renun/TwoNav
1
0
Fork 0
mirror of https://github.com/tznb1/TwoNav.git synced 2025-08-10 08:51:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

v2.1.18-20241018

Browse Source
This commit is contained in:
MI15\Win
2024-10-17 16:29:12 +08:00
parent b9eaa4099d
commit 72f4cee174
18 changed files with 506 additions and 1430 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1853
system/Medoo.php
View File

File diff suppressed because it is too large Load Diff

2
system/api_root.php
View File

@@ -453,7 +453,7 @@ function other_services(){
'method' => $_GET['type'],
'sys' => $_POST['sys']
];
$overtime = !isset($global_config['Update_Overtime']) ? 3 : ($global_config['Update_Overtime'] < 3 || $global_config['Update_Overtime'] > 60 ? 3 : $global_config['Update_Overtime']);
$overtime = 30;
// 判断操作类型
if($_GET['type'] == 'query_key' || $_GET['type'] == 'save_key'){
$Res = ccurl("http://service.twonav.cn/service.php",$overtime,true,$post);

9
system/firewall.php
View File

@@ -21,7 +21,7 @@ foreach($_POST as $key =>$value){
}
}
//拦截SQL注入
if($global_config['SQL_WAF'] == 1 ){
if(!isset($code) && $global_config['SQL_WAF'] == 1 ){
if(preg_match("/\s+(or|xor|and)\s+(=|<|>|'|".'")/i',$value)){
$code = 2101;
}elseif(preg_match("/select.+(from|limit)/i",$value)){
@@ -43,5 +43,10 @@ foreach($_POST as $key =>$value){
}
}
if(!empty($code)){msgA(['code'=>$code,'msg'=>$code.':已拦截不合法参数!','key'=>$key,'Value'=>$value,'method'=>$method ]);}
if(!empty($code)){
$tips = $code <= 2100 ?
'<br />如果您是站长,请前往系统设置关闭防XSS脚本<br />如果您是用户,请联系站长处理':
'<br />如果您是站长,请前往系统设置关闭防SQL注入<br />如果您是用户,请联系站长处理';
msgA(['code'=>$code,'msg'=>$code.':已拦截不合法参数!'.$tips,'key'=>$key,'Value'=>$value,'method'=>$method ]);
}
}

6
system/templates.php
View File

@@ -121,7 +121,11 @@ if($config_type == 'user'){
if(!check_purview('header',1)){$site['custom_header'] = '';}
if(!check_purview('footer',1)){$site['custom_footer'] = '';}
//主页标题( 主标题 - 副标题 )
//主页标题(分类页面显示分类名-描述)
if(isset($_GET['cid']) && intval($_GET['cid']) > 0){
$teml_cd = get_db('user_categorys',['name','description'],['uid'=>UID,'cid'=>intval($_GET['cid'])]);
$site['title'] = $teml_cd['name']; $site['subtitle'] = $teml_cd['description'];
}
$site['Title'] = $site['title'].(empty($site['subtitle'])?'':' - '.$site['subtitle']);
//站点图标

2
system/version.txt
View File

@@ -1 +1 @@
v2.1.17-20240730
v2.1.18-20241018