From 309892fb1aa256c31d38f01a29310cf8e83d5258 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B0=8F=E8=83=A1?=
<140248955+xiaohu2002@users.noreply.github.com>
Date: Mon, 14 Oct 2024 10:46:17 +0800
Subject: [PATCH 1/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=B7=AF=E5=BE=84?=
=?UTF-8?q?=E9=81=8D=E5=8E=86=E6=BC=8F=E6=B4=9E=20(#258)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
user/space/about.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/user/space/about.php b/user/space/about.php
index e8de686a..c7f87259 100644
--- a/user/space/about.php
+++ b/user/space/about.php
@@ -10,7 +10,7 @@
exit('Access Denied');
}
$about=array();
-$identify=$_GET['modname'];
+$identify = filter_var($_GET['modname'], FILTER_SANITIZE_STRING);
$ismobile=helper_browser::ismobile();
$appConfig=DZZ_ROOT.'./dzz/'.$identify.'/config/config.php';
if($identify && file_exists($appConfig)){
@@ -41,4 +41,4 @@
} else {
include template('about');
}
-exit();
\ No newline at end of file
+exit();
From 394451f5788eb6eff2ef3df45764278c104d5c24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B0=8F=E8=83=A1?=
<140248955+xiaohu2002@users.noreply.github.com>
Date: Tue, 15 Oct 2024 15:02:12 +0800
Subject: [PATCH 2/4] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E5=86=85=E5=AE=B9?=
=?UTF-8?q?=EF=BC=9A=20(#259)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
authcode函数漏洞修复
避免重复添加className的问题
修复dshowmessage函数包含重复的if判断
Signed-off-by: 小胡 <3203164629@qq.com>
---
core/function/function_core.php | 29 +++++++++++++----------------
core/function/function_message.php | 2 --
static/js/common.js | 4 +++-
3 files changed, 16 insertions(+), 19 deletions(-)
diff --git a/core/function/function_core.php b/core/function/function_core.php
index 33b83c64..18b2343b 100644
--- a/core/function/function_core.php
+++ b/core/function/function_core.php
@@ -364,7 +364,7 @@ function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0, $ckey_
}
if ($operation == 'DECODE') {
- if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26) . $keyb), 0, 16)) {
+ if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) === substr(md5(substr($result, 26) . $keyb), 0, 16)) {
return substr($result, 26);
} else {
return '';
@@ -1621,22 +1621,19 @@ function getexpiration()
return mktime(0, 0, 0, $date['mon'], $date['mday'], $date['year']) + 86400;
}
-function return_bytes($val)
-{
- $val = trim($val);
- $last = strtolower($val{strlen($val) - 1});
- switch ($last) {
- case 'g':
- $val *= 1024;
- case 'm':
- $val *= 1024;
- case 'k':
- $val *= 1024;
- }
- return $val;
+function return_bytes($val) {
+ $last = strtolower($val[strlen($val)-1]);
+ if (!is_numeric($val)) {
+ $val = substr(trim($val), 0, -1);
+ }
+ switch($last) {
+ case 'g': $val *= 1024;
+ case 'm': $val *= 1024;
+ case 'k': $val *= 1024;
+ }
+ return $val;
}
-
function getimgthumbname($fileStr, $extend = '.thumb.jpg', $holdOldExt = true)
{
if (empty($fileStr)) {
@@ -1673,7 +1670,7 @@ function strhash($string, $operation = 'DECODE', $key = '')
{
$key = md5($key != '' ? $key : getglobal('authkey'));
if ($operation == 'DECODE') {
- $hashcode = gzuncompress(base64_decode(($string)));
+ $hashcode = gzuncompress(base64_decode($string));
$string = substr($hashcode, 0, -16);
$hash = substr($hashcode, -16);
unset($hashcode);
diff --git a/core/function/function_message.php b/core/function/function_message.php
index a8aa2ee0..f69e5183 100644
--- a/core/function/function_message.php
+++ b/core/function/function_message.php
@@ -71,8 +71,6 @@ function dshowmessage($message, $url_forward = '', $values = array(), $extrapara
if(!empty($_G['inajax'])) {
$handlekey = $_GET['handlekey'] = !empty($_GET['handlekey']) ? dhtmlspecialchars($_GET['handlekey']) : '';
$param['handle'] = true;
- }
- if(!empty($_G['inajax'])) {
$param['msgtype'] = empty($_GET['ajaxmenu']) && (empty($_POST) || !empty($_GET['nopost'])) ? 2 : 3;
}
if($url_forward) {
diff --git a/static/js/common.js b/static/js/common.js
index b33240fe..8e72adba 100644
--- a/static/js/common.js
+++ b/static/js/common.js
@@ -1122,7 +1122,9 @@ function showMenu(v) {
if(_all.length) {
for(j = 0; j < _all.length; j++) {
if((!_all[j]['type'] || _all[j]['type'] != 'hidden') && hasshow(_all[j])) {
- _all[j].className += ' hidefocus';
+ if(_all[j].className.indexOf('hidefocus') == -1) {
+ _all[j].className += ' hidefocus';
+ }
_all[j].focus();
focused = true;
var cobj = _all[j];
From 25acf615bf1ed6f26891c56f0cd35d5a505762a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B0=8F=E8=83=A1?=
<140248955+xiaohu2002@users.noreply.github.com>
Date: Sat, 19 Oct 2024 15:22:08 +0800
Subject: [PATCH 3/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=BB=99=E5=88=86?=
=?UTF-8?q?=E4=BA=AB=E7=9A=84=E6=96=87=E4=BB=B6=E8=B5=8B=E4=BA=88=E4=BA=86?=
=?UTF-8?q?=E5=85=A8=E9=83=A8=E6=9D=83=E9=99=90=E9=97=AE=E9=A2=98=20(#260)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
core/class/perm/perm_check.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/class/perm/perm_check.php b/core/class/perm/perm_check.php
index 9cfa360a..ba84f2e7 100644
--- a/core/class/perm/perm_check.php
+++ b/core/class/perm/perm_check.php
@@ -161,7 +161,7 @@ function groupPerm($fid,$action,$gid){ //判断容器有没有指定的权限
//$arr=array('uid','gid','desktop');其中这几项必须
function checkperm($action,$arr,$bz=''){ //检查某个图标是否有权限;
global $_G;
- if ($arr['preview']) {
+ if ($arr['preview'] && ($action=='read') || $action=='copy' || $action=='download') {
return true;
}
if($_G['uid']<1){ //游客没有权限
From dbb1289bd760cfb153da59c34becd87bfd990346 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B0=8F=E8=83=A1?=
<140248955+xiaohu2002@users.noreply.github.com>
Date: Thu, 24 Oct 2024 09:04:51 +0800
Subject: [PATCH 4/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=BD=91=E5=9D=80?=
=?UTF-8?q?=E6=97=A0=E6=B3=95=E9=A2=84=E8=A7=88=E5=92=8C=E6=96=87=E4=BB=B6?=
=?UTF-8?q?=E7=B1=BB=E5=9E=8B=E6=98=BE=E7=A4=BA=E4=B8=BA=E6=9C=AA=E7=9F=A5?=
=?UTF-8?q?=E7=B1=BB=E5=9E=8B=E7=9A=84=E9=97=AE=E9=A2=98=E3=80=81=E4=BF=AE?=
=?UTF-8?q?=E6=94=B9title=20(#261)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
core/class/table/table_resources.php | 2 ++
core/template/default/common/header_common.htm | 2 +-
core/template/default/common/header_simple_start.htm | 2 +-
share.php | 4 ++++
4 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/core/class/table/table_resources.php b/core/class/table/table_resources.php
index 80adea2a..2c1a1bb6 100644
--- a/core/class/table/table_resources.php
+++ b/core/class/table/table_resources.php
@@ -889,6 +889,8 @@ public function get_property_by_rid($rids, $contains = true)
if ($currentfolder = C::t('folder')->fetch($fileinfo['oid'])) {
$fileinfo['isgroup'] = ($currentfolder['flag'] == 'organization') ? true : false;
}
+ } elseif ($fileinfo['type'] == 'link') {
+ $fileinfo['type'] = lang('type_link');
} elseif ($fileinfo['ext']) {
$fileinfo['type'] = getFileTypeName($fileinfo['type'], $fileinfo['ext']);
} else {
diff --git a/core/template/default/common/header_common.htm b/core/template/default/common/header_common.htm
index 06936bfb..6266ae9e 100644
--- a/core/template/default/common/header_common.htm
+++ b/core/template/default/common/header_common.htm
@@ -3,7 +3,7 @@
- <!--{if !empty($navtitle)}-->$navtitle - <!--{/if}--><!--{if !empty($_G[setting][sitename])}--> $_G[setting][sitename] - <!--{/if}-->
+ <!--{if !empty($navtitle)}-->$navtitle - <!--{/if}-->$_G[setting][sitename]
diff --git a/core/template/default/common/header_simple_start.htm b/core/template/default/common/header_simple_start.htm
index 463c228b..6874018b 100644
--- a/core/template/default/common/header_simple_start.htm
+++ b/core/template/default/common/header_simple_start.htm
@@ -4,7 +4,7 @@
-<!--{if !empty($navtitle)}-->$navtitle - <!--{/if}-->$_G[setting][sitename]
+<!--{if !empty($navtitle)}-->$navtitle - <!--{/if}-->$_G[setting][sitename]
diff --git a/share.php b/share.php
index d3926eca..5ea7bdee 100644
--- a/share.php
+++ b/share.php
@@ -33,6 +33,10 @@
}
$icoarr['icoid'] = $_GET['s'];
}
+ if ($icoarr['type'] == 'link') {
+ @header('Location: '.$icoarr['url']);
+ exit();
+ }
$imageexts=array('jpg','jpeg','png','gif'); //图片使用;
$filename=$icoarr['name'];//rtrim($_GET['n'],'.dzz');
$ext=$icoarr['ext'];//strtolower(substr(strrchr($filename, '.'), 1, 10));