From 92a95455645173f9d7eaa2875411dab551f85d54 Mon Sep 17 00:00:00 2001
From: Karson <karsonzhang@163.com>
Date: Fri, 5 Jul 2019 22:38:51 +0800
Subject: [PATCH] 修复插件卸载和禁用可能导致的BUG

---
 application/admin/controller/Addon.php | 18 ++++++++++++++++++
 application/admin/lang/zh-cn/addon.php |  1 +
 2 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/application/admin/controller/Addon.php b/application/admin/controller/Addon.php
index 110302d..374f9b7 100644
--- a/application/admin/controller/Addon.php
+++ b/application/admin/controller/Addon.php
@@ -49,6 +49,9 @@ class Addon extends Backend
         if (!$name) {
             $this->error(__('Parameter %s can not be empty', $ids ? 'id' : 'name'));
         }
+        if (!preg_match("/^[a-zA-Z0-9]+$/", $name)) {
+            $this->error(__('Addon name incorrect'));
+        }
         if (!is_dir(ADDON_PATH . $name)) {
             $this->error(__('Directory not found'));
         }
@@ -105,6 +108,9 @@ class Addon extends Backend
         if (!$name) {
             $this->error(__('Parameter %s can not be empty', 'name'));
         }
+        if (!preg_match("/^[a-zA-Z0-9]+$/", $name)) {
+            $this->error(__('Addon name incorrect'));
+        }
         try {
             $uid = $this->request->post("uid");
             $token = $this->request->post("token");
@@ -138,6 +144,9 @@ class Addon extends Backend
         if (!$name) {
             $this->error(__('Parameter %s can not be empty', 'name'));
         }
+        if (!preg_match("/^[a-zA-Z0-9]+$/", $name)) {
+            $this->error(__('Addon name incorrect'));
+        }
         try {
             Service::uninstall($name, $force);
             $this->success(__('Uninstall successful'));
@@ -159,6 +168,9 @@ class Addon extends Backend
         if (!$name) {
             $this->error(__('Parameter %s can not be empty', 'name'));
         }
+        if (!preg_match("/^[a-zA-Z0-9]+$/", $name)) {
+            $this->error(__('Addon name incorrect'));
+        }
         try {
             $action = $action == 'enable' ? $action : 'disable';
             //调用启用、禁用的方法
@@ -203,6 +215,9 @@ class Addon extends Backend
                 if (!$name) {
                     throw new Exception(__('Addon info file data incorrect'));
                 }
+                if (!preg_match("/^[a-zA-Z0-9]+$/", $name)) {
+                    throw new Exception(__('Addon name incorrect'));
+                }
 
                 $newAddonDir = ADDON_PATH . $name . DS;
                 if (is_dir($newAddonDir)) {
@@ -256,6 +271,9 @@ class Addon extends Backend
         if (!$name) {
             $this->error(__('Parameter %s can not be empty', 'name'));
         }
+        if (!preg_match("/^[a-zA-Z0-9]+$/", $name)) {
+            $this->error(__('Addon name incorrect'));
+        }
         try {
             $uid = $this->request->post("uid");
             $token = $this->request->post("token");
diff --git a/application/admin/lang/zh-cn/addon.php b/application/admin/lang/zh-cn/addon.php
index c5088a4..910e1fe 100755
--- a/application/admin/lang/zh-cn/addon.php
+++ b/application/admin/lang/zh-cn/addon.php
@@ -84,6 +84,7 @@ return [
     'Install successful'             => '安装成功',
     'Uninstall successful'           => '卸载成功',
     'Operate successful'             => '操作成功',
+    'Addon name incorrect'           => '插件名称不正确',
     'Addon info file was not found'  => '插件配置文件未找到',
     'Addon info file data incorrect' => '插件配置信息不正确',
     'Addon already exists'           => '上传的插件已经存在',
--
libgit2 0.24.0