mirror_php/typecho
1
0
Fork 0
mirror of https://github.com/typecho/typecho.git synced 2025-04-25 12:12:22 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/typecho/typecho

Browse Source
This commit is contained in:
joyqi 2017-10-29 13:07:48 +08:00
commit 7a2b374526
4 changed files with 52 additions and 13 deletions

36
admin/upgrade.php

@ -2,6 +2,8 @@
include 'common.php';
include 'header.php';
include 'menu.php';
$errors = $security->systemCheck();
?>
<div class="main">
@ -10,17 +12,29 @@ include 'menu.php';
<div class="row typecho-page-main" role="main">
<div class="col-mb-12">
<div id="typecho-welcome">
<form action="<?php echo $security->getTokenUrl(
Typecho_Router::url('do', array('action' => 'upgrade', 'widget' => 'Upgrade'),
Typecho_Common::url('index.php', $options->rootUrl))); ?>" method="post">
<h3><?php _e('检测到新版本!'); ?></h3>
<ul>
<li><?php _e('您已经更新了系统程序, 我们还需要执行一些后续步骤来完成升级'); ?></li>
<li><?php _e('此程序将把您的系统从 <strong>%s</strong> 升级到 <strong>%s</strong>', $options->version, Typecho_Common::VERSION); ?></li>
<li><strong class="warning"><?php _e('在升级之前强烈建议先<a href="%s">备份您的数据</a>', Typecho_Common::url('backup.php', $options->adminUrl)); ?></strong></li>
</ul>
<p><button class="btn primary" type="submit"><?php _e('完成升级 &raquo;'); ?></button></p>
</form>
<?php if (!empty($errors)): ?>
<form action="<?php echo Typecho_Common::url('upgrade.php', $options->adminUrl); ?>" method="get">
<h3><?php _e('发现安全问题'); ?></h3>
<ul>
<?php foreach ($errors as $error): ?>
<li class="warning"><?php echo $error; ?></li>
<?php endforeach; ?>
</ul>
<p><button class="btn primary" type="submit"><?php _e('解决完毕 &raquo;'); ?></button></p>
</form>
<?php else: ?>
<form action="<?php echo $security->getTokenUrl(
Typecho_Router::url('do', array('action' => 'upgrade', 'widget' => 'Upgrade'),
Typecho_Common::url('index.php', $options->rootUrl))); ?>" method="post">
<h3><?php _e('检测到新版本!'); ?></h3>
<ul>
<li><?php _e('您已经更新了系统程序, 我们还需要执行一些后续步骤来完成升级'); ?></li>
<li><?php _e('此程序将把您的系统从 <strong>%s</strong> 升级到 <strong>%s</strong>', $options->version, Typecho_Common::VERSION); ?></li>
<li><strong class="warning"><?php _e('在升级之前强烈建议先<a href="%s">备份您的数据</a>', Typecho_Common::url('backup.php', $options->adminUrl)); ?></strong></li>
</ul>
<p><button class="btn primary" type="submit"><?php _e('完成升级 &raquo;'); ?></button></p>
</form>
<?php endif; ?>
</div>
</div>
</div>

2
var/Typecho/Common.php

@ -22,7 +22,7 @@ define('__TYPECHO_MB_SUPPORTED__', function_exists('mb_get_info') && function_ex
class Typecho_Common
{
/** 程序版本 */
const VERSION = '1.1/17.10.27';
const VERSION = '1.1/17.10.28';
/**
* 允许的属性

2
var/Widget/Options/General.php

@ -101,7 +101,7 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I
_t('允许访问者注册到你的网站, 默认的注册用户不享有任何写入权限.'));
$form->addInput($allowRegister);
/** 注册 */
/** XMLRPC */
$allowXmlRpc = new Typecho_Widget_Helper_Form_Element_Radio('allowXmlRpc', array('0' => _t('关闭'), '1' => _t('仅关闭 Pingback 接口'), '2' => _t('打开')), $this->options->allowXmlRpc, _t('XMLRPC 接口'));
$form->addInput($allowXmlRpc);

25
var/Widget/Security.php

@ -41,6 +41,31 @@ class Widget_Security extends Typecho_Widget
}
}
/**
* 在系统升级的时候进行安全性检查
*
* @return array
*/
public function systemCheck()
{
$errors = array();
// 检查安装文件的安全性
$installFile = __TYPECHO_ROOT_DIR__ . '/install.php';
if (file_exists($installFile)) {
$installFileContents = file_get_contents($installFile);
if (0 !== strpos($installFileContents,
'<?php if (!file_exists(dirname(__FILE__) . \'/config.inc.php\')): ?>') ||
false !== strpos($installFileContents,
'!isset($_GET[\'finish\']) && file_exists(__TYPECHO_ROOT_DIR__ . \'/config.inc.php\') && empty($_SESSION[\'typecho\'])')) {
$errors[] = _t('您正在运行一个不安全的安装脚本 <strong>%s</strong>, 请用新版中的对应文件替代或者直接删除它', $installFile);
}
}
return $errors;
}
/**
* @param $enabled
*/