新增搜索字段安全检测

修复find_in_set多值时无法查询的BUG 移除冗余查询代码

新增搜索字段安全检测
修复find_in_set多值时无法查询的BUG 移除冗余查询代码
Karson
application/admin/lang/zh-cn.php
application/common/controller/Backend.php
--- a/application/admin/lang/zh-cn.php
查看文件 @0a16477
+++ b/application/admin/lang/zh-cn.php
查看文件 @0a16477
@@ -96,6 +96,9 @@ return [
     'End time'                                              => '结束时间',
     'Create time'                                           => '创建时间',
     'Update time'                                           => '更新时间',
+     'Createtime'                                            => '创建时间',
+     'Updatetime'                                            => '更新时间',
+     'Deletetime'                                            => '删除时间',
     'Flag'                                                  => '标志',
     'Drag to sort'                                          => '拖动进行排序',
     'Redirect now'                                          => '立即跳转',
@@ -164,7 +167,7 @@ return [
     'An unexpected error occurred'                          => '发生了一个意外错误,程序猿正在紧急处理中',
     'This page will be re-directed in %s seconds'           => '页面将在 %s 秒后自动跳转',
     'Click to uncheck all'                                  => '点击取消全部',
-     'Multiple selection mode: %s checked'                    => '跨页选择模式，已选 %s 项',
+     'Multiple selection mode: %s checked'                   => '跨页选择模式，已选 %s 项',
     //菜单
     'Dashboard'                                             => '控制台',
     'General'                                               => '常规管理',
--- a/application/common/controller/Backend.php
查看文件 @0a16477
+++ b/application/common/controller/Backend.php
查看文件 @0a16477
@@ -266,7 +266,6 @@ class Backend extends Controller
         $tableName = '';
         if ($relationSearch) {
             if (!empty($this->model)) {
-                 $name = \think\Loader::parseName(basename(str_replace('\\', '/', get_class($this->model))));
                 $name = $this->model->getTable();
                 $tableName = $name . '.';
             }
@@ -290,6 +289,9 @@ class Backend extends Controller
             $where[] = [implode("|", $searcharr), "LIKE", "%{$search}%"];
         }
         foreach ($filter as $k => $v) {
+             if (!preg_match('/^[a-zA-Z0-9_\-\.]+$/', $k)) {
+                 continue;
+             }
             $sym = isset($op[$k]) ? $op[$k] : '=';
             if (stripos($k, ".") === false) {
                 $k = $tableName . $k;
@@ -327,7 +329,12 @@ class Backend extends Controller
                 case 'FINDIN':
                 case 'FINDINSET':
                 case 'FIND_IN_SET':
-                     $where[] = "FIND_IN_SET('{$v}', " . ($relationSearch ? $k : '`' . str_replace('.', '`.`', $k) . '`') . ")";
+                     $v = is_array($v) ? $v : explode(',', str_replace(' ', ',', $v));
+                     foreach ($v as $index => $item) {
+                         $item = str_replace([' ', ',', "'"], '', $item);
+                         $item = addslashes(htmlentities(strip_tags($item)));
+                         $where[] = "FIND_IN_SET('{$item}', `" . ($relationSearch ? str_replace('.', '`.`', $k) : $k) . "`)";
+                     }
                     break;
                 case 'IN':
                 case 'IN(...)':
@@ -368,10 +375,6 @@ class Backend extends Controller
                     }
                     $where[] = [$k, str_replace('RANGE', 'BETWEEN', $sym) . ' time', $arr];
                     break;
-                 case 'LIKE':
-                 case 'LIKE %...%':
-                     $where[] = [$k, 'LIKE', "%{$v}%"];
-                     break;
                 case 'NULL':
                 case 'IS NULL':
                 case 'NOT NULL':