thinkphp安全更新

install.sql

@@ -79,7 +79,7 @@ INSERT INTO `lsky_config` (`id`, `key`, `type`, `input_type`, `name`, `title`, `
 (38, 'upyun', 'text', 'text', 'upyun_operator_name', 'OperatorName', '操作员账号', '', ''),
 (39, 'upyun', 'text', 'password', 'upyun_operator_pwd', 'OperatorPwd', '操作员密码', '', ''),
 (40, 'upyun', 'text', 'text', 'upyun_service_name', 'ServiceName', '云储存服务名称', '', ''),
-(41, '', 'text', 'text', 'system_version', '系统版本', NULL, '1.3.2', ''),
+(41, '', 'text', 'text', 'system_version', '系统版本', NULL, '1.3.3', ''),
 
 
 (42, 'audit', 'bool', 'checkbox', 'open_audit', '开启图片鉴黄', '鉴黄接口申请地址：https://www.moderatecontent.com', '0', ''),

thinkphp/helper.php

@@ -313,9 +313,9 @@ function debug($start, $end = '', $dec = 6)
      * @param integer $expire 有效期（秒）
      * @return \think\response\Download
      */
-    function download($filename, $name = '', $content = false, $expire = 180)
+    function download($filename, $name = '', $content = false, $expire = 360, $openinBrower = false)
     {
-        return Response::create($filename, 'download')->name($name)->isContent($content)->expire($expire);
+        return Response::create($filename, 'download')->name($name)->isContent($content)->expire($expire)->openinBrower($openinBrower);
     }
 }
 

thinkphp/library/think/App.php

@@ -20,7 +20,7 @@
  */
 class App extends Container
 {
-    const VERSION = '5.1.30 LTS';
+    const VERSION = '5.1.31 LTS';
 
     /**
      * 当前模块路径

thinkphp/library/think/db/Query.php

@@ -656,9 +656,9 @@ public function count($field = '*')
                 $query->fetchSql(true);
             }
 
-            $count = $query->aggregate('COUNT', '*');
+            $count = $query->aggregate('COUNT', '*', true);
         } else {
-            $count = $this->aggregate('COUNT', $field);
+            $count = $this->aggregate('COUNT', $field, true);
         }
 
         return is_string($count) ? $count : (int) $count;
@@ -1008,11 +1008,13 @@ public function field($field, $except = false, $tableName = '', $prefix = '', $a
         if ($tableName) {
             // 添加统一的前缀
             $prefix = $prefix ?: $tableName;
-            foreach ($field as $key => $val) {
-                if (is_numeric($key)) {
-                    $val = $prefix . '.' . $val . ($alias ? ' AS ' . $alias . $val : '');
+            foreach ($field as $key => &$val) {
+                if (is_numeric($key) && $alias) {
+                    $field[$prefix . '.' . $val] = $alias . $val;
+                    unset($field[$key]);
+                } elseif (is_numeric($key)) {
+                    $val = $prefix . '.' . $val;
                 }
-                $field[$key] = $val;
             }
         }
 
@@ -3548,6 +3550,10 @@ public function buildSql($sub = true)
      */
     protected function parseView(&$options)
     {
+        if (!isset($options['map'])) {
+            return;
+        }
+
         foreach (['AND', 'OR'] as $logic) {
             if (isset($options['where'][$logic])) {
                 foreach ($options['where'][$logic] as $key => $val) {

thinkphp/library/think/db/connector/Sqlsrv.php

@@ -56,6 +56,8 @@ protected function parseDsn($config)
     public function getFields($tableName)
     {
         list($tableName) = explode(' ', $tableName);
+        $tableNames      = explode('.', $tableName);
+        $tableName       = isset($tableNames[1]) ? $tableNames[1] : $tableNames[0];
 
         $sql = "SELECT   column_name,   data_type,   column_default,   is_nullable
         FROM    information_schema.tables AS t

thinkphp/library/think/model/relation/BelongsToMany.php

@@ -559,7 +559,7 @@ public function attach($data, $pivot = [])
 
             foreach ($ids as $id) {
                 $pivot[$this->foreignKey] = $id;
-                $this->pivot->insert($pivot, true);
+                $this->pivot->replace()->save($pivot);
                 $result[] = $this->newPivot($pivot, true);
             }
 

thinkphp/library/think/model/relation/HasMany.php

@@ -240,6 +240,18 @@ protected function eagerlyOneToMany($where, $relation, $subRelation = '', $closu
      * @return Model|false
      */
     public function save($data, $replace = true)
+    {
+        $model = $this->make($data);
+
+        return $model->replace($replace)->save() ? $model : false;
+    }
+
+    /**
+     * 创建关联对象实例
+     * @param array $data
+     * @return Model
+     */
+    public function make($data = [])
     {
         if ($data instanceof Model) {
             $data = $data->getData();
@@ -248,9 +260,7 @@ public function save($data, $replace = true)
         // 保存关联表数据
         $data[$this->foreignKey] = $this->parent->{$this->localKey};
 
-        $model = new $this->model;
-
-        return $model->replace($replace)->save($data) ? $model : false;
+        return new $this->model($data);
     }
 
     /**

thinkphp/library/think/model/relation/MorphMany.php

@@ -272,10 +272,22 @@ protected function eagerlyMorphToMany($where, $relation, $subRelation = '', $clo
     /**
      * 保存（新增）当前关联数据对象
      * @access public
-     * @param  mixed $data 数据 可以使用数组 关联模型对象 和 关联对象的主键
+     * @param  mixed $data 数据
      * @return Model|false
      */
     public function save($data)
+    {
+        $model = $this->make($data);
+
+        return $model->save($data) ? $model : false;
+    }
+
+    /**
+     * 创建关联对象实例
+     * @param array $data
+     * @return Model
+     */
+    public function make($data = [])
     {
         if ($data instanceof Model) {
             $data = $data->getData();
@@ -284,12 +296,10 @@ public function save($data)
         // 保存关联表数据
         $pk = $this->parent->getPk();
 
-        $model = new $this->model;
-
         $data[$this->morphKey]  = $this->parent->$pk;
         $data[$this->morphType] = $this->type;
 
-        return $model->save($data) ? $model : false;
+        return new $this->model($data);
     }
 
     /**

thinkphp/library/think/model/relation/MorphOne.php

@@ -206,22 +206,33 @@ protected function eagerlyMorphToOne($where, $relation, $subRelation = '', $clos
     /**
      * 保存（新增）当前关联数据对象
      * @access public
-     * @param  mixed $data 数据 可以使用数组 关联模型对象 和 关联对象的主键
+     * @param mixed $data 数据
      * @return Model|false
      */
     public function save($data)
+    {
+        $model = $this->make($data);
+        return $model->save() ? $model : false;
+    }
+
+    /**
+     * 创建关联对象实例
+     * @param array $data
+     * @return Model
+     */
+    public function make($data = [])
     {
         if ($data instanceof Model) {
             $data = $data->getData();
         }
+
         // 保存关联表数据
         $pk = $this->parent->getPk();
 
-        $model = new $this->model;
-
         $data[$this->morphKey]  = $this->parent->$pk;
         $data[$this->morphType] = $this->type;
-        return $model->save($data) ? $model : false;
+
+        return new $this->model($data);
     }
 
     /**

thinkphp/library/think/response/Download.php

@@ -20,7 +20,7 @@ class Download extends Response
     protected $name;
     protected $mimeType;
     protected $isContent = false;
-
+    protected $openinBrower = false;
     /**
      * 处理数据
      * @access protected
@@ -53,7 +53,7 @@ protected function output($data)
         $this->header['Pragma']                    = 'public';
         $this->header['Content-Type']              = $mimeType ?: 'application/octet-stream';
         $this->header['Cache-control']             = 'max-age=' . $this->expire;
-        $this->header['Content-Disposition']       = 'attachment; filename="' . $name . '"';
+        $this->header['Content-Disposition']       = $this->openinBrower ? 'inline' : 'attachment; filename="' . $name . '"';
         $this->header['Content-Length']            = $size;
         $this->header['Content-Transfer-Encoding'] = 'binary';
         $this->header['Expires']                   = gmdate("D, d M Y H:i:s", time() + $this->expire) . ' GMT';
@@ -134,4 +134,15 @@ public function name($filename, $extension = true)
 
         return $this;
     }
+
+    /**
+     * 设置是否在浏览器中显示文件
+     * @access public
+     * @param  bool  $openinBrower 是否在浏览器中显示文件
+     * @return $this
+     */
+    public function openinBrower($openinBrower) {
+        $this->openinBrower = $openinBrower;
+        return $this;
+    }
 }

thinkphp/library/think/route/dispatch/Module.php

@@ -67,7 +67,12 @@ public function init()
         // 是否自动转换控制器和操作名
         $convert = is_bool($this->convert) ? $this->convert : $this->rule->getConfig('url_convert');
         // 获取控制器名
-        $controller       = strip_tags($result[1] ?: $this->rule->getConfig('default_controller'));
+        $controller = strip_tags($result[1] ?: $this->rule->getConfig('default_controller'));
+
+        if (!preg_match('/^[A-Za-z](\w|\.)*$/', $controller)) {
+            throw new HttpException(404, 'controller not exists:' . $controller);
+        }
+
         $this->controller = $convert ? strtolower($controller) : $controller;
 
         // 获取操作名

thinkphp/library/think/template/TagLib.php

@@ -298,7 +298,7 @@ public function parseAttr($str, $name, $alias = '')
      */
     public function parseCondition($condition)
     {
-        if (strpos($condition, ':')) {
+        if (!strpos($condition, '::') && strpos($condition, ':')) {
             $condition = ' ' . substr(strstr($condition, ':'), 1);
         }
 

update.sql

@@ -12,3 +12,6 @@ INSERT INTO `lsky_config` (`id`, `key`, `type`, `input_type`, `name`, `title`, `
 (NULL, 'audit', 'text', 'text', 'audit_key', 'Key', NULL, '', ''),
 (NULL, 'audit', 'select', 'text', 'audit_index', '内容评级', '1=所有人，2=少年，3=成人', '3', '{\"1\": \"所有人\", \"2\": \"少年\", \"3\": \"成人\"}'),
 (NULL, 'other', 'bool', 'checkbox', 'open_api', '开启API', '是否开放接口', '0', '');
+
+-- v1.3.3
+UPDATE `lsky_config` SET `value` = '1.3.3' WHERE `lsky_config`.`name` = 'system_version';

vendor/composer/installed.json

@@ -594,8 +594,8 @@
     },
     {
         "name": "symfony/event-dispatcher",
-        "version": "v2.8.48",
-        "version_normalized": "2.8.48.0",
+        "version": "v2.8.49",
+        "version_normalized": "2.8.49.0",
         "source": {
             "type": "git",
             "url": "https://github.com/symfony/event-dispatcher.git",
@@ -656,17 +656,17 @@
     },
     {
         "name": "topthink/framework",
-        "version": "v5.1.30",
-        "version_normalized": "5.1.30.0",
+        "version": "v5.1.31",
+        "version_normalized": "5.1.31.0",
         "source": {
             "type": "git",
             "url": "https://github.com/top-think/framework.git",
-            "reference": "4fefa5ed2f9dc8a15fcf7bb271d0d918fb48dacc"
+            "reference": "93339b1a4df5a73e0143db0847a4c5e0b2e46fb0"
         },
         "dist": {
             "type": "zip",
-            "url": "https://api.github.com/repos/top-think/framework/zipball/4fefa5ed2f9dc8a15fcf7bb271d0d918fb48dacc",
-            "reference": "4fefa5ed2f9dc8a15fcf7bb271d0d918fb48dacc",
+            "url": "https://api.github.com/repos/top-think/framework/zipball/93339b1a4df5a73e0143db0847a4c5e0b2e46fb0",
+            "reference": "93339b1a4df5a73e0143db0847a4c5e0b2e46fb0",
             "shasum": ""
         },
         "require": {
@@ -682,7 +682,7 @@
             "sebastian/phpcpd": "2.*",
             "squizlabs/php_codesniffer": "2.*"
         },
-        "time": "2018-11-30T07:46:23+00:00",
+        "time": "2018-12-09T12:41:21+00:00",
         "type": "think-framework",
         "installation-source": "dist",
         "notification-url": "https://packagist.org/downloads/",