#244 增加验证规则及访问权限

2025-04-06 03:58:04 +08:00 · 2020-09-04 12:48:35 +08:00 · 2020-09-04 12:48:35 +08:00 · ff2ab47cfa
commit ff2ab47cfa
parent 71d301c162
6 changed files with 29 additions and 10 deletions
--- a/app/admin/controller/api/Update.php
+++ b/app/admin/controller/api/Update.php
@ -17,6 +17,7 @@ namespace app\admin\controller\api;

 use think\admin\Controller;
 use think\admin\service\ModuleService;
+use think\admin\service\SystemService;

 /**
 * 安装服务端支持
@ -26,6 +27,16 @@ use think\admin\service\ModuleService;
 class Update extends Controller
 {

+    /**
+     * 访问环境拦截
+     */
+    protected function initialize()
+    {
+        if (!SystemService::instance()->checkRunMode('dev')) {
+            $this->error('只允许访问本地或官方代码！');
+        }
+    }
+
    /**
     * 读取文件内容
     */
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@ -958,17 +958,17 @@
    },
    {
        "name": "zoujingli/think-library",
-        "version": "v6.0.3",
-        "version_normalized": "6.0.3.0",
+        "version": "v6.0.4",
+        "version_normalized": "6.0.4.0",
        "source": {
            "type": "git",
            "url": "https://github.com/zoujingli/ThinkLibrary.git",
-            "reference": "77e7a89a681854da202aa5afa4170279ac6c44c4"
+            "reference": "90513f6dd77469528657c1a14c0d69e2eaea80a1"
        },
        "dist": {
            "type": "zip",
-            "url": "https://api.github.com/repos/zoujingli/ThinkLibrary/zipball/77e7a89a681854da202aa5afa4170279ac6c44c4",
-            "reference": "77e7a89a681854da202aa5afa4170279ac6c44c4",
+            "url": "https://api.github.com/repos/zoujingli/ThinkLibrary/zipball/90513f6dd77469528657c1a14c0d69e2eaea80a1",
+            "reference": "90513f6dd77469528657c1a14c0d69e2eaea80a1",
            "shasum": "",
            "mirrors": [
                {
@ -985,7 +985,7 @@
            "ext-mbstring": "*",
            "topthink/framework": "^6.0"
        },
-        "time": "2020-09-02T03:41:53+00:00",
+        "time": "2020-09-04T04:22:19+00:00",
        "type": "library",
        "extra": {
            "think": {
--- a/vendor/services.php
+++ b/vendor/services.php
@ -1,5 +1,5 @@
 <?php 
-// This file is automatically generated at:2020-09-03 10:27:17
+// This file is automatically generated at:2020-09-04 12:46:23
 declare (strict_types = 1);
 return array (
  0 => 'think\\admin\\Library',
--- a/vendor/zoujingli/think-library/src/Library.php
+++ b/vendor/zoujingli/think-library/src/Library.php
@ -41,7 +41,7 @@ class Library extends Service
    /**
     * 扩展库版本号
     */
-    const VERSION = '6.0.3';
+    const VERSION = '6.0.4';

    /**
     * 启动服务
--- a/vendor/zoujingli/think-library/src/service/ModuleService.php
+++ b/vendor/zoujingli/think-library/src/service/ModuleService.php
@ -190,10 +190,18 @@ class ModuleService extends Service
     */
    public function checkAllowDownload(string $name): bool
    {
+        // 禁止目录级别上跳
+        if (stripos($name, '../') !== false) {
+            return false;
+        }
        // 禁止下载数据库配置文件
        if (stripos($name, 'database.php') !== false) {
            return false;
        }
+        // 禁止非官方演示项目下载
+        if (stripos($this->app->request->domain(), 'thinkadmin.top') === false) {
+            return false;
+        }
        // 检查允许下载的文件规则
        foreach ($this->_getAllowDownloadRule() as $rule) {
            if (stripos($name, $rule) !== false) return true;
--- a/vendor/zoujingli/think-library/src/service/NodeService.php
+++ b/vendor/zoujingli/think-library/src/service/NodeService.php
@ -60,10 +60,10 @@ class NodeService extends Service
    {
        if (empty($node)) return $this->getCurrent();
        if (count($attrs = explode('/', $node)) === 1) {
-            return $this->getCurrent('controller') . '/' . $node;
+            return $this->getCurrent('controller') . '/' . strtolower($node);
        } else {
            $attrs[1] = $this->nameTolower($attrs[1]);
-            return join('/', $attrs);
+            return strtolower(join('/', $attrs));
        }
    }