fix #1074

fix #966
2025-04-21 18:21:53 +02:00 · 2021-03-19 01:33:08 +08:00 · 2021-03-19 01:33:08 +08:00 · eba20a69f0
commit eba20a69f0
parent 452be71d87
6 changed files with 19 additions and 12 deletions
--- a/var/Typecho/Cookie.php
+++ b/var/Typecho/Cookie.php
@ -83,7 +83,7 @@ class Typecho_Cookie
    public static function get($key, $default = NULL)
    {
        $key = self::$_prefix . $key;
-        $value = isset($_COOKIE[$key]) ? $_COOKIE[$key] : (isset($_POST[$key]) ? $_POST[$key] : $default);
+        $value = isset($_COOKIE[$key]) ? $_COOKIE[$key] : $default;
        return is_array($value) ? $default : $value;
    }

--- a/var/Typecho/Http/Client/Adapter.php
+++ b/var/Typecho/Http/Client/Adapter.php
@ -425,5 +425,5 @@ abstract class Typecho_Http_Client_Adapter
     * @param string $url 请求地址
     * @return string
     */
-    abstract public function httpSend($url);
+    abstract protected function httpSend($url);
 }
--- a/var/Typecho/Http/Client/Adapter/Curl.php
+++ b/var/Typecho/Http/Client/Adapter/Curl.php
@ -38,7 +38,7 @@ class Typecho_Http_Client_Adapter_Curl extends Typecho_Http_Client_Adapter
     * @param string $url 请求地址
     * @return string
     */
-    public function httpSend($url)
+    protected function httpSend($url)
    {
        $ch = curl_init();

--- a/var/Typecho/Http/Client/Adapter/Socket.php
+++ b/var/Typecho/Http/Client/Adapter/Socket.php
@ -38,7 +38,7 @@ class Typecho_Http_Client_Adapter_Socket extends Typecho_Http_Client_Adapter
     * @param string $url 请求地址
     * @return string
     */
-    public function httpSend($url)
+    protected function httpSend($url)
    {
        $eol = Typecho_Http_Client::EOL;
        $request = $this->method . ' ' . $this->path . ' ' . $this->rfc . $eol;
--- a/var/Widget/Abstract/Contents.php
+++ b/var/Widget/Abstract/Contents.php
@ -727,18 +727,13 @@ class Widget_Abstract_Contents extends Widget_Abstract
        $value['slug'] = $tmpSlug;
        $value['category'] = $tmpCategory;
        $value['directory'] = $tmpDirectory;
-        
+
        /** 处理密码保护流程 */
        if (strlen($value['password']) > 0 &&
        $value['password'] !== Typecho_Cookie::get('protectPassword_' . $value['cid']) &&
        $value['authorId'] != $this->user->uid && 
        !$this->user->pass('editor', true)) {
            $value['hidden'] = true;
-
-            /** 抛出错误 */
-            if ($this->request->isPost() && isset($this->request->protectPassword)) {
-                throw new Typecho_Widget_Exception(_t('对不起,您输入的密码错误'), 403);
-            }
        }

        $value = $this->pluginHandle(__CLASS__)->filter($value, $this);
--- a/var/Widget/Archive.php
+++ b/var/Widget/Archive.php
@ -810,12 +810,19 @@ class Widget_Archive extends Widget_Abstract_Contents
        }

        /** 保存密码至cookie */
+        $isPasswordPosted = false;
+
        if ($this->request->isPost()
            && isset($this->request->protectPassword)
-            && isset($this->request->protectCID)
            && !$this->parameter->preview) {
            $this->security->protect();
-            Typecho_Cookie::set('protectPassword_' . $this->request->filter('int')->protectCID, $this->request->protectPassword, 0);
+            Typecho_Cookie::set(
+                'protectPassword_' . $this->request->filter('int')->protectCID,
+                $this->request->protectPassword,
+                0
+            );
+
+            $isPasswordPosted = true;
        }

        /** 匹配类型 */
@ -834,6 +841,11 @@ class Widget_Archive extends Widget_Abstract_Contents
            }
        }

+        /** 密码表单判断逻辑 */
+        if ($isPasswordPosted && $this->hidden) {
+            throw new Typecho_Widget_Exception(_t('对不起,您输入的密码错误'), 403);
+        }
+
        /** 设置模板 */
        if ($this->template) {
            /** 应用自定义模板 */