更新内容： (#259)

authcode函数漏洞修复避免重复添加className的问题修复dshowmessage函数包含重复的if判断 Signed-off-by: 小胡 <3203164629@qq.com>
2025-01-07 03:16:58 +08:00 · 2024-10-15 15:02:12 +08:00 · 2024-10-15 15:02:12 +08:00 · 394451f578
commit 394451f578
parent 309892fb1a
3 changed files with 16 additions and 19 deletions
--- a/core/function/function_core.php
+++ b/core/function/function_core.php
@ -364,7 +364,7 @@ function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0, $ckey_
    }

    if ($operation == 'DECODE') {
-        if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26) . $keyb), 0, 16)) {
+        if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) === substr(md5(substr($result, 26) . $keyb), 0, 16)) {
            return substr($result, 26);
        } else {
            return '';
@ -1621,22 +1621,19 @@ function getexpiration()
    return mktime(0, 0, 0, $date['mon'], $date['mday'], $date['year']) + 86400;
 }

-function return_bytes($val)
-{
-    $val = trim($val);
-    $last = strtolower($val{strlen($val) - 1});
-    switch ($last) {
-        case 'g':
-            $val *= 1024;
-        case 'm':
-            $val *= 1024;
-        case 'k':
-            $val *= 1024;
-    }
-    return $val;
+function return_bytes($val) {
+	$last = strtolower($val[strlen($val)-1]);
+	if (!is_numeric($val)) {
+		$val = substr(trim($val), 0, -1);
+	}
+	switch($last) {
+		case 'g': $val *= 1024;
+		case 'm': $val *= 1024;
+		case 'k': $val *= 1024;
+	}
+	return $val;
 }

-
 function getimgthumbname($fileStr, $extend = '.thumb.jpg', $holdOldExt = true)
 {
    if (empty($fileStr)) {
@ -1673,7 +1670,7 @@ function strhash($string, $operation = 'DECODE', $key = '')
 {
    $key = md5($key != '' ? $key : getglobal('authkey'));
    if ($operation == 'DECODE') {
-        $hashcode = gzuncompress(base64_decode(($string)));
+        $hashcode = gzuncompress(base64_decode($string));
        $string = substr($hashcode, 0, -16);
        $hash = substr($hashcode, -16);
        unset($hashcode);
--- a/core/function/function_message.php
+++ b/core/function/function_message.php
@ -71,8 +71,6 @@ function dshowmessage($message, $url_forward = '', $values = array(), $extrapara
 	if(!empty($_G['inajax'])) {
 		$handlekey = $_GET['handlekey'] = !empty($_GET['handlekey']) ? dhtmlspecialchars($_GET['handlekey']) : '';
 		$param['handle'] = true;
-	}
-	if(!empty($_G['inajax'])) {
 		$param['msgtype'] = empty($_GET['ajaxmenu']) && (empty($_POST) || !empty($_GET['nopost'])) ? 2 : 3;
 	}
 	if($url_forward) {
--- a/static/js/common.js
+++ b/static/js/common.js
@ -1122,7 +1122,9 @@ function showMenu(v) {
 				if(_all.length) {
 					for(j = 0; j < _all.length; j++) {
 						if((!_all[j]['type'] || _all[j]['type'] != 'hidden') && hasshow(_all[j])) {
-							_all[j].className += ' hidefocus';
+							if(_all[j].className.indexOf('hidefocus') == -1) {
+								_all[j].className += ' hidefocus';
+							}
 							_all[j].focus();
 							focused = true;
 							var cobj = _all[j];