From 924e52b5e5aa4068986a1dffecac0f8a9060c40a Mon Sep 17 00:00:00 2001
From: Karson <karsonzhang@163.com>
Date: Fri, 20 Apr 2018 12:34:03 +0800
Subject: [PATCH] 修复CRUD目录大小写问题 修复API接口的安全问题 优化MutationObserver在IE10的兼容问题
---
README.md | 30 +++++++++++++++++-------------
application/admin/command/Crud.php | 2 +-
application/common/controller/Api.php | 3 +++
application/common/controller/Frontend.php | 4 ----
application/common/library/token/driver/Mysql.php | 2 +-
public/assets/js/fast.js | 30 ++++++++++++++++--------------
public/assets/js/require-backend.min.js | 30 ++++++++++++++++--------------
public/assets/js/require-frontend.min.js | 30 ++++++++++++++++--------------
8 files changed, 70 insertions(+), 61 deletions(-)
diff --git a/README.md b/README.md
index 4f01a75..b392d06 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ FastAdmin是一款基于ThinkPHP5+Bootstrap的极速后台开发框架。
## **主要特性**
-* 基于`Auth`验证的权限管理系统
+* 基于Auth的权限管理系统
* 支持无限级父子级权限继承,父级的管理员可任意增删改子级管理员及权限设置
* 支持单管理员多角色
* 支持管理子级数据或个人数据
@@ -13,12 +13,11 @@ FastAdmin是一款基于ThinkPHP5+Bootstrap的极速后台开发框架。
* 一键压缩打包JS和CSS文件,一键CDN静态资源部署
* 一键生成控制器菜单和规则
* 一键生成API接口文档
-* 完善的前端功能组件开发
- * 基于`AdminLTE`二次开发
- * 基于`Bootstrap`开发,自适应手机、平板、PC
- * 基于`RequireJS`进行JS模块管理,按需加载
- * 基于`Less`进行样式开发
- * 基于`Bower`进行前端组件包管理
+* 完善的前端功能组件
+ * 基于AdminLTE二次开发
+ * 基于Bootstrap开发,自适应手机、平板、PC
+ * 基于RequireJS进行JS模块管理,按需加载
+ * 基于Bower进行前端组件包管理
* 强大的插件扩展功能,在线安装卸载升级插件
* 通用的会员模块和API模块
* 共用同一账号体系的Web端会员中心权限验证和API接口会员权限验证
@@ -27,6 +26,7 @@ FastAdmin是一款基于ThinkPHP5+Bootstrap的极速后台开发框架。
* 强大的第三方模块支持(CMS、博客、文档生成)
* 整合第三方短信接口(阿里云、创蓝短信)
* 无缝整合第三方云存储(七牛、阿里云OSS、又拍云)功能
+* 第三方富文本编辑器支持(Summernote、Tinymce、百度编辑器)
* 第三方登录(QQ、微信、微博)整合
* Ucenter整合第三方应用
@@ -42,7 +42,7 @@ https://demo.fastadmin.net
密 码:123456
-提 示:演示站数据无法进行删除和修改,只能新增,完整体验请下载源码安装体验
+提 示:演示站数据无法进行修改,请下载源码安装体验全部功能
## **界面截图**
@@ -53,15 +53,13 @@ https://demo.fastadmin.net
交流社区: https://forum.fastadmin.net
-QQ群: [636393962](https://jq.qq.com/?_wv=1027&k=487PNBb)(交流群) [696992864](https://jq.qq.com/?_wv=1027&k=5R2AB00)(高级群,付费加入)
+QQ群: [636393962](https://jq.qq.com/?_wv=1027&k=487PNBb)(交流群①) [708784003](https://jq.qq.com/?_wv=1027&k=5ObjtwM)(交流群②) [696992864](https://jq.qq.com/?_wv=1027&k=5R2AB00)(高级群,付费加入)
Email: (karsonzhang#163.com, 把#换成@)
-weibo: [@karsonzhang](https://weibo.com/karsonzhang)
-
Github: https://github.com/karsonzhang/fastadmin
-Git@OSC: https://gitee.com/karson/fastadmin
+Gitee: https://gitee.com/karson/fastadmin
## **特别鸣谢**
@@ -69,12 +67,18 @@ Git@OSC: https://gitee.com/karson/fastadmin
ThinkPHP:http://www.thinkphp.cn
-AdminLTE:https://almsaeedstudio.com
+AdminLTE:https://adminlte.io
Bootstrap:http://getbootstrap.com
jQuery:http://jquery.com
+Bootstrap-table:https://github.com/wenzhixin/bootstrap-table
+
+Nice-validator: https://validator.niceue.com
+
+SelectPage: https://github.com/TerryZ/SelectPage
+
## 版权信息
diff --git a/application/admin/command/Crud.php b/application/admin/command/Crud.php
index 98b7292..93e7947 100755
--- a/application/admin/command/Crud.php
+++ b/application/admin/command/Crud.php
@@ -920,7 +920,7 @@ EOD;
$content = $this->getReplacedStub($name, $data);
if (!is_dir(dirname($pathname))) {
- mkdir(strtolower(dirname($pathname)), 0755, true);
+ mkdir(dirname($pathname), 0755, true);
}
return file_put_contents($pathname, $content);
}
diff --git a/application/common/controller/Api.php b/application/common/controller/Api.php
index 5c95cf7..a59c5f0 100644
--- a/application/common/controller/Api.php
+++ b/application/common/controller/Api.php
@@ -92,6 +92,9 @@ class Api
*/
protected function _initialize()
{
+ //移除HTML标签
+ $this->request->filter('strip_tags');
+
$this->auth = Auth::instance();
$modulename = $this->request->module();
diff --git a/application/common/controller/Frontend.php b/application/common/controller/Frontend.php
index de1ff5f..c4f3a78 100644
--- a/application/common/controller/Frontend.php
+++ b/application/common/controller/Frontend.php
@@ -53,10 +53,6 @@ class Frontend extends Controller
}
$this->auth = Auth::instance();
- $modulename = $this->request->module();
- $controllername = strtolower($this->request->controller());
- $actionname = strtolower($this->request->action());
-
// token
$token = $this->request->server('HTTP_TOKEN', $this->request->request('token', \think\Cookie::get('token')));
diff --git a/application/common/library/token/driver/Mysql.php b/application/common/library/token/driver/Mysql.php
index 24f0827..5884d83 100644
--- a/application/common/library/token/driver/Mysql.php
+++ b/application/common/library/token/driver/Mysql.php
@@ -34,7 +34,7 @@ class Mysql extends Driver
if ($this->options['connection']) {
$this->handler = \think\Db::connect($this->options['connection'])->name($this->options['table']);
} else {
- $this->handler = \think\Db::name('user_token');
+ $this->handler = \think\Db::name($this->options['table']);
}
}
diff --git a/public/assets/js/fast.js b/public/assets/js/fast.js
index bf31df1..5de0b0c 100644
--- a/public/assets/js/fast.js
+++ b/public/assets/js/fast.js
@@ -142,21 +142,23 @@ define(['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, undefine
if (layerfooter.size() > 0) {
// 监听窗口内的元素及属性变化
// Firefox和Chrome早期版本中带有前缀
- var MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver
- // 选择目标节点
- var target = layerfooter[0];
- // 创建观察者对象
- var observer = new MutationObserver(function (mutations) {
- Fast.api.layerfooter(layero, index, that);
- mutations.forEach(function (mutation) {
+ var MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver;
+ if (MutationObserver) {
+ // 选择目标节点
+ var target = layerfooter[0];
+ // 创建观察者对象
+ var observer = new MutationObserver(function (mutations) {
+ Fast.api.layerfooter(layero, index, that);
+ mutations.forEach(function (mutation) {
+ });
});
- });
- // 配置观察选项:
- var config = {attributes: true, childList: true, characterData: true, subtree: true}
- // 传入目标节点和观察选项
- observer.observe(target, config);
- // 随后,你还可以停止观察
- // observer.disconnect();
+ // 配置观察选项:
+ var config = {attributes: true, childList: true, characterData: true, subtree: true}
+ // 传入目标节点和观察选项
+ observer.observe(target, config);
+ // 随后,你还可以停止观察
+ // observer.disconnect();
+ }
}
}
}, options ? options : {});
diff --git a/public/assets/js/require-backend.min.js b/public/assets/js/require-backend.min.js
index 5105119..940eba2 100644
--- a/public/assets/js/require-backend.min.js
+++ b/public/assets/js/require-backend.min.js
@@ -796,21 +796,23 @@ define('fast',['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, u
if (layerfooter.size() > 0) {
// 监听窗口内的元素及属性变化
// Firefox和Chrome早期版本中带有前缀
- var MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver
- // 选择目标节点
- var target = layerfooter[0];
- // 创建观察者对象
- var observer = new MutationObserver(function (mutations) {
- Fast.api.layerfooter(layero, index, that);
- mutations.forEach(function (mutation) {
+ var MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver;
+ if (MutationObserver) {
+ // 选择目标节点
+ var target = layerfooter[0];
+ // 创建观察者对象
+ var observer = new MutationObserver(function (mutations) {
+ Fast.api.layerfooter(layero, index, that);
+ mutations.forEach(function (mutation) {
+ });
});
- });
- // 配置观察选项:
- var config = {attributes: true, childList: true, characterData: true, subtree: true}
- // 传入目标节点和观察选项
- observer.observe(target, config);
- // 随后,你还可以停止观察
- // observer.disconnect();
+ // 配置观察选项:
+ var config = {attributes: true, childList: true, characterData: true, subtree: true}
+ // 传入目标节点和观察选项
+ observer.observe(target, config);
+ // 随后,你还可以停止观察
+ // observer.disconnect();
+ }
}
}
}, options ? options : {});
diff --git a/public/assets/js/require-frontend.min.js b/public/assets/js/require-frontend.min.js
index 09a3e1f..05972e9 100644
--- a/public/assets/js/require-frontend.min.js
+++ b/public/assets/js/require-frontend.min.js
@@ -796,21 +796,23 @@ define('fast',['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, u
if (layerfooter.size() > 0) {
// 监听窗口内的元素及属性变化
// Firefox和Chrome早期版本中带有前缀
- var MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver
- // 选择目标节点
- var target = layerfooter[0];
- // 创建观察者对象
- var observer = new MutationObserver(function (mutations) {
- Fast.api.layerfooter(layero, index, that);
- mutations.forEach(function (mutation) {
+ var MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver;
+ if (MutationObserver) {
+ // 选择目标节点
+ var target = layerfooter[0];
+ // 创建观察者对象
+ var observer = new MutationObserver(function (mutations) {
+ Fast.api.layerfooter(layero, index, that);
+ mutations.forEach(function (mutation) {
+ });
});
- });
- // 配置观察选项:
- var config = {attributes: true, childList: true, characterData: true, subtree: true}
- // 传入目标节点和观察选项
- observer.observe(target, config);
- // 随后,你还可以停止观察
- // observer.disconnect();
+ // 配置观察选项:
+ var config = {attributes: true, childList: true, characterData: true, subtree: true}
+ // 传入目标节点和观察选项
+ observer.observe(target, config);
+ // 随后,你还可以停止观察
+ // observer.disconnect();
+ }
}
}
}, options ? options : {});
--
libgit2 0.24.0