xiaoz
/
onenav
mirror of https://github.com/helloxz/onenav.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #43 from helloxz/dev 

v0.9.14
pull/90/head 0.9.14
xiaoz 2 years ago committed by GitHub
parent
17a3e204e3 c4377eb68f
commit
ae3ca1b78c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 14 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      controller/admin.php
  2. 4
      controller/login.php
  3. 8
      data/update.log
  4. 2
      functions/helper.php
  5. 4
      templates/default/index.php
  6. 2
      version.txt

2
controller/admin.php
Unescape View File

@ -139,7 +139,7 @@ function check_auth($user,$password){
//获取cookie //获取cookie
$cookie = $_COOKIE['key']; $cookie = $_COOKIE['key'];
//如果cookie的值和计算的key不一致,则没有权限 //如果cookie的值和计算的key不一致,则没有权限
if( $cookie != $key ){ if( $cookie !== $key ){
$msg = "<h3>认证失败,请<a href = 'index.php?c=login'>重新登录</a></h3>"; $msg = "<h3>认证失败,请<a href = 'index.php?c=login'>重新登录</a></h3>";
require('templates/admin/403.php'); require('templates/admin/403.php');
exit; exit;

4
controller/login.php
Unescape View File

@ -11,7 +11,7 @@ $key = md5($username.$password.'onenav');
$cookie = $_COOKIE['key']; $cookie = $_COOKIE['key'];
//如果已经登录,直接跳转 //如果已经登录,直接跳转
if( $cookie == $key ){ if( $cookie === $key ){
header('location:index.php?c=admin'); header('location:index.php?c=admin');
exit; exit;
} }
@ -21,7 +21,7 @@ if( $_GET['check'] == 'login' ) {
$user = $_POST['user']; $user = $_POST['user'];
$pass = $_POST['password']; $pass = $_POST['password'];
header('Content-Type:application/json; charset=utf-8'); header('Content-Type:application/json; charset=utf-8');
if( ($user == $username) && ($pass == $password) ) { if( ($user === $username) && ($pass === $password) ) {
$key = md5($username.$password.'onenav'); $key = md5($username.$password.'onenav');
setcookie("key", $key, time()+30 * 24 * 60 * 60,"/"); setcookie("key", $key, time()+30 * 24 * 60 * 60,"/");
$data = [ $data = [

8
data/update.log
Unescape View File

@ -28,4 +28,10 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
1. 简化安装过程,无需再手动修改配置安装 1. 简化安装过程,无需再手动修改配置安装
2. 新增默认密码安全检测 2. 新增默认密码安全检测
3. 默认模板增加手机登录按钮 3. 默认模板增加手机登录按钮
4. 修复一处XSS漏洞 4. 修复一处XSS漏洞
20220216
1. 修复一处登录漏洞
20220221
1. 修复默认主题字体图标不显示

2
functions/helper.php
Unescape View File

@ -28,7 +28,7 @@ function is_login(){
//获取session //获取session
$session = $_COOKIE['key']; $session = $_COOKIE['key'];
//如果已经成功登录 //如果已经成功登录
if($session == $key) { if($session === $key) {
return true; return true;
} }
else{ else{

4
templates/default/index.php
Unescape View File

@ -90,7 +90,7 @@
?> ?>
<a href="#category-<?php echo $category['id']; ?>"> <a href="#category-<?php echo $category['id']; ?>">
<li class="mdui-list-item mdui-ripple"> <li class="mdui-list-item mdui-ripple">
<div class="mdui-list-item-content category-name"><?php echo $category['name']; ?></div> <div class="mdui-list-item-content category-name"><?php echo htmlspecialchars_decode($category['name']); ?></div>
</li> </li>
</a> </a>
@ -146,7 +146,7 @@
} }
?> ?>
<div id = "category-<?php echo $category['id']; ?>" class = "mdui-col-xs-12 mdui-typo-title cat-title"> <div id = "category-<?php echo $category['id']; ?>" class = "mdui-col-xs-12 mdui-typo-title cat-title">
<?php echo $category['name']; ?> <?php echo $property; ?> <?php echo htmlspecialchars_decode($category['name']); ?> <?php echo $property; ?>
<span class = "mdui-typo-caption"><?php echo $category['description']; ?></span> <span class = "mdui-typo-caption"><?php echo $category['description']; ?></span>
</div> </div>
<!-- 遍历链接 --> <!-- 遍历链接 -->

2
version.txt
Unescape View File

@ -1 +1 @@
v0.9.13-20220214 v0.9.14-20220221
Write Preview
Loading…
Cancel
Save