4.52 release

2023-12-15 03:02:35 +08:00 · 2023-12-15 03:02:35 +08:00 · 5cf233f755
parent dfb3597ca4
commit 5cf233f755
14 changed files with 36 additions and 47 deletions
--- a/ChangeLog.md
+++ b/ChangeLog.md
@ -1,3 +1,6 @@
 ### ver4.52 `2023/12/15`
 - 安全问题修复
 ### ver4.51 `2023/4/6`
 - 兼容性调整
--- a/app/controller/api.class.php
+++ b/app/controller/api.class.php
@ -35,8 +35,8 @@ class api extends Controller{
 	public function checkAccessToken(){
 		$model  = $this->loadModel('Plugin');
 		$config = $model->getConfig('fileView');
-		if(!$config['apiKey']){
+		if(!$config || !$config['apiKey']){
-			return;
+			show_tips('fileView not open ,or apiKey is empty!');
 		}
 		$timeTo = isset($this->in['timeTo'])?intval($this->in['timeTo']):'';
 		$token = md5($config['apiKey'].$this->in['path'].$timeTo);
--- a/app/controller/utils.php
+++ b/app/controller/utils.php
--- a/app/function/file.function.php
+++ b/app/function/file.function.php
@ -51,6 +51,7 @@ function iconv_system($str){
 	return $result;
 }
 function iconv_to($str,$from,$to){
 	if(!$from || !$to) return $str;
 	if (strtolower($from) == strtolower($to)){
 		return $str;
 	}
@ -249,14 +250,9 @@ function get_path_father($path){
 function get_path_ext($path){
 	$name = get_path_this($path);
 	$ext = '';
-	if(strstr($name,'.')){
+	if(strstr($name,'.')){$ext = substr($name,strrpos($name,'.')+1);}
-		$ext = substr($name,strrpos($name,'.')+1);
+	$isMatch = preg_match("/[0-9a-zA-Z_]+/",$ext,$match);// 只允许数字字母和下划线
-		$ext = strtolower($ext);
+	return ($isMatch && $match[0]) ? strtolower($match[0]):'';
 	}
 	if (strlen($ext)>3 && preg_match("/([\x81-\xfe][\x40-\xfe])/", $ext, $match)) {
 		$ext = '';
 	}
 	return htmlspecialchars($ext);
 }
@ -1011,7 +1007,7 @@ function file_put_out($file,$download=-1,$downFilename=false){
 		header('Content-Disposition: attachment;filename='.$headerName);
 	}else{
 		header('Content-Type: '.$mime);
-		header('Content-Disposition: inline;filename='.$headerName);
+		//header('Content-Disposition: inline;filename='.$headerName);
 		if(strstr($mime,'text/')){
 			//$charset = get_charset(file_get_contents($file));
 			header('Content-Type: '.$mime.'; charset=');//避免自动追加utf8导致gbk网页乱码
--- a/app/function/helper.function.php
+++ b/app/function/helper.function.php
@ -456,21 +456,12 @@ function hash_path($path,$addExt=false){
 		$password = $GLOBALS['config']['settingSystem']['systemPassword'];
 	}
-	$pre = substr(md5($path.$password),0,8);
+	$pre = substr(md5('kod-system'.$password),0,8);
-	$result = $pre.md5($path);
+	$result = md5($path);
-	if(file_exists($path)){
+	if(file_exists($path)){$result = file_hash_simple($path);}
-		$result = $pre.md5($path.filemtime($path));
+	if($addExt){$result = $result.'.'.get_path_ext($path);}
-		if(filesize($path) < 50*1024*1024){
+	
-			$fileMd5 = @md5_file($path);
+	return $pre.$result;
 			if($fileMd5){
 				$result = $fileMd5;
 			}
 		}
 	}
 	if($addExt){
 		$result = $result.'.'.get_path_ext($path);
 	}
 	return $result;
 }
--- a/app/kod/ImageThumb.class.php
+++ b/app/kod/ImageThumb.class.php
@ -90,9 +90,7 @@ class ImageThumb {
 	} 
 	// 生成按比例缩放的缩图
 	function prorate($toFile, $toW, $toH){
-		if(!$this->im){
+		if(!$this->im){return false;}
 			return false;
 		}
 		$toWH = $toW / $toH;
 		$srcWH = $this->srcW / $this->srcH;
 		if ($toWH<=$srcWH) {
@ -112,6 +110,7 @@ class ImageThumb {
 	} 
 	// 生成最小裁剪后的缩图
 	function cut($toFile, $toW, $toH){
 		if(!$this->im){return false;}
 		$toWH = $toW / $toH;
 		$srcWH = $this->srcW / $this->srcH;
 		if ($toWH<=$srcWH) {
--- a/app/sdks/lessc.class.php
+++ b/app/sdks/lessc.class.php
@ -714,7 +714,7 @@ class lessc {
 					if ($suffix !== null &&
 						$subProp[0] == "assign" &&
 						is_string($subProp[1]) &&
-						$subProp[1]{0} != $this->vPrefix)
+						$subProp[1][0] != $this->vPrefix)
 					{
 						$subProp[2] = array(
 							'list', ' ',
@ -1765,7 +1765,7 @@ class lessc {
 		$this->pushEnv();
 		$parser = new lessc_parser($this, __METHOD__);
 		foreach ($args as $name => $strValue) {
-			if ($name{0} != '@') $name = '@'.$name;
+			if ($name[0] != '@') $name = '@'.$name;
 			$parser->count = 0;
 			$parser->buffer = (string)$strValue;
 			if (!$parser->propertyValue($value)) {
@ -2421,7 +2421,7 @@ class lessc_parser {
 				$hidden = true;
 				if (!isset($block->args)) {
 					foreach ($block->tags as $tag) {
-						if (!is_string($tag) || $tag{0} != $this->lessc->mPrefix) {
+						if (!is_string($tag) || $tag[0] != $this->lessc->mPrefix) {
 							$hidden = false;
 							break;
 						}
@ -2475,7 +2475,7 @@ class lessc_parser {
 	protected function fixTags($tags) {
 		// move @ tags out of variable namespace
 		foreach ($tags as &$tag) {
-			if ($tag{0} == $this->lessc->vPrefix)
+			if ($tag[0] == $this->lessc->vPrefix)
 				$tag[0] = $this->lessc->mPrefix;
 		}
 		return $tags;
--- a/config/version.php
+++ b/config/version.php
@ -1,3 +1,3 @@
 <?php
-define('KOD_VERSION','4.51');
+define('KOD_VERSION','4.52');
-define('KOD_VERSION_BUILD','02');//time(),20230330
+define('KOD_VERSION_BUILD','01');//time(),20231212
--- a/plugins/toolsCommon/static/pie/.pie.tif
+++ b/plugins/toolsCommon/static/pie/.pie.tif
--- a/static/style/skin/base/app_code_edit.css
+++ b/static/style/skin/base/app_code_edit.css
--- a/static/style/skin/base/app_desktop.css
+++ b/static/style/skin/base/app_desktop.css
--- a/static/style/skin/base/app_editor.css
+++ b/static/style/skin/base/app_editor.css
@ -1,5 +1,5 @@
-/* power by kodexplorer ver 4.51(2023-04-11) [build 1681216133.9532] */
+/* power by kodexplorer ver 4.52(2023-12-14) [build 1702580423.6144] */
@import url('./fileIcon.css');
@import url('./common.css');
 .frame-main{position:absolute;top:40px;width:100%;bottom:0px;}.frame-main .tools-left{background:#f8f8f8 url("../../../images/common/bg.gif") 0 0px;position:fixed;line-height:30px;padding-left:20px;height:28px;border-bottom:1px solid #ddd;left:0;width:100%;}.frame-main .tools-left a{font-size:1.25em;font-weight:800;text-decoration:none;color:#999;text-shadow:0 0 3px;display:inline-block;padding:2px 6px;margin-top:0;height:20px;line-height:20px;}.frame-main .tools-left a:hover{background:url("../../../images/common/buttons_40.png") 0 0px repeat-x;-webkit-box-shadow:0 2px 8px rgba(0,0,0,0.8);-moz-box-shadow:0 2px 8px rgba(0,0,0,0.8);box-shadow:0 2px 8px rgba(0,0,0,0.8);-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;}.frame-main .frame-left{position:absolute;left:0;top:30px;bottom:0;width:200px;background:#fff;background-attachment:fixed;overflow:auto;}.frame-main .frame-left .ztree{margin-top:0;}.frame-main .frame-left .ztree li.level0{margin-bottom:5px;}.frame-main .frame-resize{width:10px;cursor:col-resize;z-index:100;position:absolute;left:195px;top:0;bottom:0;overflow:hidden;background:url("../../../images/common/resize.png") 0px 50% no-repeat;}.frame-main .frame-resize.active{background:#000;opacity:0.2;filter:alpha(opacity=20);}.frame-main .frame-right{left:200px;right:0;position:absolute;top:0;bottom:0;overflow:auto;}.frame-main .frame-right .frame-right-main .resize-mask{z-index:999;position:absolute;left:0;top:0;bottom:0;right:0;display:none;}.frame-main .frame-right .frame-right-main .frame{height:100%;border-left:1px solid #ddd;overflow:hidden;}
-/* ver 4.51(2023-04-11) [build 1681216133.9532] */
+/* ver 4.52(2023-12-14) [build 1702580423.6144] */
--- a/static/style/skin/base/app_explorer.css
+++ b/static/style/skin/base/app_explorer.css
--- a/static/style/skin/base/app_setting.css
+++ b/static/style/skin/base/app_setting.css