bozhihouc/SRCMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SRCMS V2.2 开发版

Browse Source 
[新增] 审核后台单个漏洞报告导出
[新增] 审核后台全部漏洞报告导出为报表
[修复] Ueditor上传路径错误导致的文件上传失败问题
[修复] 用户个人中心礼品无法兑换的问题
[修复] 前台安全应急响应中心名称动态不显示的问题
[修复] 跳转页面LOGO不显示的问题
This commit is contained in:
Martin Zhou
2017-07-02 22:50:28 +08:00
parent 89fcf6aac8
commit c3e99b9a18
14 changed files with 110 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
Application/Admin/Controller/CheckController.class.php
View File

@@ -12,9 +12,24 @@ use Think\Controller;
class CheckController extends Controller
{
/**
* 导出漏洞报告
*/
public function view(){
$id = I('get.session_id');
$model = M('post')->where('visible=1')->where(array('session'=>$id))->find();
$arr['id']= $model['id'];
$arr['title']= $model['title'];
$arr['content']= $model['content'];
$arr['advise']= $model['advise'];
$arr['time']= $model['time'];
$arr['type']= $model['type'];
$this->ajaxReturn ($arr,'JSON');
}
/**
* 临时查看漏洞报告
*/
public function view(){
$id = I('get.session_id',0,'number_int'); //seesion token防注入
$model = M('post')->where('session='.$id)->find();
@@ -23,9 +38,12 @@ class CheckController extends Controller
$this->assign('model',$model);
$this->display();
}
*/
/**
* 添加漏洞处理进展
*/
public function add()
{
//默认显示添加表单
@@ -46,4 +64,5 @@ class CheckController extends Controller
}
}
}
*/
}

12
Application/Admin/Controller/MemberController.class.php
View File

@@ -115,13 +115,21 @@ class MemberController extends BaseController
}
/**
* 删除用户
* @param [type] $id [管理员ID]
*/
public function delete()
{
$id = I('get.id',0,'intval');
$model = M('member');
if($model->where('id='.$id)->delete()){
$data['username'] = '[已删除]';
$data['realname'] = '[已删除]';
$data['email'] = '0';
$data['salt'] = '0';
$data['passwd'] = '0';
$data['team'] = '[已删除]';
$data['description'] = '[已删除]';
$data['website'] = '[已删除]';
$data['status'] = 1;
if($model->where('id='.$id)->save($data)){
$this->success("用户删除成功", U('member/index'));
}else{
$this->error("用户删除失败");

54
Application/Admin/Controller/PostController.class.php
View File

@@ -178,23 +178,63 @@ class PostController extends BaseController
/**
* 生成session key
**/
public function session(){
$id = I('get.id',0,'intval');
$str = '1234567890';
$session = $str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)];
public function session(){
$id = I('get.id');
$str = '1234567890abcdefg';
$session = $str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)];
$visible = 1;
$model = M('post');
$model->session = $session;
$model->visible = $visible;
$result = $model->where('id='.$id)->save();
$result = $model->where(array('id'=>$id))->save();
if($result){
$this->success("授权成功", U('Check/view?session_id='.$session));
$this->success("授权成功", U('post/index'));
}else{
$this->error("授权失败");
}
}
*/
/**
* 取消导出
**/
public function cancel(){
$id = I('get.id');
$visible = 0;
$model = M('post');
$model->visible = $visible;
$result = $model->where(array('id'=>$id))->save();
if($result){
$this->success("取消成功", U('post/index'));
}else{
$this->error("取消失败");
}
}
/**
* 导出全部
**/
public function portall(){
$model = M('post')->field('id,title,content,advise,time,day,bounty')->limit(100)->select();
set_time_limit(0);
ini_set('memory_limit', '512M');
$output = fopen('php://output', 'w') or die("can't open php://output");
$filename = "安全应急响应中心外部漏洞报告统计表" . date('Y-m-d', time());
header("Content-Type: application/csv");
header("Content-Disposition: attachment; filename=$filename.csv");
$table_head = array('报告编号','报告名称','报告内容', '修复建议','提交时间','修补期限','漏洞奖励');
fputcsv($output, $table_head);
foreach ($model as $e) {
fputcsv($output, array_values($e));
}
fclose($output) or die("can't close php://output");
exit;
}
/**
添加报告评论

12
Application/Admin/View/Post/index.html
View File

@@ -15,6 +15,16 @@
<li><a href="{:U('post/index?key=3')}">已确认</a></li>
<li><a href="{:U('post/index?key=4')}">已修复</a></li>
</ul>
</div>
<div class="btn-group">
<button type="button" class="btn btn-primary" style="margin : 2px 0px 5px 0px;">高级功能</button>
<button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" style="margin : 2px 0px 5px 0px;">
<span class="caret"></span>
<span class="sr-only">切换下拉菜单</span>
</button>
<ul class="dropdown-menu" role="menu">
<li><a href="{:U('post/portall')}">导出全部</a></li>
</ul>
</div>
</ul>
</div>
@@ -57,7 +67,7 @@
<td data-title="提交时间">{$v.time|date="Y/m/d",###}</td>
<td data-title="提交者">{$v.username}</td>
<td data-title="分类">{$v.category_title}</td>
<td data-title="操作"><a href="{:U('post/review?id=')}{$v.id}">审核</a> | <a href="{:U('post/update?id=')}{$v.id}">编辑</a> <!--| <if condition="$v.visible eq 0"><a href="{:U('post/session?id=')}{$v.id}" target="_Blank">生成工单</a> <elseif condition="$v.visible eq 1" /><a href="{:U('check/view?session_id=')}{$v.session}" target="_Blank">查看工单</a></if>--> | <a href="{:U('post/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
<td data-title="操作"><a href="{:U('post/review?id=')}{$v.id}">审核</a> | <a href="{:U('post/update?id=')}{$v.id}">编辑</a> | <if condition="$v.visible eq 0"><a href="{:U('post/session?id=')}{$v.id}" target="_Blank">导出工单</a> <elseif condition="$v.visible eq 1" /><a href="{:U('check/view?session_id=')}{$v.session}" target="_Blank">查看工单</a> | <a href="{:U('post/cancel?id=')}{$v.id}" target="_Blank">取消导出</a> </if> | <a href="{:U('post/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
</tr>
</foreach>
</tbody>