收紧输入渲染与后台配置权限

2026-04-19 14:43:02 +08:00
parent ba6406ed68
commit 438241e878
12 changed files with 550 additions and 48 deletions
@@ -17,27 +17,39 @@
            </div>
        @endif

+        <div class="mx-6 mt-4 p-3 bg-amber-50 border border-amber-200 rounded-lg text-amber-800 text-sm">
+            通用系统参数页仅维护低敏公共配置；SMTP、VIP 支付、微信机器人、AI 机器人等站长专属敏感项已迁移到各自独立页面。
+        </div>
+
        <div class="p-6">
            <form action="{{ route('admin.system.update') }}" method="POST">
                @csrf
                @method('PUT')

                <div class="space-y-6 max-w-2xl">
-                    @foreach ($params as $alias => $body)
+                    @forelse ($params as $alias => $body)
+                        @php
+                            $fieldValue = (string) $body;
+                            $shouldUseTextarea = strlen($fieldValue) > 50 || str_contains($fieldValue, "\n") || str_contains($fieldValue, '<');
+                        @endphp
                        <div>
                            <label class="block text-sm font-bold text-gray-700 mb-2">
                                {{ $descriptions[$alias] ?? $alias }}
                                <span class="text-gray-400 font-normal ml-2">[{{ $alias }}]</span>
                            </label>
-                            @if (strlen($body) > 50 || str_contains($body, "\n") || str_contains($body, '<'))
+                            @if ($shouldUseTextarea)
                                <textarea name="{{ $alias }}" rows="4"
-                                    class="w-full border-gray-300 rounded-md shadow-sm focus:border-indigo-500 focus:ring-indigo-500 p-2.5 bg-gray-50 border whitespace-pre-wrap">{{ $body }}</textarea>
+                                    class="w-full border-gray-300 rounded-md shadow-sm focus:border-indigo-500 focus:ring-indigo-500 p-2.5 bg-gray-50 border whitespace-pre-wrap">{{ $fieldValue }}</textarea>
                            @else
-                                <input type="text" name="{{ $alias }}" value="{{ $body }}"
+                                <input type="text" name="{{ $alias }}" value="{{ $fieldValue }}"
                                    class="w-full border-gray-300 rounded-md shadow-sm focus:border-indigo-500 focus:ring-indigo-500 p-2.5 bg-gray-50 border">
                            @endif
                        </div>
-                    @endforeach
+                    @empty
+                        <div class="rounded-lg border border-dashed border-gray-300 bg-gray-50 px-4 py-6 text-sm text-gray-500">
+                            当前没有可在通用系统页维护的公共参数，请前往对应专属配置页处理敏感模块参数。
+                        </div>
+                    @endforelse
                </div>

                <div class="mt-8 pt-6 border-t flex space-x-3">