修复上传文件后缀判断错误的BUG

修复Token永久有效期判断错误的BUG 修复getUserinfo返回错误token的BUG

修复上传文件后缀判断错误的BUG
修复Token永久有效期判断错误的BUG 修复getUserinfo返回错误token的BUG
Karson
application/admin/controller/Ajax.php
application/api/controller/Common.php
application/common/library/Auth.php
application/common/library/token/driver/Mysql.php
application/config.php
application/extra/upload.php
public/assets/js/require-backend.min.js
public/assets/js/require-table.js
--- a/application/admin/controller/Ajax.php
查看文件 @f035876
+++ b/application/admin/controller/Ajax.php
查看文件 @f035876
@@ -65,10 +65,16 @@ class Ajax extends Backend
         $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION));
         $suffix = $suffix ? $suffix : 'file';
 
-         $mimetypeArr = explode(',', $upload['mimetype']);
+         $mimetypeArr = explode(',', strtolower($upload['mimetype']));
         $typeArr = explode('/', $fileInfo['type']);
+ 
         //验证文件后缀
-         if ($upload['mimetype'] !== '*' && !in_array($suffix, $mimetypeArr) && !in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr)) {
+         if ($upload['mimetype'] !== '*' &&
+             (
+                 !in_array($suffix, $mimetypeArr)
+                 || (stripos($typeArr[0] . '/', $upload['mimetype']) !== false && (!in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr)))
+             )
+         ) {
             $this->error(__('Uploaded file format is limited'));
         }
         $replaceArr = [
--- a/application/api/controller/Common.php
查看文件 @f035876
+++ b/application/api/controller/Common.php
查看文件 @f035876
@@ -75,11 +75,16 @@ class Common extends Api
         $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION));
         $suffix = $suffix ? $suffix : 'file';
 
-         $mimetypeArr = explode(',', $upload['mimetype']);
+         $mimetypeArr = explode(',', strtolower($upload['mimetype']));
         $typeArr = explode('/', $fileInfo['type']);
+ 
         //验证文件后缀
-         if ($upload['mimetype'] !== '*' && !in_array($suffix, $mimetypeArr) && !in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr))
-         {
+         if ($upload['mimetype'] !== '*' &&
+             (
+                 !in_array($suffix, $mimetypeArr)
+                 || (stripos($typeArr[0] . '/', $upload['mimetype']) !== false && (!in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr)))
+             )
+         ) {
             $this->error(__('Uploaded file format is limited'));
         }
         $replaceArr = [
--- a/application/common/library/Auth.php
查看文件 @f035876
+++ b/application/common/library/Auth.php
查看文件 @f035876
@@ -416,7 +416,7 @@ class Auth
         $data = $this->_user->toArray();
         $allowFields = $this->getAllowFields();
         $userinfo = array_intersect_key($data, array_flip($allowFields));
-         $userinfo['token'] = $this->getToken();
+         $userinfo = array_merge($userinfo, Token::get($this->_token));
         return $userinfo;
     }
 
--- a/application/common/library/token/driver/Mysql.php
查看文件 @f035876
+++ b/application/common/library/token/driver/Mysql.php
查看文件 @f035876
@@ -47,7 +47,7 @@ class Mysql extends Driver
      */
     public function set($token, $user_id, $expire = null)
     {
-         $expiretime = !is_null($expire) ? time() + $expire : ($expire === 0 ? 0 : time() + $this->options['expire']);
+         $expiretime = !is_null($expire) && $expire !== 0 ? time() + $expire : 0;
         $token = $this->getEncryptedToken($token);
         $this->handler->insert(['token' => $token, 'user_id' => $user_id, 'createtime' => time(), 'expiretime' => $expiretime]);
         return TRUE;
@@ -66,7 +66,7 @@ class Mysql extends Driver
                 //返回未加密的token给客户端使用
                 $data['token'] = $token;
                 //返回剩余有效时间
-                 $data['expired_in'] = $this->getExpiredIn($data['expiretime']);
+                 $data['expires_in'] = $this->getExpiredIn($data['expiretime']);
                 return $data;
             } else {
                 self::delete($token);
--- a/application/config.php
查看文件 @f035876
+++ b/application/config.php
查看文件 @f035876
@@ -260,7 +260,7 @@ return [
         //是否开启前台会员中心
         'usercenter'          => true,
         //登录验证码
-         'login_captcha'       => true,
+         'login_captcha'       => false,
         //登录失败超过10则1天后重试
         'login_failure_retry' => true,
         //是否同一账号同一时间只能在一个地方登录
@@ -270,7 +270,7 @@ return [
         //自动检测更新
         'checkupdate'         => false,
         //版本号
-         'version'             => '1.0.0.20180406_beta',
+         'version'             => '1.0.0.20180417_beta',
         //API接口地址
         'api_url'             => 'https://api.fastadmin.net',
     ],
--- a/application/extra/upload.php
查看文件 @f035876
+++ b/application/extra/upload.php
查看文件 @f035876
@@ -21,7 +21,7 @@ return [
     /**
      * 可上传的文件类型
      */
-     'mimetype'  => '*',
+     'mimetype'  => 'jpg,png,bmp,jpeg,gif,zip,rar,xls,xlsx',
     /**
      * 是否支持批量上传
      */
--- a/public/assets/js/require-backend.min.js
查看文件 @f035876
+++ b/public/assets/js/require-backend.min.js
查看文件 @f035876
@@ -9701,7 +9701,7 @@ define('table',['jquery', 'bootstrap', 'moment', 'moment/locale/zh-cn', 'bootstr
                     return html;
                 },
                 url: function (value, row, index) {
-                     return '<div class="input-group input-group-sm" style="width:250px;"><input type="text" class="form-control input-sm" value="' + value + '"><span class="input-group-btn input-group-sm"><a href="' + value + '" target="_blank" class="btn btn-default btn-sm"><i class="fa fa-link"></i></a></span></div>';
+                     return '<div class="input-group input-group-sm" style="width:250px;margin:0 auto;"><input type="text" class="form-control input-sm" value="' + value + '"><span class="input-group-btn input-group-sm"><a href="' + value + '" target="_blank" class="btn btn-default btn-sm"><i class="fa fa-link"></i></a></span></div>';
                 },
                 search: function (value, row, index) {
                     return '<a href="javascript:;" class="searchit" data-field="' + this.field + '" data-value="' + value + '">' + value + '</a>';
--- a/public/assets/js/require-table.js
查看文件 @f035876
+++ b/public/assets/js/require-table.js
查看文件 @f035876
@@ -397,7 +397,7 @@ define(['jquery', 'bootstrap', 'moment', 'moment/locale/zh-cn', 'bootstrap-table
                     return html;
                 },
                 url: function (value, row, index) {
-                     return '<div class="input-group input-group-sm" style="width:250px;"><input type="text" class="form-control input-sm" value="' + value + '"><span class="input-group-btn input-group-sm"><a href="' + value + '" target="_blank" class="btn btn-default btn-sm"><i class="fa fa-link"></i></a></span></div>';
+                     return '<div class="input-group input-group-sm" style="width:250px;margin:0 auto;"><input type="text" class="form-control input-sm" value="' + value + '"><span class="input-group-btn input-group-sm"><a href="' + value + '" target="_blank" class="btn btn-default btn-sm"><i class="fa fa-link"></i></a></span></div>';
                 },
                 search: function (value, row, index) {
                     return '<a href="javascript:;" class="searchit" data-field="' + this.field + '" data-value="' + value + '">' + value + '</a>';