From 29a9e2e6b140698716d8e07b1666ca51d5f8e224 Mon Sep 17 00:00:00 2001 From: tianya Date: Mon, 30 Nov 2020 09:46:01 +0800 Subject: [PATCH] =?UTF-8?q?=E5=85=BC=E5=AE=B9=E6=97=A7=E7=89=88=E6=A8=A1?= =?UTF-8?q?=E5=9D=97=E4=B8=8A=E4=BC=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/dede/module_main.php | 24 ++++++++++++++++-------- src/dede/templets/module_main.htm | 1 + src/include/dedeatt.class.php | 4 ++-- src/include/dedemodule.class.php | 20 +++++++++++--------- 4 files changed, 30 insertions(+), 19 deletions(-) diff --git a/src/dede/module_main.php b/src/dede/module_main.php index 547374b2..b81221ce 100755 --- a/src/dede/module_main.php +++ b/src/dede/module_main.php @@ -79,6 +79,7 @@ function ViewDevelopoer(); // 检验开发者信息 $dm = new DedeModule($mdir); $info = $dm->GetModuleInfo($hash); + if ($info == null) { ShowMsg("获取模块信息错误,模块文件可能被篡改", -1); exit; @@ -96,6 +97,11 @@ function ViewDevelopoer(); } $authAt = date("Y-m-d", $devInfo['auth_at']); + if (!isset($info['dev_id'])) { + $devInfo['realname'] = $devInfo['dev_name'] = $info['team']." 未认证"; + $authAt = "0000-00-00"; + } + ShowMsg("

开发者名称:{$devInfo['dev_name']}

开发者全称:{$devInfo['realname']}

开发者ID:{$devInfo['dev_id']} 查看详情

$offUrl

认证于:{$authAt}

", "javascript:;"); exit; } @@ -309,7 +315,7 @@ function DelModule(); $infos = $dm->GetModuleInfo($hash); $alertMsg = ($infos['lang'] == $cfg_soft_lang ? '' : '
(这个模块的语言编码与你系统的编码不一致,请向开发者确认它的兼容性)'); - + $dev_id = empty($infos['dev_id'])? "未认证 前去认证" : "{$infos['dev_id']} 查看详情"; $win = new OxWindow(); $win->Init("module_main.php", "js/blank.js", "post"); $wecome_info = "模块管理"; @@ -332,7 +338,7 @@ function DelModule(); 开发者ID: - {$infos['dev_id']} 查看详情 + {$dev_id} 发布时间: @@ -378,6 +384,7 @@ function UnInstall(); else $v['type'] = '文件'; $filelist .= "{$v['type']}|{$v['name']}\r\n"; } + $dev_id = empty($infos['dev_id'])? "未认证 前去认证" : "{$infos['dev_id']} 查看详情"; $win = new OxWindow(); $win->Init("module_main.php", "js/blank.js", "post"); $wecome_info = "模块管理"; @@ -400,7 +407,7 @@ function UnInstall(); 开发者ID: - {$infos['dev_id']} 查看详情 + {$dev_id} 发布时间: @@ -421,10 +428,10 @@ function UnInstall(); 对于模块的文件处理方法: - - 手工删除文件,仅运行卸载程序 - - 删除模块的所有文件 + + @@ -515,6 +522,7 @@ function ViewOne(); } else { $setupinfo = "未安装 安装"; } + $dev_id = empty($infos['dev_id'])? "未认证 前去认证" : "{$infos['dev_id']} 查看详情"; $win = new OxWindow(); $win->Init("", "js/blank.js", ""); $wecome_info = "模块管理"; @@ -535,7 +543,7 @@ function ViewOne(); 开发者ID: - {$infos['dev_id']} 查看详情 + {$dev_id} 发布时间: diff --git a/src/dede/templets/module_main.htm b/src/dede/templets/module_main.htm index df26893e..1da41aa7 100755 --- a/src/dede/templets/module_main.htm +++ b/src/dede/templets/module_main.htm @@ -29,6 +29,7 @@
模块管理
应用市场 + 模块上传 模块打包
diff --git a/src/include/dedeatt.class.php b/src/include/dedeatt.class.php index 23acb04a..4a4b1a93 100755 --- a/src/include/dedeatt.class.php +++ b/src/include/dedeatt.class.php @@ -21,7 +21,7 @@ class DedeAtt { var $Count = -1; - var $Items = ""; //属性元素的集合 + var $Items = array(); //属性元素的集合 /** * //获得某个属性 @@ -95,7 +95,7 @@ class DedeAttParse { var $SourceString = ""; var $SourceMaxSize = 1024; - var $CAtt = ""; //属性的数据描述类 + var $CAtt; //属性的数据描述类 var $CharToLow = TRUE; /** diff --git a/src/include/dedemodule.class.php b/src/include/dedemodule.class.php index e443e5a7..348ee172 100755 --- a/src/include/dedemodule.class.php +++ b/src/include/dedemodule.class.php @@ -189,15 +189,17 @@ class DedeModule foreach ($minfos as $k => $v) $minfos[$k] = $this->AppCode($v); } - // 验证模块信息 - $pubKey = @base64url_decode($minfos['pubkey']); - @openssl_public_decrypt(base64url_decode($minfos['info']), $decontent, $pubKey); - $enInfo = (array)json_decode($decontent); - if (count($enInfo) == 0) { - return null; - } - if ($enInfo['module_name'] != $minfos['name'] || $enInfo['dev_id'] != $minfos['dev_id']) { - return null; + if (isset($minfos['pubkey'])) { + // 验证模块信息 + $pubKey = @base64url_decode($minfos['pubkey']); + @openssl_public_decrypt(base64url_decode($minfos['info']), $decontent, $pubKey); + $enInfo = (array)json_decode($decontent); + if (count($enInfo) == 0) { + return null; + } + if ($enInfo['module_name'] != $minfos['name'] || $enInfo['dev_id'] != $minfos['dev_id']) { + return null; + } } return $minfos;