修复history

2023-03-04 15:47:13 +08:00 · 2023-03-04 15:47:13 +08:00 · 271d1a4785
parent 2dc038f0f8
commit 271d1a4785
6 changed files with 33 additions and 12 deletions
--- a/admin/admin.inc.php
+++ b/admin/admin.inc.php
@ -624,7 +624,7 @@ auto_delete(); //定时删除
                    </div>
                    <div class="form-group">
                        <label for="report" data-toggle="tooltip" title="举报地址支持Zoho表单、金数据、表单大师等<br/>(推荐ZOHO)留空则不显示">举报地址 <a href="https://store.zoho.com.cn/referral.do?servicename=ZohoForms&category=ZohoForms&ref=52f8a4e98a7a7d4c2475713784605af0dc842f6cc9732dd77f37b87f2959149e212e550f50a869f70360f15b80a4abc6" target="_blank"><i class="icon icon-external-link"></i></a></label>
-                        <input type="text" class="form-control" id="report" name="report" value="<?php echo $config['report']; ?>" placeholder="可以是网址或邮箱" onkeyup="this.value=this.value.replace(/\s/g,'')">
+                        <input type="text" class="form-control" id="report" name="report" value="<?php echo $config['report']; ?>" placeholder="可以是网址或邮箱地址" onkeyup="this.value=this.value.replace(/\s/g,'')">
                    </div>
                    <div class="form-group">
                        <div class="switch switch-inline">
--- a/application/down.php
+++ b/application/down.php
@ -7,10 +7,13 @@
 //获取要下载的文件名
 require_once __DIR__ . '/function.php';

+// 空GET
+if (empty($_GET)) {
+    exit('No file path');
+}
+
 // 获取下载路径
-if (empty($_GET['dw'])) {
-    exit('No File Path');
-} else {
+if (isset($_GET['dw'])) {
    $dw = '../' . $_GET['dw'];
    // 检查文件是否存在
    if (!is_file($dw)) {
@ -18,6 +21,18 @@ if (empty($_GET['dw'])) {
    }
 }

+// 历史上传记录的路径
+if (isset(($_GET['history']))) {
+    $dw = '../' . $_GET['history'];
+    if ($config['hide_path']) {
+        $dw = '../' . $config['path'] . $_GET['history'];
+    }
+}
+// 检查文件是否存在
+if (!is_file($dw)) {
+    exit('No File');
+}
+
 // 过滤下载非指定上传文件格式
 $dw_extension = pathinfo($dw, PATHINFO_EXTENSION);
 $filter_extensions = explode(',', $config['extensions']);
--- a/application/history.php
+++ b/application/history.php
@ -25,7 +25,7 @@ include_once __DIR__ . "/header.php";
            console.log('url list: ' + value['url']) // 获取所有链接
            if (value['url'] !== undefined) {
                let v_url = parseURL(value['url']); // 获取链接路径 console.log(parseURL(value['url']).path);
-                $('.listNum').append('<div class="col-md-4 col-sm-6 col-lg-3"><div class="card"><li><img src="../public/images/loading.svg" data-image="' + value['thumb'] + '" data-original="" alt="简单图床-EasyImage"></li><div class="bottom-bar"><a href="' + value['url'] + '" target="_blank"><i class="icon icon-picture" data-toggle="tooltip" title="打开" style="margin-left:10px;"></i></a><a href="#" class="copy" data-clipboard-text="' + value['url'] + '" data-toggle="tooltip" title="复制链接" style="margin-left:10px;"><i class="icon icon-copy"></i></a><a href="info.php?img=' + v_url.path + '" data-toggle="tooltip" title="详细信息" target="_blank" style="margin-left:10px;"><i class="icon icon-info-sign"></i></a><a href="down.php?dw=' + v_url.path + '" data-toggle="tooltip" title="下载文件" target="_blank" style="margin-left:10px;"><i class="icon icon-cloud-download"></i></a><a href="#" data-toggle="tooltip" title="删除记录" class="Remove"id="' + value['srcName'] + '" style="margin-left:10px;"><i class="icon icon-remove-sign"></i></a></a><a href="' + value['del'] + '" target="_blank"><i class="icon icon-trash" data-toggle="tooltip" title="删除文件" style="margin-left:10px;"></i></a><a href="#" data-toggle="tooltip" title="源文件名" class="copy text-ellipsis" data-clipboard-text="' + value['srcName'] + '" style="margin-left:10px;">' + value['srcName'] + '</a></div></div></div>')
+                $('.listNum').append('<div class="col-md-4 col-sm-6 col-lg-3"><div class="card"><li><img src="../public/images/loading.svg" data-image="' + value['thumb'] + '" data-original="" alt="简单图床-EasyImage"></li><div class="bottom-bar"><a href="' + value['url'] + '" target="_blank"><i class="icon icon-picture" data-toggle="tooltip" title="打开" style="margin-left:10px;"></i></a><a href="#" class="copy" data-clipboard-text="' + value['url'] + '" data-toggle="tooltip" title="复制链接" style="margin-left:10px;"><i class="icon icon-copy"></i></a><a href="info.php?history=' + v_url.path + '" data-toggle="tooltip" title="详细信息" target="_blank" style="margin-left:10px;"><i class="icon icon-info-sign"></i></a><a href="down.php?history=' + v_url.path + '" data-toggle="tooltip" title="下载文件" target="_blank" style="margin-left:10px;"><i class="icon icon-cloud-download"></i></a><a href="#" data-toggle="tooltip" title="删除记录" class="Remove"id="' + value['srcName'] + '" style="margin-left:10px;"><i class="icon icon-remove-sign"></i></a></a><a href="' + value['del'] + '" target="_blank"><i class="icon icon-trash" data-toggle="tooltip" title="删除文件" style="margin-left:10px;"></i></a><a href="#" data-toggle="tooltip" title="源文件名" class="copy text-ellipsis" data-clipboard-text="' + value['srcName'] + '" style="margin-left:10px;">' + value['srcName'] + '</a></div></div></div>')
            }
        })
        $('.history_clear').append('<h3 class="header-dividing" style="text-align: center;" data-toggle="tooltip" title="非上传记录|清空缓存|浏览器版本低不显示<br/>点击清空历史上传记录"><button class="btn btn-mini btn-primary" type="button"><i class="icon icon-eye-open"></i> 历史上传记录</button></h3>');
--- a/application/info.php
+++ b/application/info.php
@ -10,7 +10,12 @@ if (isset($_GET['img'])) {
    $del_url = $config['domain'] . $getIMG;
 } elseif (isset($_GET['history'])) {
    // 过滤特殊符号
-    $getIMG = $config['path'] . ltrim(strip_tags($_GET['history']), '/');
+
+    if ($config['hide_path']) {
+        $getIMG = $config['path'] . ltrim(strip_tags($_GET['history']), '/');
+    } else {
+        $getIMG = strip_tags($_GET['history']);
+    }
    $del_url = $config['domain'] . $getIMG;
 } else {
    // 未获取到图片地址
@ -27,7 +32,7 @@ if ($config['hide_path']) {
    $logs = str_replace('/', '-', substr(parse_url($img_url, PHP_URL_PATH), 1, 7));
 } else {
    // 关闭隐藏上传目录
-    $img_url =   rand_imgurl() . $getIMG;
+    $img_url = rand_imgurl() . $getIMG;

    // 获取当前图片日志文件
    $logs = str_replace('/', '-', substr(str_replace($config['path'], '', parse_url($img_url, PHP_URL_PATH)), 0, 7));
@ -125,7 +130,7 @@ if ($config['ad_top']) echo $config['ad_top_info'];
                        <a class="btn btn-mini btn-primary" href="<?php echo  $img_url; ?>" target="_blank"><i class="icon icon-picture"> 查看</i></a>
                        <a class="btn btn-mini btn-primary" href="" onclick="window.location.replace;"><i class="icon icon-spin icon-refresh"></i> 刷新</a>
                        <a class="btn btn-mini btn-primary" href="/application/down.php?dw=<?php echo  $getIMG; ?>" target="_blank"><i class="icon icon-cloud-download"> 下载</i></a>
-                        <?php if (isset($config['report']) && !is_who_login('admin')) : ?>
+                        <?php if (!empty($config['report']) && !is_who_login('admin')) : ?>
                            <a class="btn btn-mini btn-warning" href="<?php echo $config['report'] . '?Website1=' . $img_url; ?>" target="_blank"><i class="icon icon-question-sign"> 举报</i></a>
                        <?php endif; ?>
                        <?php if (is_who_login('admin')) : ?>
--- a/config/config.php
+++ b/config/config.php
--- a/docs/update.md
+++ b/docs/update.md
@ -1,8 +1,9 @@
 * 2023-03-04 v2.7.6 dev
- 增加删除文件时限定目录
+- 增加限定删除文件目录
 - 增加对SVG文件格式过滤
+- 修复开启验证码后绕过验证
 - 修复弱类型验证导致的异常登录
- 修复开启验证码后登录绕过 
+- 修复上传历史中文件详细信息链接错误
 - 更换加密删除链接算法 - 链接更短
 - 更换存储密码算法为SHA256
 - 默认不支持SVG文件上传