diff --git a/application/upload.php b/application/upload.php index 21eb72f..16eb73c 100755 --- a/application/upload.php +++ b/application/upload.php @@ -28,7 +28,7 @@ if (empty($_FILES['file'])) { } // sign -if (empty($_POST['sign']) || $_POST['sign'] !== md5($config['password'] . date('YmdH'))) { +if (empty($_REQUEST['sign']) || $_REQUEST['sign'] !== date('YmdH')) { exit(json_encode(array( "result" => "failed", "code" => 403, diff --git a/docs/update.md b/docs/update.md index c2a3dd2..d7174c3 100644 --- a/docs/update.md +++ b/docs/update.md @@ -1,5 +1,5 @@ * 2023-03-06 v2.7.8 -- 增加前端上传签名 +- 增加WEB端上传签名 * 2023-03-05 v2.7.7 - 增加登录日志 diff --git a/index.php b/index.php index 70af5eb..4ca3944 100755 --- a/index.php +++ b/index.php @@ -130,7 +130,8 @@ mustLogin(); flash_swf_url: '/public/static/zui/lib/uploader/Moxie.xap', // sign multipart_params: { - 'sign': '', // new Date().format("YYYYMMddhh") + // 'sign': new Date().format("YYYYMMddhh"), + 'sign': new Date().format("YYYYMMddhh"), }, // 预览图尺寸 previewImageSize: { diff --git a/public/static/EasyImage.js b/public/static/EasyImage.js index 1f5ce8c..979c59c 100755 --- a/public/static/EasyImage.js +++ b/public/static/EasyImage.js @@ -287,7 +287,7 @@ $('#btnLinks, #btnBbscode, #btnMarkDown, #btnHtml, #btnThumb, #btnDel').on('clic placement: 'top' }); }; - xhr.open('POST', './application/upload.php', true); + xhr.open('POST', './application/upload.php?sign=' + new Date().format("YYYYMMddhh"), true); xhr.send(formData); }); })();