fix bugs

2025-01-08 11:58:03 +08:00 · 2023-03-09 01:17:25 +08:00 · 2023-03-09 01:17:25 +08:00 · ba4905122f
commit ba4905122f
parent 68ae0e6ede
5 changed files with 10 additions and 8 deletions
--- a/application/function.php
+++ b/application/function.php
@ -126,7 +126,8 @@ function _login($user = null, $password = null)
        }
        // 存在cookie
        if (isset($_COOKIE['auth'])) {
-            $browser_cookie = unserialize($_COOKIE['auth']);
+            $browser_cookie = json_decode($_COOKIE['auth']);
+
            // cookie无法读取
            if (!$browser_cookie) return json_encode(array('code' => 400, 'level' => 0, 'messege' => '登录已过期,请重新登录'));
            // 判断账号是否存在
@ -153,7 +154,7 @@ function _login($user = null, $password = null)
    // 是否管理员
    if ($user === $config['user'] && $password === $config['password']) {
        // 将账号密码序列化后存储
-        $browser_cookie = serialize(array($user, $password));
+        $browser_cookie = json_encode(array($user, $password));
        setcookie('auth', $browser_cookie, time() + 3600 * 24 * 14, '/');
        return json_encode(array('code' => 200, 'level' => 1, 'messege' => '管理员登录成功'));
    }
@ -162,7 +163,7 @@ function _login($user = null, $password = null)
        // 上传者账号过期
        if ($guestConfig[$user]['expired'] < time()) return json_encode(array('code' => 400, 'level' => 0, 'messege' => $user . '账号已过期'));
        // 未过期设置cookie
-        $browser_cookie = serialize(array($user, $password));
+        $browser_cookie = json_encode(array($user, $password));
        setcookie('auth', $browser_cookie, time() + 3600 * 24 * 14, '/');
        return json_encode(array('code' => 200, 'level' => 2, 'messege' => $user . '用户登录成功'));
    }
@ -194,7 +195,7 @@ function checkLogin()
    // 存在cookie
    if (isset($_COOKIE['auth'])) {

-        $getCOK = unserialize($_COOKIE['auth']);
+        $getCOK = json_decode($_COOKIE['auth']);

        // 无法读取cookie
        if (!$getCOK) {
--- a/application/header.php
+++ b/application/header.php
@ -49,7 +49,7 @@
 				<?php endif; ?>
 				<?php /** 账号登录 */ if (is_who_login('status')) : ?>
 					<!-- 右侧的导航项目 -->
-					<li class="nav navbar-nav navbar-right hidden-xs"><a href="<?php echo $config['domain']; ?>/admin/index.php?login=logout">您好：<?php echo unserialize($_COOKIE['auth'])[0]; ?> <i class="icon icon-signout"></i></a></li>
+					<li class="nav navbar-nav navbar-right hidden-xs"><a href="<?php echo $config['domain']; ?>/admin/index.php?login=logout">您好：<?php echo json_decode($_COOKIE['auth'])[0]; ?> <i class="icon icon-signout"></i></a></li>
 				<?php else : ?>
 					<li class="nav navbar-nav navbar-right hidden-xs"><a href="<?php echo $config['domain']; ?>/admin/index.php"><i class="icon icon-user"> 登录</i></a></li>
 				<?php endif; ?>
--- a/application/upload.php
+++ b/application/upload.php
@ -138,7 +138,7 @@ if ($handle->uploaded) {
    // 开启上传者单独目录
    if ($config['guest_path_status']) {
        if (checkLogin() == 205) {
-            $getCok = unserialize($_COOKIE['auth']);
+            $getCok = json_decode($_COOKIE['auth']);
            $Img_path = config_path($getCok[0] . date('/Y/m/d/'));
        }
    }
--- a/config/config.php
+++ b/config/config.php
--- a/docs/update.md
+++ b/docs/update.md
@ -1,5 +1,6 @@
 * 2023-03-06 v2.7.8
 - 增加WEB端上传签名
+- 修复一处漏洞

 * 2023-03-05 v2.7.7
 - 增加登录日志