From fb6c6bffe2d8eb756aa9088f8f71fd4ec86b4944 Mon Sep 17 00:00:00 2001
From: Karson <karsonzhang@163.com>
Date: Tue, 29 Aug 2017 19:10:38 +0800
Subject: [PATCH] 修复菜单无法通过命令行删除的BUG 修复语言标识可能导致的XSS的BUG 修复路由未对admin模块失效的BUG

---
 application/admin/command/Menu.php         | 3 +--
 application/common/controller/Backend.php  | 2 +-
 application/common/controller/Frontend.php | 2 +-
 application/route.php                      | 2 +-
 4 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/application/admin/command/Menu.php b/application/admin/command/Menu.php
index 0416467..4fc80c1 100644
--- a/application/admin/command/Menu.php
+++ b/application/admin/command/Menu.php
@@ -31,7 +31,6 @@ class Menu extends Command
     {
         $this->model = new AuthRule();
         $adminPath = dirname(__DIR__) . DS;
-        $moduleName = 'admin';
         //控制器名
         $controller = $input->getOption('controller') ?: '';
         if (!$controller)
@@ -47,7 +46,7 @@ class Menu extends Command
                 throw new Exception("could not delete all menu");
             }
             $ids = [];
-            $list = $this->model->where('name', 'like', "/{$moduleName}/" . strtolower($controller) . "%")->select();
+            $list = $this->model->where('name', 'like', strtolower($controller) . "%")->select();
             foreach ($list as $k => $v)
             {
                 $output->warning($v->name);
diff --git a/application/common/controller/Backend.php b/application/common/controller/Backend.php
index 52277ff..7c5b56d 100644
--- a/application/common/controller/Backend.php
+++ b/application/common/controller/Backend.php
@@ -135,7 +135,7 @@ class Backend extends Controller
         }
 
         // 语言检测
-        $lang = Lang::detect();
+        $lang = strip_tags(Lang::detect());
 
         $site = Config::get("site");
 
diff --git a/application/common/controller/Frontend.php b/application/common/controller/Frontend.php
index 01ef1c6..13d44e9 100644
--- a/application/common/controller/Frontend.php
+++ b/application/common/controller/Frontend.php
@@ -30,7 +30,7 @@ class Frontend extends Controller
         }
 
         // 语言检测
-        $lang = Lang::detect();
+        $lang = strip_tags(Lang::detect());
 
         $site = Config::get("site");
 
diff --git a/application/route.php b/application/route.php
index a3a190d..8011fca 100755
--- a/application/route.php
+++ b/application/route.php
@@ -11,7 +11,7 @@
 // +----------------------------------------------------------------------
 
 //如果有定义绑定后台模块则禁用路由规则 
-if (defined('BIND_MODULE') && BIND_MODULE == 'admin')
+if (\think\Route::getBind('module') == 'admin')
     return [];
 
 return [
--
libgit2 0.24.0