map = new HashMap<>();
map.put("blogTitle",HaloConst.OPTIONS.get("blog_title"));
map.put("commentAuthor",lastComment.getCommentAuthor());
diff --git a/src/main/java/cc/ryanc/halo/web/controller/admin/PostController.java b/src/main/java/cc/ryanc/halo/web/controller/admin/PostController.java
index 4c1ccec9e..fab921eff 100755
--- a/src/main/java/cc/ryanc/halo/web/controller/admin/PostController.java
+++ b/src/main/java/cc/ryanc/halo/web/controller/admin/PostController.java
@@ -11,7 +11,6 @@ import cc.ryanc.halo.service.TagService;
import cc.ryanc.halo.utils.HaloUtils;
import cc.ryanc.halo.web.controller.core.BaseController;
import cn.hutool.http.HtmlUtil;
-import lombok.Value;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
diff --git a/src/main/java/cc/ryanc/halo/web/controller/admin/ThemeController.java b/src/main/java/cc/ryanc/halo/web/controller/admin/ThemeController.java
index c36a8ab69..a9a33c71c 100755
--- a/src/main/java/cc/ryanc/halo/web/controller/admin/ThemeController.java
+++ b/src/main/java/cc/ryanc/halo/web/controller/admin/ThemeController.java
@@ -7,8 +7,9 @@ import cc.ryanc.halo.model.dto.LogsRecord;
import cc.ryanc.halo.service.LogsService;
import cc.ryanc.halo.service.OptionsService;
import cc.ryanc.halo.utils.HaloUtils;
-import cc.ryanc.halo.utils.ZipUtils;
import cc.ryanc.halo.web.controller.core.BaseController;
+import cn.hutool.core.io.FileUtil;
+import cn.hutool.core.util.ZipUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
@@ -106,8 +107,8 @@ public class ThemeController extends BaseController {
logsService.saveByLogs(
new Logs(LogsRecord.UPLOAD_THEME, file.getOriginalFilename(), HaloUtils.getIpAddr(request), new Date())
);
- ZipUtils.unZip(themePath.getAbsolutePath(), new File(basePath.getAbsolutePath(), "templates/themes/").getAbsolutePath());
- HaloUtils.removeFile(themePath.getAbsolutePath());
+ ZipUtil.unzip(themePath,new File(basePath.getAbsolutePath(), "templates/themes/"));
+ FileUtil.del(themePath);
HaloConst.THEMES.clear();
HaloConst.THEMES = HaloUtils.getThemes();
} else {
@@ -132,7 +133,7 @@ public class ThemeController extends BaseController {
try {
File basePath = new File(ResourceUtils.getURL("classpath:").getPath());
File themePath = new File(basePath.getAbsolutePath(), "templates/themes/" + themeName);
- HaloUtils.removeDir(themePath);
+ FileUtil.del(themePath);
HaloConst.THEMES.clear();
HaloConst.THEMES = HaloUtils.getThemes();
} catch (Exception e) {
diff --git a/src/main/java/cc/ryanc/halo/web/controller/front/FrontCommentController.java b/src/main/java/cc/ryanc/halo/web/controller/front/FrontCommentController.java
index 872f6cb95..88bd2396f 100644
--- a/src/main/java/cc/ryanc/halo/web/controller/front/FrontCommentController.java
+++ b/src/main/java/cc/ryanc/halo/web/controller/front/FrontCommentController.java
@@ -10,6 +10,7 @@ import cc.ryanc.halo.service.PostService;
import cc.ryanc.halo.service.UserService;
import cc.ryanc.halo.utils.HaloUtils;
import cn.hutool.core.util.URLUtil;
+import cn.hutool.http.HtmlUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
@@ -98,15 +99,19 @@ public class FrontCommentController {
try{
Comment lastComment = null;
post = postService.findByPostId(post.getPostId()).get();
- comment.setCommentAuthorEmail(comment.getCommentAuthorEmail().toLowerCase());
+ comment.setCommentAuthorEmail(HtmlUtil.encode(comment.getCommentAuthorEmail()).toLowerCase());
comment.setPost(post);
comment.setCommentDate(new Date());
comment.setCommentAuthorIp(HaloUtils.getIpAddr(request));
comment.setIsAdmin(0);
+ comment.setCommentAuthor(HtmlUtil.encode(comment.getCommentAuthor()));
if(comment.getCommentParent()>0){
lastComment = commentService.findCommentById(comment.getCommentParent()).get();
String lastContent = " //@"+lastComment.getCommentAuthor()+":"+lastComment.getCommentContent();
- comment.setCommentContent(StringUtils.substringAfter(comment.getCommentContent(),":")+lastContent);
+ comment.setCommentContent(StringUtils.substringAfter(HtmlUtil.encode(comment.getCommentContent()),":")+lastContent);
+ }else{
+ //将评论内容的字符专为安全字符
+ comment.setCommentContent(HtmlUtil.encode(comment.getCommentContent()));
}
if(StringUtils.isNotEmpty(comment.getCommentAuthorUrl())){
comment.setCommentAuthorUrl(URLUtil.formatUrl(comment.getCommentAuthorUrl()));
diff --git a/src/main/resources/templates/admin/admin_comment.ftl b/src/main/resources/templates/admin/admin_comment.ftl
index a9e01abe8..bcfcbf2ea 100755
--- a/src/main/resources/templates/admin/admin_comment.ftl
+++ b/src/main/resources/templates/admin/admin_comment.ftl
@@ -62,7 +62,7 @@
<#switch comment.commentStatus>
<#case 0>
-
+
<#break >
<#case 1>
通过
diff --git a/src/main/resources/templates/admin/admin_halo.ftl b/src/main/resources/templates/admin/admin_halo.ftl
index 98a395100..37faf7758 100644
--- a/src/main/resources/templates/admin/admin_halo.ftl
+++ b/src/main/resources/templates/admin/admin_halo.ftl
@@ -29,7 +29,7 @@
一款使用Java开发的简约,"轻",快的博客系统。
非常感谢你使用Halo进行创作。
- 目前该博客系统为beta测试版,有可能会出现一些莫名奇妙的bug,所以希望各位在使用过程中及时向我反馈:
+ 如果在使用过程中出现bug或者无法解决的问题,希望各位在使用过程中及时向我反馈:
Github issues :https://github.com/ruibaby/halo
Blog : https://ryanc.cc
Email : i@ryanc.cc
diff --git a/src/main/resources/templates/admin/admin_theme-editor.ftl b/src/main/resources/templates/admin/admin_theme-editor.ftl
index c5c31e4af..bd76d45f3 100644
--- a/src/main/resources/templates/admin/admin_theme-editor.ftl
+++ b/src/main/resources/templates/admin/admin_theme-editor.ftl
@@ -52,17 +52,32 @@
首页
<#break >
<#case "post.ftl">
- 文章内容
+ 文章页面
<#break >
<#case "archives.ftl">
- 文章归档
+ 文章归档页面
<#break >
<#case "links.ftl">
- 友情链接
+ 友情链接页面
<#break >
<#case "module/macro.ftl">
宏模板
<#break >
+ <#case "tag.ftl">
+ 单个标签页面
+ <#break >
+ <#case "tags.ftl">
+ 标签列表页面
+ <#break>
+ <#case "category.ftl">
+ 单个分类页面
+ <#break >
+ <#case "page.ftl">
+ 自定义页面
+ <#break>
+ <#case "gallery.ftl">
+ 图库页面
+ <#break>
#switch>
diff --git a/src/main/resources/templates/admin/admin_theme.ftl b/src/main/resources/templates/admin/admin_theme.ftl
index a6c9d4f36..08451f0f5 100755
--- a/src/main/resources/templates/admin/admin_theme.ftl
+++ b/src/main/resources/templates/admin/admin_theme.ftl
@@ -146,6 +146,7 @@
dropZoneTitle: '拖拽主题压缩包到这里 …
不支持多个主题同时上传',
showClose: false
}).on("fileuploaded",function (event,data,previewId,index) {
+ var data = data.jqXHR.responseJSON;
if(data.code==1){
$("#uploadForm").hide(400);
$.toast({
diff --git a/src/test/java/cc/ryanc/halo/utils/DemoUtilTest.java b/src/test/java/cc/ryanc/halo/utils/DemoUtilTest.java
index e531daac3..29a7b46d7 100644
--- a/src/test/java/cc/ryanc/halo/utils/DemoUtilTest.java
+++ b/src/test/java/cc/ryanc/halo/utils/DemoUtilTest.java
@@ -12,6 +12,6 @@ public class DemoUtilTest {
@Test
public void testZip(){
- ZipUtils.unZip("/Users/ryan0up/Desktop/adminlog.html.zip","/Users/ryan0up/Desktop/");
+ //ZipUtils.unZip("/Users/ryan0up/Desktop/adminlog.html.zip","/Users/ryan0up/Desktop/");
}
}
\ No newline at end of file