1,修复了支付方面一个安全隐患

2,取消使用in_array，使用更快的方法取代，也算是加快速度了
2021-10-07 22:43:05 +08:00 · 2021-10-07 22:43:05 +08:00 · 06a1503f02
parent 2f66c5ddfe
commit 06a1503f02
8 changed files with 14 additions and 13 deletions
--- a/class/Payjs.php
+++ b/class/Payjs.php
@ -89,6 +89,7 @@ class GDK_Payjs
 	public function post($data) {
 		$data   = $this->sign($data);
        $ch = curl_init();
+        curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS );
        curl_setopt($ch, CURLOPT_URL, $this->url);
        curl_setopt($ch, CURLOPT_USERAGENT, 'HTTP CLIENT');
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
--- a/framework/metabox.php
+++ b/framework/metabox.php
@ -166,7 +166,7 @@ if (!class_exists('myCustomFields')) {
                return;
            }

-            if (!in_array($post->post_type, $this->postTypes)) {
+            if (!array_key_exists($post->post_type, $this->postTypes)) {
                return;
            }

--- a/framework/plugin-options.php
+++ b/framework/plugin-options.php
@ -155,7 +155,7 @@ break;
                    
                    foreach ($option['options'] as $id => $name): ?>
 		<label>
-			<input type="checkbox" name="<?php echo $id; ?>[]" id="<?php echo $id; ?>[]" value="<?php echo $id; ?>" <?php checked(in_array($id, $checkboxValues), true); ?>>
+			<input type="checkbox" name="<?php echo $id; ?>[]" id="<?php echo $id; ?>[]" value="<?php echo $id; ?>" <?php checked(array_key_exists($id, $checkboxValues), 1); ?>>
 			<?php echo $name; ?>
 		</label>
 		<?php endforeach; ?>
--- a/functions/Ajax.php
+++ b/functions/Ajax.php
@ -65,7 +65,7 @@ function gdk_pasteup_imag()
        $wp_upload_dir = wp_upload_dir();
        $file          = $_FILES['imageFile'];
        $result        = array('success' => false, 'message' => 'Null');
-        if (in_array($file['type'], array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png'))) {
+        if (array_key_exists($file['type'], array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png'))) {
            if ($file['error'] > 0) {
                $result['message'] = 'error';
            } else {
@ -200,7 +200,7 @@ function add_code()
        add_post_meta($id, 'pay_log', $code, true) or update_post_meta($id, 'pay_log', $pay_log . ',' . $code); //没有新建,有就更新
        $pay_log = get_post_meta($id, 'pay_log', true); //获取新的购买记录数据
        $pay_arr = explode(",", $pay_log);
-        if (in_array($code, $pay_arr)) {
+        if (array_key_exists($code, $pay_arr)) {
            exit('200'); //OK
        } else {
            exit('400'); //NO
@ -228,7 +228,7 @@ function check_code()
        $code    = trim($code); //清理一下
        $pay_log = get_post_meta($id, 'pay_log', true); //购买记录数据
        $pay_arr = explode(",", $pay_log);
-        if (in_array($code, $pay_arr)) {
+        if (array_key_exists($code, $pay_arr)) {
            exit('200');
        } else {
            exit('400');
--- a/functions/Common.php
+++ b/functions/Common.php
@ -185,13 +185,13 @@ function nc_get_translated_role_name($user_id)
 {
    $data  = get_userdata($user_id);
    $roles = $data->roles;
-    if (in_array('administrator', $roles)) {
+    if (array_key_exists('administrator', $roles)) {
        return __('Administrator', 'jimu');
-    } elseif (in_array('editor', $roles)) {
+    } elseif (array_key_exists('editor', $roles)) {
        return __('Certified Editor', 'jimu');
-    } elseif (in_array('author', $roles)) {
+    } elseif (array_key_exists('author', $roles)) {
        return __('Special Author', 'jimu');
-    } elseif (in_array('subscriber', $roles)) {
+    } elseif (array_key_exists('subscriber', $roles)) {
        return __('Subscriber', 'jimu');
    }

@ -226,7 +226,7 @@ function gdk_is_mobile()
 //判断是否是登陆页面
 function is_login()
 {
-    return in_array($GLOBALS['pagenow'], ['wp-login.php', 'wp-register.php']);
+    return array_key_exists($GLOBALS['pagenow'], ['wp-login.php', 'wp-register.php']);
 }

 //判断字符串内是否有指定字符串
--- a/functions/optimization.php
+++ b/functions/optimization.php
@ -349,7 +349,7 @@ if (gdk_option('gdk_upload_rename')) {
        $ext         = $info['extension'];
        $ignore_exts = ['zip', 'rar', '7z'];
        //被忽略的文件格式
-        if (!in_array($ext, $ignore_exts)) {
+        if (!array_key_exists($ext, $ignore_exts)) {
            $filedate     = date('YmdHis') . mt_rand(100, 999);
            $file['name'] = $filedate . '.' . $ext;
        }
--- a/functions/security.php
+++ b/functions/security.php
@ -170,7 +170,7 @@ function gdk_disable_login_errors($error)
 {
    global $errors;
    $err_codes = $errors->get_error_codes();
-    if (!in_array('too_many_tried', $err_codes)) {
+    if (!array_key_exists('too_many_tried', $err_codes)) {
        // For security reason
        return esc_attr('Access Denied!');
    }
--- a/gdk.php
+++ b/gdk.php
@ -10,7 +10,7 @@ Compatible:5.8.1
 */

 //万能的开头
-if (!defined('ABSPATH')) {exit;}
+if (!defined('ABSPATH')) exit;

 //版本和兼容检查
 function deactivate_myself()