From 4f686a4763a250e3737ceff8404d02d3a0ed8111 Mon Sep 17 00:00:00 2001 From: tianya Date: Thu, 22 Oct 2020 10:47:51 +0800 Subject: [PATCH] =?UTF-8?q?=E6=A8=A1=E5=9D=97=E5=8A=9F=E8=83=BD=E8=B0=83?= =?UTF-8?q?=E6=95=B4=E5=AE=8C=E5=96=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/dede/module_main.php | 65 +++++++--- src/dede/module_make.php | 198 ++++++++++++++---------------- src/dede/templets/module_main.htm | 29 +++-- src/include/dedemodule.class.php | 14 +++ 4 files changed, 170 insertions(+), 136 deletions(-) diff --git a/src/dede/module_main.php b/src/dede/module_main.php index 7474da32..ac29b304 100755 --- a/src/dede/module_main.php +++ b/src/dede/module_main.php @@ -100,14 +100,45 @@ if($action=='') exit(); } /*-------------- +function ViewDevelopoer(); +--------------*/ +else if($action=='view_developoer') +{ + // 检验开发者信息 + $dm = new DedeModule($mdir); + $info = $dm->GetModuleInfo($hash); + if ($info==null) { + ShowMsg("获取模块信息错误,模块文件可能被篡改", -1); + exit; + } + + $dev_id = $info['dev_id']; + $devURL = DEDECDNURL . "/developers/$dev_id.json"; + $dhd = new DedeHttpDown(); + $dhd->OpenUrl($devURL); + $devContent = $dhd->GetHtml(); + $devInfo = (array)json_decode($devContent); + $offUrl = ""; + if ($devInfo['dev_type'] == 1) { + $offUrl = "

官方网址:{$devInfo['offurl']} (复制在浏览器中打开)

"; + } + $authAt = date("Y-m-d", $devInfo['auth_at']); + + ShowMsg("

开发者名称:{$devInfo['dev_name']}

开发者全称:{$devInfo['realname']}

开发者ID:{$devInfo['dev_id']} 查看详情

$offUrl

认证于:{$authAt}

","javascript:;"); +exit; +} +/*-------------- function Setup(); --------------*/ else if($action=='setup') { $dm = new DedeModule($mdir); $infos = $dm->GetModuleInfo($hash); + if ($infos==null) { + ShowMsg("获取模块信息错误,模块文件可能被篡改", -1); + exit; + } - if($infos['url']=='') $infos['url'] = ' '; $alertMsg = ($infos['lang'] == $cfg_soft_lang ? '' : '
(这个模块的语言编码与你系统的编码不一致,请向开发者确认它的兼容性)'); $filelists = $dm->GetFileLists($hash); @@ -165,9 +196,9 @@ else if($action=='setup') $win->AddTitle(" 模块管理 >> 安装模块: {$infos['name']}"); $win->AddHidden("hash",$hash); $win->AddHidden("action",'setupstart'); - if(trim($infos['url'])=='') $infos['url'] = '无'; + $msg = " - +
@@ -181,29 +212,23 @@ else if($action=='setup') - - + + - - - - - - - - - @@ -224,12 +249,12 @@ else if($action=='setup')
模块名称: {$infos['name']}{$infos['filesize']}
团队名称:{$infos['team']}开发者ID:{$infos['dev_id']} 查看详情
发布时间: {$infos['time']}
电子邮箱:{$infos['email']}
官方网址:{$infos['url']}
使用协议: 点击浏览...
+ +
注意事项: 安装时请确保文件列表中涉及的目录前可写入权限,此外“后台管理目录”、“后台管理目录/templets”目录也必须暂时设置可写入权限。 +
对于已存在文件处理方法: - - 覆盖 - - 覆盖,保留副本 - - 保留旧文件 + + +
diff --git a/src/dede/module_make.php b/src/dede/module_make.php index c0bac3ca..2c7d75e2 100755 --- a/src/dede/module_make.php +++ b/src/dede/module_make.php @@ -1,4 +1,5 @@ OpenUrl($devURL); $devContent = $dhd->GetHtml(); $devInfo = (array)json_decode($devContent); - if (($devInfo['auth_at']+60*60*24*365) < time()) { - ShowMsg("您的开发者账号已经过期,请登录www.dedebiz.com重新申请!","-1"); + if (($devInfo['auth_at'] + 60 * 60 * 24 * 365) < time()) { + ShowMsg("您的开发者账号已经过期,请登录www.dedebiz.com重新申请!", "-1"); exit(); } $filelist = str_replace("\r", "\n", trim($filelist)); $filelist = trim(preg_replace("#[\n]{1,}#", "\n", $filelist)); - if($filelist=='') - { - ShowMsg("对不起,你没有指定模块的文件列表,因此不能创建项目!","-1"); + if ($filelist == '') { + ShowMsg("对不起,你没有指定模块的文件列表,因此不能创建项目!", "-1"); exit(); } if (empty($dev_id)) { - ShowMsg("开发者ID不能为空!","-1"); + ShowMsg("开发者ID不能为空!", "-1"); exit(); } if (empty($priv)) { - ShowMsg("请填写开发者私钥信息","-1"); + ShowMsg("请填写开发者私钥信息", "-1"); exit(); } if (strlen($modulname) > 150) { - ShowMsg("模块名称过长","-1"); + ShowMsg("模块名称过长", "-1"); exit(); } @@ -65,78 +62,74 @@ else if($action=='make') "dev_id" => $devInfo['dev_id'], )); // 私钥加密模块信息 - openssl_private_encrypt($enstr,$encotent,$priv); + openssl_private_encrypt($enstr, $encotent, $priv); $moduleInfo = base64url_encode($encotent); - openssl_public_decrypt($encotent,$decontent,$devInfo['pub_key']); - + openssl_public_decrypt($encotent, $decontent, $devInfo['pub_key']); + $minfo = (array)json_decode($decontent); if ($minfo['module_name'] != $modulname || $minfo['dev_id'] != $devInfo['dev_id']) { - ShowMsg("开发者私钥校验失败,请确保填写正确的开发者私钥","-1"); + ShowMsg("开发者私钥校验失败,请确保填写正确的开发者私钥", "-1"); exit(); } //去除转义 - foreach($_POST as $k=>$v) $$k = stripslashes($v); + foreach ($_POST as $k => $v) $$k = stripslashes($v); - if(!isset($autosetup)) $autosetup = 0; - if(!isset($autodel)) $autodel = 0; - $mdir = DEDEDATA.'/module'; - $hashcode = md5($modulname.$devInfo['dev_id']); - $moduleFilename = $mdir.'/'.$hashcode.'.xml'; + if (!isset($autosetup)) $autosetup = 0; + if (!isset($autodel)) $autodel = 0; + $mdir = DEDEDATA . '/module'; + $hashcode = md5($modulname . $devInfo['dev_id']); + $moduleFilename = $mdir . '/' . $hashcode . '.xml'; $menustring = base64_encode($menustring); $indexurl = str_replace('=', '**', $indexurl); $dm = new DedeModule($mdir); - if($dm->HasModule($hashcode)) - { + if ($dm->HasModule($hashcode)) { $dm->Clear(); - ShowMsg("对不起,你指定同名模块已经存在,因此不能创建项目!
如果你要更新这个模块,请先删除:module/{$hashcode}.xml","-1"); + ShowMsg("对不起,你指定同名模块已经存在,因此不能创建项目!
如果你要更新这个模块,请先删除:module/{$hashcode}.xml", "-1"); exit(); } $readmef = $setupf = $uninstallf = ''; - if(empty($readmetxt)) - { - move_uploaded_file($readme, $mdir."/{$hashcode}-r.html") or die("你没填写说明或上传说明文件!"); - $readmef = $dm->GetEncodeFile($mdir."/{$hashcode}-r.html", TRUE); - } - else - { - $readmetxt = "

".$readmetxt; + if (empty($readmetxt)) { + move_uploaded_file($readme, $mdir . "/{$hashcode}-r.html") or die("你没填写说明或上传说明文件!"); + $readmef = $dm->GetEncodeFile($mdir . "/{$hashcode}-r.html", TRUE); + } else { + $readmetxt = "

" . $readmetxt; $readmetxt = preg_replace("#[\r\n]{1,}#", "
\r\n", $readmetxt); $readmetxt .= "

"; $readmef = base64_encode(trim($readmetxt)); } - - if($autosetup==0) - { - move_uploaded_file($setup,$mdir."/{$hashcode}-s.php") or die("你没上传,或系统无法把setup文件移动到 module 目录!"); - $setupf = $dm->GetEncodeFile($mdir."/{$hashcode}-s.php",TRUE); + + if ($autosetup == 0) { + move_uploaded_file($setup, $mdir . "/{$hashcode}-s.php") or die("你没上传,或系统无法把setup文件移动到 module 目录!"); + $setupf = $dm->GetEncodeFile($mdir . "/{$hashcode}-s.php", TRUE); } - if($autodel==0) - { - move_uploaded_file($uninstall, $mdir."/{$hashcode}-u.php") or die("你没上传,或系统无法把uninstall文件移动到 module 目录!"); - $uninstallf = $dm->GetEncodeFile($mdir."/{$hashcode}-u.php", TRUE); + if ($autodel == 0) { + move_uploaded_file($uninstall, $mdir . "/{$hashcode}-u.php") or die("你没上传,或系统无法把uninstall文件移动到 module 目录!"); + $uninstallf = $dm->GetEncodeFile($mdir . "/{$hashcode}-u.php", TRUE); } - if(trim($setupsql40)=='') $setupsql40 = ''; + if (trim($setupsql40) == '') $setupsql40 = ''; else $setupsql40 = base64_encode(trim($setupsql40)); //if(trim($setupsql41)=='') $setupsql41 = ''; //else $setupsql41 = base64_encode(trim($setupsql41)); - if(trim($delsql)=='') $delsql = ''; + if (trim($delsql) == '') $delsql = ''; else $delsql = base64_encode(trim($delsql)); + $pub_key = base64url_encode($devInfo['pub_key']); $modulinfo = " name={$modulname} dev_id={$devInfo['dev_id']} +pubkey={$pub_key} info={$moduleInfo} time={$mtime} hash={$hashcode} @@ -174,19 +167,17 @@ $filelist "; $filelists = explode("\n", $filelist); - foreach($filelists as $v) - { - $v = trim($v); - if(!empty($v)) $dm->MakeEncodeFileTest(dirname(__FILE__), $v); + foreach ($filelists as $v) { + $v = trim($v); + if (!empty($v)) $dm->MakeEncodeFileTest(dirname(__FILE__), $v); } //测试无误后编译安装包 $fp = fopen($moduleFilename, 'w'); fwrite($fp, $modulinfo); fwrite($fp, "\r\n"); - foreach($filelists as $v) - { - $v = trim($v); - if(!empty($v)) $dm->MakeEncodeFile(dirname(__FILE__), $v, $fp); + foreach ($filelists as $v) { + $v = trim($v); + if (!empty($v)) $dm->MakeEncodeFile(dirname(__FILE__), $v, $fp); } fwrite($fp, "\r\n"); fwrite($fp, "\r\n"); @@ -197,37 +188,34 @@ $filelist /*------------- //修改项目 function editModule() ---------------*/ -else if($action=='edit') -{ +--------------*/ else if ($action == 'edit') { $filelist = str_replace("\r", "\n", trim($filelist)); $filelist = trim(preg_replace("#[\n]{1,}#", "\n", $filelist)); - if($filelist=="") - { - ShowMsg("对不起,你没有指定模块的文件列表,因此不能创建项目!","-1"); + if ($filelist == "") { + ShowMsg("对不起,你没有指定模块的文件列表,因此不能创建项目!", "-1"); exit(); } if (empty($dev_id)) { - ShowMsg("开发者ID不能为空!","-1"); + ShowMsg("开发者ID不能为空!", "-1"); exit(); } if (empty($priv)) { - ShowMsg("请填写开发者私钥信息","-1"); + ShowMsg("请填写开发者私钥信息", "-1"); exit(); } // 校验私钥,确定开发者身份 - $devURL = DEDECDNURL."/developers/$dev_id.json"; + $devURL = DEDECDNURL . "/developers/$dev_id.json"; $dhd = new DedeHttpDown(); $dhd->OpenUrl($devURL); $devContent = $dhd->GetHtml(); $devInfo = (array)json_decode($devContent); - if (($devInfo['auth_at']+60*60*24*365) < time()) { - ShowMsg("您的开发者账号已经过期,请登录www.dedebiz.com重新申请!","-1"); + if (($devInfo['auth_at'] + 60 * 60 * 24 * 365) < time()) { + ShowMsg("您的开发者账号已经过期,请登录www.dedebiz.com重新申请!", "-1"); exit(); } if (strlen($modulname) > 150) { - ShowMsg("模块名称过长","-1"); + ShowMsg("模块名称过长", "-1"); exit(); } @@ -237,63 +225,62 @@ else if($action=='edit') "dev_id" => $devInfo['dev_id'], )); // 私钥加密模块信息 - openssl_private_encrypt($enstr,$encotent,$priv); + openssl_private_encrypt($enstr, $encotent, $priv); $moduleInfo = base64url_encode($encotent); - openssl_public_decrypt($encotent,$decontent,$devInfo['pub_key']); - + openssl_public_decrypt($encotent, $decontent, $devInfo['pub_key']); + $minfo = (array)json_decode($decontent); if ($minfo['module_name'] != $modulname || $minfo['dev_id'] != $devInfo['dev_id']) { - ShowMsg("开发者私钥校验失败,请确保填写正确的开发者私钥","-1"); + ShowMsg("开发者私钥校验失败,请确保填写正确的开发者私钥", "-1"); exit(); } //已经去除转义 - foreach($_POST as $k=>$v) $$k = stripslashes($v); - if(!isset($autosetup)) $autosetup = 0; - if(!isset($autodel)) $autodel = 0; - $mdir = DEDEDATA.'/module'; + foreach ($_POST as $k => $v) $$k = stripslashes($v); + if (!isset($autosetup)) $autosetup = 0; + if (!isset($autodel)) $autodel = 0; + $mdir = DEDEDATA . '/module'; $hashcode = $hash; - $moduleFilename = $mdir.'/'.$hashcode.'.xml'; + $moduleFilename = $mdir . '/' . $hashcode . '.xml'; $modulname = str_replace('=', '', $modulname); $indexurl = str_replace('=', '**', $indexurl); $menustring = base64_encode($menustring); $dm = new DedeModule($mdir); $readmef = base64_encode($readmetxt); $setupf = $uninstallf = ''; - + //编译setup文件 - if(is_uploaded_file($setup)) - { - move_uploaded_file($setup, $mdir."/{$hashcode}-s.php") or die("你没上传,或系统无法把setup文件移动到 module 目录!"); - $setupf = $dm->GetEncodeFile($mdir."/{$hashcode}-s.php", TRUE); + if (is_uploaded_file($setup)) { + move_uploaded_file($setup, $mdir . "/{$hashcode}-s.php") or die("你没上传,或系统无法把setup文件移动到 module 目录!"); + $setupf = $dm->GetEncodeFile($mdir . "/{$hashcode}-s.php", TRUE); } else { - if($autosetup==0) $setupf = base64_encode($dm->GetSystemFile($hashcode, 'setup')); + if ($autosetup == 0) $setupf = base64_encode($dm->GetSystemFile($hashcode, 'setup')); } - //编译uninstall文件 - if(is_uploaded_file($uninstall)) - { - move_uploaded_file($uninstall,$mdir."/{$hashcode}-u.php") or die("你没上传,或系统无法把uninstall文件移动到 module 目录!"); - $uninstallf = $dm->GetEncodeFile($mdir."/{$hashcode}-u.php",true); + //编译uninstall文件 + if (is_uploaded_file($uninstall)) { + move_uploaded_file($uninstall, $mdir . "/{$hashcode}-u.php") or die("你没上传,或系统无法把uninstall文件移动到 module 目录!"); + $uninstallf = $dm->GetEncodeFile($mdir . "/{$hashcode}-u.php", true); } else { - if($autodel==0) $uninstallf = base64_encode($dm->GetSystemFile($hashcode,'uninstall')); + if ($autodel == 0) $uninstallf = base64_encode($dm->GetSystemFile($hashcode, 'uninstall')); } - if(trim($setupsql40)=='') $setupsql40 = ''; + if (trim($setupsql40) == '') $setupsql40 = ''; else $setupsql40 = base64_encode(htmlspecialchars_decode(trim($setupsql40))); //if(trim($setupsql41)=='') $setupsql41 = ''; //else $setupsql41 = base64_encode(trim($setupsql41)); - if(trim($delsql)=='') $delsql = ''; + if (trim($delsql) == '') $delsql = ''; else $delsql = base64_encode(strip_tags(trim($delsql))); $modulinfo = " name={$modulname} dev_id={$devInfo['dev_id']} +pubkey={$devInfo['pub_key']} info={$moduleInfo} time={$mtime} hash={$hashcode} @@ -330,30 +317,27 @@ $filelist "; - if($rebuild=='yes') - { + if ($rebuild == 'yes') { $filelists = explode("\n", $filelist); - foreach($filelists as $v) - { - $v = trim($v); - if(!empty($v)) $dm->MakeEncodeFileTest(dirname(__FILE__),$v); + foreach ($filelists as $v) { + $v = trim($v); + if (!empty($v)) $dm->MakeEncodeFileTest(dirname(__FILE__), $v); } //测试无误后编译安装包 $fp = fopen($moduleFilename, 'w'); - fwrite($fp, $modulinfo."\r\n"); + fwrite($fp, $modulinfo . "\r\n"); fwrite($fp, "\r\n"); - foreach($filelists as $v) - { + foreach ($filelists as $v) { $v = trim($v); - if(!empty($v)) $dm->MakeEncodeFile(dirname(__FILE__),$v,$fp); + if (!empty($v)) $dm->MakeEncodeFile(dirname(__FILE__), $v, $fp); } - fwrite($fp,"\r\n"); - fwrite($fp,"\r\n"); + fwrite($fp, "\r\n"); + fwrite($fp, "\r\n"); fclose($fp); } else { $fxml = $dm->GetFileXml($hashcode); $fp = fopen($moduleFilename, 'w'); - fwrite($fp, $modulinfo."\r\n"); + fwrite($fp, $modulinfo . "\r\n"); fwrite($fp, $fxml); fclose($fp); } diff --git a/src/dede/templets/module_main.htm b/src/dede/templets/module_main.htm index 8c939afa..fa1ed4d6 100755 --- a/src/dede/templets/module_main.htm +++ b/src/dede/templets/module_main.htm @@ -6,6 +6,9 @@ + + +