Browse Source

Merge pull request #43 from helloxz/dev

v0.9.14
pull/90/head 0.9.14
xiaoz 3 years ago committed by GitHub
parent
commit
ae3ca1b78c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      controller/admin.php
  2. 4
      controller/login.php
  3. 8
      data/update.log
  4. 2
      functions/helper.php
  5. 4
      templates/default/index.php
  6. 2
      version.txt

2
controller/admin.php

@ -139,7 +139,7 @@ function check_auth($user,$password){
//获取cookie //获取cookie
$cookie = $_COOKIE['key']; $cookie = $_COOKIE['key'];
//如果cookie的值和计算的key不一致,则没有权限 //如果cookie的值和计算的key不一致,则没有权限
if( $cookie != $key ){ if( $cookie !== $key ){
$msg = "<h3>认证失败,请<a href = 'index.php?c=login'>重新登录</a></h3>"; $msg = "<h3>认证失败,请<a href = 'index.php?c=login'>重新登录</a></h3>";
require('templates/admin/403.php'); require('templates/admin/403.php');
exit; exit;

4
controller/login.php

@ -11,7 +11,7 @@ $key = md5($username.$password.'onenav');
$cookie = $_COOKIE['key']; $cookie = $_COOKIE['key'];
//如果已经登录,直接跳转 //如果已经登录,直接跳转
if( $cookie == $key ){ if( $cookie === $key ){
header('location:index.php?c=admin'); header('location:index.php?c=admin');
exit; exit;
} }
@ -21,7 +21,7 @@ if( $_GET['check'] == 'login' ) {
$user = $_POST['user']; $user = $_POST['user'];
$pass = $_POST['password']; $pass = $_POST['password'];
header('Content-Type:application/json; charset=utf-8'); header('Content-Type:application/json; charset=utf-8');
if( ($user == $username) && ($pass == $password) ) { if( ($user === $username) && ($pass === $password) ) {
$key = md5($username.$password.'onenav'); $key = md5($username.$password.'onenav');
setcookie("key", $key, time()+30 * 24 * 60 * 60,"/"); setcookie("key", $key, time()+30 * 24 * 60 * 60,"/");
$data = [ $data = [

8
data/update.log

@ -28,4 +28,10 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
1. 简化安装过程,无需再手动修改配置安装 1. 简化安装过程,无需再手动修改配置安装
2. 新增默认密码安全检测 2. 新增默认密码安全检测
3. 默认模板增加手机登录按钮 3. 默认模板增加手机登录按钮
4. 修复一处XSS漏洞 4. 修复一处XSS漏洞
20220216
1. 修复一处登录漏洞
20220221
1. 修复默认主题字体图标不显示

2
functions/helper.php

@ -28,7 +28,7 @@ function is_login(){
//获取session //获取session
$session = $_COOKIE['key']; $session = $_COOKIE['key'];
//如果已经成功登录 //如果已经成功登录
if($session == $key) { if($session === $key) {
return true; return true;
} }
else{ else{

4
templates/default/index.php

@ -90,7 +90,7 @@
?> ?>
<a href="#category-<?php echo $category['id']; ?>"> <a href="#category-<?php echo $category['id']; ?>">
<li class="mdui-list-item mdui-ripple"> <li class="mdui-list-item mdui-ripple">
<div class="mdui-list-item-content category-name"><?php echo $category['name']; ?></div> <div class="mdui-list-item-content category-name"><?php echo htmlspecialchars_decode($category['name']); ?></div>
</li> </li>
</a> </a>
@ -146,7 +146,7 @@
} }
?> ?>
<div id = "category-<?php echo $category['id']; ?>" class = "mdui-col-xs-12 mdui-typo-title cat-title"> <div id = "category-<?php echo $category['id']; ?>" class = "mdui-col-xs-12 mdui-typo-title cat-title">
<?php echo $category['name']; ?> <?php echo $property; ?> <?php echo htmlspecialchars_decode($category['name']); ?> <?php echo $property; ?>
<span class = "mdui-typo-caption"><?php echo $category['description']; ?></span> <span class = "mdui-typo-caption"><?php echo $category['description']; ?></span>
</div> </div>
<!-- 遍历链接 --> <!-- 遍历链接 -->

2
version.txt

@ -1 +1 @@
v0.9.13-20220214 v0.9.14-20220221
Loading…
Cancel
Save