bozhihouc/SRCMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SRCMS V2.3

Browse Source 
[修复] 后台处理订单提示“非法请求”
[修复] 用户前台无法调整商品兑换数量
[修复] 一处第三方组件造成的SSRF
This commit is contained in:
Martin Zhou
2017-09-09 12:06:21 +08:00
parent e5a0c1987f
commit fff056a9b1
16 changed files with 176 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Application/Admin/Controller/OrderController.class.php
View File

@@ -39,14 +39,13 @@ class OrderController extends BaseController
public function update()
{
$id = I('get.id',0,'intval');
$user_id = I('get.username',0,'intval');
if (!IS_POST) {
$model = M('order')->where(array('id='=>$id))->find();
$id = I('get.id',0,'intval');
//$user_id = I('get.userid',0,'intval');
$model = M('order')->where(array('id'=>$id))->find();
$this->assign('model',$model);
$model = M('member');
$info = $model->where(array('id'=>$user_id))-> select();
$this->assign('userM', $info);
//$info = M('member')->where(array('id'=>$user_id))-> select();
//$this->assign('userM', $info);
$this->display();
}
if (IS_POST) {

4
Application/Admin/View/About/index.html
View File

@@ -3,10 +3,10 @@
<div class="page-height row-equal align-middle text-center">
<div class="column">
<div class="error-number">
<span>2.0</span>
<span>2.3</span>
</div>
<div class="m-b h4" style="font-family:微软雅黑;">SRCMS - 企业安全应急响应与缺陷管理中心</div>
<p>授权许可v2.0.0-alpha.1/ 社区开发版 / 2017.01.01 - 2019.01.01</p>
<p>授权许可v2.3.1-alpha.1/ 社区开发版 / 2017.01.01 - 2019.01.01</p>
</div>
</div>
</div>

4
Application/Admin/View/Login/svalid.html
View File

@@ -4,7 +4,7 @@
<title>SRCMS - 企业安全应急响应与缺陷管理中心</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1, maximum-scale=1">
<script type="text/javascript" async="" src="__PUBLIC__/Admin/ga.js.下载"></script>
<script type="text/javascript" async="" src="__PUBLIC__/Admin/ga.js"></script>
<link rel="stylesheet" href="__PUBLIC__/Admin/app.min.css">
<style type="text/css">.cf-hidden { display: none; } .cf-invisible { visibility: hidden; }</style></head>
<body class="page-loaded" style="font-family:微软雅黑;">
@@ -77,7 +77,7 @@
</nav>
</footer>
<script src="__PUBLIC__/Admin/app.min.js.下载"></script><div class="bg-default"></div><div class="bg-primary"></div><div class="bg-success"></div><div class="bg-warning"></div><div class="bg-danger"></div><div class="bg-info"></div><div class="bg-white"></div><div class="bg-dark"></div>
<script src="__PUBLIC__/Admin/app.min.js"></script><div class="bg-default"></div><div class="bg-primary"></div><div class="bg-success"></div><div class="bg-warning"></div><div class="bg-danger"></div><div class="bg-info"></div><div class="bg-white"></div><div class="bg-dark"></div>
</body>
<script src="__STATIC__/js/jquery-1.10.2.js"></script>

2
Application/Admin/View/Order/index.html
View File

@@ -50,7 +50,7 @@
<elseif condition="$v.finish eq 1" /><span class="label label-success">已发货</span>
<elseif condition="$v.finish eq 2" /><span class="label label-default">已关闭</span>
</if></td>
<td><a href="{:U('order/update',array('id'=>$v['id'],'username'=>$v['username']))}" target="_Blank">查看</a> | <a href="{:U('order/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
<td><!--<a href="{:U('order/update',array('id'=>$v['id'],'userid'=>$v['userid']))}" target="_Blank">查看</a>--><a href="{:U('order/update',array('id'=>$v['id']))}" target="_Blank">查看</a> | <a href="{:U('order/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
</tr>
</foreach>
</tbody>

4
Application/Admin/View/Order/update.html
View File

@@ -15,6 +15,10 @@
<label for="aa">礼品名称</label>
<input type="text" name="gid" class="form-control" id="aa" value="{$model.gid}" placeholder="输入礼品名称">
</div>
<div class="form-group">
<label for="aa">礼品价格</label>
<input type="text" name="price" class="form-control" value="{$model.price}" placeholder="输入礼品价格">
</div>
<div class="form-group">
<label for="bb">真实姓名</label>
<input type="text" name="realname" class="form-control" value="{$model.realname}" placeholder="填写真实姓名">

24
Application/User/Controller/GiftController.class.php
View File

@@ -56,6 +56,7 @@ class GiftController extends BaseController{
$this->display();
}
if (IS_POST) {
$id = session('userId');
$model = M("order");
$record = M('record');
$user = M('member')->where('id='.$id)->find();
@@ -64,7 +65,12 @@ class GiftController extends BaseController{
$this->error("安全币余额不足!", U('gift/index'));
exit();
}
$data = I();
$data = I();
if($data['num']<0){
$this->error("兑换数量非法!", U('gift/index'));
exit();
}
$price = $gift['price'] * $data['num'];
$data['gid'] = $gift['title'];
$data['price'] = $gift['price'];
$data['username'] = session('username');
@@ -74,7 +80,8 @@ class GiftController extends BaseController{
//记录兑换安全币变动日志
$rdata['type'] = 1;
$rdata['name'] = '兑换'.$gift['title'];
$rdata['content'] = '-安全币:'.$gift['price'];
$rdata['num'] = '数量:'.$gift['num'];
$rdata['content'] = '-安全币:'.$price;
$rdata['time'] = time();
$rdata['user'] = session('username');
$rdata['userid'] = session('userId');
@@ -85,10 +92,15 @@ class GiftController extends BaseController{
if($token != $user['token']){
$this->error("非法请求");
}
$result = M('member')->where('id='.$id)->setDec('jinbi',$gift['price']);
if ($model->field('userid,username,gid,tel,alipay,realname,address,zipcode,price,update_time')->add($data)) {
if($user['jinbi']<$price){
$this->error("安全币余额不足!", U('gift/index'));
exit();
}
$result = M('member')->where('id='.$id)->setDec('jinbi',$price);
if (!$result){
$this->error("兑换失败", U('gift/index'));
}
if ($model->field('userid,username,gid,tel,alipay,realname,address,zipcode,price,update_time,num')->add($data)) {
if($result){
$this->success("兑换成功", U('gift/order'));
}

34
Application/User/Controller/PostController.class.php
View File

@@ -68,7 +68,39 @@ class PostController extends BaseController
}
}
}
public function edit()
{
//默认显示添加表单
if (!IS_POST) {
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
$this->assign("category",getSortedCategory(M('category')->select()));
$this->display();
}
if (IS_POST) {
//如果用户提交数据
$model = D("Post");
$model->create_time = time();
$data = I();
if (!$model->field('title,user_id,cate_id,content')->create()) {
// 如果创建失败 表示验证没有通过 输出错误提示信息
$this->error($model->getError());
exit();
} else {
if ($model->add()) {
require "./././././ThinkPHP/Library/Org/Net/Mail.class.php";
$time = date("Y-m-d h:i:sa");
$con='您好,安全应急响应中心新增一份漏洞报告《 '.$data['title'].'》。请您及时登陆后台查看。';
SendMail('1009465756@qq.com','新增漏洞报告提示',$con,'安全应急响应中心');
$this->success("报告成功", U('post/index'));
} else {
$this->error("报告失败");
}
}
}
}
public function view(){
$rid = I('get.rid',0,'intval');
$model = M("Post");

27
Application/User/View/Gift/add.html
View File

@@ -1,5 +1,17 @@
<include file="Public/header" title="订单确认 - 企业安全应急响应与缺陷管理中心" gifts_status="open" gifts_color="#6164C1;"/>
<script>
function numplus(){
var goodsnum = document.getElementById("redeemgoods");
var resultnum = parseInt(goodsnum.value) + 1
goodsnum.value = resultnum;
}
function numminus(){
var goodsnum = document.getElementById("redeemgoods");
var resultnum = parseInt(goodsnum.value) - 1
goodsnum.value = resultnum;
}
</script>
<div class="main-content">
<div class="page-title">
<div class="title">礼品中心</div>
@@ -26,11 +38,12 @@
</thead>
<tbody>
<tr>
<form method="post" action="{:U('gift/add?gid=')}{$gift.id}">
<td class="text-capitalize">{$gift.title}</td>
<td>
<a class="math-actions minus">&nbsp;</a>
<span class="cart-quantity">1</span>
<a class="math-actions">&nbsp;</a>
<a class="math-actions minus" onclick="numminus();">&nbsp;</a>
<span class="cart-quantity"><input id="redeemgoods" class="input__field" name="num" type="text" value="1"></span>
<a class="math-actions" onclick="numplus();">&nbsp;</a>
</td>
<td>{$gift.price}</td>
</tr>
@@ -44,7 +57,6 @@
<div class="card bg-white m-b">
<div class="card-header">个人信息</div>
<div class="card-block">
<form method="post" action="{:U('gift/add?gid=')}{$gift.id}">
<div class="form-group">
<label>姓名:</label>
<input type="text" name="realname" class="form-control" value="{$info.realname}">
@@ -76,12 +88,5 @@
</div>
</div>
</form>
</div>
<include file="Public/footer" />

4
Application/User/View/Login/svalid.html
View File

@@ -4,7 +4,7 @@
<title>SRCMS - 企业安全应急响应与缺陷管理中心</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1, maximum-scale=1">
<script type="text/javascript" async="" src="__PUBLIC__/Admin/ga.js.下载"></script>
<script type="text/javascript" async="" src="__PUBLIC__/Admin/ga.js"></script>
<link rel="stylesheet" href="__PUBLIC__/Admin/app.min.css">
<style type="text/css">.cf-hidden { display: none; } .cf-invisible { visibility: hidden; }</style></head>
<body class="page-loaded" style="font-family:微软雅黑;">
@@ -77,7 +77,7 @@
</nav>
</footer>
<script src="__PUBLIC__/Admin/app.min.js.下载"></script><div class="bg-default"></div><div class="bg-primary"></div><div class="bg-success"></div><div class="bg-warning"></div><div class="bg-danger"></div><div class="bg-info"></div><div class="bg-white"></div><div class="bg-dark"></div>
<script src="__PUBLIC__/Admin/app.min.js"></script><div class="bg-default"></div><div class="bg-primary"></div><div class="bg-success"></div><div class="bg-warning"></div><div class="bg-danger"></div><div class="bg-info"></div><div class="bg-white"></div><div class="bg-dark"></div>
</body>
<script src="__STATIC__/js/jquery-1.10.2.js"></script>

53
Application/User/View/Post/edit.html Normal file
View File

@@ -0,0 +1,53 @@
<include file="Public/header" title="编辑报告 - 企业安全应急响应与缺陷管理中心 | Powered By SRCMS" report_status="open" add_report_color="#6164C1;"/>
<script type="text/javascript" src="__PUBLIC__/ueditor/ueditor.config.js"></script>
<script type="text/javascript" src="__PUBLIC__/ueditor/ueditor.all.js"></script>
<script type="text/javascript">
var ue = UE.getEditor('post-content',{
toolbars: [
['source', '|','simpleupload','emotion','link','unlink', '|', 'selectall', 'cleardoc'],
],
initialFrameHeight:500,
zIndex:100
});
</script>
<div class="main-content">
<div class="page-title">
<ol class="breadcrumb no-bg pl0">
<li>
<i class="icon-users"></i> <a href="{:U('post/index')}">报告列表</a>
</li>
<li>
<a href="javascript:;">提交漏洞</a>
</li>
</ol>
</div>
<div class="row">
<div class="col-lg-13">
<div class="alert alert-success alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<p>感谢您向我们报告漏洞,您的每一份报告我们都会有专人跟进,请您耐心等待审核!</p>
<div class="clearfix"></div>
</div>
</div>
</div>
<form method="post" action="{:U('post/add')}">
<div class="form-group">
<label for="post-title">报告标题</label>
<input type="text" name="title" class="form-control" id="post-title" placeholder="输入文章标题">
</div>
<div class="form-group">
<label for="post-cate">漏洞类型</label>
<select name="cate_id" id="post-cate" class="form-control" style="width:100%">
<foreach name="category" item="v">
<option value="{$v.id}">{$v.html} {$v.title}</option>
</foreach>
</select>
</div>
<div class="form-group">
<label for="post-content">漏洞内容</label>
<script id="post-content" name="content" type="text/plain" style="width:100%"></script>
</div>
<button type="submit" class="btn btn-default">提交</button>
</form>
</div>
<include file="Public/footer" />

6
Application/User/View/Post/index.html
View File

@@ -39,6 +39,7 @@
<th>报告状态</th>
<th>危害评级</th>
<th>漏洞类型</th>
<!--<th>操作</th>-->
</tr>
</thead>
<tbody>
@@ -59,6 +60,11 @@
<elseif condition="$v.rank eq 4" /><span class="label label-success">高危</span>
</if></td>
<td data-title="漏洞类型">{$v.category_title}</td>
<!--<td data-title="操作"><if condition="$v.type eq 1"><a href="">编辑</span>
<elseif condition="$v.type eq 2" /><a href="{:U('post/view?rid=')}{$v.id}">查看</a>
<elseif condition="$v.type eq 3" /><a href="{:U('post/view?rid=')}{$v.id}">查看</a>
<elseif condition="$v.type eq 4" /><a href="{:U('post/view?rid=')}{$v.id}">查看</a>
</if></td>-->
</tr>
</foreach>
</tbody>

57
DB/srcms.sql
View File

@@ -3,7 +3,7 @@
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: 2017-05-31 22:47:33
-- Generation Time: 2017-09-09 11:45:11
-- 服务器版本: 5.5.40
-- PHP Version: 5.5.17
@@ -19,8 +19,6 @@ SET time_zone = "+00:00";
--
-- Database: `srcms`
--
CREATE DATABASE `srcms` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
USE srcms;
-- --------------------------------------------------------
@@ -121,7 +119,7 @@ CREATE TABLE IF NOT EXISTS `hall` (
INSERT INTO `hall` (`id`, `name`, `team`, `url`, `des`) VALUES
(0, 'Nancy Rich', 'Google (Porject Zero)', './PUBLIC/Index/img/400x400/04.jpg', '来自Google Project Zero的Nancy第一季度帮助我们发现20个涉及Andriod、Google Chrome等核心产品的严重漏洞。对Google安全生态的建设起到了极大的帮助 '),
(1, 'Anna Kusaikina', 'Apple Security Team', './Public/Index/img/400x400/06.jpg', '来自Apple Security Team的Anna第三季度帮助我们发现5个涉及Google Chrome的高危漏洞对Chrome的稳定性和安全性的提升贡献非凡。'),
(2, 'Lucas Richardson', 'Microsoft Security Response Center', './Public/Index/img/400x400/05.jpg', '帮助我们发现了一枚严重级别的远程代码执行漏洞,并及时通知我们进行修复,保护了亿万用户的安全,特此表示衷心的感谢。');
(2, 'Microsoft Security Center', 'Microsoft Security Response Center', './Public/Index/img/400x400/05.jpg', '帮助我们发现了一枚严重级别的远程代码执行漏洞,并及时通知我们进行修复,保护了亿万用户的安全,特此表示衷心的感谢。');
-- --------------------------------------------------------
@@ -195,7 +193,7 @@ CREATE TABLE IF NOT EXISTS `manager` (
--
INSERT INTO `manager` (`id`, `username`, `email`, `password`, `token`, `login_ip`, `create_at`, `update_at`) VALUES
(1, 'admin', '1009465756@qq.com', '21232f297a57a5a743894a0e4a801fc3', '214b679679a56701df24aeaabb2c952b', '0.0.0.0', '1453778451', '1496241923');
(1, 'admin', '1009465756@qq.com', '21232f297a57a5a743894a0e4a801fc3', 'f25370eb70f3d5b5e2990304fbad1311', '0.0.0.0', '1453778451', '1504796246');
-- --------------------------------------------------------
@@ -230,7 +228,16 @@ CREATE TABLE IF NOT EXISTS `member` (
`type` tinyint(1) DEFAULT '1' COMMENT '1:前台用户 2:管理员 ',
`jifen` int(10) NOT NULL DEFAULT '0' COMMENT '用户积分',
`jinbi` varchar(255) NOT NULL DEFAULT '0' COMMENT '安全币'
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;
--
-- 转存表中的数据 `member`
--
INSERT INTO `member` (`id`, `pid`, `username`, `realname`, `team`, `email`, `salt`, `password`, `token`, `avatar`, `address`, `description`, `bankcode`, `idcode`, `zipcode`, `alipay`, `tel`, `website`, `qqnumber`, `create_at`, `update_at`, `login_ip`, `status`, `type`, `jifen`, `jinbi`) VALUES
(1, '0', 'user', '暂无', '暂无', 'user@qq.com', '暂无', '5cc32e366c87c4cb49e4309b75f57d64', '0', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '0', '1497262271', '0', '0.0.0.0', 1, 1, 0, '0'),
(2, '40490179412345254132823132685141', '[已删除]', '[已删除]', '[已删除]', '0', '0', '905ee8f75384669deca8b221fa28eda4', '0', '暂无', '暂无', '[已删除]', '暂无', '暂无', '暂无', '暂无', '暂无', '[已删除]', '0', '1497262735', '1497262736', '0.0.0.0', 1, 1, 200, '200'),
(3, '23655135121160235158753959640175', 'user2', '暂无', '暂无', 'user2@qq.com', 'ZvWtKuAr', 'a42001f146d8351d83bd50613708d0c6', '6cd213daa5e168af1e3c19748824a3f5', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '0', '1498998699', '1504923888', '0.0.0.0', 1, 1, 100, '70');
-- --------------------------------------------------------
@@ -264,16 +271,10 @@ CREATE TABLE IF NOT EXISTS `order` (
`alipay` varchar(50) NOT NULL COMMENT '支付宝',
`gid` varchar(100) NOT NULL COMMENT '礼品名称',
`price` varchar(255) NOT NULL DEFAULT '0' COMMENT '订单金额',
`num` int(10) NOT NULL DEFAULT '1' COMMENT '兑换数量',
`update_time` varchar(255) NOT NULL COMMENT '订单时间',
`finish` int(2) NOT NULL COMMENT '1. 完成 2.未完成'
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
--
-- 转存表中的数据 `order`
--
INSERT INTO `order` (`id`, `userid`, `username`, `realname`, `zipcode`, `address`, `tel`, `alipay`, `gid`, `price`, `update_time`, `finish`) VALUES
(1, '1', 'user', '暂无', '暂无', '暂无', 0, '暂无', '定制饮品', '100', '1486179341', 0);
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
@@ -318,14 +319,17 @@ CREATE TABLE IF NOT EXISTS `post` (
`bounty` varchar(255) NOT NULL DEFAULT '0' COMMENT '漏洞报告奖励',
`type` tinyint(1) DEFAULT '1' COMMENT '1:审核中,2:已忽略,3:已确认,4:已修复',
`visible` int(2) NOT NULL DEFAULT '0'
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;
--
-- 转存表中的数据 `post`
--
INSERT INTO `post` (`id`, `session`, `title`, `content`, `advise`, `time`, `day`, `cate_id`, `user_id`, `rank`, `bounty`, `type`, `visible`) VALUES
(1, '', '测试工单', '&lt;p&gt;测试工单&lt;/p&gt;', '', '1486183605', 0, 2, 1, 1, '+积分:100 +安全币:100', 1, 0);
(1, 'f07081e7fggb08e3743e8f095a84633', '测试工单', '&lt;p&gt;测试工单&lt;/p&gt;', '', '1486183605', 0, 2, 1, 1, '+积分:100 +安全币:100', 1, 1),
(2, '10df72172234g01a8agf316091a1975', 'admin', '&lt;p&gt;admin&lt;/p&gt;', '', '1497262222', 0, 6, 1, 1, '0', 1, 0),
(3, '3fg628ab50cba75997dac3d1129e3c', 'admin', '&lt;p&gt;admin&lt;/p&gt;', '', '1497262751', 2, 6, 2, 2, '+积分:100 +安全币:100', 2, 0),
(4, '', '测试报告', '', '', '1504796958', 0, 1, 3, 1, '0', 1, 0);
-- --------------------------------------------------------
@@ -342,16 +346,7 @@ CREATE TABLE IF NOT EXISTS `record` (
`user` varchar(255) NOT NULL COMMENT '变动用户',
`userid` int(10) NOT NULL DEFAULT '0' COMMENT '变动用户ID',
`operator` varchar(255) NOT NULL DEFAULT '暂无' COMMENT '操作人'
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COMMENT='操作记录';
--
-- 转存表中的数据 `record`
--
INSERT INTO `record` (`id`, `type`, `name`, `content`, `time`, `user`, `userid`, `operator`) VALUES
(1, 1, '兑换定制饮品', '-安全币:100', '1486179341', 'user', 1, 'user'),
(2, 1, '增加积分/安全币', '+积分:100 +安全币:200', '1486188291', 'user', 0, 'admin'),
(3, 1, '增加积分/安全币', '+积分:100 +安全币:100', '1486188711', 'user', 0, 'admin');
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='操作记录';
-- --------------------------------------------------------
@@ -375,7 +370,7 @@ CREATE TABLE IF NOT EXISTS `setting` (
--
INSERT INTO `setting` (`id`, `value`, `key1`, `key2`, `key3`, `key4`, `key5`, `key6`) VALUES
(1, 'basic', '1009465756', 'Google Inc.', 'Google Inc. 是一家位于美国的跨国科技企业业务包括Google搜索、Google Chrome、Andriod等。Google非常重视安全生态的建设希望通过建立安全应急响应中心邀请安全专家完善生态。', '&lt;script&gt;百度统计&lt;/script&gt;', '1009465756', '© Google 2017-2018 Powered by: SRCMS');
(1, 'basic', '1009465750', 'Google Inc.', 'Google Inc. 是一家位于美国的跨国科技企业业务包括Google搜索、Google Chrome、Andriod等。Google非常重视安全生态的建设希望通过建立安全应急响应中心邀请安全专家完善生态。', '&lt;script&gt;百度统计&lt;/script&gt;', '1009465752', '© Google 2017-2018 Powered by: SRCMS');
--
-- Indexes for dumped tables
@@ -503,7 +498,7 @@ ALTER TABLE `manager`
-- AUTO_INCREMENT for table `member`
--
ALTER TABLE `member`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT COMMENT '用户ID';
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT COMMENT '用户ID',AUTO_INCREMENT=4;
--
-- AUTO_INCREMENT for table `notes`
--
@@ -513,7 +508,7 @@ ALTER TABLE `notes`
-- AUTO_INCREMENT for table `order`
--
ALTER TABLE `order`
MODIFY `id` int(10) NOT NULL AUTO_INCREMENT COMMENT '订单编号',AUTO_INCREMENT=2;
MODIFY `id` int(10) NOT NULL AUTO_INCREMENT COMMENT '订单编号';
--
-- AUTO_INCREMENT for table `page`
--
@@ -523,12 +518,12 @@ ALTER TABLE `page`
-- AUTO_INCREMENT for table `post`
--
ALTER TABLE `post`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=2;
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=5;
--
-- AUTO_INCREMENT for table `record`
--
ALTER TABLE `record`
MODIFY `id` int(100) NOT NULL AUTO_INCREMENT COMMENT '操作ID',AUTO_INCREMENT=4;
MODIFY `id` int(100) NOT NULL AUTO_INCREMENT COMMENT '操作ID';
--
-- AUTO_INCREMENT for table `setting`
--

2
Public/Static/app.min.css vendored
View File

File diff suppressed because one or more lines are too long

5
Public/ueditor/php/controller.php
View File

@@ -33,11 +33,12 @@ switch ($action) {
$result = include("action_list.php");
break;
/* 抓取远程文件 */
/* 抓取远程文件
case 'catchimage':
$result = include("action_crawler.php");
break;
*/
default:
$result = json_encode(array(
'state'=> '请求地址出错'

4
ThinkPHP/Tpl/dispatch_jump.tpl
View File

File diff suppressed because one or more lines are too long

4
ThinkPHP/Tpl/think_exception.tpl
View File

File diff suppressed because one or more lines are too long