Akkariin/PHPMC7
1
0
Fork 0
mirror of https://github.com/ZeroDream-CN/PHPMC7 synced 2026-05-17 19:12:37 +08:00
Code Issues Releases Wiki Activity

v7.3.2105 安全更新发布

Browse Source 
增加登录页面 Csrf 验证
修复 Daemon 管理页面显示问题
修复一些操作时的判断问题
修复 AJAX 请求参数构造错误问题
修复控制台字体全绿问题
This commit is contained in:
Akkariin Meiko
2018-09-15 13:25:18 +08:00
Unverified
parent b0bb258d07
commit 01b9046021
10 changed files with 236 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/loader.php
+7
View File
@@ -37,6 +37,7 @@ class Loader {
$str = str_replace("{USERNAME}", $Profile->username, $str);
$str = str_replace("{USERMAIL}", $Profile->email, $str);
$str = str_replace("{AVATAR_HASH}", md5($Profile->email), $str);
$str = str_replace("{CSRF_TOKEN}", $_SESSION['token'], $str);
preg_match_all("/\{User\:(.*)\}/U", $str, $arr);
for($i = 0;$i < count($arr[0]);$i++) {
$User = new User();
@@ -75,6 +76,9 @@ class Loader {
*
**/
public function router() {
if(PHPMC::Csrf()->isemptyCsrfToken()) {
PHPMC::Csrf()->createCsrfToken();
}
$Option = new Option();
if(preg_match("/^[A-Za-z0-9\-\_]+$/", $_GET["page"])) {
PHPMC::Permission()->checkSession("page:" . $_GET['page']);
@@ -83,6 +87,9 @@ class Loader {
} elseif($_GET['action']) {
switch($_GET['action']) {
case 'login':
if(!PHPMC::Csrf()->verifyCsrfToken($_POST)) {
PHPMC::Error()->Println("Csrf 验证失败,请刷新页面重试。");
}
PHPMC::Event()->LoginEvent($_POST);
break;
case 'logout':