github/CRMEB
1
0
Fork 0
mirror of https://github.com/crmeb/CRMEB.git synced 2025-12-12 11:09:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

删除有安全隐患的方法

Browse Source
This commit is contained in:
liaofei 2020-10-27 14:59:49 +08:00
parent 58b97e8fb5
commit 3cf1ba7dd1
2 changed files with 1 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crmeb/.version
View File

@ -1,2 +1,2 @@
version=CRMEB-DT v3.2.7 version=CRMEB-DTKY v3.2.8
version_code=134 version_code=134

127
crmeb/app/admin/controller/system/SystemUpgradeclient.php
View File

@ -69,24 +69,6 @@ class SystemUpgradeclient extends AuthController
Json::successful('ok', ['list' => $list, 'page' => input('post.page/d') + 1]); Json::successful('ok', ['list' => $list, 'page' => input('post.page/d') + 1]);
} }
//删除备份文件
public function setcopydel()
{
$post = input('post.');
if (!isset($post['id'])) Json::fail('删除备份文件失败缺少参数ID');
if (!isset($post['ids'])) Json::fail('删除备份文件失败缺少参数IDS');
$fileservice = new uService;
if (is_array($post['ids'])) {
foreach ($post['ids'] as $file) {
$fileservice->del_dir(app()->getRootPath() . 'public' . DS . 'copyfile' . $file);
}
}
if ($post['id']) {
$copyFile = app()->getRootPath() . 'public' . DS . 'copyfile' . $post['id'];
$fileservice->del_dir($copyFile);
}
Json::successful('删除成功');
}
public function get_new_version_conte() public function get_new_version_conte()
{ {
@ -99,113 +81,4 @@ class SystemUpgradeclient extends AuthController
return Json::fail('服务器异常'); return Json::fail('服务器异常');
} }
} }
//一键升级
public function auto_upgrad()
{
$prefix = config('database.prefix');
$fileservice = new uService;
$post = $this->request->post();
if (!isset($post['id'])) Json::fail('缺少参数ID');
$versionInfo = $fileservice->request_post(uService::$isNowVersion, ['id' => $post['id']]);
if ($versionInfo === null) Json::fail('服务器异常,请稍后再试');
if (isset($versionInfo['code']) && $versionInfo['code'] == 400) Json::fail(isset($versionInfo['msg']) ? $versionInfo['msg'] : '您暂时没有权限升级,请联系管理员!');
if (is_array($versionInfo) && isset($versionInfo['data'])) {
$list = $versionInfo['data'];
$id = [];
foreach ($list as $key => $val) {
$savefile = app()->getRootPath() . 'public' . DS . 'upgrade_lv';
//1检查远程下载文件并下载
if (($save_path = $fileservice->check_remote_file_exists($val['zip_name'], $savefile)) === false) Json::fail('远程升级包不存在');
//2首先解压文件
$savename = app()->getRootPath() . 'public' . DS . 'upgrade_lv' . DS . time();
$fileservice->zipopen($save_path, $savename);
//3执行SQL文件
Db::startTrans();
try {
//参数3不介意大小写的
$sqlfile = $fileservice->list_dir_info($savename . DS, true, 'sql');
if (is_array($sqlfile) && !empty($sqlfile)) {
foreach ($sqlfile as $file) {
if (file_exists($file)) {
//为一键安装做工作记得表前缀要改为[#DB_PREFIX#]哦
$execute_sql = explode(";\r", str_replace(['[#DB_PREFIX#]', "\n"], [$prefix, "\r"], file_get_contents($file)));
foreach ($execute_sql as $_sql) {
if ($query_string = trim(str_replace(array(
"\r",
"\n",
"\t"
), '', $_sql))) Db::execute($query_string);
}
//执行完sql记得删掉哦
$fileservice->unlink_file($file);
}
}
}
Db::commit();
} catch (\Exception $e) {
Db::rollback();
//删除解压下的文件
$fileservice->del_dir(app()->getRootPath() . 'public' . DS . 'upgrade_lv');
//删除压缩包
$fileservice->unlink_file($save_path);
//升级失败发送错误信息
$fileservice->request_post(uService::$isInsertLog, [
'content' => '升级失败,错误信息为:' . $e->getMessage(),
'add_time' => time(),
'ip' => $this->request->ip(),
'http' => $this->request->domain(),
'type' => 'error',
'version' => $val['version']
]);
return Json::fail('升级失败SQL文件执行有误');
}
//4,备份文件
$copyFile = app()->getRootPath() . 'public' . DS . 'copyfile' . $val['id'];
$copyList = $fileservice->get_dirs($savename . DS);
if (isset($copyList['dir'])) {
if ($copyList['dir'][0] == '.' && $copyList['dir'][1] == '..') {
array_shift($copyList['dir']);
array_shift($copyList['dir']);
}
foreach ($copyList['dir'] as $dir) {
if (file_exists(app()->getRootPath() . $dir, $copyFile . DS . $dir)) {
$fileservice->copy_dir(app()->getRootPath() . $dir, $copyFile . DS . $dir);
}
}
}
//5覆盖文件
$fileservice->handle_dir($savename, app()->getRootPath());
//6,删除升级生成的目录
$fileservice->del_dir(app()->getRootPath() . 'public' . DS . 'upgrade_lv');
//7,删除压缩包
$fileservice->unlink_file($save_path);
//8,改写本地升级文件
$handle = fopen(app()->getRootPath() . '.version', 'w+');
if ($handle === false) Json::fail(app()->getRootPath() . '.version' . '无法写入打开');
$content = <<<EOT
version={$val['version']}
version_code={$val['id']}
EOT;
if (fwrite($handle, $content) === false) Json::fail('升级包写入失败');
fclose($handle);
//9,向服务端发送升级日志
$posts = [
'ip' => $this->request->ip(),
'https' => $this->request->domain(),
'update_time' => time(),
'content' => '一键升级成功,升级版本号为:' . $val['version'] . '。版本code为' . $val['id'],
'type' => 'log',
'versionbefor' => $this->serverweb['version'],
'versionend' => $val['version']
];
$inset = $fileservice->request_post(uService::$isInsertLog, $posts);
$id[] = $val['id'];
}
//10,升级完成
Json::successful('升级成功', ['code' => end($id), 'version' => $val['version']]);
} else {
Json::fail('服务器异常,请稍后再试');
}
}
} }