diff --git a/controller/admin.php b/controller/admin.php
index ed60299..b30ced8 100755
--- a/controller/admin.php
+++ b/controller/admin.php
@@ -139,7 +139,7 @@ function check_auth($user,$password){
//获取cookie
$cookie = $_COOKIE['key'];
//如果cookie的值和计算的key不一致,则没有权限
- if( $cookie != $key ){
+ if( $cookie !== $key ){
$msg = "
";
require('templates/admin/403.php');
exit;
diff --git a/controller/login.php b/controller/login.php
index 58a9caf..f7a7fde 100755
--- a/controller/login.php
+++ b/controller/login.php
@@ -11,7 +11,7 @@ $key = md5($username.$password.'onenav');
$cookie = $_COOKIE['key'];
//如果已经登录,直接跳转
-if( $cookie == $key ){
+if( $cookie === $key ){
header('location:index.php?c=admin');
exit;
}
@@ -21,7 +21,7 @@ if( $_GET['check'] == 'login' ) {
$user = $_POST['user'];
$pass = $_POST['password'];
header('Content-Type:application/json; charset=utf-8');
- if( ($user == $username) && ($pass == $password) ) {
+ if( ($user === $username) && ($pass === $password) ) {
$key = md5($username.$password.'onenav');
setcookie("key", $key, time()+30 * 24 * 60 * 60,"/");
$data = [
diff --git a/data/update.log b/data/update.log
index 90e8db5..7cf5307 100755
--- a/data/update.log
+++ b/data/update.log
@@ -28,4 +28,10 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
1. 简化安装过程,无需再手动修改配置安装
2. 新增默认密码安全检测
3. 默认模板增加手机登录按钮
-4. 修复一处XSS漏洞
\ No newline at end of file
+4. 修复一处XSS漏洞
+
+20220216
+1. 修复一处登录漏洞
+
+20220221
+1. 修复默认主题字体图标不显示
\ No newline at end of file
diff --git a/functions/helper.php b/functions/helper.php
index e2ba803..8f571e3 100755
--- a/functions/helper.php
+++ b/functions/helper.php
@@ -28,7 +28,7 @@ function is_login(){
//获取session
$session = $_COOKIE['key'];
//如果已经成功登录
- if($session == $key) {
+ if($session === $key) {
return true;
}
else{
diff --git a/templates/default/index.php b/templates/default/index.php
index 00f4ebc..8902f5a 100755
--- a/templates/default/index.php
+++ b/templates/default/index.php
@@ -90,7 +90,7 @@
?>
-
+
@@ -146,7 +146,7 @@
}
?>
-
+
diff --git a/version.txt b/version.txt
index 5f1a3e1..388361e 100755
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-v0.9.13-20220214
\ No newline at end of file
+v0.9.14-20220221
\ No newline at end of file