lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-18 15:50:50 +08:00
Code Issues Packages Projects Releases Wiki Activity
251 Commits 1 Branch 0 Tags
ce05680219d3dddb7f274d4170e479264979efbb
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
CZ ce05680219 修复3个安全漏洞 (#15) 
* 修复趣味盒未授权访问漏洞

趣味盒页面未做鉴权游客可以任意查看或发送内容

* 修复sql注入漏洞

* 修复sql注入 详见描述

代码第19行		if (!is_valid_id($class) && $class != 0)
如果class 为"sleep(5)" 虽然过不了is_valid_id校验 但是由于php 弱类型 非数字开头的字符串 最终会判断为 $class = 0 绕过了校验
另外建议is_valid_id 改为更直接的intval 将用户输入的的数据强制转换成int 防止sql注入
2021-05-19 13:49:41 +08:00
_db
db structure add table user_ban_logs
2021-05-14 00:31:37 +08:00
_doc
prepare to v1.6
2021-01-28 20:37:35 +08:00
admin
api add page_title
2021-05-18 02:37:39 +08:00
app
api add page_title
2021-05-18 02:37:39 +08:00
attachments
init
2020-12-26 01:42:23 +08:00
bitbucket
init
2020-12-26 01:42:23 +08:00
bootstrap
define constant fix
2021-05-16 02:57:00 +08:00
classes
db structure add table user_ban_logs
2021-05-14 00:31:37 +08:00
config
api add page_title
2021-05-18 02:37:39 +08:00
database
user ban log
2021-05-12 13:45:00 +08:00
imdb
fix imdb in new structure
2021-01-14 20:44:24 +08:00
include
api add page_title
2021-05-18 02:37:39 +08:00
lang
migrate disable&enable user basic
2021-05-15 03:21:06 +08:00
nexus
admin setting backup + backupCronjob
2021-05-15 01:24:44 +08:00
public
修复3个安全漏洞 (#15)
2021-05-19 13:49:41 +08:00
resources
api add page_title
2021-05-18 02:37:39 +08:00
routes
Dashboard
2021-05-17 21:07:50 +08:00
storage
integrate laravel framework
2021-04-02 19:48:41 +08:00
subs
init
2020-12-26 01:42:23 +08:00
tests
integrate laravel framework
2021-04-02 19:48:41 +08:00
torrents
init
2020-12-26 01:42:23 +08:00
.editorconfig
integrate laravel framework
2021-04-02 19:48:41 +08:00
.env.example
add-filesystem-google-drive
2021-05-10 20:05:52 +08:00
.gitattributes
integrate laravel framework
2021-04-02 19:48:41 +08:00
.gitignore
integrate laravel framework
2021-04-02 19:48:41 +08:00
.htaccess
init
2020-12-26 01:42:23 +08:00
.styleci.yml
integrate laravel framework
2021-04-02 19:48:41 +08:00
artisan
integrate laravel framework
2021-04-02 19:48:41 +08:00
composer.json
add-filesystem-google-drive
2021-05-10 20:05:52 +08:00
composer.lock
add-filesystem-google-drive
2021-05-10 20:05:52 +08:00
LICENSE
init
2020-12-26 01:42:23 +08:00
package.json
integrate laravel framework
2021-04-02 19:48:41 +08:00
phpunit.xml
integrate laravel framework
2021-04-02 19:48:41 +08:00
README.md
fix email encode and format
2021-02-02 20:27:37 +08:00
server.php
integrate laravel framework
2021-04-02 19:48:41 +08:00
webpack.mix.js
integrate laravel framework
2021-04-02 19:48:41 +08:00

README.md

Doc

Visit here

Reference in New Issue View Git Blame Copy Permalink
Description
A private tracker application base on NexusPHP
Readme GPL-2.0 29 MiB
Languages
PHP 99.7%
Blade 0.2%