blackteay/ThinkAdmin
1
0
Fork 0
mirror of https://gitee.com/zoujingli/ThinkAdmin.git synced 2025-10-27 02:12:08 +08:00
Code Issues Projects Releases Wiki Activity

[更新]增加文件本地上传token验证

Browse Source
This commit is contained in:
Anyon 2017-07-13 18:28:33 +08:00
parent 355e730fa4
commit a0f5571595
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
application/admin/controller/Plugs.php
View File

@ -62,17 +62,16 @@ class Plugs extends BasicAdmin
*/ */
public function upload() public function upload()
{ {
if (!$this->request->isPost()) {
return json(['code' => 'ERROR', '文件上传失败']);
}
$file = $this->request->file('file'); $file = $this->request->file('file');
$ext = pathinfo($file->getInfo('name'), PATHINFO_EXTENSION);
if (in_array($ext, ['php', 'bat', 'cmd', 'sh', 'exe'])) {
return json(['code' => 'ERROR', 'msg' => "禁止上传{$ext}文件"]);
}
$md5s = str_split($this->request->post('md5'), 16); $md5s = str_split($this->request->post('md5'), 16);
$ext = pathinfo($file->getInfo('name'), 4);
$filename = join('/', $md5s) . ".{$ext}";
// 文件上传Token验证
if ($this->request->post('token') !== md5($filename . session_id())) {
return json(['code' => 'ERROR', '文件上传验证失败']);
}
// 文件上传处理
if (($info = $file->move('static' . DS . 'upload' . DS . $md5s[0], $md5s[1], true))) { if (($info = $file->move('static' . DS . 'upload' . DS . $md5s[0], $md5s[1], true))) {
$filename = join('/', $md5s) . '.' . $info->getExtension();
if (($site_url = FileService::getFileUrl($filename, 'local'))) { if (($site_url = FileService::getFileUrl($filename, 'local'))) {
return json(['data' => ['site_url' => $site_url], 'code' => 'SUCCESS', 'msg' => '文件上传成功']); return json(['data' => ['site_url' => $site_url], 'code' => 'SUCCESS', 'msg' => '文件上传成功']);
} }
@ -100,6 +99,7 @@ class Plugs extends BasicAdmin
break; break;
case 'local': case 'local':
$config['server'] = FileService::getUploadLocalUrl(); $config['server'] = FileService::getUploadLocalUrl();
$config['token'] = md5($filename . session_id());
break; break;
case 'oss': case 'oss':
$time = time() + 3600; $time = time() + 3600;

4
application/admin/view/plugs.upfile.html
View File

@ -144,10 +144,10 @@
window['expressinstallcallback'] = function (state) { window['expressinstallcallback'] = function (state) {
switch (state) { switch (state) {
case 'Download.Cancelled': case 'Download.Cancelled':
alert('您取消了更新!') alert('您取消了更新!');
break; break;
case 'Download.Failed': case 'Download.Failed':
alert('安装失败') alert('安装失败');
break; break;
default: default:
alert('安装已成功,请刷新!'); alert('安装已成功,请刷新!');