正在显示
2 个修改的文件
包含
19 行增加
和
0 行删除
| @@ -49,6 +49,9 @@ class Addon extends Backend | @@ -49,6 +49,9 @@ class Addon extends Backend | ||
| 49 | if (!$name) { | 49 | if (!$name) { |
| 50 | $this->error(__('Parameter %s can not be empty', $ids ? 'id' : 'name')); | 50 | $this->error(__('Parameter %s can not be empty', $ids ? 'id' : 'name')); |
| 51 | } | 51 | } |
| 52 | + if (!preg_match("/^[a-zA-Z0-9]+$/", $name)) { | ||
| 53 | + $this->error(__('Addon name incorrect')); | ||
| 54 | + } | ||
| 52 | if (!is_dir(ADDON_PATH . $name)) { | 55 | if (!is_dir(ADDON_PATH . $name)) { |
| 53 | $this->error(__('Directory not found')); | 56 | $this->error(__('Directory not found')); |
| 54 | } | 57 | } |
| @@ -105,6 +108,9 @@ class Addon extends Backend | @@ -105,6 +108,9 @@ class Addon extends Backend | ||
| 105 | if (!$name) { | 108 | if (!$name) { |
| 106 | $this->error(__('Parameter %s can not be empty', 'name')); | 109 | $this->error(__('Parameter %s can not be empty', 'name')); |
| 107 | } | 110 | } |
| 111 | + if (!preg_match("/^[a-zA-Z0-9]+$/", $name)) { | ||
| 112 | + $this->error(__('Addon name incorrect')); | ||
| 113 | + } | ||
| 108 | try { | 114 | try { |
| 109 | $uid = $this->request->post("uid"); | 115 | $uid = $this->request->post("uid"); |
| 110 | $token = $this->request->post("token"); | 116 | $token = $this->request->post("token"); |
| @@ -138,6 +144,9 @@ class Addon extends Backend | @@ -138,6 +144,9 @@ class Addon extends Backend | ||
| 138 | if (!$name) { | 144 | if (!$name) { |
| 139 | $this->error(__('Parameter %s can not be empty', 'name')); | 145 | $this->error(__('Parameter %s can not be empty', 'name')); |
| 140 | } | 146 | } |
| 147 | + if (!preg_match("/^[a-zA-Z0-9]+$/", $name)) { | ||
| 148 | + $this->error(__('Addon name incorrect')); | ||
| 149 | + } | ||
| 141 | try { | 150 | try { |
| 142 | Service::uninstall($name, $force); | 151 | Service::uninstall($name, $force); |
| 143 | $this->success(__('Uninstall successful')); | 152 | $this->success(__('Uninstall successful')); |
| @@ -159,6 +168,9 @@ class Addon extends Backend | @@ -159,6 +168,9 @@ class Addon extends Backend | ||
| 159 | if (!$name) { | 168 | if (!$name) { |
| 160 | $this->error(__('Parameter %s can not be empty', 'name')); | 169 | $this->error(__('Parameter %s can not be empty', 'name')); |
| 161 | } | 170 | } |
| 171 | + if (!preg_match("/^[a-zA-Z0-9]+$/", $name)) { | ||
| 172 | + $this->error(__('Addon name incorrect')); | ||
| 173 | + } | ||
| 162 | try { | 174 | try { |
| 163 | $action = $action == 'enable' ? $action : 'disable'; | 175 | $action = $action == 'enable' ? $action : 'disable'; |
| 164 | //调用启用、禁用的方法 | 176 | //调用启用、禁用的方法 |
| @@ -203,6 +215,9 @@ class Addon extends Backend | @@ -203,6 +215,9 @@ class Addon extends Backend | ||
| 203 | if (!$name) { | 215 | if (!$name) { |
| 204 | throw new Exception(__('Addon info file data incorrect')); | 216 | throw new Exception(__('Addon info file data incorrect')); |
| 205 | } | 217 | } |
| 218 | + if (!preg_match("/^[a-zA-Z0-9]+$/", $name)) { | ||
| 219 | + throw new Exception(__('Addon name incorrect')); | ||
| 220 | + } | ||
| 206 | 221 | ||
| 207 | $newAddonDir = ADDON_PATH . $name . DS; | 222 | $newAddonDir = ADDON_PATH . $name . DS; |
| 208 | if (is_dir($newAddonDir)) { | 223 | if (is_dir($newAddonDir)) { |
| @@ -256,6 +271,9 @@ class Addon extends Backend | @@ -256,6 +271,9 @@ class Addon extends Backend | ||
| 256 | if (!$name) { | 271 | if (!$name) { |
| 257 | $this->error(__('Parameter %s can not be empty', 'name')); | 272 | $this->error(__('Parameter %s can not be empty', 'name')); |
| 258 | } | 273 | } |
| 274 | + if (!preg_match("/^[a-zA-Z0-9]+$/", $name)) { | ||
| 275 | + $this->error(__('Addon name incorrect')); | ||
| 276 | + } | ||
| 259 | try { | 277 | try { |
| 260 | $uid = $this->request->post("uid"); | 278 | $uid = $this->request->post("uid"); |
| 261 | $token = $this->request->post("token"); | 279 | $token = $this->request->post("token"); |
| @@ -84,6 +84,7 @@ return [ | @@ -84,6 +84,7 @@ return [ | ||
| 84 | 'Install successful' => '安装成功', | 84 | 'Install successful' => '安装成功', |
| 85 | 'Uninstall successful' => '卸载成功', | 85 | 'Uninstall successful' => '卸载成功', |
| 86 | 'Operate successful' => '操作成功', | 86 | 'Operate successful' => '操作成功', |
| 87 | + 'Addon name incorrect' => '插件名称不正确', | ||
| 87 | 'Addon info file was not found' => '插件配置文件未找到', | 88 | 'Addon info file was not found' => '插件配置文件未找到', |
| 88 | 'Addon info file data incorrect' => '插件配置信息不正确', | 89 | 'Addon info file data incorrect' => '插件配置信息不正确', |
| 89 | 'Addon already exists' => '上传的插件已经存在', | 90 | 'Addon already exists' => '上传的插件已经存在', |
-
请 注册 或 登录 后发表评论