blackteay/ApiAdmin
1
0
Fork 0
mirror of https://gitee.com/apiadmin/ApiAdmin.git synced 2025-05-24 22:09:41 +08:00
Code Issues Projects Releases Wiki Activity

modified 修复安全性验证

Browse Source
This commit is contained in:
zhaoxiang 2018-07-19 13:40:31 +08:00
parent a9fa3c9019
commit 87eb2af8e7
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
application/admin/controller/InterfaceList.php
View File

@ -73,6 +73,10 @@ class InterfaceList extends Base {
*/ */
public function add() { public function add() {
$postData = $this->request->post(); $postData = $this->request->post();
if (!preg_match("/^[A-Za-z0-9\/]+$/", $postData['apiClass'])) {
return $this->buildFailed(ReturnCode::DB_SAVE_ERROR, '真实类名只允许填写字母,数字和/');
}
$res = AdminList::create($postData); $res = AdminList::create($postData);
if ($res === false) { if ($res === false) {
return $this->buildFailed(ReturnCode::DB_SAVE_ERROR, '操作失败'); return $this->buildFailed(ReturnCode::DB_SAVE_ERROR, '操作失败');
@ -98,6 +102,7 @@ class InterfaceList extends Base {
return $this->buildFailed(ReturnCode::DB_SAVE_ERROR, '操作失败'); return $this->buildFailed(ReturnCode::DB_SAVE_ERROR, '操作失败');
} else { } else {
cache('ApiInfo:' . $hash, null); cache('ApiInfo:' . $hash, null);
return $this->buildSuccess([]); return $this->buildSuccess([]);
} }
} }
@ -109,11 +114,16 @@ class InterfaceList extends Base {
*/ */
public function edit() { public function edit() {
$postData = $this->request->post(); $postData = $this->request->post();
if (!preg_match("/^[A-Za-z0-9\/]+$/", $postData['apiClass'])) {
return $this->buildFailed(ReturnCode::DB_SAVE_ERROR, '真实类名只允许填写字母,数字和/');
}
$res = AdminList::update($postData); $res = AdminList::update($postData);
if ($res === false) { if ($res === false) {
return $this->buildFailed(ReturnCode::DB_SAVE_ERROR, '操作失败'); return $this->buildFailed(ReturnCode::DB_SAVE_ERROR, '操作失败');
} else { } else {
cache('ApiInfo:' . $postData['hash'], null); cache('ApiInfo:' . $postData['hash'], null);
return $this->buildSuccess([]); return $this->buildSuccess([]);
} }
} }
@ -169,15 +179,16 @@ class InterfaceList extends Base {
public function refresh() { public function refresh() {
$apiRoutePath = ROOT_PATH . 'application/apiRoute.php'; $apiRoutePath = ROOT_PATH . 'application/apiRoute.php';
$tplPath = ROOT_PATH . 'data/apiRoute.tpl'; $tplPath = ROOT_PATH . 'data/apiRoute.tpl';
$methodArr = ['*','POST','GET']; $methodArr = ['*', 'POST', 'GET'];
$tplStr = file_get_contents($tplPath); $tplStr = file_get_contents($tplPath);
$listInfo = AdminList::all(['status' => 1]); $listInfo = AdminList::all(['status' => 1]);
foreach ($listInfo as $value) { foreach ($listInfo as $value) {
$tplStr .= 'Route::rule(\'api/'.$value->hash.'\',\'api/'.$value->apiClass.'\', \''.$methodArr[$value->method].'\', [\'after_behavior\' => $afterBehavior]);'; $tplStr .= 'Route::rule(\'api/' . $value->hash . '\',\'api/' . $value->apiClass . '\', \'' . $methodArr[$value->method] . '\', [\'after_behavior\' => $afterBehavior]);';
} }
file_put_contents($apiRoutePath, $tplStr); file_put_contents($apiRoutePath, $tplStr);
return $this->buildSuccess([]); return $this->buildSuccess([]);
} }
} }