mirror of
https://github.com/crmeb/CRMEB.git
synced 2025-12-10 17:42:50 +00:00
删除有安全隐患的方法
This commit is contained in:
liaofei
parent
58b97e8fb5
commit
3cf1ba7dd1
@ -1,2 +1,2 @@
|
||||
version=CRMEB-DT v3.2.7
|
||||
version=CRMEB-DTKY v3.2.8
|
||||
version_code=134
|
||||
@ -69,24 +69,6 @@ class SystemUpgradeclient extends AuthController
|
||||
Json::successful('ok', ['list' => $list, 'page' => input('post.page/d') + 1]);
|
||||
}
|
||||
|
||||
//删除备份文件
|
||||
public function setcopydel()
|
||||
{
|
||||
$post = input('post.');
|
||||
if (!isset($post['id'])) Json::fail('删除备份文件失败,缺少参数ID');
|
||||
if (!isset($post['ids'])) Json::fail('删除备份文件失败,缺少参数IDS');
|
||||
$fileservice = new uService;
|
||||
if (is_array($post['ids'])) {
|
||||
foreach ($post['ids'] as $file) {
|
||||
$fileservice->del_dir(app()->getRootPath() . 'public' . DS . 'copyfile' . $file);
|
||||
}
|
||||
}
|
||||
if ($post['id']) {
|
||||
$copyFile = app()->getRootPath() . 'public' . DS . 'copyfile' . $post['id'];
|
||||
$fileservice->del_dir($copyFile);
|
||||
}
|
||||
Json::successful('删除成功');
|
||||
}
|
||||
|
||||
public function get_new_version_conte()
|
||||
{
|
||||
@ -99,113 +81,4 @@ class SystemUpgradeclient extends AuthController
|
||||
return Json::fail('服务器异常');
|
||||
}
|
||||
}
|
||||
|
||||
//一键升级
|
||||
public function auto_upgrad()
|
||||
{
|
||||
$prefix = config('database.prefix');
|
||||
$fileservice = new uService;
|
||||
$post = $this->request->post();
|
||||
if (!isset($post['id'])) Json::fail('缺少参数ID');
|
||||
$versionInfo = $fileservice->request_post(uService::$isNowVersion, ['id' => $post['id']]);
|
||||
if ($versionInfo === null) Json::fail('服务器异常,请稍后再试');
|
||||
if (isset($versionInfo['code']) && $versionInfo['code'] == 400) Json::fail(isset($versionInfo['msg']) ? $versionInfo['msg'] : '您暂时没有权限升级,请联系管理员!');
|
||||
if (is_array($versionInfo) && isset($versionInfo['data'])) {
|
||||
$list = $versionInfo['data'];
|
||||
$id = [];
|
||||
foreach ($list as $key => $val) {
|
||||
$savefile = app()->getRootPath() . 'public' . DS . 'upgrade_lv';
|
||||
//1,检查远程下载文件,并下载
|
||||
if (($save_path = $fileservice->check_remote_file_exists($val['zip_name'], $savefile)) === false) Json::fail('远程升级包不存在');
|
||||
//2,首先解压文件
|
||||
$savename = app()->getRootPath() . 'public' . DS . 'upgrade_lv' . DS . time();
|
||||
$fileservice->zipopen($save_path, $savename);
|
||||
//3,执行SQL文件
|
||||
Db::startTrans();
|
||||
try {
|
||||
//参数3不介意大小写的
|
||||
$sqlfile = $fileservice->list_dir_info($savename . DS, true, 'sql');
|
||||
if (is_array($sqlfile) && !empty($sqlfile)) {
|
||||
foreach ($sqlfile as $file) {
|
||||
if (file_exists($file)) {
|
||||
//为一键安装做工作记得表前缀要改为[#DB_PREFIX#]哦
|
||||
$execute_sql = explode(";\r", str_replace(['[#DB_PREFIX#]', "\n"], [$prefix, "\r"], file_get_contents($file)));
|
||||
foreach ($execute_sql as $_sql) {
|
||||
if ($query_string = trim(str_replace(array(
|
||||
"\r",
|
||||
"\n",
|
||||
"\t"
|
||||
), '', $_sql))) Db::execute($query_string);
|
||||
}
|
||||
//执行完sql记得删掉哦
|
||||
$fileservice->unlink_file($file);
|
||||
}
|
||||
}
|
||||
}
|
||||
Db::commit();
|
||||
} catch (\Exception $e) {
|
||||
Db::rollback();
|
||||
//删除解压下的文件
|
||||
$fileservice->del_dir(app()->getRootPath() . 'public' . DS . 'upgrade_lv');
|
||||
//删除压缩包
|
||||
$fileservice->unlink_file($save_path);
|
||||
//升级失败发送错误信息
|
||||
$fileservice->request_post(uService::$isInsertLog, [
|
||||
'content' => '升级失败,错误信息为:' . $e->getMessage(),
|
||||
'add_time' => time(),
|
||||
'ip' => $this->request->ip(),
|
||||
'http' => $this->request->domain(),
|
||||
'type' => 'error',
|
||||
'version' => $val['version']
|
||||
]);
|
||||
return Json::fail('升级失败SQL文件执行有误');
|
||||
}
|
||||
//4,备份文件
|
||||
$copyFile = app()->getRootPath() . 'public' . DS . 'copyfile' . $val['id'];
|
||||
$copyList = $fileservice->get_dirs($savename . DS);
|
||||
if (isset($copyList['dir'])) {
|
||||
if ($copyList['dir'][0] == '.' && $copyList['dir'][1] == '..') {
|
||||
array_shift($copyList['dir']);
|
||||
array_shift($copyList['dir']);
|
||||
}
|
||||
foreach ($copyList['dir'] as $dir) {
|
||||
if (file_exists(app()->getRootPath() . $dir, $copyFile . DS . $dir)) {
|
||||
$fileservice->copy_dir(app()->getRootPath() . $dir, $copyFile . DS . $dir);
|
||||
}
|
||||
}
|
||||
}
|
||||
//5,覆盖文件
|
||||
$fileservice->handle_dir($savename, app()->getRootPath());
|
||||
//6,删除升级生成的目录
|
||||
$fileservice->del_dir(app()->getRootPath() . 'public' . DS . 'upgrade_lv');
|
||||
//7,删除压缩包
|
||||
$fileservice->unlink_file($save_path);
|
||||
//8,改写本地升级文件
|
||||
$handle = fopen(app()->getRootPath() . '.version', 'w+');
|
||||
if ($handle === false) Json::fail(app()->getRootPath() . '.version' . '无法写入打开');
|
||||
$content = <<<EOT
|
||||
version={$val['version']}
|
||||
version_code={$val['id']}
|
||||
EOT;
|
||||
if (fwrite($handle, $content) === false) Json::fail('升级包写入失败');
|
||||
fclose($handle);
|
||||
//9,向服务端发送升级日志
|
||||
$posts = [
|
||||
'ip' => $this->request->ip(),
|
||||
'https' => $this->request->domain(),
|
||||
'update_time' => time(),
|
||||
'content' => '一键升级成功,升级版本号为:' . $val['version'] . '。版本code为:' . $val['id'],
|
||||
'type' => 'log',
|
||||
'versionbefor' => $this->serverweb['version'],
|
||||
'versionend' => $val['version']
|
||||
];
|
||||
$inset = $fileservice->request_post(uService::$isInsertLog, $posts);
|
||||
$id[] = $val['id'];
|
||||
}
|
||||
//10,升级完成
|
||||
Json::successful('升级成功', ['code' => end($id), 'version' => $val['version']]);
|
||||
} else {
|
||||
Json::fail('服务器异常,请稍后再试');
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user