lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-15 05:00:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
267 Commits 1 Branch 0 Tags
4cde957edbde190a2e173abc217bae63f45e669d
Commit Graph

105 Commits

Author SHA1 Message Date
xiaomlove
4cde957edb Merge branch 'promotion' into php8 2021-05-28 00:53:12 +08:00
xiaomlove
f45196c556 fix: cleanup 2021-05-27 14:11:44 +08:00
xiaomlove
5c4c1ddb92 Merge branch 'promotion' into php8 2021-05-27 00:23:49 +08:00
xiaomlove
d7690b45fd fix staff.php undefined constant 2021-05-27 00:21:14 +08:00
xiaomlove
a840633ff2 Merge branch 'promotion' into php8 2021-05-26 21:46:01 +08:00
xiaomlove
a4c9a40cdd increase main width to 1200 2021-05-26 21:38:39 +08:00
xiaomlove
f0e5ad5b6c add promotion 2021-05-26 20:56:03 +08:00
xiaomlove
51b3582090 searchbox model 2021-05-20 17:14:38 +08:00
CZ
ce05680219 修复3个安全漏洞 (#15) 
* 修复趣味盒未授权访问漏洞

趣味盒页面未做鉴权游客可以任意查看或发送内容

* 修复sql注入漏洞

* 修复sql注入 详见描述

代码第19行		if (!is_valid_id($class) && $class != 0)
如果class 为"sleep(5)" 虽然过不了is_valid_id校验 但是由于php 弱类型 非数字开头的字符串 最终会判断为 $class = 0 绕过了校验
另外建议is_valid_id 改为更直接的intval 将用户输入的的数据强制转换成int 防止sql注入
 2021-05-19 13:49:41 +08:00
xiaomlove
33e99516b6 torrent api + swip constants 2021-05-15 19:29:44 +08:00
xiaomlove
73f9920e1f enable user handle leechwarn 2021-05-15 12:59:59 +08:00
xiaomlove
682cf806d7 migrate disable&enable user basic 2021-05-15 03:21:06 +08:00
xiaomlove
6c85176e2f fix warning 2021-05-14 11:04:03 +08:00
xiaomlove
0742ed33f8 fix torrent_info.php 404 2021-05-14 01:20:41 +08:00
xiaomlove
514294530c fix warning: Undefined array key 2021-05-14 01:00:59 +08:00
xiaomlove
12b370f2e8 db structure add table user_ban_logs 2021-05-14 00:31:37 +08:00
xiaomlove
8963058463 add user ban log from cleanup.php 2021-05-13 21:31:09 +08:00
xiaomlove
70f1f31dcc user ban log 2021-05-12 13:45:00 +08:00
xiaomlove
0aa0d7afa7 invite after signup do not delete 2021-05-11 02:44:43 +08:00
xiaomlove
fa57e78c74 backup add feature: upload to google drive 2021-05-11 01:41:58 +08:00
xiaomlove
3e4471f533 add-filesystem-google-drive 2021-05-10 20:05:52 +08:00
xiaomlove
3853b95adc fix location.php config() error 2021-05-07 02:33:17 +08:00
xiaomlove
ca07078415 update exam progress seed bonus 2021-05-05 22:28:19 +08:00
xiaomlove
9be4043031 invite signup check code's owner 2021-05-04 14:21:18 +08:00
xiaomlove
a46256e019 tracker support ipv6 2021-05-01 02:02:01 +08:00
xiaomlove
a1972ea288 [exam] add progress 2021-04-29 02:52:22 +08:00
xiaomlove
959db3cff2 reset-admin 2021-04-21 19:54:50 +08:00
xiaomlove
c7a6616618 nexus clients 2021-04-21 00:07:32 +08:00
xiaomlove
e48461546f integrate laravel framework 2021-04-02 19:48:41 +08:00
xiaomlove
de95d1dc0a allagents.php show counts 2021-03-31 16:40:15 +08:00
xiaomlove
4e7fb39d90 fix common undefined constant error 2021-03-31 03:17:33 +08:00
xiaomlove
32dee2d6e3 fix common undefined constant error 2021-03-30 00:03:10 +08:00
xiaomlove
91bede53df fix bookmark.php 2021-03-25 18:30:23 +08:00
xiaomlove
af243af07e fix viewsnatches.php 2021-03-21 21:02:55 +08:00
xiaomlove
be5d3bbded fix details.php viewinfo id 2021-03-21 13:56:11 +08:00
xiaomlove
fab59c1f5b add custom field to staffpanel 2021-03-18 20:32:35 +08:00
xiaomlove
428ebd85b8 custom fields i18n finish 2021-03-18 02:01:12 +08:00
xiaomlove
17c9ed60aa add technical info i18n 2021-03-17 19:38:33 +08:00
xiaomlove
f341901def fix parse_imdb_id() 2021-03-17 18:46:40 +08:00
xiaomlove
7f1b97a4d8 custom field cancel file 2021-03-17 01:21:35 +08:00
xiaomlove
74e84d475f Merge remote-tracking branch 'refs/remotes/origin/php8' into php8 2021-03-16 23:29:26 +08:00
xiaomlove
7e72392356 technicial info 2021-03-16 23:28:37 +08:00
xiaomlove
a17c573be0 progress-bar 2021-03-16 21:12:27 +08:00
xiaomlove
6cd63a1791 Merge remote-tracking branch 'refs/remotes/origin/php8' into php8 2021-03-12 20:51:09 +08:00
xiaomlove
882d677960 clean up add log 2021-03-12 20:50:55 +08:00
xiaomlove
11736393f1 add save attachment 2021-03-09 22:22:23 +08:00
xiaomlove
cb4e5e5eb5 fix getSchemeAndHttpHost() 2021-03-05 19:43:40 +08:00
xiaomlove
bdefe4d30b Index do not show hot and classic 2021-03-05 02:07:06 +08:00
xiaomlove
f4c402a87b improve custom fields and add function displayHotAndClassic() 2021-03-05 02:05:27 +08:00
xiaomlove
ee6660f9a8 Merge remote-tracking branch 'refs/remotes/origin/php8' into php8 2021-03-04 20:44:12 +08:00