bozhihouc/SRCMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: bozhihouc:cd1f29b101475e22f91444317f27aee9bdef75e4
Branches Tags
bozhihouc:master
...
compare: bozhihouc:bd76733d73d856a86ed25f60592fa18e39ad49b3
Branches Tags
bozhihouc:master

11 Commits
cd1f29b101 ... bd76733d73

Author SHA1 Message Date
Martin Zhou
bd76733d73 Update README.md 2019-10-11 20:05:38 +08:00
Martin Zhou
b45f8b7baa Update README.md 2019-10-11 20:03:40 +08:00
Martin Zhou
e6a1c4ff1d Update README.md 2019-10-11 20:03:13 +08:00
Martin Zhou
34d6d5bef1 更新说明内容 2019-05-23 10:41:02 +08:00
Martin Zhou
e1c65cc47c Update contact information 2018-12-26 16:54:25 +08:00
Martin ZHOU
391061ba34 SRCMS V2.3 更新说明 2017-09-09 12:17:37 +08:00
Martin Zhou
fff056a9b1 SRCMS V2.3 
[修复] 后台处理订单提示“非法请求”
[修复] 用户前台无法调整商品兑换数量
[修复] 一处第三方组件造成的SSRF
 2017-09-09 12:10:57 +08:00
Martin ZHOU
e5a0c1987f SRCMS V2.2更新说明 2017-07-02 22:57:09 +08:00
Martin Zhou
c3e99b9a18 SRCMS V2.2 开发版 
[新增] 审核后台单个漏洞报告导出
[新增] 审核后台全部漏洞报告导出为报表
[修复] Ueditor上传路径错误导致的文件上传失败问题
[修复] 用户个人中心礼品无法兑换的问题
[修复] 前台安全应急响应中心名称动态不显示的问题
[修复] 跳转页面LOGO不显示的问题
 2017-07-02 22:50:46 +08:00
Martin ZHOU
89fcf6aac8 Merge pull request #12 from lianghanquan/dev 
add create database sql in srcms.sql
 2017-06-12 11:35:07 +08:00
hanquan
cf880f197c add create database sql in srcms.sql 2017-06-04 04:35:36 -04:00
28 changed files with 288 additions and 123 deletions
Expand all files Collapse all files

23
Application/Admin/Controller/CheckController.class.php
View File

@@ -12,9 +12,24 @@ use Think\Controller;
class CheckController extends Controller
{
/**
* 导出漏洞报告
*/
public function view(){
$id = I('get.session_id');
$model = M('post')->where('visible=1')->where(array('session'=>$id))->find();
$arr['id']= $model['id'];
$arr['title']= $model['title'];
$arr['content']= $model['content'];
$arr['advise']= $model['advise'];
$arr['time']= $model['time'];
$arr['type']= $model['type'];
$this->ajaxReturn ($arr,'JSON');
}
/**
* 临时查看漏洞报告
*/
public function view(){
$id = I('get.session_id',0,'number_int'); //seesion token防注入
$model = M('post')->where('session='.$id)->find();
@@ -23,9 +38,12 @@ class CheckController extends Controller
$this->assign('model',$model);
$this->display();
}
*/
/**
* 添加漏洞处理进展
*/
public function add()
{
//默认显示添加表单
@@ -46,4 +64,5 @@ class CheckController extends Controller
}
}
}
*/
}

12
Application/Admin/Controller/MemberController.class.php
View File

@@ -115,13 +115,21 @@ class MemberController extends BaseController
}
/**
* 删除用户
* @param [type] $id [管理员ID]
*/
public function delete()
{
$id = I('get.id',0,'intval');
$model = M('member');
if($model->where('id='.$id)->delete()){
$data['username'] = '[已删除]';
$data['realname'] = '[已删除]';
$data['email'] = '0';
$data['salt'] = '0';
$data['passwd'] = '0';
$data['team'] = '[已删除]';
$data['description'] = '[已删除]';
$data['website'] = '[已删除]';
$data['status'] = 1;
if($model->where('id='.$id)->save($data)){
$this->success("用户删除成功", U('member/index'));
}else{
$this->error("用户删除失败");

11
Application/Admin/Controller/OrderController.class.php
View File

@@ -39,14 +39,13 @@ class OrderController extends BaseController
public function update()
{
$id = I('get.id',0,'intval');
$user_id = I('get.username',0,'intval');
if (!IS_POST) {
$model = M('order')->where(array('id='=>$id))->find();
$id = I('get.id',0,'intval');
//$user_id = I('get.userid',0,'intval');
$model = M('order')->where(array('id'=>$id))->find();
$this->assign('model',$model);
$model = M('member');
$info = $model->where(array('id'=>$user_id))-> select();
$this->assign('userM', $info);
//$info = M('member')->where(array('id'=>$user_id))-> select();
//$this->assign('userM', $info);
$this->display();
}
if (IS_POST) {

54
Application/Admin/Controller/PostController.class.php
View File

@@ -178,23 +178,63 @@ class PostController extends BaseController
/**
* 生成session key
**/
public function session(){
$id = I('get.id',0,'intval');
$str = '1234567890';
$session = $str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)];
public function session(){
$id = I('get.id');
$str = '1234567890abcdefg';
$session = $str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)];
$visible = 1;
$model = M('post');
$model->session = $session;
$model->visible = $visible;
$result = $model->where('id='.$id)->save();
$result = $model->where(array('id'=>$id))->save();
if($result){
$this->success("授权成功", U('Check/view?session_id='.$session));
$this->success("授权成功", U('post/index'));
}else{
$this->error("授权失败");
}
}
*/
/**
* 取消导出
**/
public function cancel(){
$id = I('get.id');
$visible = 0;
$model = M('post');
$model->visible = $visible;
$result = $model->where(array('id'=>$id))->save();
if($result){
$this->success("取消成功", U('post/index'));
}else{
$this->error("取消失败");
}
}
/**
* 导出全部
**/
public function portall(){
$model = M('post')->field('id,title,content,advise,time,day,bounty')->limit(100)->select();
set_time_limit(0);
ini_set('memory_limit', '512M');
$output = fopen('php://output', 'w') or die("can't open php://output");
$filename = "安全应急响应中心外部漏洞报告统计表" . date('Y-m-d', time());
header("Content-Type: application/csv");
header("Content-Disposition: attachment; filename=$filename.csv");
$table_head = array('报告编号','报告名称','报告内容', '修复建议','提交时间','修补期限','漏洞奖励');
fputcsv($output, $table_head);
foreach ($model as $e) {
fputcsv($output, array_values($e));
}
fclose($output) or die("can't close php://output");
exit;
}
/**
添加报告评论

4
Application/Admin/View/About/index.html
View File

@@ -3,10 +3,10 @@
<div class="page-height row-equal align-middle text-center">
<div class="column">
<div class="error-number">
<span>2.0</span>
<span>2.3</span>
</div>
<div class="m-b h4" style="font-family:微软雅黑;">SRCMS - 企业安全应急响应与缺陷管理中心</div>
<p>授权许可v2.0.0-alpha.1/ 社区开发版 / 2017.01.01 - 2019.01.01</p>
<p>授权许可v2.3.1-alpha.1/ 社区开发版 / 2017.01.01 - 2019.01.01</p>
</div>
</div>
</div>

4
Application/Admin/View/Login/svalid.html
View File

@@ -4,7 +4,7 @@
<title>SRCMS - 企业安全应急响应与缺陷管理中心</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1, maximum-scale=1">
<script type="text/javascript" async="" src="__PUBLIC__/Admin/ga.js.下载"></script>
<script type="text/javascript" async="" src="__PUBLIC__/Admin/ga.js"></script>
<link rel="stylesheet" href="__PUBLIC__/Admin/app.min.css">
<style type="text/css">.cf-hidden { display: none; } .cf-invisible { visibility: hidden; }</style></head>
<body class="page-loaded" style="font-family:微软雅黑;">
@@ -77,7 +77,7 @@
</nav>
</footer>
<script src="__PUBLIC__/Admin/app.min.js.下载"></script><div class="bg-default"></div><div class="bg-primary"></div><div class="bg-success"></div><div class="bg-warning"></div><div class="bg-danger"></div><div class="bg-info"></div><div class="bg-white"></div><div class="bg-dark"></div>
<script src="__PUBLIC__/Admin/app.min.js"></script><div class="bg-default"></div><div class="bg-primary"></div><div class="bg-success"></div><div class="bg-warning"></div><div class="bg-danger"></div><div class="bg-info"></div><div class="bg-white"></div><div class="bg-dark"></div>
</body>
<script src="__STATIC__/js/jquery-1.10.2.js"></script>

2
Application/Admin/View/Order/index.html
View File

@@ -50,7 +50,7 @@
<elseif condition="$v.finish eq 1" /><span class="label label-success">已发货</span>
<elseif condition="$v.finish eq 2" /><span class="label label-default">已关闭</span>
</if></td>
<td><a href="{:U('order/update',array('id'=>$v['id'],'username'=>$v['username']))}" target="_Blank">查看</a> | <a href="{:U('order/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
<td><!--<a href="{:U('order/update',array('id'=>$v['id'],'userid'=>$v['userid']))}" target="_Blank">查看</a>--><a href="{:U('order/update',array('id'=>$v['id']))}" target="_Blank">查看</a> | <a href="{:U('order/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
</tr>
</foreach>
</tbody>

4
Application/Admin/View/Order/update.html
View File

@@ -15,6 +15,10 @@
<label for="aa">礼品名称</label>
<input type="text" name="gid" class="form-control" id="aa" value="{$model.gid}" placeholder="输入礼品名称">
</div>
<div class="form-group">
<label for="aa">礼品价格</label>
<input type="text" name="price" class="form-control" value="{$model.price}" placeholder="输入礼品价格">
</div>
<div class="form-group">
<label for="bb">真实姓名</label>
<input type="text" name="realname" class="form-control" value="{$model.realname}" placeholder="填写真实姓名">

12
Application/Admin/View/Post/index.html
View File

@@ -15,6 +15,16 @@
<li><a href="{:U('post/index?key=3')}">已确认</a></li>
<li><a href="{:U('post/index?key=4')}">已修复</a></li>
</ul>
</div>
<div class="btn-group">
<button type="button" class="btn btn-primary" style="margin : 2px 0px 5px 0px;">高级功能</button>
<button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" style="margin : 2px 0px 5px 0px;">
<span class="caret"></span>
<span class="sr-only">切换下拉菜单</span>
</button>
<ul class="dropdown-menu" role="menu">
<li><a href="{:U('post/portall')}">导出全部</a></li>
</ul>
</div>
</ul>
</div>
@@ -57,7 +67,7 @@
<td data-title="提交时间">{$v.time|date="Y/m/d",###}</td>
<td data-title="提交者">{$v.username}</td>
<td data-title="分类">{$v.category_title}</td>
<td data-title="操作"><a href="{:U('post/review?id=')}{$v.id}">审核</a> | <a href="{:U('post/update?id=')}{$v.id}">编辑</a> <!--| <if condition="$v.visible eq 0"><a href="{:U('post/session?id=')}{$v.id}" target="_Blank">生成工单</a> <elseif condition="$v.visible eq 1" /><a href="{:U('check/view?session_id=')}{$v.session}" target="_Blank">查看工单</a></if>--> | <a href="{:U('post/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
<td data-title="操作"><a href="{:U('post/review?id=')}{$v.id}">审核</a> | <a href="{:U('post/update?id=')}{$v.id}">编辑</a> | <if condition="$v.visible eq 0"><a href="{:U('post/session?id=')}{$v.id}" target="_Blank">导出工单</a> <elseif condition="$v.visible eq 1" /><a href="{:U('check/view?session_id=')}{$v.session}" target="_Blank">查看工单</a> | <a href="{:U('post/cancel?id=')}{$v.id}" target="_Blank">取消导出</a> </if> | <a href="{:U('post/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
</tr>
</foreach>
</tbody>

3
Application/Home/Controller/HallController.class.php
View File

@@ -32,6 +32,9 @@ class HallController extends Controller{
$pid = I('get.pid',0,'number_int');
$model = M('member');
$report = M('post');
$tmodel= M('setting');
$settings = $tmodel -> where('id=1') -> select();
$this->assign('settings', $settings);
$user = $model -> where(array('pid'=>$pid)) -> select();
$uid = $user[0]['id'];
if ($uid != null){

4
Application/Home/View/Blog/view.html
View File

@@ -6,7 +6,7 @@
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<title>{$model.title} - <foreach name="settings" item="s"> {$s.key2} </foreach>安全应急响应中心</title>
<title>{$model.title} - <foreach name="title" item="s"> {$s.key2} </foreach>安全应急响应中心</title>
<meta name="keywords" content="<foreach name='settings' item='s'> {$s.key2} </foreach>安全应急响应中心" />
<meta name="description" content="<foreach name='settings' item='s'> {$s.key2} </foreach>安全应急响应中心">
<meta name="author" content="srcms.xyz">
@@ -43,7 +43,7 @@
<span class="yahei icon-bar"></span>
<span class="yaheiicon-bar"></span>
</button>
<a class="yahei navbar-brand" href="{:U('index/index')}"><strong><foreach name="settings" item="s"> {$s.key2} </foreach></strong>
<a class="yahei navbar-brand" href="{:U('index/index')}"><strong><foreach name="title" item="s"> {$s.key2} </foreach></strong>
<span class="yahei" style=" font-size: 12px;padding: 2px 6px;border: 1px solid;border-radius: 4px;vertical-align: 4px; ">安全应急响应中心</span>
</a>
</div>

4
Application/Home/View/Page/view.html
View File

@@ -6,7 +6,7 @@
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<title>{$model.title} - <foreach name="settings" item="s"> {$s.key2} </foreach>安全应急响应中心</title>
<title>{$model.title} - <foreach name="title" item="s"> {$s.key2} </foreach>安全应急响应中心</title>
<meta name="keywords" content="Google Inc.安全应急响应中心" />
<meta name="description" content="Google Inc.安全应急响应中心">
<meta name="author" content="srcms.xyz">
@@ -43,7 +43,7 @@
<span class="yahei icon-bar"></span>
<span class="yaheiicon-bar"></span>
</button>
<a class="yahei navbar-brand" href="{:U('index/index')}"><strong><foreach name="settings" item="s"> {$s.key2} </foreach></strong>
<a class="yahei navbar-brand" href="{:U('index/index')}"><strong><foreach name="title" item="s"> {$s.key2} </foreach></strong>
<span class="yahei" style=" font-size: 12px;padding: 2px 6px;border: 1px solid;border-radius: 4px;vertical-align: 4px; ">安全应急响应中心</span>
</a>
</div>

27
Application/User/Controller/GiftController.class.php
View File

@@ -56,6 +56,7 @@ class GiftController extends BaseController{
$this->display();
}
if (IS_POST) {
$id = session('userId');
$model = M("order");
$record = M('record');
$user = M('member')->where('id='.$id)->find();
@@ -64,7 +65,12 @@ class GiftController extends BaseController{
$this->error("安全币余额不足!", U('gift/index'));
exit();
}
$data = I();
$data = I();
if($data['num']<0){
$this->error("兑换数量非法!", U('gift/index'));
exit();
}
$price = $gift['price'] * $data['num'];
$data['gid'] = $gift['title'];
$data['price'] = $gift['price'];
$data['username'] = session('username');
@@ -74,7 +80,8 @@ class GiftController extends BaseController{
//记录兑换安全币变动日志
$rdata['type'] = 1;
$rdata['name'] = '兑换'.$gift['title'];
$rdata['content'] = '-安全币:'.$gift['price'];
$rdata['num'] = '数量:'.$gift['num'];
$rdata['content'] = '-安全币:'.$price;
$rdata['time'] = time();
$rdata['user'] = session('username');
$rdata['userid'] = session('userId');
@@ -82,10 +89,18 @@ class GiftController extends BaseController{
$record_result = $record -> add($rdata);
$token = $data['token'];
if($token != $user['token']){$this->error("非法请求");}
$result = M('member')->where('id='.$id)->setDec('jinbi',$gift['price']);
if ($model->field('userid,username,gid,tel,alipay,realname,address,zipcode,price,update_time')->add($data)) {
if($token != $user['token']){
$this->error("非法请求");
}
if($user['jinbi']<$price){
$this->error("安全币余额不足!", U('gift/index'));
exit();
}
$result = M('member')->where('id='.$id)->setDec('jinbi',$price);
if (!$result){
$this->error("兑换失败", U('gift/index'));
}
if ($model->field('userid,username,gid,tel,alipay,realname,address,zipcode,price,update_time,num')->add($data)) {
if($result){
$this->success("兑换成功", U('gift/order'));
}

2
Application/User/Controller/LoginController.class.php
View File

@@ -66,7 +66,7 @@ class LoginController extends Controller {
'id' => $user['id'],
'update_at' => time(),
'login_ip' => get_client_ip(),
'token' => $token,
'token' => $token //2017-07-02 fix bug: token can't be inserted into databease.
);
//登陆成功
if($member->save($data)){

34
Application/User/Controller/PostController.class.php
View File

@@ -68,7 +68,39 @@ class PostController extends BaseController
}
}
}
public function edit()
{
//默认显示添加表单
if (!IS_POST) {
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
$this->assign("category",getSortedCategory(M('category')->select()));
$this->display();
}
if (IS_POST) {
//如果用户提交数据
$model = D("Post");
$model->create_time = time();
$data = I();
if (!$model->field('title,user_id,cate_id,content')->create()) {
// 如果创建失败 表示验证没有通过 输出错误提示信息
$this->error($model->getError());
exit();
} else {
if ($model->add()) {
require "./././././ThinkPHP/Library/Org/Net/Mail.class.php";
$time = date("Y-m-d h:i:sa");
$con='您好,安全应急响应中心新增一份漏洞报告《 '.$data['title'].'》。请您及时登陆后台查看。';
SendMail('1009465756@qq.com','新增漏洞报告提示',$con,'安全应急响应中心');
$this->success("报告成功", U('post/index'));
} else {
$this->error("报告失败");
}
}
}
}
public function view(){
$rid = I('get.rid',0,'intval');
$model = M("Post");

27
Application/User/View/Gift/add.html
View File

@@ -1,5 +1,17 @@
<include file="Public/header" title="订单确认 - 企业安全应急响应与缺陷管理中心" gifts_status="open" gifts_color="#6164C1;"/>
<script>
function numplus(){
var goodsnum = document.getElementById("redeemgoods");
var resultnum = parseInt(goodsnum.value) + 1
goodsnum.value = resultnum;
}
function numminus(){
var goodsnum = document.getElementById("redeemgoods");
var resultnum = parseInt(goodsnum.value) - 1
goodsnum.value = resultnum;
}
</script>
<div class="main-content">
<div class="page-title">
<div class="title">礼品中心</div>
@@ -26,11 +38,12 @@
</thead>
<tbody>
<tr>
<form method="post" action="{:U('gift/add?gid=')}{$gift.id}">
<td class="text-capitalize">{$gift.title}</td>
<td>
<a class="math-actions minus">&nbsp;</a>
<span class="cart-quantity">1</span>
<a class="math-actions">&nbsp;</a>
<a class="math-actions minus" onclick="numminus();">&nbsp;</a>
<span class="cart-quantity"><input id="redeemgoods" class="input__field" name="num" type="text" value="1"></span>
<a class="math-actions" onclick="numplus();">&nbsp;</a>
</td>
<td>{$gift.price}</td>
</tr>
@@ -44,7 +57,6 @@
<div class="card bg-white m-b">
<div class="card-header">个人信息</div>
<div class="card-block">
<form method="post" action="{:U('gift/add?gid=')}{$gift.id}">
<div class="form-group">
<label>姓名:</label>
<input type="text" name="realname" class="form-control" value="{$info.realname}">
@@ -76,12 +88,5 @@
</div>
</div>
</form>
</div>
<include file="Public/footer" />

4
Application/User/View/Login/svalid.html
View File

@@ -4,7 +4,7 @@
<title>SRCMS - 企业安全应急响应与缺陷管理中心</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1, maximum-scale=1">
<script type="text/javascript" async="" src="__PUBLIC__/Admin/ga.js.下载"></script>
<script type="text/javascript" async="" src="__PUBLIC__/Admin/ga.js"></script>
<link rel="stylesheet" href="__PUBLIC__/Admin/app.min.css">
<style type="text/css">.cf-hidden { display: none; } .cf-invisible { visibility: hidden; }</style></head>
<body class="page-loaded" style="font-family:微软雅黑;">
@@ -77,7 +77,7 @@
</nav>
</footer>
<script src="__PUBLIC__/Admin/app.min.js.下载"></script><div class="bg-default"></div><div class="bg-primary"></div><div class="bg-success"></div><div class="bg-warning"></div><div class="bg-danger"></div><div class="bg-info"></div><div class="bg-white"></div><div class="bg-dark"></div>
<script src="__PUBLIC__/Admin/app.min.js"></script><div class="bg-default"></div><div class="bg-primary"></div><div class="bg-success"></div><div class="bg-warning"></div><div class="bg-danger"></div><div class="bg-info"></div><div class="bg-white"></div><div class="bg-dark"></div>
</body>
<script src="__STATIC__/js/jquery-1.10.2.js"></script>

53
Application/User/View/Post/edit.html Normal file
View File

@@ -0,0 +1,53 @@
<include file="Public/header" title="编辑报告 - 企业安全应急响应与缺陷管理中心 | Powered By SRCMS" report_status="open" add_report_color="#6164C1;"/>
<script type="text/javascript" src="__PUBLIC__/ueditor/ueditor.config.js"></script>
<script type="text/javascript" src="__PUBLIC__/ueditor/ueditor.all.js"></script>
<script type="text/javascript">
var ue = UE.getEditor('post-content',{
toolbars: [
['source', '|','simpleupload','emotion','link','unlink', '|', 'selectall', 'cleardoc'],
],
initialFrameHeight:500,
zIndex:100
});
</script>
<div class="main-content">
<div class="page-title">
<ol class="breadcrumb no-bg pl0">
<li>
<i class="icon-users"></i> <a href="{:U('post/index')}">报告列表</a>
</li>
<li>
<a href="javascript:;">提交漏洞</a>
</li>
</ol>
</div>
<div class="row">
<div class="col-lg-13">
<div class="alert alert-success alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<p>感谢您向我们报告漏洞,您的每一份报告我们都会有专人跟进,请您耐心等待审核!</p>
<div class="clearfix"></div>
</div>
</div>
</div>
<form method="post" action="{:U('post/add')}">
<div class="form-group">
<label for="post-title">报告标题</label>
<input type="text" name="title" class="form-control" id="post-title" placeholder="输入文章标题">
</div>
<div class="form-group">
<label for="post-cate">漏洞类型</label>
<select name="cate_id" id="post-cate" class="form-control" style="width:100%">
<foreach name="category" item="v">
<option value="{$v.id}">{$v.html} {$v.title}</option>
</foreach>
</select>
</div>
<div class="form-group">
<label for="post-content">漏洞内容</label>
<script id="post-content" name="content" type="text/plain" style="width:100%"></script>
</div>
<button type="submit" class="btn btn-default">提交</button>
</form>
</div>
<include file="Public/footer" />

6
Application/User/View/Post/index.html
View File

@@ -39,6 +39,7 @@
<th>报告状态</th>
<th>危害评级</th>
<th>漏洞类型</th>
<!--<th>操作</th>-->
</tr>
</thead>
<tbody>
@@ -59,6 +60,11 @@
<elseif condition="$v.rank eq 4" /><span class="label label-success">高危</span>
</if></td>
<td data-title="漏洞类型">{$v.category_title}</td>
<!--<td data-title="操作"><if condition="$v.type eq 1"><a href="">编辑</span>
<elseif condition="$v.type eq 2" /><a href="{:U('post/view?rid=')}{$v.id}">查看</a>
<elseif condition="$v.type eq 3" /><a href="{:U('post/view?rid=')}{$v.id}">查看</a>
<elseif condition="$v.type eq 4" /><a href="{:U('post/view?rid=')}{$v.id}">查看</a>
</if></td>-->
</tr>
</foreach>
</tbody>

55
DB/srcms.sql
View File

@@ -3,7 +3,7 @@
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: 2017-05-31 22:47:33
-- Generation Time: 2017-09-09 11:45:11
-- 服务器版本: 5.5.40
-- PHP Version: 5.5.17
@@ -119,7 +119,7 @@ CREATE TABLE IF NOT EXISTS `hall` (
INSERT INTO `hall` (`id`, `name`, `team`, `url`, `des`) VALUES
(0, 'Nancy Rich', 'Google (Porject Zero)', './PUBLIC/Index/img/400x400/04.jpg', '来自Google Project Zero的Nancy第一季度帮助我们发现20个涉及Andriod、Google Chrome等核心产品的严重漏洞。对Google安全生态的建设起到了极大的帮助 '),
(1, 'Anna Kusaikina', 'Apple Security Team', './Public/Index/img/400x400/06.jpg', '来自Apple Security Team的Anna第三季度帮助我们发现5个涉及Google Chrome的高危漏洞对Chrome的稳定性和安全性的提升贡献非凡。'),
(2, 'Lucas Richardson', 'Microsoft Security Response Center', './Public/Index/img/400x400/05.jpg', '帮助我们发现了一枚严重级别的远程代码执行漏洞,并及时通知我们进行修复,保护了亿万用户的安全,特此表示衷心的感谢。');
(2, 'Microsoft Security Center', 'Microsoft Security Response Center', './Public/Index/img/400x400/05.jpg', '帮助我们发现了一枚严重级别的远程代码执行漏洞,并及时通知我们进行修复,保护了亿万用户的安全,特此表示衷心的感谢。');
-- --------------------------------------------------------
@@ -193,7 +193,7 @@ CREATE TABLE IF NOT EXISTS `manager` (
--
INSERT INTO `manager` (`id`, `username`, `email`, `password`, `token`, `login_ip`, `create_at`, `update_at`) VALUES
(1, 'admin', '1009465756@qq.com', '21232f297a57a5a743894a0e4a801fc3', '214b679679a56701df24aeaabb2c952b', '0.0.0.0', '1453778451', '1496241923');
(1, 'admin', '1009465756@qq.com', '21232f297a57a5a743894a0e4a801fc3', 'f25370eb70f3d5b5e2990304fbad1311', '0.0.0.0', '1453778451', '1504796246');
-- --------------------------------------------------------
@@ -228,7 +228,16 @@ CREATE TABLE IF NOT EXISTS `member` (
`type` tinyint(1) DEFAULT '1' COMMENT '1:前台用户 2:管理员 ',
`jifen` int(10) NOT NULL DEFAULT '0' COMMENT '用户积分',
`jinbi` varchar(255) NOT NULL DEFAULT '0' COMMENT '安全币'
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;
--
-- 转存表中的数据 `member`
--
INSERT INTO `member` (`id`, `pid`, `username`, `realname`, `team`, `email`, `salt`, `password`, `token`, `avatar`, `address`, `description`, `bankcode`, `idcode`, `zipcode`, `alipay`, `tel`, `website`, `qqnumber`, `create_at`, `update_at`, `login_ip`, `status`, `type`, `jifen`, `jinbi`) VALUES
(1, '0', 'user', '暂无', '暂无', 'user@qq.com', '暂无', '5cc32e366c87c4cb49e4309b75f57d64', '0', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '0', '1497262271', '0', '0.0.0.0', 1, 1, 0, '0'),
(2, '40490179412345254132823132685141', '[已删除]', '[已删除]', '[已删除]', '0', '0', '905ee8f75384669deca8b221fa28eda4', '0', '暂无', '暂无', '[已删除]', '暂无', '暂无', '暂无', '暂无', '暂无', '[已删除]', '0', '1497262735', '1497262736', '0.0.0.0', 1, 1, 200, '200'),
(3, '23655135121160235158753959640175', 'user2', '暂无', '暂无', 'user2@qq.com', 'ZvWtKuAr', 'a42001f146d8351d83bd50613708d0c6', '6cd213daa5e168af1e3c19748824a3f5', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '暂无', '0', '1498998699', '1504923888', '0.0.0.0', 1, 1, 100, '70');
-- --------------------------------------------------------
@@ -262,16 +271,10 @@ CREATE TABLE IF NOT EXISTS `order` (
`alipay` varchar(50) NOT NULL COMMENT '支付宝',
`gid` varchar(100) NOT NULL COMMENT '礼品名称',
`price` varchar(255) NOT NULL DEFAULT '0' COMMENT '订单金额',
`num` int(10) NOT NULL DEFAULT '1' COMMENT '兑换数量',
`update_time` varchar(255) NOT NULL COMMENT '订单时间',
`finish` int(2) NOT NULL COMMENT '1. 完成 2.未完成'
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
--
-- 转存表中的数据 `order`
--
INSERT INTO `order` (`id`, `userid`, `username`, `realname`, `zipcode`, `address`, `tel`, `alipay`, `gid`, `price`, `update_time`, `finish`) VALUES
(1, '1', 'user', '暂无', '暂无', '暂无', 0, '暂无', '定制饮品', '100', '1486179341', 0);
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
@@ -316,14 +319,17 @@ CREATE TABLE IF NOT EXISTS `post` (
`bounty` varchar(255) NOT NULL DEFAULT '0' COMMENT '漏洞报告奖励',
`type` tinyint(1) DEFAULT '1' COMMENT '1:审核中,2:已忽略,3:已确认,4:已修复',
`visible` int(2) NOT NULL DEFAULT '0'
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;
--
-- 转存表中的数据 `post`
--
INSERT INTO `post` (`id`, `session`, `title`, `content`, `advise`, `time`, `day`, `cate_id`, `user_id`, `rank`, `bounty`, `type`, `visible`) VALUES
(1, '', '测试工单', '&lt;p&gt;测试工单&lt;/p&gt;', '', '1486183605', 0, 2, 1, 1, '+积分:100 +安全币:100', 1, 0);
(1, 'f07081e7fggb08e3743e8f095a84633', '测试工单', '&lt;p&gt;测试工单&lt;/p&gt;', '', '1486183605', 0, 2, 1, 1, '+积分:100 +安全币:100', 1, 1),
(2, '10df72172234g01a8agf316091a1975', 'admin', '&lt;p&gt;admin&lt;/p&gt;', '', '1497262222', 0, 6, 1, 1, '0', 1, 0),
(3, '3fg628ab50cba75997dac3d1129e3c', 'admin', '&lt;p&gt;admin&lt;/p&gt;', '', '1497262751', 2, 6, 2, 2, '+积分:100 +安全币:100', 2, 0),
(4, '', '测试报告', '', '', '1504796958', 0, 1, 3, 1, '0', 1, 0);
-- --------------------------------------------------------
@@ -340,16 +346,7 @@ CREATE TABLE IF NOT EXISTS `record` (
`user` varchar(255) NOT NULL COMMENT '变动用户',
`userid` int(10) NOT NULL DEFAULT '0' COMMENT '变动用户ID',
`operator` varchar(255) NOT NULL DEFAULT '暂无' COMMENT '操作人'
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COMMENT='操作记录';
--
-- 转存表中的数据 `record`
--
INSERT INTO `record` (`id`, `type`, `name`, `content`, `time`, `user`, `userid`, `operator`) VALUES
(1, 1, '兑换定制饮品', '-安全币:100', '1486179341', 'user', 1, 'user'),
(2, 1, '增加积分/安全币', '+积分:100 +安全币:200', '1486188291', 'user', 0, 'admin'),
(3, 1, '增加积分/安全币', '+积分:100 +安全币:100', '1486188711', 'user', 0, 'admin');
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='操作记录';
-- --------------------------------------------------------
@@ -373,7 +370,7 @@ CREATE TABLE IF NOT EXISTS `setting` (
--
INSERT INTO `setting` (`id`, `value`, `key1`, `key2`, `key3`, `key4`, `key5`, `key6`) VALUES
(1, 'basic', '1009465756', 'Google Inc.', 'Google Inc. 是一家位于美国的跨国科技企业业务包括Google搜索、Google Chrome、Andriod等。Google非常重视安全生态的建设希望通过建立安全应急响应中心邀请安全专家完善生态。', '&lt;script&gt;百度统计&lt;/script&gt;', '1009465756', '© Google 2017-2018 Powered by: SRCMS');
(1, 'basic', '1009465750', 'Google Inc.', 'Google Inc. 是一家位于美国的跨国科技企业业务包括Google搜索、Google Chrome、Andriod等。Google非常重视安全生态的建设希望通过建立安全应急响应中心邀请安全专家完善生态。', '&lt;script&gt;百度统计&lt;/script&gt;', '1009465752', '© Google 2017-2018 Powered by: SRCMS');
--
-- Indexes for dumped tables
@@ -501,7 +498,7 @@ ALTER TABLE `manager`
-- AUTO_INCREMENT for table `member`
--
ALTER TABLE `member`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT COMMENT '用户ID';
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT COMMENT '用户ID',AUTO_INCREMENT=4;
--
-- AUTO_INCREMENT for table `notes`
--
@@ -511,7 +508,7 @@ ALTER TABLE `notes`
-- AUTO_INCREMENT for table `order`
--
ALTER TABLE `order`
MODIFY `id` int(10) NOT NULL AUTO_INCREMENT COMMENT '订单编号',AUTO_INCREMENT=2;
MODIFY `id` int(10) NOT NULL AUTO_INCREMENT COMMENT '订单编号';
--
-- AUTO_INCREMENT for table `page`
--
@@ -521,12 +518,12 @@ ALTER TABLE `page`
-- AUTO_INCREMENT for table `post`
--
ALTER TABLE `post`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=2;
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=5;
--
-- AUTO_INCREMENT for table `record`
--
ALTER TABLE `record`
MODIFY `id` int(100) NOT NULL AUTO_INCREMENT COMMENT '操作ID',AUTO_INCREMENT=4;
MODIFY `id` int(100) NOT NULL AUTO_INCREMENT COMMENT '操作ID';
--
-- AUTO_INCREMENT for table `setting`
--

2
Public/Static/app.min.css vendored
View File

File diff suppressed because one or more lines are too long

2
Public/ueditor/php/config.json
View File

@@ -9,7 +9,7 @@
"imageCompressBorder": 1600, /* */
"imageInsertAlign": "none", /* */
"imageUrlPrefix": "", /* 访 */
"imagePathFormat": "../../Temp/{yyyy}{mm}{dd}/{time}{rand:6}", /* , */
"imagePathFormat": "/ueditor/php/upload/image/{yyyy}{mm}{dd}/{time}{rand:6}", /* , */
/* {filename} , */
/* {rand:6} , */
/* {time} */

5
Public/ueditor/php/controller.php
View File

@@ -33,11 +33,12 @@ switch ($action) {
$result = include("action_list.php");
break;
/* 抓取远程文件 */
/* 抓取远程文件
case 'catchimage':
$result = include("action_crawler.php");
break;
*/
default:
$result = json_encode(array(
'state'=> '请求地址出错'

41
README.md
View File

@@ -1,38 +1,12 @@
# 欢迎使用SRCMS V2.0.1社区开发版 ![codebeat badge](https://codebeat.co/badges/67e58b6d-bc89-4f22-ba8f-7668a9c15c5a)
# 欢迎使用SRCMS
**SRCMS** 是一款安全应急响应与缺陷管理软件,致力于为大、中、小企业和组织提供“最敏捷、安全和美观的安全应急响应中心的建站解决方案,帮助企业建立属于自己的安全应急响应中心和体系”。有了SRCMS您就可以像使用Discuz!搭建论坛一样容易,为您的企业建立安全应急响应中心平台。
**SRCMS** 是一款安全应急响应与缺陷管理软件,致力于为大、中、小企业和组织提供“最敏捷、安全和美观的安全应急响应中心的建站解决方案,帮助企业建立属于自己的安全应急响应中心和体系”。
> * **项目维护** Martin Zhou
> * **官网**http://www.srcms.xyz
> * **最后更新日期**2017-05-31
> * **演示站点**http://www.srcms.xyz/demo/index.php
> * **项目开发/维护** Martin Zhou
## 授权说明
1. 任何人在未取得SRCMS开发者正式书面授权的情况下不得将SRCMS项目源代码或二次开发过的源代码用作商业出售用途否则将保留追究其法律责任的权利。
2. 使用SRCMS搭建站点或二次开发时请您在网页底部加注Powered By SRCMS的相关字样。如有特殊需求请您及时与我们联系获取首选。
## 免责说明
SRCMS仅为建站软件任何使用本建站程序搭建的网站其运营的内容所产生的法律纠纷与本项目以及本人无关。
## 运行配置说明
* 第一步在本页面下载SRCMS源代码
* 第二步将SRCMS释放至网站根目录并在\Application\Common\Conf\db.php中编辑与数据库相关的配置
* 第三步:进入\Application\User\Controller\PostController.class.php第63行修改报告提交提示邮箱信息。
* 至此所有初始配置已经全部完成
## 版本更新日志
##### 2017-05-31建议等级重要
* **修复** 荣誉榜排行顺序问题
* **修复** 站点名称和简介无法配置的问题
* **修复** 荣誉榜团队无法编辑的问题
* **删除** Ueditor存在漏洞的截屏插件
##### 2017-02-03建议等级推荐更新
* **新增** SRCMS V2开发版
## 重要提示
**SRCMS已合入腾讯xSRC开源版维护推荐您及时切换更新获得最新特性及安全支持。**
<br/>下载地址https://security.tencent.com/opensource/detail/19
## BUG提交说明
如果您在使用本框架或是二次开发中发现任何SRCMS的问题欢迎迎通过Github的issue功能将问题反馈Issue功能能够很好的帮助我们定位和跟踪问题的修复情况。
@@ -40,10 +14,9 @@ SRCMS仅为建站软件任何使用本建站程序搭建的网站其运营的
## 致谢
在开发过程中SRCMS得益于广大开源项目和开发者们的帮助和支持,在此向下面的开发者们致谢:
* [ThinkPHP](http://www.thinkphp.cn/)
* 奇安信CodeSafehttps://www.codesafe.cn/#/home
* mramydnei
* Del技术菜鸟
* Blast
* Ivan
* 藏形匿影(挖财网)
&copy;<a href="https://github.com/CNSISMO" target="_blank">CNSISMO</a> 2016 - 2017

6
ThinkPHP/Tpl/dispatch_jump.tpl
View File

File diff suppressed because one or more lines are too long

6
ThinkPHP/Tpl/think_exception.tpl
View File

File diff suppressed because one or more lines are too long

2
admin.php
View File

@@ -15,7 +15,7 @@ if(version_compare(PHP_VERSION,'5.3.0','<')) die('require PHP > 5.3.0 !');
define('BIND_MODULE','Admin');
// 开启调试模式 建议开发阶段开启 部署阶段注释或者设为false
define('APP_DEBUG',False);
define('APP_DEBUG',True);
// 定义应用目录
define('APP_PATH','./Application/');

2
robots.txt
View File

@@ -1,5 +1,5 @@
#
# robots.txt for SRCMS V2 Community Version
# robots.txt for SRCMS V2.2 Community Version
#
User-agent: *