Browse Source

Merge pull request #180 from helloxz/dev

0.9.34
main 0.9.34
xiaoz 12 months ago committed by GitHub
parent
commit
ebfba6c9e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 4
      README.md
  2. 14
      class/Api.php
  3. 11
      controller/admin.php
  4. 2
      controller/api.php
  5. 4
      controller/index.php
  6. 10
      controller/init.php
  7. 17
      data/update.log
  8. 23
      functions/helper.php
  9. 2
      static/layui/css/layui.css
  10. BIN
      static/layui/font/iconfont.eot
  11. 810
      static/layui/font/iconfont.svg
  12. BIN
      static/layui/font/iconfont.ttf
  13. BIN
      static/layui/font/iconfont.woff
  14. BIN
      static/layui/font/iconfont.woff2
  15. 2
      static/layui/layui.js
  16. 1
      templates/admin/add_link.php
  17. 43
      templates/admin/index.php
  18. 13
      templates/admin/link_list.php
  19. 4
      templates/admin/setting/subscribe.php
  20. 29
      templates/admin/setting/theme.php
  21. 14
      templates/admin/static/style.css
  22. 2
      templates/default/info.json
  23. 2
      version.txt

4
README.md

@ -53,11 +53,11 @@ OneNav是一款开源免费的书签(导航)管理程序,使用使用PHP + @@ -53,11 +53,11 @@ OneNav是一款开源免费的书签(导航)管理程序,使用使用PHP +
```bash
docker run -itd --name="onenav" -p 80:80 \
-v /data/onenav:/data/wwwroot/default/data \
helloz/onenav:0.9.33
helloz/onenav:0.9.34
```
* 第一个`80`是自定义访问端口,可以自行修改,第二个`80`是容器端口,请勿修改
* `/data/onenav`:本机挂载目录,用于持久存储Onenav数据
* `0.9.33`:改成OneNav最新版本号,可以通过[releases](https://github.com/helloxz/onenav/releases)查看最新版本号
* `0.9.34`:改成OneNav最新版本号,可以通过[releases](https://github.com/helloxz/onenav/releases)查看最新版本号
> 更多说明,请参考帮助文档:https://dwz.ovh/onenav

14
class/Api.php

@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
<?php
/**
* name:API核心类
* update:2020/12
* update:2024/01
* author:xiaoz<xiaoz93@outlook.com>
* blog:xiaoz.me
*/
@ -339,6 +339,18 @@ class Api { @@ -339,6 +339,18 @@ class Api {
//过滤$filename
$filename = str_replace('../','',$filename);
$filename = str_replace('./','',$filename);
// 获取文件名称的后缀
$suffix = explode('.',$filename);
// 如果没有后缀,则不合法,通过数组长度判断后缀
if( count($suffix) < 2 ) {
$this->err_msg(-2000,'文件不合法!');
}
// 获取文件后缀
$suffix = strtolower(end($suffix));
if( ( $suffix != 'html' ) && ( $suffix != 'htm' ) ) {
$this->err_msg(-2000,'文件不合法!');
}
$this->auth($token);
//检查文件是否存在
if ( !file_exists($filename) ) {

11
controller/admin.php

@ -23,6 +23,12 @@ check_auth($site_setting['user'],$site_setting['password']); @@ -23,6 +23,12 @@ check_auth($site_setting['user'],$site_setting['password']);
$version = new_get_version();
$page = empty($_GET['page']) ? 'index' : $_GET['page'];
// 正则判断page,只能允许字符+数字和下划线组合
$pattern = "/^[a-zA-Z0-9_\/]+$/";
if ( !preg_match($pattern,$page) ) {
exit('非法请求!');
}
//如果是后台首页,则判断是否是手机访问,并决定是否跳转到手机版页面
if( $page == 'index' ) {
@ -323,6 +329,11 @@ function check_auth($user,$password){ @@ -323,6 +329,11 @@ function check_auth($user,$password){
}
}
// 判断$page文件是否存在,不存在,则终止执行
$full_page_path = 'templates/admin/'.$page;
if( !file_exists($full_page_path) ) {
exit("file does not exist!");
}
// 载入前台首页模板
require('templates/admin/'.$page);

2
controller/api.php

@ -667,4 +667,4 @@ function global_search() { @@ -667,4 +667,4 @@ function global_search() {
function upload_backup(){
global $api;
$api->general_upload('data/backup/',['db3']);
}
}

4
controller/index.php

@ -9,6 +9,8 @@ $site = unserialize($site); @@ -9,6 +9,8 @@ $site = unserialize($site);
// 获取链接数量,默认为30
$link_num = empty( $site['link_num'] ) ? 30 : intval($site['link_num']);
//如果已经登录,获取所有分类和链接
// 载入辅助函数
require('functions/helper.php');
@ -77,6 +79,8 @@ if( is_login() ){ @@ -77,6 +79,8 @@ if( is_login() ){
}
//如果没有登录,只获取公有链接
else{
// 检查分类是否全私有,如果是,则跳转到登录界面
check_all_cat();
//查询分类目录
$categorys = [];
//查询一级分类目录,分类fid为0的都是一级分类

10
controller/init.php

@ -66,6 +66,16 @@ function init($data){ @@ -66,6 +66,16 @@ function init($data){
if( empty($data['username']) || empty($data['password']) ) {
err_msg(-2000,'用户名或密码不能为空!');
}
// 正则验证用户名
$u_patt = '/^[0-9a-z]{3,32}$/';
if( !preg_match($u_patt,$data['username']) ) {
err_msg(-2000,'用户名格式不正确!');
}
// 正则验证密码
$p_patt = '/^[0-9a-zA-Z!@#%^*.()]{6,16}$/';
if( !preg_match($p_patt,$data['password']) ) {
err_msg(-2000,'密码格式不正确!');
}
$config_file = "data/config.php";
//检查配置文件是否存在,存在则不允许设置
if( file_exists($config_file) ) {

17
data/update.log

@ -257,4 +257,19 @@ CREATE INDEX on_options_key_IDX ON on_options ("key"); @@ -257,4 +257,19 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
20231207
1. 新增技术支持按钮
2. 数据备份页面新增上传备份功能
2. 数据备份页面新增上传备份功能
20240109
1. 修复page参数注入问题
2. init控制器后端过滤username和password
3. imp_link方法只允许删除 .htm 或 .html 文件,避免任意文件删除
20240110
1. 新增辅助函数:check_all_cat() 用于判断分类是否全为私有,全私有则跳转到登录页
2. 升级LayUI版本至 v2.9.3
3. 修复主题有可用更新时,不显示更新提示的BUG
4. 修复baisuTwo主题右键复制无效的问题
5. 默认主题修改为默认隐藏链接描述
20240115
1. PC后台新增:分类数量/链接数量/PHP版本显示

23
functions/helper.php

@ -202,4 +202,27 @@ function getCurrentUrlDomain() { @@ -202,4 +202,27 @@ function getCurrentUrlDomain() {
return $domain;
}
/**
* name:检查分类是否全私有,如果是,则跳转到登录界面
*/
function check_all_cat(){
global $db;
// 统计所有分类的数量
$count = $db->count("on_categorys","*");
// 统计私有分类的数量
$count_private = $db->count("on_categorys","*",[
"property" => 1
]);
// 判断数量是否一致,一致则说明全部是私有
if( $count == $count_private ) {
// 判断用户是否登录,未登录则跳转
if( !is_login() ) {
header("Location:/index.php?c=login");
exit;
}
}
}

2
static/layui/css/layui.css

File diff suppressed because one or more lines are too long

BIN
static/layui/font/iconfont.eot

Binary file not shown.

810
static/layui/font/iconfont.svg

File diff suppressed because one or more lines are too long

Before

Width:  |  Height:  |  Size: 321 KiB

After

Width:  |  Height:  |  Size: 323 KiB

BIN
static/layui/font/iconfont.ttf

Binary file not shown.

BIN
static/layui/font/iconfont.woff

Binary file not shown.

BIN
static/layui/font/iconfont.woff2

Binary file not shown.

2
static/layui/layui.js vendored

File diff suppressed because one or more lines are too long

1
templates/admin/add_link.php

@ -9,6 +9,7 @@ @@ -9,6 +9,7 @@
<div class="setting-msg">
<p>1. 权重越大,排序越靠前</p>
<p>2. 识别功能可以自动获取链接标题和描述信息,但不确保一定成功</p>
<p>3. 仅 5iux/heimdall/tushan2/webstack 支持自定义图标,其余主题均自动获取链接图标。</p>
</div>
</div>
<!-- 说明提示框END -->

43
templates/admin/index.php

@ -17,7 +17,7 @@ @@ -17,7 +17,7 @@
<span id = "update_msg" style = "display:none;"><a style = "color: #FF5722;" href = "https://github.com/helloxz/onenav/releases" title = "下载最新版OneNav" target = "_blank" id="current_version">有可用更新</a></span>
</p>
</div>
</div>
</div>
<div class="layui-col-lg3">
<div class = "admin-msg">
@ -28,6 +28,33 @@ @@ -28,6 +28,33 @@
</div>
</div>
<div class="layui-col-lg3">
<div class = "admin-msg">
<h2>分类数量</h2>
<p class="text">
<a href="/index.php?c=admin&page=category_list"><span id="cat_num"></span></a>
</p>
</div>
</div>
<div class="layui-col-lg3">
<div class = "admin-msg">
<h2>链接数量</h2>
<p class="text">
<a href="/index.php?c=admin&page=link_list"><span id="link_num"></span></a>
</p>
</div>
</div>
<div class="layui-col-lg3">
<div class = "admin-msg">
<h2>PHP版本</h2>
<p class="text">
<span id="php_version"></span>
</p>
</div>
</div>
<div class="layui-col-lg3">
<div class = "admin-msg">
<h2>交流群</h2>
@ -108,4 +135,18 @@ @@ -108,4 +135,18 @@
check_weak_password();
get_sql_update_list();
get_latest_version();
app_info();
// 获取app_info
function app_info(){
//alert("dsdfd");
let api_url = "/index.php?c=api&method=app_info";
console.log(api_url);
$.get(api_url,function(data,status){
data = data.data;
$("#php_version").html(data.php_version);
$("#cat_num").html(data.cat_num);
$("#link_num").html(data.link_num);
});
}
</script>

13
templates/admin/link_list.php

@ -4,6 +4,19 @@ @@ -4,6 +4,19 @@
<div class="layui-body">
<!-- 内容主体区域 -->
<div class="layui-row content-body place-holder">
<!-- 说明提示框 -->
<div class="layui-col-lg12">
<div class="page-msg">
<ol>
<li>仅 5iux/heimdall/tushan2/webstack 支持自定义图标,其余主题均自动获取链接图标。</li>
<li>分类的私有属性优先级高于链接的私有属性</li>
<li>权重数字越大,排序越靠前</li>
</ol>
</div>
</div>
<!-- 说明提示框END -->
<!-- 表单上面的按钮 -->
<div class="lay-col-lg12">
<form class="layui-form layui-form-pane" action="">

4
templates/admin/setting/subscribe.php

@ -12,7 +12,7 @@ @@ -12,7 +12,7 @@
<li>您可以前往:<a href="https://dwz.ovh/69h9q" rel = "nofollow" target = "_blank" title = "购买订阅服务">https://dwz.ovh/69h9q</a> 购买订阅服务,订阅后可以:</li>
<li>1. 享受一键更新OneNav</li>
<li>2. 可在线下载和更新主题</li>
<li>3. 可享受一对一售后服务(仅限高级版和商业版)</li>
<li>3. 可享受一对一售后服务</li>
<li>4. 可帮助OneNav持续发展,让OneNav变得更加美好</li>
<li>5. 更多高级功能(自定义版权、广告管理等)</li>
<li>6. 数据库备份</li>
@ -20,7 +20,7 @@ @@ -20,7 +20,7 @@
</div>
<div class="setting-msg">
<p>1. 系统检测到您的域名为<strong style="color:#31BDEC;"><code><?php echo get_host(); ?></code></strong>,购买订阅时请填写此域名!</p>
<p>2. 若域名填写错误或更换域名,请前往<a title = "修改OneNav订阅域名" href="https://www.onenav.top/msub.html" target="_blank">https://www.onenav.top/msub.html</a>修改订阅!</p>
<p>2. 若域名填写错误或更换域名,请前往 <a title = "修改OneNav订阅域名" href="https://dwz.ovh/p6u2w" target="_blank">https://dwz.ovh/p6u2w</a> 修改订阅!</p>
<!-- <p>3. Docker用户或IP访问的用户,请参考<a href="https://dwz.ovh/cve3d" target="_blank">没有域名购买订阅</a></p> -->
</div>
</div>

29
templates/admin/setting/theme.php

@ -24,11 +24,20 @@ @@ -24,11 +24,20 @@
?>
<div class="layui-col-md3">
<div class="layui-card custom-card">
<div class="layui-card-header">
<?php echo $key; ?> - <?php echo $theme['info']->version ?>
<?php if( $current_them == $key ) { ?>
<span style = "color:#ff5722;">(使用中)</span>
<?php } ?>
<div class="layui-card-header" id="<?php echo $key; ?>">
<div class="them-header">
<div class="left">
<span class = "name"><?php echo $key; ?> - <?php echo $theme['info']->version ?></span>
<?php if( $current_them == $key ) { ?>
<span style = "color:#ff5722;">(使用中)</span>
<?php } ?>
</div>
<div class="right">
<span class="renewable" style="color:#FF5722;font-size:14px;"></span>
</div>
</div>
</div>
<div class="layui-card-body">
<!-- 主题图片 -->
@ -214,25 +223,29 @@ function update_theme(name,version){ @@ -214,25 +223,29 @@ function update_theme(name,version){
//遍历所有主题,检查是否有更新
function check_update(){
console.log('fdsfsdf');
//请求远程主题列表
$.get("https://onenav.xiaoz.top/v1/theme_list.php",function(data,status){
let result = data.data;
console.log(result);
//console.log(result.5iux);
for (const obj in result) {
//获取主题名称
let value = $("#" + obj).text();
let select = `#${obj} .name`;
let value = $(select).text();
//如果获取到的数据为空
if( value == '' ) {
continue;
}
//console.log(obj);
//获取最新版本
let latest_version = result[obj].version;
//获取当前版本
let current_version = value.split(' - ')[1];
//如果存在最新版本
if( latest_version > current_version ) {
console.log("#" + obj + ".renewable");
console.log("#" + obj + " .renewable");
$("#" + obj + " .renewable").append(`(可更新至${latest_version})`);
}
}

14
templates/admin/static/style.css

@ -207,4 +207,18 @@ @@ -207,4 +207,18 @@
.upload-backup{
margin-top: 16px;
}
.them-header{
}
.them-header .left{
width: 50%;
float:left;
text-align: left;
}
.them-header .right{
width: 50%;
text-align: right;
float:right;
}

2
templates/default/info.json

@ -14,7 +14,7 @@ @@ -14,7 +14,7 @@
},
"config": {
"full_width_mode":"off",
"link_description":"show",
"link_description":"hide",
"favicon": "online"
}
}

2
version.txt

@ -1 +1 @@ @@ -1 +1 @@
v0.9.33-20231207
v0.9.34-20240115
Loading…
Cancel
Save