bozhihouc/SRCMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SRCMS V2.2 开发版

Browse Source 
[新增] 审核后台单个漏洞报告导出
[新增] 审核后台全部漏洞报告导出为报表
[修复] Ueditor上传路径错误导致的文件上传失败问题
[修复] 用户个人中心礼品无法兑换的问题
[修复] 前台安全应急响应中心名称动态不显示的问题
[修复] 跳转页面LOGO不显示的问题
This commit is contained in:
Martin Zhou
2017-07-02 22:50:28 +08:00
parent 89fcf6aac8
commit c3e99b9a18
14 changed files with 110 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
Application/Admin/Controller/CheckController.class.php
View File

@@ -12,9 +12,24 @@ use Think\Controller;
class CheckController extends Controller class CheckController extends Controller
{ {
/**
* 导出漏洞报告
*/
public function view(){
$id = I('get.session_id');
$model = M('post')->where('visible=1')->where(array('session'=>$id))->find();
$arr['id']= $model['id'];
$arr['title']= $model['title'];
$arr['content']= $model['content'];
$arr['advise']= $model['advise'];
$arr['time']= $model['time'];
$arr['type']= $model['type'];
$this->ajaxReturn ($arr,'JSON');
}
/** /**
* 临时查看漏洞报告 * 临时查看漏洞报告
*/
public function view(){ public function view(){
$id = I('get.session_id',0,'number_int'); //seesion token防注入 $id = I('get.session_id',0,'number_int'); //seesion token防注入
$model = M('post')->where('session='.$id)->find(); $model = M('post')->where('session='.$id)->find();
@@ -23,9 +38,12 @@ class CheckController extends Controller
$this->assign('model',$model); $this->assign('model',$model);
$this->display(); $this->display();
} }
*/
/** /**
* 添加漏洞处理进展 * 添加漏洞处理进展
*/
public function add() public function add()
{ {
//默认显示添加表单 //默认显示添加表单
@@ -46,4 +64,5 @@ class CheckController extends Controller
} }
} }
} }
*/
} }

12
Application/Admin/Controller/MemberController.class.php
View File

@@ -115,13 +115,21 @@ class MemberController extends BaseController
} }
/** /**
* 删除用户 * 删除用户
* @param [type] $id [管理员ID]
*/ */
public function delete() public function delete()
{ {
$id = I('get.id',0,'intval'); $id = I('get.id',0,'intval');
$model = M('member'); $model = M('member');
if($model->where('id='.$id)->delete()){ $data['username'] = '[已删除]';
$data['realname'] = '[已删除]';
$data['email'] = '0';
$data['salt'] = '0';
$data['passwd'] = '0';
$data['team'] = '[已删除]';
$data['description'] = '[已删除]';
$data['website'] = '[已删除]';
$data['status'] = 1;
if($model->where('id='.$id)->save($data)){
$this->success("用户删除成功", U('member/index')); $this->success("用户删除成功", U('member/index'));
}else{ }else{
$this->error("用户删除失败"); $this->error("用户删除失败");

54
Application/Admin/Controller/PostController.class.php
View File

@@ -178,23 +178,63 @@ class PostController extends BaseController
/** /**
* 生成session key * 生成session key
**/
public function session(){ public function session(){
$id = I('get.id',0,'intval'); $id = I('get.id');
$str = '1234567890'; $str = '1234567890abcdefg';
$session = $str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)]; $session = $str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)];
$visible = 1; $visible = 1;
$model = M('post'); $model = M('post');
$model->session = $session; $model->session = $session;
$model->visible = $visible; $model->visible = $visible;
$result = $model->where('id='.$id)->save(); $result = $model->where(array('id'=>$id))->save();
if($result){ if($result){
$this->success("授权成功", U('Check/view?session_id='.$session)); $this->success("授权成功", U('post/index'));
}else{ }else{
$this->error("授权失败"); $this->error("授权失败");
} }
} }
*/
/**
* 取消导出
**/
public function cancel(){
$id = I('get.id');
$visible = 0;
$model = M('post');
$model->visible = $visible;
$result = $model->where(array('id'=>$id))->save();
if($result){
$this->success("取消成功", U('post/index'));
}else{
$this->error("取消失败");
}
}
/**
* 导出全部
**/
public function portall(){
$model = M('post')->field('id,title,content,advise,time,day,bounty')->limit(100)->select();
set_time_limit(0);
ini_set('memory_limit', '512M');
$output = fopen('php://output', 'w') or die("can't open php://output");
$filename = "安全应急响应中心外部漏洞报告统计表" . date('Y-m-d', time());
header("Content-Type: application/csv");
header("Content-Disposition: attachment; filename=$filename.csv");
$table_head = array('报告编号','报告名称','报告内容', '修复建议','提交时间','修补期限','漏洞奖励');
fputcsv($output, $table_head);
foreach ($model as $e) {
fputcsv($output, array_values($e));
}
fclose($output) or die("can't close php://output");
exit;
}
/** /**
添加报告评论 添加报告评论

12
Application/Admin/View/Post/index.html
View File

@@ -15,6 +15,16 @@
<li><a href="{:U('post/index?key=3')}">已确认</a></li> <li><a href="{:U('post/index?key=3')}">已确认</a></li>
<li><a href="{:U('post/index?key=4')}">已修复</a></li> <li><a href="{:U('post/index?key=4')}">已修复</a></li>
</ul> </ul>
</div>
<div class="btn-group">
<button type="button" class="btn btn-primary" style="margin : 2px 0px 5px 0px;">高级功能</button>
<button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" style="margin : 2px 0px 5px 0px;">
<span class="caret"></span>
<span class="sr-only">切换下拉菜单</span>
</button>
<ul class="dropdown-menu" role="menu">
<li><a href="{:U('post/portall')}">导出全部</a></li>
</ul>
</div> </div>
</ul> </ul>
</div> </div>
@@ -57,7 +67,7 @@
<td data-title="提交时间">{$v.time|date="Y/m/d",###}</td> <td data-title="提交时间">{$v.time|date="Y/m/d",###}</td>
<td data-title="提交者">{$v.username}</td> <td data-title="提交者">{$v.username}</td>
<td data-title="分类">{$v.category_title}</td> <td data-title="分类">{$v.category_title}</td>
<td data-title="操作"><a href="{:U('post/review?id=')}{$v.id}">审核</a> | <a href="{:U('post/update?id=')}{$v.id}">编辑</a> <!--| <if condition="$v.visible eq 0"><a href="{:U('post/session?id=')}{$v.id}" target="_Blank">生成工单</a> <elseif condition="$v.visible eq 1" /><a href="{:U('check/view?session_id=')}{$v.session}" target="_Blank">查看工单</a></if>--> | <a href="{:U('post/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td> <td data-title="操作"><a href="{:U('post/review?id=')}{$v.id}">审核</a> | <a href="{:U('post/update?id=')}{$v.id}">编辑</a> | <if condition="$v.visible eq 0"><a href="{:U('post/session?id=')}{$v.id}" target="_Blank">导出工单</a> <elseif condition="$v.visible eq 1" /><a href="{:U('check/view?session_id=')}{$v.session}" target="_Blank">查看工单</a> | <a href="{:U('post/cancel?id=')}{$v.id}" target="_Blank">取消导出</a> </if> | <a href="{:U('post/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
</tr> </tr>
</foreach> </foreach>
</tbody> </tbody>

3
Application/Home/Controller/HallController.class.php
View File

@@ -32,6 +32,9 @@ class HallController extends Controller{
$pid = I('get.pid',0,'number_int'); $pid = I('get.pid',0,'number_int');
$model = M('member'); $model = M('member');
$report = M('post'); $report = M('post');
$tmodel= M('setting');
$settings = $tmodel -> where('id=1') -> select();
$this->assign('settings', $settings);
$user = $model -> where(array('pid'=>$pid)) -> select(); $user = $model -> where(array('pid'=>$pid)) -> select();
$uid = $user[0]['id']; $uid = $user[0]['id'];
if ($uid != null){ if ($uid != null){

4
Application/Home/View/Blog/view.html
View File

@@ -6,7 +6,7 @@
<meta charset="utf-8"/> <meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta http-equiv="x-ua-compatible" content="ie=edge"> <meta http-equiv="x-ua-compatible" content="ie=edge">
<title>{$model.title} - <foreach name="settings" item="s"> {$s.key2} </foreach>安全应急响应中心</title> <title>{$model.title} - <foreach name="title" item="s"> {$s.key2} </foreach>安全应急响应中心</title>
<meta name="keywords" content="<foreach name='settings' item='s'> {$s.key2} </foreach>安全应急响应中心" /> <meta name="keywords" content="<foreach name='settings' item='s'> {$s.key2} </foreach>安全应急响应中心" />
<meta name="description" content="<foreach name='settings' item='s'> {$s.key2} </foreach>安全应急响应中心"> <meta name="description" content="<foreach name='settings' item='s'> {$s.key2} </foreach>安全应急响应中心">
<meta name="author" content="srcms.xyz"> <meta name="author" content="srcms.xyz">
@@ -43,7 +43,7 @@
<span class="yahei icon-bar"></span> <span class="yahei icon-bar"></span>
<span class="yaheiicon-bar"></span> <span class="yaheiicon-bar"></span>
</button> </button>
<a class="yahei navbar-brand" href="{:U('index/index')}"><strong><foreach name="settings" item="s"> {$s.key2} </foreach></strong> <a class="yahei navbar-brand" href="{:U('index/index')}"><strong><foreach name="title" item="s"> {$s.key2} </foreach></strong>
<span class="yahei" style=" font-size: 12px;padding: 2px 6px;border: 1px solid;border-radius: 4px;vertical-align: 4px; ">安全应急响应中心</span> <span class="yahei" style=" font-size: 12px;padding: 2px 6px;border: 1px solid;border-radius: 4px;vertical-align: 4px; ">安全应急响应中心</span>
</a> </a>
</div> </div>

4
Application/Home/View/Page/view.html
View File

@@ -6,7 +6,7 @@
<meta charset="utf-8"/> <meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta http-equiv="x-ua-compatible" content="ie=edge"> <meta http-equiv="x-ua-compatible" content="ie=edge">
<title>{$model.title} - <foreach name="settings" item="s"> {$s.key2} </foreach>安全应急响应中心</title> <title>{$model.title} - <foreach name="title" item="s"> {$s.key2} </foreach>安全应急响应中心</title>
<meta name="keywords" content="Google Inc.安全应急响应中心" /> <meta name="keywords" content="Google Inc.安全应急响应中心" />
<meta name="description" content="Google Inc.安全应急响应中心"> <meta name="description" content="Google Inc.安全应急响应中心">
<meta name="author" content="srcms.xyz"> <meta name="author" content="srcms.xyz">
@@ -43,7 +43,7 @@
<span class="yahei icon-bar"></span> <span class="yahei icon-bar"></span>
<span class="yaheiicon-bar"></span> <span class="yaheiicon-bar"></span>
</button> </button>
<a class="yahei navbar-brand" href="{:U('index/index')}"><strong><foreach name="settings" item="s"> {$s.key2} </foreach></strong> <a class="yahei navbar-brand" href="{:U('index/index')}"><strong><foreach name="title" item="s"> {$s.key2} </foreach></strong>
<span class="yahei" style=" font-size: 12px;padding: 2px 6px;border: 1px solid;border-radius: 4px;vertical-align: 4px; ">安全应急响应中心</span> <span class="yahei" style=" font-size: 12px;padding: 2px 6px;border: 1px solid;border-radius: 4px;vertical-align: 4px; ">安全应急响应中心</span>
</a> </a>
</div> </div>

5
Application/User/Controller/GiftController.class.php
View File

@@ -82,7 +82,10 @@ class GiftController extends BaseController{
$record_result = $record -> add($rdata); $record_result = $record -> add($rdata);
$token = $data['token']; $token = $data['token'];
if($token != $user['token']){$this->error("非法请求");} if($token != $user['token']){
$this->error("非法请求");
}
$result = M('member')->where('id='.$id)->setDec('jinbi',$gift['price']); $result = M('member')->where('id='.$id)->setDec('jinbi',$gift['price']);
if ($model->field('userid,username,gid,tel,alipay,realname,address,zipcode,price,update_time')->add($data)) { if ($model->field('userid,username,gid,tel,alipay,realname,address,zipcode,price,update_time')->add($data)) {

2
Application/User/Controller/LoginController.class.php
View File

@@ -66,7 +66,7 @@ class LoginController extends Controller {
'id' => $user['id'], 'id' => $user['id'],
'update_at' => time(), 'update_at' => time(),
'login_ip' => get_client_ip(), 'login_ip' => get_client_ip(),
'token' => $token, 'token' => $token //2017-07-02 fix bug: token can't be inserted into databease.
); );
//登陆成功 //登陆成功
if($member->save($data)){ if($member->save($data)){

2
Public/ueditor/php/config.json
View File

@@ -9,7 +9,7 @@
"imageCompressBorder": 1600, /* */ "imageCompressBorder": 1600, /* */
"imageInsertAlign": "none", /* */ "imageInsertAlign": "none", /* */
"imageUrlPrefix": "", /* 访 */ "imageUrlPrefix": "", /* 访 */
"imagePathFormat": "../../Temp/{yyyy}{mm}{dd}/{time}{rand:6}", /* , */ "imagePathFormat": "/ueditor/php/upload/image/{yyyy}{mm}{dd}/{time}{rand:6}", /* , */
/* {filename} , */ /* {filename} , */
/* {rand:6} , */ /* {rand:6} , */
/* {time} */ /* {time} */

6
ThinkPHP/Tpl/dispatch_jump.tpl
View File

File diff suppressed because one or more lines are too long

6
ThinkPHP/Tpl/think_exception.tpl
View File

File diff suppressed because one or more lines are too long

2
admin.php
View File

@@ -15,7 +15,7 @@ if(version_compare(PHP_VERSION,'5.3.0','<')) die('require PHP > 5.3.0 !');
define('BIND_MODULE','Admin'); define('BIND_MODULE','Admin');
// 开启调试模式 建议开发阶段开启 部署阶段注释或者设为false // 开启调试模式 建议开发阶段开启 部署阶段注释或者设为false
define('APP_DEBUG',False); define('APP_DEBUG',True);
// 定义应用目录 // 定义应用目录
define('APP_PATH','./Application/'); define('APP_PATH','./Application/');

2
robots.txt
View File

@@ -1,5 +1,5 @@
# #
# robots.txt for SRCMS V2 Community Version # robots.txt for SRCMS V2.2 Community Version
# #
User-agent: * User-agent: *