3caebb3b20
* Add feed widget * add feed render * Add CommentPage widget * New theme (#1390) * 调整忽略目录 * add theme * fix theme scss build Co-authored-by: fen <f3nb0x@gmail.com> * s/is_writeable/is_writable/g * New upgrade method * merge new fixes from master * add pgsql ssl mode support (ref #1600) (#1623) * Feat/code refactor (#1626) * remove all magic methods, add type for class properties * refactor codes * fix all * refactor code * fix type * fix all * fix request is method * fix all * fix router * fix get page * fix 1.3.0 upgrade * [feat] support high resolution avatar * fix types in i18n component * Implement Ctrl+S or Command+S for save draft (#1628) * Implement Ctrl+S or Command+S for save draft * rename * add Typecho.savePost * fix upload file size * add new uploader * replace new uploader * fix textarea change * fix preview * refactor post edit * fix issue * fix page edit --------- Co-authored-by: joyqi <joyqi@segmentfault.com> Co-authored-by: joyqi <magike.net@gmail.com> * fix #1632 * Add svg to image types * Feat/tree pages (#1646) * add tree trait * finish category tree trait * support select fields * fix select fields * refactor admin trait * fix draft status * Add new contents type "revision" * minor refactor * add more tree view abstracts * add tree trait to pages * get ready for tree view pages * improve page edit * fix revision * fix slug * add router params delegate * fix params delegate * fix * fix * fix all * fix all * fix tree * fix page link * fix feed * fix page * fix permalink * fix permalink input * fix offset query * Support IDN (#1629) * Support IDN * use js * Optimize code * Optimize code * fix URL script * remove unnecessary use --------- Co-authored-by: joyqi <joyqi@segmentfault.com> * fix input element * fix #1651, close #1653 * Use json instead of serialize (#1624) * Use json instead of serialize * Fix Upgrade code * add tree trait * finish category tree trait * support select fields * fix select fields * refactor admin trait * fix draft status * Add new contents type "revision" * minor refactor * add more tree view abstracts * add tree trait to pages * get ready for tree view pages * improve page edit * fix revision * fix slug * add router params delegate * fix params delegate * fix * fix * fix all * fix all * fix tree * fix page link * fix feed * fix page * fix permalink * fix permalink input * fix offset query * Fix typo * remove proxy methods * remove unnecessary useage --------- Co-authored-by: joyqi <joyqi@segmentfault.com> Co-authored-by: joyqi <magike.net@gmail.com> * Fix Prevent XSS vulnerability in default theme (#1654) * Fix Prevent XSS vulnerability in default theme * Update var/Typecho/Db/Adapter/Pdo.php * fix the getter --------- Co-authored-by: joyqi <joyqi@segmentfault.com> * add throwCallback to widget response * fix: cut down fields when selecting recent posts * fix typo errors * fix typo errors * fix http client cookie * add throw finish * fix theme lang * fix default theme * fix query * add open graph and twitter card support add canonical link * fix canonical link meta * fix theme classic-22 * remove unnecessary scss file when packaging * init plugin signal * improve: remove feather-icon js file * fix: typo * improve: post detail layout * fix tags saving * improve: nav search * fix: theme screenshot * fix: theme page layout * remove php 7.2/7.3 env --------- Co-authored-by: fen <f3nb0x@gmail.com> Co-authored-by: Lu Fei <52o@qq52o.cn>
157 lines
3.1 KiB
PHP
157 lines
3.1 KiB
PHP
<?php
|
|
|
|
namespace Widget;
|
|
|
|
use Typecho\Common;
|
|
use Typecho\Response;
|
|
use Typecho\Widget;
|
|
|
|
if (!defined('__TYPECHO_ROOT_DIR__')) {
|
|
exit;
|
|
}
|
|
|
|
/**
|
|
* 安全选项组件
|
|
*
|
|
* @link typecho
|
|
* @package Widget
|
|
* @copyright Copyright (c) 2014 Typecho team (http://typecho.org)
|
|
* @license GNU General Public License 2.0
|
|
*/
|
|
class Security extends Base
|
|
{
|
|
/**
|
|
* @var string
|
|
*/
|
|
private string $token;
|
|
|
|
/**
|
|
* @var boolean
|
|
*/
|
|
private bool $enabled = true;
|
|
|
|
/**
|
|
* @param int $components
|
|
*/
|
|
public function initComponents(int &$components)
|
|
{
|
|
$components = self::INIT_OPTIONS | self::INIT_USER;
|
|
}
|
|
|
|
/**
|
|
* 初始化函数
|
|
*/
|
|
public function execute()
|
|
{
|
|
$this->token = $this->options->secret;
|
|
if ($this->user->hasLogin()) {
|
|
$this->token .= '&' . $this->user->authCode . '&' . $this->user->uid;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @param bool $enabled
|
|
*/
|
|
public function enable(bool $enabled = true)
|
|
{
|
|
$this->enabled = $enabled;
|
|
}
|
|
|
|
/**
|
|
* 保护提交数据
|
|
*/
|
|
public function protect()
|
|
{
|
|
if ($this->enabled && $this->request->get('_') != $this->getToken($this->request->getReferer())) {
|
|
$this->response->goBack();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* 获取token
|
|
*
|
|
* @param string|null $suffix 后缀
|
|
* @return string
|
|
*/
|
|
public function getToken(?string $suffix): string
|
|
{
|
|
return md5($this->token . '&' . $suffix);
|
|
}
|
|
|
|
/**
|
|
* 获取绝对路由路径
|
|
*
|
|
* @param string|null $path
|
|
* @return string
|
|
*/
|
|
public function getRootUrl(?string $path): string
|
|
{
|
|
return Common::url($this->getTokenUrl($path), $this->options->rootUrl);
|
|
}
|
|
|
|
/**
|
|
* 生成带token的路径
|
|
*
|
|
* @param $path
|
|
* @param string|null $url
|
|
* @return string
|
|
*/
|
|
public function getTokenUrl($path, ?string $url = null): string
|
|
{
|
|
$parts = parse_url($path);
|
|
$params = [];
|
|
|
|
if (!empty($parts['query'])) {
|
|
parse_str($parts['query'], $params);
|
|
}
|
|
|
|
$params['_'] = $this->getToken($url ?: $this->request->getRequestUrl());
|
|
$parts['query'] = http_build_query($params);
|
|
|
|
return Common::buildUrl($parts);
|
|
}
|
|
|
|
/**
|
|
* 输出后台安全路径
|
|
*
|
|
* @param $path
|
|
*/
|
|
public function adminUrl($path)
|
|
{
|
|
echo $this->getAdminUrl($path);
|
|
}
|
|
|
|
/**
|
|
* 获取安全的后台路径
|
|
*
|
|
* @param string $path
|
|
* @return string
|
|
*/
|
|
public function getAdminUrl(string $path): string
|
|
{
|
|
return Common::url($this->getTokenUrl($path), $this->options->adminUrl);
|
|
}
|
|
|
|
/**
|
|
* 输出安全的路由路径
|
|
*
|
|
* @param $path
|
|
*/
|
|
public function index($path)
|
|
{
|
|
echo $this->getIndex($path);
|
|
}
|
|
|
|
/**
|
|
* 获取安全的路由路径
|
|
*
|
|
* @param $path
|
|
* @return string
|
|
*/
|
|
public function getIndex($path): string
|
|
{
|
|
return Common::url($this->getTokenUrl($path), $this->options->index);
|
|
}
|
|
}
|
|
|