图尺寸
     previewImageSize: {

diff --git a/public/static/EasyImage.js b/public/static/EasyImage.js
@@ -229,7 +229,7 @@ $('#btnLinks, #btnBbscode, #btnMarkDown, #btnHtml, #btnThumb, #btnDel').on('clic
 
         var formData = new FormData();
         formData.append('file', file);
-        formData.append('sign', new Date().format("YYYYMMddhh"));
+        formData.append('sign', Date.now());
         var xhr = new XMLHttpRequest();
         xhr.onreadystatechange = function () {
             if (xhr.readyState == 1) {
@@ -299,6 +299,30 @@ $('#btnLinks, #btnBbscode, #btnMarkDown, #btnHtml, #btnThumb, #btnDel').on('clic
     });
 })();
 
+// 检测浏览器是否支持cookie
+if (navigator.cookieEnabled === false) {
+    new $.zui.Messager('浏览器不支持cookie, 无法保存登录信息', {
+        type: 'black',
+        icon: 'bell',
+        time: 4500,
+        placement: 'top'
+    }).show();
+
+    console.log('浏览器不支持cookie');
+}
+
+// 检测浏览器是否支持本地存储
+if ($.zui.store.enable === false) {
+    new $.zui.Messager('浏览器不支持本地存储, 无法保存上传历史记录', {
+        icon: 'bell',
+        time: 4000,
+        type: 'primary',
+        placement: 'top'
+    }).show();
+
+    console.log('浏览器不支持本地存储');
+}
+
 /** 
  * javascript parseUrl函数解析url获取网址url参数 
  * https://www.cnblogs.com/lazb/p/10144471.html