- fix

2025-12-16 11:53:58 +08:00 · 2023-03-04 13:52:50 +08:00
parent 3434282bbb
commit 746412fc10
13 changed files with 190 additions and 67 deletions
--- a/application/function.php
+++ b/application/function.php
@@ -162,7 +162,7 @@ function _login($user = null, $password = null)
        // 上传者账号过期
        if ($guestConfig[$user]['expired'] < time()) return json_encode(array('code' => 400, 'level' => 0, 'messege' => $user . '账号已过期'));
        // 未过期设置cookie
-        $browser_cookie === serialize(array($user, $password));
+        $browser_cookie = serialize(array($user, $password));
        setcookie('auth', $browser_cookie, time() + 3600 * 24 * 14, '/');
        return json_encode(array('code' => 200, 'level' => 2, 'messege' => $user . '用户登录成功'));
    }
--- a/application/reset_password.php
+++ b/application/reset_password.php
@@ -1,39 +1,38 @@
-<?php
-include_once __DIR__ . "/header.php";
-
-if (isset($_POST['md5'])) {
-    $value = md5($_POST['md5']);
-} else {
-    $value = null;
-}
-
-?>
-<div class="row">
-    <div class="col-md-12">
-        <p class="text-primary">忘记账号可以打开<code>/config/config.php</code>文件找到<code data-toggle="tooltip" title="'user'=><strong>admin</strong>'">user</code>对应的键值->填入</p>
-        <p class="text-success">忘记密码请将密码转换成MD5小写(<a href="<?php echo $config['domain'] . '/application/md5.php'; ?>" target="_blank" class="text-purple">转换网址</a>)->打开<code>/config/config.php</code>文件->找到<code data-toggle="tooltip" title="'password'=>'<strong>e6e0612609</strong>'">password</code>对应的键值->填入</p>
-        <h4 class="text-danger">更改后会立即生效并重新登录,请务必牢记账号和密码! </h4>
-    </div>
-    <div class="col-md-12">
-        <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" class="form-horizontal">
-            <div class="form-group">
-                <label for="md5" class="col-sm-2">要加密的密码</label>
-                <div class="col-md-6 col-sm-10">
-                    <input type="text" class="form-control" id="md5" name="md5" value="<?php echo $value; ?>" required placeholder="eg: EasyImage2.0" onkeyup="this.value=this.value.trim()">
-                </div>
-            </div>
-            <div class="form-group">
-                <div class="col-sm-offset-2 col-sm-10">
-                    <button type="submit" class="btn btn-primary">获取MD5</button>
-                </div>
-            </div>
-        </form>
-    </div>
-</div>
-<script>
-    // 更改网页标题
-    document.title = "更改密码 密码MD5加密- <?php echo $config['title']; ?>"
-</script>
-<?php
-
-include_once __DIR__ . "/footer.php";
+<?php
+include_once __DIR__ . "/header.php";
+
+$value = '';
+if (isset($_POST['md5'])) {
+    $value = hash('sha256', $_POST['md5']);
+}
+
+?>
+<div class="row">
+    <div class="col-md-12">
+        <p class="text-primary">忘记账号可以打开<code>/config/config.php</code>文件找到<code data-toggle="tooltip" title="'user'=><strong>admin</strong>'">user</code>对应的键值->填入</p>
+        <p class="text-success">忘记密码请将密码转换成SHA256(<a href="<?php echo $config['domain'] . '/application/reset_password.php'; ?>" target="_blank" class="text-purple">转换网址</a>)->打开<code>/config/config.php</code>文件->找到<code data-toggle="tooltip" title="'password'=>'<strong>e6e0612609</strong>'">password</code>对应的键值->填入</p>
+        <h4 class="text-danger">更改后会立即生效并重新登录,请务必牢记账号和密码! </h4>
+    </div>
+    <div class="col-md-12">
+        <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" class="form-horizontal">
+            <div class="form-group">
+                <label for="md5" class="col-sm-2">要加密的密码</label>
+                <div class="col-md-6 col-sm-10">
+                    <input type="text" class="form-control" id="md5" name="md5" value="<?php echo $value; ?>" required placeholder="eg: EasyImage2.0" onkeyup="this.value=this.value.trim()">
+                </div>
+            </div>
+            <div class="form-group">
+                <div class="col-sm-offset-2 col-sm-10">
+                    <button type="submit" class="btn btn-primary">获取新的密码</button>
+                </div>
+            </div>
+        </form>
+    </div>
+</div>
+<script>
+    // 更改网页标题
+    document.title = "获取新的密码 - <?php echo $config['title']; ?>"
+</script>
+<?php
+
+include_once __DIR__ . "/footer.php";
--- a/application/upload.php
+++ b/application/upload.php
@@ -59,10 +59,11 @@ if ($handle->uploaded) {
    if ($config['allowed'] === 1) {
        $handle->allowed = array('image/*');
    }
-    // svg格式过滤
+
+    // 检查svg是否存在script和a标签代码
    if ($handle->file_src_name_ext === 'svg') {
        $svg = file_get_contents($handle->file_src_pathname);
-        if (preg_match('/<script[\s\S]*?<\/script>/', $svg)) {
+        if (preg_match('/<script[\s\S]*?<\/script>/', $svg) || stripos($svg, 'href=')) {
            exit(json_encode(
                array(
                    "result"  => "failed",