Compare commits

..

6 Commits

Author SHA1 Message Date
xiaoz ebfba6c9e0
Merge pull request #180 from helloxz/dev 10 months ago
xiaoz 91d3fc9772 0.9.34 10 months ago
xiaoz 998c10d727 0.9.34 10 months ago
xiaoz 7c95405e86 0.9.34 10 months ago
xiaoz cfc01ae62a 0.9.34 10 months ago
xiaoz 17644ac77a 0.9.34 10 months ago
  1. 4
      README.md
  2. 14
      class/Api.php
  3. 11
      controller/admin.php
  4. 2
      controller/api.php
  5. 4
      controller/index.php
  6. 10
      controller/init.php
  7. 17
      data/update.log
  8. 23
      functions/helper.php
  9. 2
      static/layui/css/layui.css
  10. BIN
      static/layui/font/iconfont.eot
  11. 810
      static/layui/font/iconfont.svg
  12. BIN
      static/layui/font/iconfont.ttf
  13. BIN
      static/layui/font/iconfont.woff
  14. BIN
      static/layui/font/iconfont.woff2
  15. 2
      static/layui/layui.js
  16. 1
      templates/admin/add_link.php
  17. 43
      templates/admin/index.php
  18. 13
      templates/admin/link_list.php
  19. 4
      templates/admin/setting/subscribe.php
  20. 29
      templates/admin/setting/theme.php
  21. 14
      templates/admin/static/style.css
  22. 2
      templates/default/info.json
  23. 2
      version.txt

4
README.md

@ -53,11 +53,11 @@ OneNav是一款开源免费的书签(导航)管理程序,使用使用PHP +
```bash ```bash
docker run -itd --name="onenav" -p 80:80 \ docker run -itd --name="onenav" -p 80:80 \
-v /data/onenav:/data/wwwroot/default/data \ -v /data/onenav:/data/wwwroot/default/data \
helloz/onenav:0.9.33 helloz/onenav:0.9.34
``` ```
* 第一个`80`是自定义访问端口,可以自行修改,第二个`80`是容器端口,请勿修改 * 第一个`80`是自定义访问端口,可以自行修改,第二个`80`是容器端口,请勿修改
* `/data/onenav`:本机挂载目录,用于持久存储Onenav数据 * `/data/onenav`:本机挂载目录,用于持久存储Onenav数据
* `0.9.33`:改成OneNav最新版本号,可以通过[releases](https://github.com/helloxz/onenav/releases)查看最新版本号 * `0.9.34`:改成OneNav最新版本号,可以通过[releases](https://github.com/helloxz/onenav/releases)查看最新版本号
> 更多说明,请参考帮助文档:https://dwz.ovh/onenav > 更多说明,请参考帮助文档:https://dwz.ovh/onenav

14
class/Api.php

@ -1,7 +1,7 @@
<?php <?php
/** /**
* name:API核心类 * name:API核心类
* update:2020/12 * update:2024/01
* author:xiaoz<xiaoz93@outlook.com> * author:xiaoz<xiaoz93@outlook.com>
* blog:xiaoz.me * blog:xiaoz.me
*/ */
@ -339,6 +339,18 @@ class Api {
//过滤$filename //过滤$filename
$filename = str_replace('../','',$filename); $filename = str_replace('../','',$filename);
$filename = str_replace('./','',$filename); $filename = str_replace('./','',$filename);
// 获取文件名称的后缀
$suffix = explode('.',$filename);
// 如果没有后缀,则不合法,通过数组长度判断后缀
if( count($suffix) < 2 ) {
$this->err_msg(-2000,'文件不合法!');
}
// 获取文件后缀
$suffix = strtolower(end($suffix));
if( ( $suffix != 'html' ) && ( $suffix != 'htm' ) ) {
$this->err_msg(-2000,'文件不合法!');
}
$this->auth($token); $this->auth($token);
//检查文件是否存在 //检查文件是否存在
if ( !file_exists($filename) ) { if ( !file_exists($filename) ) {

11
controller/admin.php

@ -23,6 +23,12 @@ check_auth($site_setting['user'],$site_setting['password']);
$version = new_get_version(); $version = new_get_version();
$page = empty($_GET['page']) ? 'index' : $_GET['page']; $page = empty($_GET['page']) ? 'index' : $_GET['page'];
// 正则判断page,只能允许字符+数字和下划线组合
$pattern = "/^[a-zA-Z0-9_\/]+$/";
if ( !preg_match($pattern,$page) ) {
exit('非法请求!');
}
//如果是后台首页,则判断是否是手机访问,并决定是否跳转到手机版页面 //如果是后台首页,则判断是否是手机访问,并决定是否跳转到手机版页面
if( $page == 'index' ) { if( $page == 'index' ) {
@ -323,6 +329,11 @@ function check_auth($user,$password){
} }
} }
// 判断$page文件是否存在,不存在,则终止执行
$full_page_path = 'templates/admin/'.$page;
if( !file_exists($full_page_path) ) {
exit("file does not exist!");
}
// 载入前台首页模板 // 载入前台首页模板
require('templates/admin/'.$page); require('templates/admin/'.$page);

2
controller/api.php

@ -667,4 +667,4 @@ function global_search() {
function upload_backup(){ function upload_backup(){
global $api; global $api;
$api->general_upload('data/backup/',['db3']); $api->general_upload('data/backup/',['db3']);
} }

4
controller/index.php

@ -9,6 +9,8 @@ $site = unserialize($site);
// 获取链接数量,默认为30 // 获取链接数量,默认为30
$link_num = empty( $site['link_num'] ) ? 30 : intval($site['link_num']); $link_num = empty( $site['link_num'] ) ? 30 : intval($site['link_num']);
//如果已经登录,获取所有分类和链接 //如果已经登录,获取所有分类和链接
// 载入辅助函数 // 载入辅助函数
require('functions/helper.php'); require('functions/helper.php');
@ -77,6 +79,8 @@ if( is_login() ){
} }
//如果没有登录,只获取公有链接 //如果没有登录,只获取公有链接
else{ else{
// 检查分类是否全私有,如果是,则跳转到登录界面
check_all_cat();
//查询分类目录 //查询分类目录
$categorys = []; $categorys = [];
//查询一级分类目录,分类fid为0的都是一级分类 //查询一级分类目录,分类fid为0的都是一级分类

10
controller/init.php

@ -66,6 +66,16 @@ function init($data){
if( empty($data['username']) || empty($data['password']) ) { if( empty($data['username']) || empty($data['password']) ) {
err_msg(-2000,'用户名或密码不能为空!'); err_msg(-2000,'用户名或密码不能为空!');
} }
// 正则验证用户名
$u_patt = '/^[0-9a-z]{3,32}$/';
if( !preg_match($u_patt,$data['username']) ) {
err_msg(-2000,'用户名格式不正确!');
}
// 正则验证密码
$p_patt = '/^[0-9a-zA-Z!@#%^*.()]{6,16}$/';
if( !preg_match($p_patt,$data['password']) ) {
err_msg(-2000,'密码格式不正确!');
}
$config_file = "data/config.php"; $config_file = "data/config.php";
//检查配置文件是否存在,存在则不允许设置 //检查配置文件是否存在,存在则不允许设置
if( file_exists($config_file) ) { if( file_exists($config_file) ) {

17
data/update.log

@ -257,4 +257,19 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
20231207 20231207
1. 新增技术支持按钮 1. 新增技术支持按钮
2. 数据备份页面新增上传备份功能 2. 数据备份页面新增上传备份功能
20240109
1. 修复page参数注入问题
2. init控制器后端过滤username和password
3. imp_link方法只允许删除 .htm 或 .html 文件,避免任意文件删除
20240110
1. 新增辅助函数:check_all_cat() 用于判断分类是否全为私有,全私有则跳转到登录页
2. 升级LayUI版本至 v2.9.3
3. 修复主题有可用更新时,不显示更新提示的BUG
4. 修复baisuTwo主题右键复制无效的问题
5. 默认主题修改为默认隐藏链接描述
20240115
1. PC后台新增:分类数量/链接数量/PHP版本显示

23
functions/helper.php

@ -202,4 +202,27 @@ function getCurrentUrlDomain() {
return $domain; return $domain;
}
/**
* name:检查分类是否全私有,如果是,则跳转到登录界面
*/
function check_all_cat(){
global $db;
// 统计所有分类的数量
$count = $db->count("on_categorys","*");
// 统计私有分类的数量
$count_private = $db->count("on_categorys","*",[
"property" => 1
]);
// 判断数量是否一致,一致则说明全部是私有
if( $count == $count_private ) {
// 判断用户是否登录,未登录则跳转
if( !is_login() ) {
header("Location:/index.php?c=login");
exit;
}
}
} }

2
static/layui/css/layui.css

File diff suppressed because one or more lines are too long

BIN
static/layui/font/iconfont.eot

Binary file not shown.

810
static/layui/font/iconfont.svg

File diff suppressed because one or more lines are too long

Before

Width:  |  Height:  |  Size: 321 KiB

After

Width:  |  Height:  |  Size: 323 KiB

BIN
static/layui/font/iconfont.ttf

Binary file not shown.

BIN
static/layui/font/iconfont.woff

Binary file not shown.

BIN
static/layui/font/iconfont.woff2

Binary file not shown.

2
static/layui/layui.js vendored

File diff suppressed because one or more lines are too long

1
templates/admin/add_link.php

@ -9,6 +9,7 @@
<div class="setting-msg"> <div class="setting-msg">
<p>1. 权重越大,排序越靠前</p> <p>1. 权重越大,排序越靠前</p>
<p>2. 识别功能可以自动获取链接标题和描述信息,但不确保一定成功</p> <p>2. 识别功能可以自动获取链接标题和描述信息,但不确保一定成功</p>
<p>3. 仅 5iux/heimdall/tushan2/webstack 支持自定义图标,其余主题均自动获取链接图标。</p>
</div> </div>
</div> </div>
<!-- 说明提示框END --> <!-- 说明提示框END -->

43
templates/admin/index.php

@ -17,7 +17,7 @@
<span id = "update_msg" style = "display:none;"><a style = "color: #FF5722;" href = "https://github.com/helloxz/onenav/releases" title = "下载最新版OneNav" target = "_blank" id="current_version">有可用更新</a></span> <span id = "update_msg" style = "display:none;"><a style = "color: #FF5722;" href = "https://github.com/helloxz/onenav/releases" title = "下载最新版OneNav" target = "_blank" id="current_version">有可用更新</a></span>
</p> </p>
</div> </div>
</div> </div>
<div class="layui-col-lg3"> <div class="layui-col-lg3">
<div class = "admin-msg"> <div class = "admin-msg">
@ -28,6 +28,33 @@
</div> </div>
</div> </div>
<div class="layui-col-lg3">
<div class = "admin-msg">
<h2>分类数量</h2>
<p class="text">
<a href="/index.php?c=admin&page=category_list"><span id="cat_num"></span></a>
</p>
</div>
</div>
<div class="layui-col-lg3">
<div class = "admin-msg">
<h2>链接数量</h2>
<p class="text">
<a href="/index.php?c=admin&page=link_list"><span id="link_num"></span></a>
</p>
</div>
</div>
<div class="layui-col-lg3">
<div class = "admin-msg">
<h2>PHP版本</h2>
<p class="text">
<span id="php_version"></span>
</p>
</div>
</div>
<div class="layui-col-lg3"> <div class="layui-col-lg3">
<div class = "admin-msg"> <div class = "admin-msg">
<h2>交流群</h2> <h2>交流群</h2>
@ -108,4 +135,18 @@
check_weak_password(); check_weak_password();
get_sql_update_list(); get_sql_update_list();
get_latest_version(); get_latest_version();
app_info();
// 获取app_info
function app_info(){
//alert("dsdfd");
let api_url = "/index.php?c=api&method=app_info";
console.log(api_url);
$.get(api_url,function(data,status){
data = data.data;
$("#php_version").html(data.php_version);
$("#cat_num").html(data.cat_num);
$("#link_num").html(data.link_num);
});
}
</script> </script>

13
templates/admin/link_list.php

@ -4,6 +4,19 @@
<div class="layui-body"> <div class="layui-body">
<!-- 内容主体区域 --> <!-- 内容主体区域 -->
<div class="layui-row content-body place-holder"> <div class="layui-row content-body place-holder">
<!-- 说明提示框 -->
<div class="layui-col-lg12">
<div class="page-msg">
<ol>
<li>仅 5iux/heimdall/tushan2/webstack 支持自定义图标,其余主题均自动获取链接图标。</li>
<li>分类的私有属性优先级高于链接的私有属性</li>
<li>权重数字越大,排序越靠前</li>
</ol>
</div>
</div>
<!-- 说明提示框END -->
<!-- 表单上面的按钮 --> <!-- 表单上面的按钮 -->
<div class="lay-col-lg12"> <div class="lay-col-lg12">
<form class="layui-form layui-form-pane" action=""> <form class="layui-form layui-form-pane" action="">

4
templates/admin/setting/subscribe.php

@ -12,7 +12,7 @@
<li>您可以前往:<a href="https://dwz.ovh/69h9q" rel = "nofollow" target = "_blank" title = "购买订阅服务">https://dwz.ovh/69h9q</a> 购买订阅服务,订阅后可以:</li> <li>您可以前往:<a href="https://dwz.ovh/69h9q" rel = "nofollow" target = "_blank" title = "购买订阅服务">https://dwz.ovh/69h9q</a> 购买订阅服务,订阅后可以:</li>
<li>1. 享受一键更新OneNav</li> <li>1. 享受一键更新OneNav</li>
<li>2. 可在线下载和更新主题</li> <li>2. 可在线下载和更新主题</li>
<li>3. 可享受一对一售后服务(仅限高级版和商业版)</li> <li>3. 可享受一对一售后服务</li>
<li>4. 可帮助OneNav持续发展,让OneNav变得更加美好</li> <li>4. 可帮助OneNav持续发展,让OneNav变得更加美好</li>
<li>5. 更多高级功能(自定义版权、广告管理等)</li> <li>5. 更多高级功能(自定义版权、广告管理等)</li>
<li>6. 数据库备份</li> <li>6. 数据库备份</li>
@ -20,7 +20,7 @@
</div> </div>
<div class="setting-msg"> <div class="setting-msg">
<p>1. 系统检测到您的域名为<strong style="color:#31BDEC;"><code><?php echo get_host(); ?></code></strong>,购买订阅时请填写此域名!</p> <p>1. 系统检测到您的域名为<strong style="color:#31BDEC;"><code><?php echo get_host(); ?></code></strong>,购买订阅时请填写此域名!</p>
<p>2. 若域名填写错误或更换域名,请前往<a title = "修改OneNav订阅域名" href="https://www.onenav.top/msub.html" target="_blank">https://www.onenav.top/msub.html</a>修改订阅!</p> <p>2. 若域名填写错误或更换域名,请前往 <a title = "修改OneNav订阅域名" href="https://dwz.ovh/p6u2w" target="_blank">https://dwz.ovh/p6u2w</a> 修改订阅!</p>
<!-- <p>3. Docker用户或IP访问的用户,请参考<a href="https://dwz.ovh/cve3d" target="_blank">没有域名购买订阅</a></p> --> <!-- <p>3. Docker用户或IP访问的用户,请参考<a href="https://dwz.ovh/cve3d" target="_blank">没有域名购买订阅</a></p> -->
</div> </div>
</div> </div>

29
templates/admin/setting/theme.php

@ -24,11 +24,20 @@
?> ?>
<div class="layui-col-md3"> <div class="layui-col-md3">
<div class="layui-card custom-card"> <div class="layui-card custom-card">
<div class="layui-card-header"> <div class="layui-card-header" id="<?php echo $key; ?>">
<?php echo $key; ?> - <?php echo $theme['info']->version ?> <div class="them-header">
<?php if( $current_them == $key ) { ?> <div class="left">
<span style = "color:#ff5722;">(使用中)</span> <span class = "name"><?php echo $key; ?> - <?php echo $theme['info']->version ?></span>
<?php } ?> <?php if( $current_them == $key ) { ?>
<span style = "color:#ff5722;">(使用中)</span>
<?php } ?>
</div>
<div class="right">
<span class="renewable" style="color:#FF5722;font-size:14px;"></span>
</div>
</div>
</div> </div>
<div class="layui-card-body"> <div class="layui-card-body">
<!-- 主题图片 --> <!-- 主题图片 -->
@ -214,25 +223,29 @@ function update_theme(name,version){
//遍历所有主题,检查是否有更新 //遍历所有主题,检查是否有更新
function check_update(){ function check_update(){
console.log('fdsfsdf');
//请求远程主题列表 //请求远程主题列表
$.get("https://onenav.xiaoz.top/v1/theme_list.php",function(data,status){ $.get("https://onenav.xiaoz.top/v1/theme_list.php",function(data,status){
let result = data.data; let result = data.data;
console.log(result);
//console.log(result.5iux); //console.log(result.5iux);
for (const obj in result) { for (const obj in result) {
//获取主题名称 //获取主题名称
let value = $("#" + obj).text(); let select = `#${obj} .name`;
let value = $(select).text();
//如果获取到的数据为空 //如果获取到的数据为空
if( value == '' ) { if( value == '' ) {
continue; continue;
} }
//console.log(obj);
//获取最新版本 //获取最新版本
let latest_version = result[obj].version; let latest_version = result[obj].version;
//获取当前版本 //获取当前版本
let current_version = value.split(' - ')[1]; let current_version = value.split(' - ')[1];
//如果存在最新版本 //如果存在最新版本
if( latest_version > current_version ) { if( latest_version > current_version ) {
console.log("#" + obj + ".renewable"); console.log("#" + obj + " .renewable");
$("#" + obj + " .renewable").append(`(可更新至${latest_version})`); $("#" + obj + " .renewable").append(`(可更新至${latest_version})`);
} }
} }

14
templates/admin/static/style.css

@ -207,4 +207,18 @@
.upload-backup{ .upload-backup{
margin-top: 16px; margin-top: 16px;
}
.them-header{
}
.them-header .left{
width: 50%;
float:left;
text-align: left;
}
.them-header .right{
width: 50%;
text-align: right;
float:right;
} }

2
templates/default/info.json

@ -14,7 +14,7 @@
}, },
"config": { "config": {
"full_width_mode":"off", "full_width_mode":"off",
"link_description":"show", "link_description":"hide",
"favicon": "online" "favicon": "online"
} }
} }

2
version.txt

@ -1 +1 @@
v0.9.33-20231207 v0.9.34-20240115
Loading…
Cancel
Save