SRCMS V2.3

[修复] 后台处理订单提示“非法请求” [修复] 用户前台无法调整商品兑换数量 [修复] 一处第三方组件造成的SSRF
2017-09-09 12:06:21 +08:00
parent e5a0c1987f
commit fff056a9b1
16 changed files with 176 additions and 69 deletions
--- a/Application/Admin/Controller/OrderController.class.php
+++ b/Application/Admin/Controller/OrderController.class.php
@@ -39,14 +39,13 @@ class OrderController extends BaseController
    public function update()
    {
 	  $id = I('get.id',0,'intval');
 	  $user_id = I('get.username',0,'intval');
        if (!IS_POST) {
-            $model = M('order')->where(array('id='=>$id))->find();
+            $id = I('get.id',0,'intval');
            //$user_id = I('get.userid',0,'intval');
            $model = M('order')->where(array('id'=>$id))->find();
            $this->assign('model',$model);
-		    $model = M('member');
+	        //$info =  M('member')->where(array('id'=>$user_id))-> select();
-	        $info = $model->where(array('id'=>$user_id))-> select();
+		    //$this->assign('userM', $info);
 			$this->assign('userM', $info);
            $this->display();
        }
        if (IS_POST) {
--- a/Application/Admin/View/About/index.html
+++ b/Application/Admin/View/About/index.html
@@ -3,10 +3,10 @@
 <div class="page-height row-equal align-middle text-center">
 <div class="column">
 <div class="error-number">
-<span>2.0</span>
+<span>2.3</span>
 </div>
 <div class="m-b h4" style="font-family:微软雅黑;">SRCMS - 企业安全应急响应与缺陷管理中心</div>
-<p>授权许可：v2.0.0-alpha.1/ 社区开发版 / 2017.01.01 - 2019.01.01</p>
+<p>授权许可：v2.3.1-alpha.1/ 社区开发版 / 2017.01.01 - 2019.01.01</p>
 </div>
 </div>
 </div>
--- a/Application/Admin/View/Login/svalid.html
+++ b/Application/Admin/View/Login/svalid.html
@@ -4,7 +4,7 @@
 <title>SRCMS - 企业安全应急响应与缺陷管理中心</title>
 <meta name="description" content="">
 <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1, maximum-scale=1">
-<script type="text/javascript" async="" src="__PUBLIC__/Admin/ga.js.下载"></script>
+<script type="text/javascript" async="" src="__PUBLIC__/Admin/ga.js"></script>
 <link rel="stylesheet" href="__PUBLIC__/Admin/app.min.css">
 <style type="text/css">.cf-hidden { display: none; } .cf-invisible { visibility: hidden; }</style></head>
 <body class="page-loaded" style="font-family:微软雅黑;">
@@ -77,7 +77,7 @@
 </nav>
 </footer>
-<script src="__PUBLIC__/Admin/app.min.js.下载"></script><div class="bg-default"></div><div class="bg-primary"></div><div class="bg-success"></div><div class="bg-warning"></div><div class="bg-danger"></div><div class="bg-info"></div><div class="bg-white"></div><div class="bg-dark"></div>
+<script src="__PUBLIC__/Admin/app.min.js"></script><div class="bg-default"></div><div class="bg-primary"></div><div class="bg-success"></div><div class="bg-warning"></div><div class="bg-danger"></div><div class="bg-info"></div><div class="bg-white"></div><div class="bg-dark"></div>
 </body>
 <script src="__STATIC__/js/jquery-1.10.2.js"></script>
--- a/Application/Admin/View/Order/index.html
+++ b/Application/Admin/View/Order/index.html
@@ -50,7 +50,7 @@
                    <elseif condition="$v.finish eq 1" /><span class="label label-success">已发货</span>
 					<elseif condition="$v.finish eq 2" /><span class="label label-default">已关闭</span>
                    </if></td>
-				<td><a href="{:U('order/update',array('id'=>$v['id'],'username'=>$v['username']))}" target="_Blank">查看</a> | <a href="{:U('order/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗？\n\n删除后将不能恢复!');">删除</a></td>
+				<td><!--<a href="{:U('order/update',array('id'=>$v['id'],'userid'=>$v['userid']))}" target="_Blank">查看</a>--><a href="{:U('order/update',array('id'=>$v['id']))}" target="_Blank">查看</a> | <a href="{:U('order/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗？\n\n删除后将不能恢复!');">删除</a></td>
            </tr>
        </foreach>
        </tbody>
--- a/Application/Admin/View/Order/update.html
+++ b/Application/Admin/View/Order/update.html
@@ -15,6 +15,10 @@
            <label for="aa">礼品名称</label>
            <input type="text" name="gid" class="form-control" id="aa" value="{$model.gid}" placeholder="输入礼品名称">
        </div>
        <div class="form-group">
            <label for="aa">礼品价格</label>
            <input type="text" name="price" class="form-control" value="{$model.price}" placeholder="输入礼品价格">
        </div>
        <div class="form-group">
            <label for="bb">真实姓名</label>
            <input type="text" name="realname" class="form-control" value="{$model.realname}" placeholder="填写真实姓名">
--- a/Application/User/Controller/GiftController.class.php
+++ b/Application/User/Controller/GiftController.class.php
@@ -56,6 +56,7 @@ class GiftController extends BaseController{
            $this->display();
        }
        if (IS_POST) {
            $id = session('userId');
            $model = M("order");
 			$record = M('record');
 			$user = M('member')->where('id='.$id)->find();
@@ -64,7 +65,12 @@ class GiftController extends BaseController{
 				$this->error("安全币余额不足!", U('gift/index'));
 				exit();
 			}
-			$data = I();
+            $data = I();
            if($data['num']<0){
                $this->error("兑换数量非法！", U('gift/index'));
 				exit();
            }
            $price = $gift['price'] * $data['num'];
 			$data['gid'] = $gift['title']; 
 			$data['price'] = $gift['price']; 
 			$data['username'] = session('username');
@@ -74,7 +80,8 @@ class GiftController extends BaseController{
 			//记录兑换安全币变动日志
 			$rdata['type'] = 1;
 			$rdata['name'] = '兑换'.$gift['title'];
-			$rdata['content'] = '-安全币:'.$gift['price'];
+            $rdata['num'] = '数量:'.$gift['num'];
 			$rdata['content'] = '-安全币:'.$price;
 			$rdata['time'] = time();
 			$rdata['user'] = session('username');
 			$rdata['userid'] = session('userId');
@@ -85,10 +92,15 @@ class GiftController extends BaseController{
 			if($token != $user['token']){
 				$this->error("非法请求");
 			}
-
+		    if($user['jinbi']<$price){
-			
+				$this->error("安全币余额不足!", U('gift/index'));
-			$result = M('member')->where('id='.$id)->setDec('jinbi',$gift['price']);
+				exit();
-            if ($model->field('userid,username,gid,tel,alipay,realname,address,zipcode,price,update_time')->add($data)) {
+			}
 			$result = M('member')->where('id='.$id)->setDec('jinbi',$price);
            if (!$result){
               $this->error("兑换失败", U('gift/index'));
 			}
            if ($model->field('userid,username,gid,tel,alipay,realname,address,zipcode,price,update_time,num')->add($data)) {
 				if($result){
                    $this->success("兑换成功", U('gift/order'));
 					}
--- a/Application/User/Controller/PostController.class.php
+++ b/Application/User/Controller/PostController.class.php
@@ -68,7 +68,39 @@ class PostController extends BaseController
            }
        }
    }
-	
+    
 	public function edit()
    {
        //默认显示添加表单
        if (!IS_POST) {
 			$tmodel= M('setting');
 		    $title = $tmodel->where('id=1')->select();
 		    $this->assign('title', $title);
        	$this->assign("category",getSortedCategory(M('category')->select()));
            $this->display();
        }
        if (IS_POST) {
            //如果用户提交数据
            $model = D("Post");
            $model->create_time = time();
 			$data = I();
            if (!$model->field('title,user_id,cate_id,content')->create()) {
                // 如果创建失败 表示验证没有通过 输出错误提示信息
                $this->error($model->getError());
                exit();
            } else {
                if ($model->add()) {
 					require "./././././ThinkPHP/Library/Org/Net/Mail.class.php";
 					$time = date("Y-m-d h:i:sa");
 					$con='您好,安全应急响应中心新增一份漏洞报告《 '.$data['title'].'》。请您及时登陆后台查看。';  
 					SendMail('1009465756@qq.com','新增漏洞报告提示',$con,'安全应急响应中心');
                    $this->success("报告成功", U('post/index'));
                } else {
                    $this->error("报告失败");
                }
            }
        }
    }
 	public function view(){
 	    $rid = I('get.rid',0,'intval');
 		$model = M("Post");
--- a/Application/User/View/Gift/add.html
+++ b/Application/User/View/Gift/add.html
@@ -1,5 +1,17 @@
 <include file="Public/header" title="订单确认 - 企业安全应急响应与缺陷管理中心" gifts_status="open" gifts_color="#6164C1;"/>
 <script>
 function numplus(){
 var goodsnum = document.getElementById("redeemgoods"); 
 var resultnum = parseInt(goodsnum.value) + 1
 goodsnum.value = resultnum;
 }
 function numminus(){
 var goodsnum = document.getElementById("redeemgoods"); 
 var resultnum = parseInt(goodsnum.value) - 1
 goodsnum.value = resultnum;
 }
 </script>
 <div class="main-content">
 <div class="page-title">
 <div class="title">礼品中心</div>
@@ -26,11 +38,12 @@
 </thead>
 <tbody>
 <tr>
 <form method="post" action="{:U('gift/add?gid=')}{$gift.id}">
 <td class="text-capitalize">{$gift.title}</td>
 <td>
-<a class="math-actions minus">&nbsp;</a>
+<a class="math-actions minus" onclick="numminus();">&nbsp;</a>
-<span class="cart-quantity">1</span>
+<span class="cart-quantity"><input id="redeemgoods" class="input__field" name="num" type="text" value="1"></span>
-<a class="math-actions">&nbsp;</a>
+<a class="math-actions" onclick="numplus();">&nbsp;</a>
 </td>
 <td>{$gift.price}</td>
 </tr>
@@ -44,7 +57,6 @@
 <div class="card bg-white m-b">
 <div class="card-header">个人信息</div>
 <div class="card-block">
 <form method="post" action="{:U('gift/add?gid=')}{$gift.id}">
 	   <div class="form-group">
        <label>姓名：</label>
        <input type="text" name="realname"  class="form-control" value="{$info.realname}">
@@ -76,12 +88,5 @@
 </div>
 </div>
 </form>
 </div>
 <include file="Public/footer" />
--- a/Application/User/View/Login/svalid.html
+++ b/Application/User/View/Login/svalid.html
@@ -4,7 +4,7 @@
 <title>SRCMS - 企业安全应急响应与缺陷管理中心</title>
 <meta name="description" content="">
 <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1, maximum-scale=1">
-<script type="text/javascript" async="" src="__PUBLIC__/Admin/ga.js.下载"></script>
+<script type="text/javascript" async="" src="__PUBLIC__/Admin/ga.js"></script>
 <link rel="stylesheet" href="__PUBLIC__/Admin/app.min.css">
 <style type="text/css">.cf-hidden { display: none; } .cf-invisible { visibility: hidden; }</style></head>
 <body class="page-loaded" style="font-family:微软雅黑;">
@@ -77,7 +77,7 @@
 </nav>
 </footer>
-<script src="__PUBLIC__/Admin/app.min.js.下载"></script><div class="bg-default"></div><div class="bg-primary"></div><div class="bg-success"></div><div class="bg-warning"></div><div class="bg-danger"></div><div class="bg-info"></div><div class="bg-white"></div><div class="bg-dark"></div>
+<script src="__PUBLIC__/Admin/app.min.js"></script><div class="bg-default"></div><div class="bg-primary"></div><div class="bg-success"></div><div class="bg-warning"></div><div class="bg-danger"></div><div class="bg-info"></div><div class="bg-white"></div><div class="bg-dark"></div>
 </body>
 <script src="__STATIC__/js/jquery-1.10.2.js"></script>
--- a/Application/User/View/Post/edit.html
+++ b/Application/User/View/Post/edit.html
@@ -0,0 +1,53 @@
 <include file="Public/header" title="编辑报告 - 企业安全应急响应与缺陷管理中心 | Powered By SRCMS" report_status="open" add_report_color="#6164C1;"/>
 <script type="text/javascript" src="__PUBLIC__/ueditor/ueditor.config.js"></script>
 <script type="text/javascript" src="__PUBLIC__/ueditor/ueditor.all.js"></script>
 <script type="text/javascript">
    var ue = UE.getEditor('post-content',{
        toolbars: [
            ['source', '|','simpleupload','emotion','link','unlink', '|', 'selectall', 'cleardoc'],
        ],
        initialFrameHeight:500,
        zIndex:100
    });
 </script>
 <div class="main-content">
 <div class="page-title">
 	<ol class="breadcrumb no-bg pl0">
 	<li>
 	<i class="icon-users"></i> <a href="{:U('post/index')}">报告列表</a>
 	</li>
 	<li>
 	<a href="javascript:;">提交漏洞</a>
 	</li>
 	</ol>
 </div> 
 <div class="row">
        <div class="col-lg-13">
            <div class="alert alert-success alert-dismissable">
                <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
                <p>感谢您向我们报告漏洞，您的每一份报告我们都会有专人跟进，请您耐心等待审核！</p>
 				<div class="clearfix"></div>
            </div>
        </div>
 </div>
 <form method="post" action="{:U('post/add')}">
        <div class="form-group">
            <label for="post-title">报告标题</label>
            <input type="text" name="title" class="form-control" id="post-title" placeholder="输入文章标题">
        </div>
        <div class="form-group">
            <label for="post-cate">漏洞类型</label>
            <select name="cate_id" id="post-cate" class="form-control" style="width:100%">
                <foreach name="category" item="v">
                    <option value="{$v.id}">{$v.html} {$v.title}</option>
                </foreach>
            </select>
        </div>
        <div class="form-group">
            <label for="post-content">漏洞内容</label>
            <script id="post-content" name="content" type="text/plain" style="width:100%"></script>
        </div>
        <button type="submit" class="btn btn-default">提交</button>
 </form>
 </div>
 <include file="Public/footer" />
--- a/Application/User/View/Post/index.html
+++ b/Application/User/View/Post/index.html
@@ -39,6 +39,7 @@
                <th>报告状态</th>
                <th>危害评级</th>
                <th>漏洞类型</th>
                <!--<th>操作</th>-->
            </tr>
        </thead>
        <tbody>
@@ -59,6 +60,11 @@
                    <elseif condition="$v.rank eq 4" /><span class="label label-success">高危</span>
                    </if></td>
                <td data-title="漏洞类型">{$v.category_title}</td>
                <!--<td data-title="操作"><if condition="$v.type eq 1"><a href="">编辑</span>
                    <elseif condition="$v.type eq 2" /><a href="{:U('post/view?rid=')}{$v.id}">查看</a>
                    <elseif condition="$v.type eq 3" /><a href="{:U('post/view?rid=')}{$v.id}">查看</a>
                    <elseif condition="$v.type eq 4" /><a href="{:U('post/view?rid=')}{$v.id}">查看</a>
                    </if></td>-->
            </tr>
        </foreach>
        </tbody>
--- a/DB/srcms.sql
+++ b/DB/srcms.sql
@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
-- Generation Time: 2017-05-31 22:47:33
+-- Generation Time: 2017-09-09 11:45:11
 -- 服务器版本： 5.5.40
 -- PHP Version: 5.5.17
@@ -19,8 +19,6 @@ SET time_zone = "+00:00";
 --
 -- Database: `srcms`
 --
 CREATE DATABASE `srcms` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
 USE srcms;
 -- --------------------------------------------------------
@@ -121,7 +119,7 @@ CREATE TABLE IF NOT EXISTS `hall` (
 INSERT INTO `hall` (`id`, `name`, `team`, `url`, `des`) VALUES
 (0, 'Nancy Rich', 'Google (Porject Zero)', './PUBLIC/Index/img/400x400/04.jpg', '来自Google Project Zero的Nancy，第一季度帮助我们发现20个涉及Andriod、Google Chrome等核心产品的严重漏洞。对Google安全生态的建设起到了极大的帮助 '),
 (1, 'Anna Kusaikina', 'Apple Security Team', './Public/Index/img/400x400/06.jpg', '来自Apple Security Team的Anna，第三季度帮助我们发现5个涉及Google Chrome的高危漏洞，对Chrome的稳定性和安全性的提升贡献非凡。'),
-(2, 'Lucas Richardson', 'Microsoft Security Response Center', './Public/Index/img/400x400/05.jpg', '帮助我们发现了一枚严重级别的远程代码执行漏洞，并及时通知我们进行修复，保护了亿万用户的安全，特此表示衷心的感谢。');
+(2, 'Microsoft Security Center', 'Microsoft Security Response Center', './Public/Index/img/400x400/05.jpg', '帮助我们发现了一枚严重级别的远程代码执行漏洞，并及时通知我们进行修复，保护了亿万用户的安全，特此表示衷心的感谢。');
 -- --------------------------------------------------------
@@ -195,7 +193,7 @@ CREATE TABLE IF NOT EXISTS `manager` (
 --
 INSERT INTO `manager` (`id`, `username`, `email`, `password`, `token`, `login_ip`, `create_at`, `update_at`) VALUES
-(1, 'admin', '1009465756@qq.com', '21232f297a57a5a743894a0e4a801fc3', '214b679679a56701df24aeaabb2c952b', '0.0.0.0', '1453778451', '1496241923');
+(1, 'admin', '1009465756@qq.com', '21232f297a57a5a743894a0e4a801fc3', 'f25370eb70f3d5b5e2990304fbad1311', '0.0.0.0', '1453778451', '1504796246');
 -- --------------------------------------------------------
@@ -230,7 +228,16 @@ CREATE TABLE IF NOT EXISTS `member` (
  `type` tinyint(1) DEFAULT '1' COMMENT '1:前台用户 2:管理员 ',
  `jifen` int(10) NOT NULL DEFAULT '0' COMMENT '用户积分',
  `jinbi` varchar(255) NOT NULL DEFAULT '0' COMMENT '安全币'
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;
 --
 -- 转存表中的数据 `member`
 --
 INSERT INTO `member` (`id`, `pid`, `username`, `realname`, `team`, `email`, `salt`, `password`, `token`, `avatar`, `address`, `description`, `bankcode`, `idcode`, `zipcode`, `alipay`, `tel`, `website`, `qqnumber`, `create_at`, `update_at`, `login_ip`, `status`, `type`, `jifen`, `jinbi`) VALUES
 (1, '0', 'user', '暂无', '暂无', 'user@qq.com', '暂无', '5cc32e366c87c4cb49e4309b75f57d64', '0', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '0', '1497262271', '0', '0.0.0.0', 1, 1, 0, '0'),
 (2, '40490179412345254132823132685141', '[已删除]', '[已删除]', '[已删除]', '0', '0', '905ee8f75384669deca8b221fa28eda4', '0', '暂无', '暂无', '[已删除]', '暂无', '暂无', '暂无', '暂无', '暂无', '[已删除]', '0', '1497262735', '1497262736', '0.0.0.0', 1, 1, 200, '200'),
 (3, '23655135121160235158753959640175', 'user2', '暂无', '暂无', 'user2@qq.com', 'ZvWtKuAr', 'a42001f146d8351d83bd50613708d0c6', '6cd213daa5e168af1e3c19748824a3f5', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '0', '1498998699', '1504923888', '0.0.0.0', 1, 1, 100, '70');
 -- --------------------------------------------------------
@@ -264,16 +271,10 @@ CREATE TABLE IF NOT EXISTS `order` (
  `alipay` varchar(50) NOT NULL COMMENT '支付宝',
  `gid` varchar(100) NOT NULL COMMENT '礼品名称',
  `price` varchar(255) NOT NULL DEFAULT '0' COMMENT '订单金额',
  `num` int(10) NOT NULL DEFAULT '1' COMMENT '兑换数量',
  `update_time` varchar(255) NOT NULL COMMENT '订单时间',
  `finish` int(2) NOT NULL COMMENT '1. 完成 2.未完成'
-) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 --
 -- 转存表中的数据 `order`
 --
 INSERT INTO `order` (`id`, `userid`, `username`, `realname`, `zipcode`, `address`, `tel`, `alipay`, `gid`, `price`, `update_time`, `finish`) VALUES
 (1, '1', 'user', '暂无', '暂无', '暂无', 0, '暂无', '定制饮品', '100', '1486179341', 0);
 -- --------------------------------------------------------
@@ -318,14 +319,17 @@ CREATE TABLE IF NOT EXISTS `post` (
  `bounty` varchar(255) NOT NULL DEFAULT '0' COMMENT '漏洞报告奖励',
  `type` tinyint(1) DEFAULT '1' COMMENT '1:审核中,2:已忽略,3:已确认,4:已修复',
  `visible` int(2) NOT NULL DEFAULT '0'
-) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;
 --
 -- 转存表中的数据 `post`
 --
 INSERT INTO `post` (`id`, `session`, `title`, `content`, `advise`, `time`, `day`, `cate_id`, `user_id`, `rank`, `bounty`, `type`, `visible`) VALUES
-(1, '', '测试工单', '&lt;p&gt;测试工单&lt;/p&gt;', '', '1486183605', 0, 2, 1, 1, '+积分:100 +安全币:100', 1, 0);
+(1, 'f07081e7fggb08e3743e8f095a84633', '测试工单', '&lt;p&gt;测试工单&lt;/p&gt;', '', '1486183605', 0, 2, 1, 1, '+积分:100 +安全币:100', 1, 1),
 (2, '10df72172234g01a8agf316091a1975', 'admin', '&lt;p&gt;admin&lt;/p&gt;', '', '1497262222', 0, 6, 1, 1, '0', 1, 0),
 (3, '3fg628ab50cba75997dac3d1129e3c', 'admin', '&lt;p&gt;admin&lt;/p&gt;', '', '1497262751', 2, 6, 2, 2, '+积分:100 +安全币:100', 2, 0),
 (4, '', '测试报告', '', '', '1504796958', 0, 1, 3, 1, '0', 1, 0);
 -- --------------------------------------------------------
@@ -342,16 +346,7 @@ CREATE TABLE IF NOT EXISTS `record` (
  `user` varchar(255) NOT NULL COMMENT '变动用户',
  `userid` int(10) NOT NULL DEFAULT '0' COMMENT '变动用户ID',
  `operator` varchar(255) NOT NULL DEFAULT '暂无' COMMENT '操作人'
-) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COMMENT='操作记录';
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='操作记录';
 --
 -- 转存表中的数据 `record`
 --
 INSERT INTO `record` (`id`, `type`, `name`, `content`, `time`, `user`, `userid`, `operator`) VALUES
 (1, 1, '兑换定制饮品', '-安全币:100', '1486179341', 'user', 1, 'user'),
 (2, 1, '增加积分/安全币', '+积分:100 +安全币:200', '1486188291', 'user', 0, 'admin'),
 (3, 1, '增加积分/安全币', '+积分:100 +安全币:100', '1486188711', 'user', 0, 'admin');
 -- --------------------------------------------------------
@@ -375,7 +370,7 @@ CREATE TABLE IF NOT EXISTS `setting` (
 --
 INSERT INTO `setting` (`id`, `value`, `key1`, `key2`, `key3`, `key4`, `key5`, `key6`) VALUES
-(1, 'basic', '1009465756', 'Google Inc.', 'Google Inc. 是一家位于美国的跨国科技企业，业务包括Google搜索、Google Chrome、Andriod等。Google非常重视安全生态的建设，希望通过建立安全应急响应中心邀请安全专家完善生态。', '&lt;script&gt;百度统计&lt;/script&gt;', '1009465756', '© Google 2017-2018 Powered by: SRCMS');
+(1, 'basic', '1009465750', 'Google Inc.', 'Google Inc. 是一家位于美国的跨国科技企业，业务包括Google搜索、Google Chrome、Andriod等。Google非常重视安全生态的建设，希望通过建立安全应急响应中心邀请安全专家完善生态。', '&lt;script&gt;百度统计&lt;/script&gt;', '1009465752', '© Google 2017-2018 Powered by: SRCMS');
 --
 -- Indexes for dumped tables
@@ -503,7 +498,7 @@ ALTER TABLE `manager`
 -- AUTO_INCREMENT for table `member`
 --
 ALTER TABLE `member`
-  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT COMMENT '用户ID';
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT COMMENT '用户ID',AUTO_INCREMENT=4;
 --
 -- AUTO_INCREMENT for table `notes`
 --
@@ -513,7 +508,7 @@ ALTER TABLE `notes`
 -- AUTO_INCREMENT for table `order`
 --
 ALTER TABLE `order`
-  MODIFY `id` int(10) NOT NULL AUTO_INCREMENT COMMENT '订单编号',AUTO_INCREMENT=2;
+  MODIFY `id` int(10) NOT NULL AUTO_INCREMENT COMMENT '订单编号';
 --
 -- AUTO_INCREMENT for table `page`
 --
@@ -523,12 +518,12 @@ ALTER TABLE `page`
 -- AUTO_INCREMENT for table `post`
 --
 ALTER TABLE `post`
-  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=2;
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=5;
 --
 -- AUTO_INCREMENT for table `record`
 --
 ALTER TABLE `record`
-  MODIFY `id` int(100) NOT NULL AUTO_INCREMENT COMMENT '操作ID',AUTO_INCREMENT=4;
+  MODIFY `id` int(100) NOT NULL AUTO_INCREMENT COMMENT '操作ID';
 --
 -- AUTO_INCREMENT for table `setting`
 --
--- a/Public/Static/app.min.css
+++ b/Public/Static/app.min.css
--- a/Public/ueditor/php/controller.php
+++ b/Public/ueditor/php/controller.php
@@ -33,11 +33,12 @@ switch ($action) {
        $result = include("action_list.php");
        break;
-    /* 抓取远程文件 */
+    /* 抓取远程文件 
    case 'catchimage':
        $result = include("action_crawler.php");
        break;
-
+   */
    default:
        $result = json_encode(array(
            'state'=> '请求地址出错'
--- a/ThinkPHP/Tpl/dispatch_jump.tpl
+++ b/ThinkPHP/Tpl/dispatch_jump.tpl
--- a/ThinkPHP/Tpl/think_exception.tpl
+++ b/ThinkPHP/Tpl/think_exception.tpl