diff --git a/src/dede/module_main.php b/src/dede/module_main.php
index 7474da32..ac29b304 100755
--- a/src/dede/module_main.php
+++ b/src/dede/module_main.php
@@ -100,14 +100,45 @@ if($action=='')
exit();
}
/*--------------
+function ViewDevelopoer();
+--------------*/
+else if($action=='view_developoer')
+{
+ // 检验开发者信息
+ $dm = new DedeModule($mdir);
+ $info = $dm->GetModuleInfo($hash);
+ if ($info==null) {
+ ShowMsg("获取模块信息错误,模块文件可能被篡改", -1);
+ exit;
+ }
+
+ $dev_id = $info['dev_id'];
+ $devURL = DEDECDNURL . "/developers/$dev_id.json";
+ $dhd = new DedeHttpDown();
+ $dhd->OpenUrl($devURL);
+ $devContent = $dhd->GetHtml();
+ $devInfo = (array)json_decode($devContent);
+ $offUrl = "";
+ if ($devInfo['dev_type'] == 1) {
+ $offUrl = "
开发者名称:{$devInfo['dev_name']}
开发者全称:{$devInfo['realname']}
开发者ID:{$devInfo['dev_id']} 查看详情
$offUrl
认证于:{$authAt}
","javascript:;");
+exit;
+}
+/*--------------
function Setup();
--------------*/
else if($action=='setup')
{
$dm = new DedeModule($mdir);
$infos = $dm->GetModuleInfo($hash);
+ if ($infos==null) {
+ ShowMsg("获取模块信息错误,模块文件可能被篡改", -1);
+ exit;
+ }
- if($infos['url']=='') $infos['url'] = ' ';
$alertMsg = ($infos['lang'] == $cfg_soft_lang ? '' : '
(这个模块的语言编码与你系统的编码不一致,请向开发者确认它的兼容性)');
$filelists = $dm->GetFileLists($hash);
@@ -165,9 +196,9 @@ else if($action=='setup')
$win->AddTitle("
模块管理 >> 安装模块: {$infos['name']}");
$win->AddHidden("hash",$hash);
$win->AddHidden("action",'setupstart');
- if(trim($infos['url'])=='') $infos['url'] = '无';
+
$msg = "
-
+
diff --git a/src/dede/module_make.php b/src/dede/module_make.php
index c0bac3ca..2c7d75e2 100755
--- a/src/dede/module_make.php
+++ b/src/dede/module_make.php
@@ -1,4 +1,5 @@
OpenUrl($devURL);
$devContent = $dhd->GetHtml();
$devInfo = (array)json_decode($devContent);
- if (($devInfo['auth_at']+60*60*24*365) < time()) {
- ShowMsg("您的开发者账号已经过期,请登录www.dedebiz.com重新申请!","-1");
+ if (($devInfo['auth_at'] + 60 * 60 * 24 * 365) < time()) {
+ ShowMsg("您的开发者账号已经过期,请登录www.dedebiz.com重新申请!", "-1");
exit();
}
$filelist = str_replace("\r", "\n", trim($filelist));
$filelist = trim(preg_replace("#[\n]{1,}#", "\n", $filelist));
- if($filelist=='')
- {
- ShowMsg("对不起,你没有指定模块的文件列表,因此不能创建项目!","-1");
+ if ($filelist == '') {
+ ShowMsg("对不起,你没有指定模块的文件列表,因此不能创建项目!", "-1");
exit();
}
if (empty($dev_id)) {
- ShowMsg("开发者ID不能为空!","-1");
+ ShowMsg("开发者ID不能为空!", "-1");
exit();
}
if (empty($priv)) {
- ShowMsg("请填写开发者私钥信息","-1");
+ ShowMsg("请填写开发者私钥信息", "-1");
exit();
}
if (strlen($modulname) > 150) {
- ShowMsg("模块名称过长","-1");
+ ShowMsg("模块名称过长", "-1");
exit();
}
@@ -65,78 +62,74 @@ else if($action=='make')
"dev_id" => $devInfo['dev_id'],
));
// 私钥加密模块信息
- openssl_private_encrypt($enstr,$encotent,$priv);
+ openssl_private_encrypt($enstr, $encotent, $priv);
$moduleInfo = base64url_encode($encotent);
- openssl_public_decrypt($encotent,$decontent,$devInfo['pub_key']);
-
+ openssl_public_decrypt($encotent, $decontent, $devInfo['pub_key']);
+
$minfo = (array)json_decode($decontent);
if ($minfo['module_name'] != $modulname || $minfo['dev_id'] != $devInfo['dev_id']) {
- ShowMsg("开发者私钥校验失败,请确保填写正确的开发者私钥","-1");
+ ShowMsg("开发者私钥校验失败,请确保填写正确的开发者私钥", "-1");
exit();
}
//去除转义
- foreach($_POST as $k=>$v) $$k = stripslashes($v);
+ foreach ($_POST as $k => $v) $$k = stripslashes($v);
- if(!isset($autosetup)) $autosetup = 0;
- if(!isset($autodel)) $autodel = 0;
- $mdir = DEDEDATA.'/module';
- $hashcode = md5($modulname.$devInfo['dev_id']);
- $moduleFilename = $mdir.'/'.$hashcode.'.xml';
+ if (!isset($autosetup)) $autosetup = 0;
+ if (!isset($autodel)) $autodel = 0;
+ $mdir = DEDEDATA . '/module';
+ $hashcode = md5($modulname . $devInfo['dev_id']);
+ $moduleFilename = $mdir . '/' . $hashcode . '.xml';
$menustring = base64_encode($menustring);
$indexurl = str_replace('=', '**', $indexurl);
$dm = new DedeModule($mdir);
- if($dm->HasModule($hashcode))
- {
+ if ($dm->HasModule($hashcode)) {
$dm->Clear();
- ShowMsg("对不起,你指定同名模块已经存在,因此不能创建项目!
如果你要更新这个模块,请先删除:module/{$hashcode}.xml","-1");
+ ShowMsg("对不起,你指定同名模块已经存在,因此不能创建项目!
如果你要更新这个模块,请先删除:module/{$hashcode}.xml", "-1");
exit();
}
$readmef = $setupf = $uninstallf = '';
- if(empty($readmetxt))
- {
- move_uploaded_file($readme, $mdir."/{$hashcode}-r.html") or die("你没填写说明或上传说明文件!");
- $readmef = $dm->GetEncodeFile($mdir."/{$hashcode}-r.html", TRUE);
- }
- else
- {
- $readmetxt = "".$readmetxt;
+ if (empty($readmetxt)) {
+ move_uploaded_file($readme, $mdir . "/{$hashcode}-r.html") or die("你没填写说明或上传说明文件!");
+ $readmef = $dm->GetEncodeFile($mdir . "/{$hashcode}-r.html", TRUE);
+ } else {
+ $readmetxt = "
" . $readmetxt;
$readmetxt = preg_replace("#[\r\n]{1,}#", "
\r\n", $readmetxt);
$readmetxt .= "
";
$readmef = base64_encode(trim($readmetxt));
}
-
- if($autosetup==0)
- {
- move_uploaded_file($setup,$mdir."/{$hashcode}-s.php") or die("你没上传,或系统无法把setup文件移动到 module 目录!");
- $setupf = $dm->GetEncodeFile($mdir."/{$hashcode}-s.php",TRUE);
+
+ if ($autosetup == 0) {
+ move_uploaded_file($setup, $mdir . "/{$hashcode}-s.php") or die("你没上传,或系统无法把setup文件移动到 module 目录!");
+ $setupf = $dm->GetEncodeFile($mdir . "/{$hashcode}-s.php", TRUE);
}
- if($autodel==0)
- {
- move_uploaded_file($uninstall, $mdir."/{$hashcode}-u.php") or die("你没上传,或系统无法把uninstall文件移动到 module 目录!");
- $uninstallf = $dm->GetEncodeFile($mdir."/{$hashcode}-u.php", TRUE);
+ if ($autodel == 0) {
+ move_uploaded_file($uninstall, $mdir . "/{$hashcode}-u.php") or die("你没上传,或系统无法把uninstall文件移动到 module 目录!");
+ $uninstallf = $dm->GetEncodeFile($mdir . "/{$hashcode}-u.php", TRUE);
}
- if(trim($setupsql40)=='') $setupsql40 = '';
+ if (trim($setupsql40) == '') $setupsql40 = '';
else $setupsql40 = base64_encode(trim($setupsql40));
//if(trim($setupsql41)=='') $setupsql41 = '';
//else $setupsql41 = base64_encode(trim($setupsql41));
- if(trim($delsql)=='') $delsql = '';
+ if (trim($delsql) == '') $delsql = '';
else $delsql = base64_encode(trim($delsql));
+ $pub_key = base64url_encode($devInfo['pub_key']);
$modulinfo = "
name={$modulname}
dev_id={$devInfo['dev_id']}
+pubkey={$pub_key}
info={$moduleInfo}
time={$mtime}
hash={$hashcode}
@@ -174,19 +167,17 @@ $filelist
";
$filelists = explode("\n", $filelist);
- foreach($filelists as $v)
- {
- $v = trim($v);
- if(!empty($v)) $dm->MakeEncodeFileTest(dirname(__FILE__), $v);
+ foreach ($filelists as $v) {
+ $v = trim($v);
+ if (!empty($v)) $dm->MakeEncodeFileTest(dirname(__FILE__), $v);
}
//测试无误后编译安装包
$fp = fopen($moduleFilename, 'w');
fwrite($fp, $modulinfo);
fwrite($fp, "\r\n");
- foreach($filelists as $v)
- {
- $v = trim($v);
- if(!empty($v)) $dm->MakeEncodeFile(dirname(__FILE__), $v, $fp);
+ foreach ($filelists as $v) {
+ $v = trim($v);
+ if (!empty($v)) $dm->MakeEncodeFile(dirname(__FILE__), $v, $fp);
}
fwrite($fp, "\r\n");
fwrite($fp, "\r\n");
@@ -197,37 +188,34 @@ $filelist
/*-------------
//修改项目
function editModule()
---------------*/
-else if($action=='edit')
-{
+--------------*/ else if ($action == 'edit') {
$filelist = str_replace("\r", "\n", trim($filelist));
$filelist = trim(preg_replace("#[\n]{1,}#", "\n", $filelist));
- if($filelist=="")
- {
- ShowMsg("对不起,你没有指定模块的文件列表,因此不能创建项目!","-1");
+ if ($filelist == "") {
+ ShowMsg("对不起,你没有指定模块的文件列表,因此不能创建项目!", "-1");
exit();
}
if (empty($dev_id)) {
- ShowMsg("开发者ID不能为空!","-1");
+ ShowMsg("开发者ID不能为空!", "-1");
exit();
}
if (empty($priv)) {
- ShowMsg("请填写开发者私钥信息","-1");
+ ShowMsg("请填写开发者私钥信息", "-1");
exit();
}
// 校验私钥,确定开发者身份
- $devURL = DEDECDNURL."/developers/$dev_id.json";
+ $devURL = DEDECDNURL . "/developers/$dev_id.json";
$dhd = new DedeHttpDown();
$dhd->OpenUrl($devURL);
$devContent = $dhd->GetHtml();
$devInfo = (array)json_decode($devContent);
- if (($devInfo['auth_at']+60*60*24*365) < time()) {
- ShowMsg("您的开发者账号已经过期,请登录www.dedebiz.com重新申请!","-1");
+ if (($devInfo['auth_at'] + 60 * 60 * 24 * 365) < time()) {
+ ShowMsg("您的开发者账号已经过期,请登录www.dedebiz.com重新申请!", "-1");
exit();
}
if (strlen($modulname) > 150) {
- ShowMsg("模块名称过长","-1");
+ ShowMsg("模块名称过长", "-1");
exit();
}
@@ -237,63 +225,62 @@ else if($action=='edit')
"dev_id" => $devInfo['dev_id'],
));
// 私钥加密模块信息
- openssl_private_encrypt($enstr,$encotent,$priv);
+ openssl_private_encrypt($enstr, $encotent, $priv);
$moduleInfo = base64url_encode($encotent);
- openssl_public_decrypt($encotent,$decontent,$devInfo['pub_key']);
-
+ openssl_public_decrypt($encotent, $decontent, $devInfo['pub_key']);
+
$minfo = (array)json_decode($decontent);
if ($minfo['module_name'] != $modulname || $minfo['dev_id'] != $devInfo['dev_id']) {
- ShowMsg("开发者私钥校验失败,请确保填写正确的开发者私钥","-1");
+ ShowMsg("开发者私钥校验失败,请确保填写正确的开发者私钥", "-1");
exit();
}
//已经去除转义
- foreach($_POST as $k=>$v) $$k = stripslashes($v);
- if(!isset($autosetup)) $autosetup = 0;
- if(!isset($autodel)) $autodel = 0;
- $mdir = DEDEDATA.'/module';
+ foreach ($_POST as $k => $v) $$k = stripslashes($v);
+ if (!isset($autosetup)) $autosetup = 0;
+ if (!isset($autodel)) $autodel = 0;
+ $mdir = DEDEDATA . '/module';
$hashcode = $hash;
- $moduleFilename = $mdir.'/'.$hashcode.'.xml';
+ $moduleFilename = $mdir . '/' . $hashcode . '.xml';
$modulname = str_replace('=', '', $modulname);
$indexurl = str_replace('=', '**', $indexurl);
$menustring = base64_encode($menustring);
$dm = new DedeModule($mdir);
$readmef = base64_encode($readmetxt);
$setupf = $uninstallf = '';
-
+
//编译setup文件
- if(is_uploaded_file($setup))
- {
- move_uploaded_file($setup, $mdir."/{$hashcode}-s.php") or die("你没上传,或系统无法把setup文件移动到 module 目录!");
- $setupf = $dm->GetEncodeFile($mdir."/{$hashcode}-s.php", TRUE);
+ if (is_uploaded_file($setup)) {
+ move_uploaded_file($setup, $mdir . "/{$hashcode}-s.php") or die("你没上传,或系统无法把setup文件移动到 module 目录!");
+ $setupf = $dm->GetEncodeFile($mdir . "/{$hashcode}-s.php", TRUE);
} else {
- if($autosetup==0) $setupf = base64_encode($dm->GetSystemFile($hashcode, 'setup'));
+ if ($autosetup == 0) $setupf = base64_encode($dm->GetSystemFile($hashcode, 'setup'));
}
- //编译uninstall文件
- if(is_uploaded_file($uninstall))
- {
- move_uploaded_file($uninstall,$mdir."/{$hashcode}-u.php") or die("你没上传,或系统无法把uninstall文件移动到 module 目录!");
- $uninstallf = $dm->GetEncodeFile($mdir."/{$hashcode}-u.php",true);
+ //编译uninstall文件
+ if (is_uploaded_file($uninstall)) {
+ move_uploaded_file($uninstall, $mdir . "/{$hashcode}-u.php") or die("你没上传,或系统无法把uninstall文件移动到 module 目录!");
+ $uninstallf = $dm->GetEncodeFile($mdir . "/{$hashcode}-u.php", true);
} else {
- if($autodel==0) $uninstallf = base64_encode($dm->GetSystemFile($hashcode,'uninstall'));
+ if ($autodel == 0) $uninstallf = base64_encode($dm->GetSystemFile($hashcode, 'uninstall'));
}
- if(trim($setupsql40)=='') $setupsql40 = '';
+ if (trim($setupsql40) == '') $setupsql40 = '';
else $setupsql40 = base64_encode(htmlspecialchars_decode(trim($setupsql40)));
//if(trim($setupsql41)=='') $setupsql41 = '';
//else $setupsql41 = base64_encode(trim($setupsql41));
- if(trim($delsql)=='') $delsql = '';
+ if (trim($delsql) == '') $delsql = '';
else $delsql = base64_encode(strip_tags(trim($delsql)));
$modulinfo = "
name={$modulname}
dev_id={$devInfo['dev_id']}
+pubkey={$devInfo['pub_key']}
info={$moduleInfo}
time={$mtime}
hash={$hashcode}
@@ -330,30 +317,27 @@ $filelist
";
- if($rebuild=='yes')
- {
+ if ($rebuild == 'yes') {
$filelists = explode("\n", $filelist);
- foreach($filelists as $v)
- {
- $v = trim($v);
- if(!empty($v)) $dm->MakeEncodeFileTest(dirname(__FILE__),$v);
+ foreach ($filelists as $v) {
+ $v = trim($v);
+ if (!empty($v)) $dm->MakeEncodeFileTest(dirname(__FILE__), $v);
}
//测试无误后编译安装包
$fp = fopen($moduleFilename, 'w');
- fwrite($fp, $modulinfo."\r\n");
+ fwrite($fp, $modulinfo . "\r\n");
fwrite($fp, "\r\n");
- foreach($filelists as $v)
- {
+ foreach ($filelists as $v) {
$v = trim($v);
- if(!empty($v)) $dm->MakeEncodeFile(dirname(__FILE__),$v,$fp);
+ if (!empty($v)) $dm->MakeEncodeFile(dirname(__FILE__), $v, $fp);
}
- fwrite($fp,"\r\n");
- fwrite($fp,"\r\n");
+ fwrite($fp, "\r\n");
+ fwrite($fp, "\r\n");
fclose($fp);
} else {
$fxml = $dm->GetFileXml($hashcode);
$fp = fopen($moduleFilename, 'w');
- fwrite($fp, $modulinfo."\r\n");
+ fwrite($fp, $modulinfo . "\r\n");
fwrite($fp, $fxml);
fclose($fp);
}
diff --git a/src/dede/templets/module_main.htm b/src/dede/templets/module_main.htm
index 8c939afa..fa1ed4d6 100755
--- a/src/dede/templets/module_main.htm
+++ b/src/dede/templets/module_main.htm
@@ -6,6 +6,9 @@
+
+
+