baijunyao / thinkphp-bjyblog Goto Github PK

请将项目内的所有文件直接放在根目录下；不要多层目录；
例如正确：www/;错误：www/thinkbjy/；
后台登录密码默认为admin；
如果确认开启了mod_rewrite
请将/Application/Common/Conf/config.php中的URL_MODEL改为2以优化url
未开启路由：http://baijunyao.com/index.php/Home/Index/article/aid/60
开启路由后：http://baijunyao.com/article/60
把根目录下的robots.txt中的baijunyao.com改为自己的域名；
可以在用户管理中；将第三方账号标记为站长；然后后台就必须使用第三方账号登录以增强安全性；

针对thinkphp的改进优化；

修复tinkphp的session设置周期无效的bug；
自定义标签 /Application/Common/Tag/My.class.php；
将html视图页面分离；

项目介绍

前台基于boostrap的响应式页面布局适配手机和平板；
带表情的ajax无限级评论系统；
PHPMail邮件系统；
QQ、微博、豆瓣、人人、开心网等第三方登录；
ueditor 百度富文本编辑器；
font-awesome；
iCheck；

商业友好的开源协议

bjyblog遵循Apache2开源协议发布。Apache Licence是著名的非盈利开源组织Apache采用的协议。该协议和BSD类似，鼓励代码共享和尊重原作者的著作权，同样允许代码修改，再作为开源或商业软件发布。

thinkphp-bjyblog's People

Contributors

Stargazers

Watchers

Forkers

im286er cnnix songboriceboy thinkphps kevin2653 xuelixiang baitongda jzxyouok barbequebbq doc2git ledudu izhengwenzhou zitingxiang ljh562778946 gitzwt hitcszq davidwang666 skykiah fengyuwusong zhangyiding ly085233 jansusea creationlee loveyuxiang mydreammyway leamiko mayer2014 guanghong2012 y-s-y 1099438829 williamdoc jianingguo dongdx 1012894421 yangshaoyang frostsky adamin1990 tracy3000 gg1122 lzp5256 cnoldtree shijianyang 2015phper feixi centmaster onetip jason-kevin silent-farewell wxj630 wjw1234 rookieprogrammer521 daisy-12 helloqingbing satoryotnt witosmart adwindone waiguajie qt1280 riellyand refreshu tophp canxiaochen vfxpi ibstelix maccarty-dw foxqf jaywencoder alanjoe0124 filbuk cyz492824093 yosang003 luluorchid afgnsu twogo 1184139881 myandroid007 wang123am qulinke1230 lg0427 river291 seven365 raoley longshaoye adamlu1992 xifat engineerthomas senyong pcjhope hxsam nottellyou zhanshen1614 jasonguitar longdongzhiye99 gyp719 schulyer joql wtree lorock nonvolatilememory linux1988

thinkphp-bjyblog's Issues

兄台，请标注一下是基于3.2.3的

Third party login ? More informations ?

Hello ,

Well , first of all i want to thank you for the hard work , I liked your blog so much , I've one question if you don't mind !

I want to modify the Third party login , i want to use only Facebook & Github , could you please guide me to find the path to modify these things ?

Possible XSS vulnerability

Hello,

I would like to report XSS vulnerability.

In file AdminBaseController.class.php
line 20

redirect(U('Admin/Login/login'));

In file https://github.com/baijunyao/thinkphp-bjyblog/blob/master/ThinkPHP/Mode/Api/functions.php

line 869 function U

$domain = $host.(strpos($host,'.')?'':strstr($_SERVER['HTTP_HOST'],'.'));

function U

// line 999
$url   =  (is_ssl()?'https://':'http://').$domain.$url;
// line 1003
return $url;

function redirect

// line 694
$url        = str_replace(array("\n", "\r"), '', $url);
// line 707
$str    = "<meta http-equiv='Refresh' content='{$time};URL={$url}'>";
// line 709
exit($str);

exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST']. Then there is XSS vulnerability.

baijunyao / thinkphp-bjyblog Goto Github PK

thinkphp-bjyblog's Introduction

链接

相关链接

简介

使用说明