Add a switch for xmlrpc in general control panel.

2025-04-21 18:21:53 +02:00 · 2017-10-27 16:42:13 +08:00 · 2017-10-27 16:42:13 +08:00 · ed0af49767
commit ed0af49767
parent ef4ee2f9b0
8 changed files with 50 additions and 13 deletions
--- a/install.php
+++ b/install.php
@ -61,6 +61,7 @@ else:
    try {
        $installed = $db->fetchRow($db->select()->from('table.options')->where('name = ?', 'installed'));
        if (empty($installed) || $installed['value'] == 1) {
+            Typecho_Response::setStatus(404);
            exit;
        }
    } catch (Exception $e) {
@ -371,6 +372,7 @@ Typecho_Cookie::set('__typecho_lang', $lang);
                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'attachmentTypes', 'user' => 0, 'value' => '@image@')));
                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'secret', 'user' => 0, 'value' => Typecho_Common::randString(32, true))));
                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'installed', 'user' => 0, 'value' => 0)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'allowXmlRpc', 'user' => 0, 'value' => 2)));

                                        /** 初始分类 */
                                        $installDb->query($installDb->insert('table.metas')->rows(array('name' => _t('默认分类'), 'slug' => 'default', 'type' => 'category', 'description' => _t('只是一个默认分类'),
--- a/var/Typecho/Common.php
+++ b/var/Typecho/Common.php
@ -22,7 +22,7 @@ define('__TYPECHO_MB_SUPPORTED__', function_exists('mb_get_info') && function_ex
 class Typecho_Common
 {
    /** 程序版本 */
-    const VERSION = '1.1/17.10.24';
+    const VERSION = '1.1/17.10.27';

    /**
     * 允许的属性
--- a/var/Upgrade.php
+++ b/var/Upgrade.php
@ -1238,5 +1238,21 @@ Typecho_Date::setTimezoneOffset($options->timezone);
        $db->query($db->insert('table.options')
            ->rows(array('name' => 'installed', 'user' => 0, 'value' => 1)));
    }
+
+    /**
+     * 升级至17.10.27
+     *
+     * @param mixed $db
+     * @param mixed $options
+     * @static
+     * @access public
+     * @return void
+     */
+    public static function v1_1r17_10_27($db, $options)
+    {
+        // 增加installed
+        $db->query($db->insert('table.options')
+            ->rows(array('name' => 'allowXmlRpc', 'user' => 0, 'value' => 2)));
+    }
 }

--- a/var/Widget/Archive.php
+++ b/var/Widget/Archive.php
@ -1681,15 +1681,15 @@ class Widget_Archive extends Widget_Abstract_Contents
            $header .= '<meta name="template" content="' . $allows['template'] . '" />' . "\n";
        }

-        if (!empty($allows['pingback'])) {
+        if (!empty($allows['pingback']) && 2 == $this->options->allowXmlRpc) {
            $header .= '<link rel="pingback" href="' . $allows['pingback'] . '" />' . "\n";
        }

-        if (!empty($allows['xmlrpc'])) {
+        if (!empty($allows['xmlrpc']) && 0 < $this->options->allowXmlRpc) {
            $header .= '<link rel="EditURI" type="application/rsd+xml" title="RSD" href="' . $allows['xmlrpc'] . '" />' . "\n";
        }

-        if (!empty($allows['wlw'])) {
+        if (!empty($allows['wlw']) && 0 < $this->options->allowXmlRpc) {
            $header .= '<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="' . $allows['wlw'] . '" />' . "\n";
        }

@ -1949,7 +1949,9 @@ class Widget_Archive extends Widget_Abstract_Contents
        $this->checkPermalink();
        
        /** 添加Pingback */
-        $this->response->setHeader('X-Pingback', $this->options->xmlRpcUrl);
+        if (2 == $this->options->allowXmlRpc) {
+            $this->response->setHeader('X-Pingback', $this->options->xmlRpcUrl);
+        }
        $validated = false;

        //~ 自定义模板
--- a/var/Widget/Do.php
+++ b/var/Widget/Do.php
@ -64,7 +64,7 @@ class Widget_Do extends Typecho_Widget
            $widget = trim($this->request->widget, '/');
            $objectName = 'Widget_' . str_replace('/', '_', $widget);

-            if (Typecho_Common::isAvailableClass($objectName)) {
+            if (preg_match("/^[_a-z0-9]$/i", $objectName) && Typecho_Common::isAvailableClass($objectName)) {
                $widgetName = $objectName;
            }
        } else {
--- a/var/Widget/Init.php
+++ b/var/Widget/Init.php
@ -26,6 +26,11 @@ class Widget_Init extends Typecho_Widget
        /** 对变量赋值 */
        $options = $this->widget('Widget_Options');

+        /** 检查安装状态 */
+        if (!$options->installed) {
+            $this->update(array('value' => 1), $this->db->sql()->where('name = ?', 'installed'));
+        }
+
        /** 语言包初始化 */
        if ($options->lang && $options->lang != 'zh_CN') {
            $dir = defined('__TYPECHO_LANG_DIR__') ? __TYPECHO_LANG_DIR__ : __TYPECHO_ROOT_DIR__ . '/usr/langs';
--- a/var/Widget/Options/General.php
+++ b/var/Widget/Options/General.php
@ -100,6 +100,10 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I
        $allowRegister = new Typecho_Widget_Helper_Form_Element_Radio('allowRegister', array('0' => _t('不允许'), '1' => _t('允许')), $this->options->allowRegister, _t('是否允许注册'),
        _t('允许访问者注册到你的网站, 默认的注册用户不享有任何写入权限.'));
        $form->addInput($allowRegister);
+ 
+        /** 注册 */
+        $allowXmlRpc = new Typecho_Widget_Helper_Form_Element_Radio('allowXmlRpc', array('0' => _t('关闭'), '1' => _t('仅关闭 Pingback 接口'), '2' => _t('打开')), $this->options->allowXmlRpc, _t('XMLRPC 接口'));
+        $form->addInput($allowXmlRpc);

        /** 语言项 */
        // hack 语言扫描
@ -211,7 +215,7 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I
            $this->response->goBack();
        }

-        $settings = $this->request->from('title','description', 'keywords', 'allowRegister', 'lang', 'timezone');
+        $settings = $this->request->from('title','description', 'keywords', 'allowRegister', 'allowXmlRpc', 'lang', 'timezone');
        $settings['attachmentTypes'] = $this->request->getArray('attachmentTypes');

        if (!defined('__TYPECHO_SITE_URL__')) {
--- a/var/Widget/XmlRpc.php
+++ b/var/Widget/XmlRpc.php
@ -2203,6 +2203,10 @@ class Widget_XmlRpc extends Widget_Abstract_Contents implements Widget_Interface
     */
    public function action()
    {
+        if (0 == $this->options->allowXmlRpc) {
+            throw new Typecho_Widget_Exception(_t('请求的地址不存在'), 404);
+        }
+
        if (isset($this->request->rsd)) {
            echo
 <<<EOF
@ -2260,10 +2264,7 @@ EOF;
 EOF;
        } else {

-
-
-            /** 直接把初始化放到这里 */
-            new IXR_Server(array(
+            $api = array(
                /** WordPress API */
                'wp.getPage'                => array($this, 'wpGetPage'),
                'wp.getPages'               => array($this, 'wpGetPages'),
@ -2333,11 +2334,18 @@ EOF;

                /** PingBack */
                'pingback.ping'             => array($this,'pingbackPing'),
-                'pingback.extensions.getPingbacks' => array($this,'pingbackExtensionsGetPingbacks'),
+                // 'pingback.extensions.getPingbacks' => array($this,'pingbackExtensionsGetPingbacks'),
                
                /** hook after */
                'hook.afterCall'            => array($this, 'hookAfterCall'),
-            ));
+            );
+
+            if (1 == $this->options->allowXmlRpc) {
+                unset($api['pingback.ping']);
+            }
+
+            /** 直接把初始化放到这里 */
+            new IXR_Server($api);
        }
    }
 }