lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-14 20:40:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
340 Commits 1 Branch 0 Tags
f9e4bcbac480bf86b179c7b955d7da34941a706a
Commit Graph

136 Commits

Author SHA1 Message Date
xiaomlove
3eab502e31 new exam progress update logic 2021-06-12 23:21:40 +08:00
xiaomlove
4205978a68 Merge branch 'download_allow_passkey' into php8 2021-06-11 14:03:06 +08:00
xiaomlove
7d95a1d357 fix viewrequests.php warning 2021-06-11 13:54:45 +08:00
xiaomlove
aa5d1a7000 fix viewrequest.php undefined const error 2021-06-11 13:16:18 +08:00
xiaomlove
3bb15d6a41 Google Authenticator 2021-06-10 21:07:20 +08:00
xiaomlove
08617de9a8 支持 passkey 下载种子 2021-06-10 12:00:51 +08:00
xiaomlove
4b5e223498 improve torrent download url 2021-06-10 00:50:17 +08:00
xiaomlove
58e7fedb38 scrape.php remove benc_str() 2021-06-10 00:31:40 +08:00
xiaomlove
c771ff9ef1 migrations check if table exists 2021-06-09 15:11:02 +08:00
xiaomlove
5c4c2ccf8f fix rss download link + migrate bencode to rhilip/bencode 2021-06-09 02:23:09 +08:00
xiaomlove
bf49c8c298 add seeders and migrations + rhilip/bencode 2021-06-08 20:43:47 +08:00
xiaomlove
6361f96d62 rename: 2021-06-08 10:42:39 +08:00
xiaomlove
0e05e6c061 details.php add magic 2021-06-08 02:01:35 +08:00
xiaomlove
25db588c95 log not register torrent info_hash 2021-06-06 01:30:59 +08:00
xiaomlove
97d3de5e59 improve announce log, add current user 2021-06-06 01:03:33 +08:00
xiaomlove
4953674077 improve announce log, add $_GET 2021-06-06 00:51:48 +08:00
xiaomlove
781333e901 improve announce log 2021-06-06 00:40:28 +08:00
xiaomlove
6b7fb5000e fix https_announce_url 2021-06-05 22:41:27 +08:00
xiaomlove
2ce9f5105f sticky background color 2021-06-05 15:50:23 +08:00
xiaomlove
34a6c2e1f4 prepare for beta8 2021-06-04 21:04:12 +08:00
xiaomlove
96f78f6dd8 fix offers.php + update support enum 2021-06-04 10:26:34 +08:00
xiaomlove
cf4479ebea reset authkey + rss download link use downhash 2021-06-04 02:18:34 +08:00
xiaomlove
e25fddcbe0 fix message: invalid authkey 2021-06-03 21:18:36 +08:00
xiaomlove
ed68efeeea tracker support authkey 2021-06-03 21:13:59 +08:00
xiaomlove
5c77741e90 fix: reprot.php 2021-06-03 09:52:07 +08:00
xiaomlove
5fdeaafd9e torrent downhash encrypt by hashids 2021-06-02 19:01:28 +08:00
xiaomlove
1985585e22 downhash 2021-06-02 08:44:22 +08:00
xiaomlove
5760adc0c4 change torrent pos_state to varchar, support more sticky level 2021-06-01 01:28:46 +08:00
xiaomlove
3a54de8be7 add special section 2021-05-29 18:26:04 +08:00
xiaomlove
48259ab387 Merge branch 'promotion' into php8 2021-05-28 16:59:28 +08:00
xiaomlove
4e85c48c70 userdetails show vip until 2021-05-28 16:50:17 +08:00
xiaomlove
4cde957edb Merge branch 'promotion' into php8 2021-05-28 00:53:12 +08:00
xiaomlove
f45196c556 fix: cleanup 2021-05-27 14:11:44 +08:00
xiaomlove
5c4c1ddb92 Merge branch 'promotion' into php8 2021-05-27 00:23:49 +08:00
xiaomlove
d7690b45fd fix staff.php undefined constant 2021-05-27 00:21:14 +08:00
xiaomlove
a840633ff2 Merge branch 'promotion' into php8 2021-05-26 21:46:01 +08:00
xiaomlove
a4c9a40cdd increase main width to 1200 2021-05-26 21:38:39 +08:00
xiaomlove
f0e5ad5b6c add promotion 2021-05-26 20:56:03 +08:00
xiaomlove
51b3582090 searchbox model 2021-05-20 17:14:38 +08:00
CZ
ce05680219 修复3个安全漏洞 (#15) 
* 修复趣味盒未授权访问漏洞

趣味盒页面未做鉴权游客可以任意查看或发送内容

* 修复sql注入漏洞

* 修复sql注入 详见描述

代码第19行		if (!is_valid_id($class) && $class != 0)
如果class 为"sleep(5)" 虽然过不了is_valid_id校验 但是由于php 弱类型 非数字开头的字符串 最终会判断为 $class = 0 绕过了校验
另外建议is_valid_id 改为更直接的intval 将用户输入的的数据强制转换成int 防止sql注入
 2021-05-19 13:49:41 +08:00
xiaomlove
33e99516b6 torrent api + swip constants 2021-05-15 19:29:44 +08:00
xiaomlove
73f9920e1f enable user handle leechwarn 2021-05-15 12:59:59 +08:00
xiaomlove
682cf806d7 migrate disable&enable user basic 2021-05-15 03:21:06 +08:00
xiaomlove
6c85176e2f fix warning 2021-05-14 11:04:03 +08:00
xiaomlove
0742ed33f8 fix torrent_info.php 404 2021-05-14 01:20:41 +08:00
xiaomlove
514294530c fix warning: Undefined array key 2021-05-14 01:00:59 +08:00
xiaomlove
12b370f2e8 db structure add table user_ban_logs 2021-05-14 00:31:37 +08:00
xiaomlove
8963058463 add user ban log from cleanup.php 2021-05-13 21:31:09 +08:00
xiaomlove
70f1f31dcc user ban log 2021-05-12 13:45:00 +08:00
xiaomlove
0aa0d7afa7 invite after signup do not delete 2021-05-11 02:44:43 +08:00