yunluo/gdk
1
0
Fork 0
mirror of https://github.com/yunluo/gdk.git synced 2024-05-03 23:13:22 +02:00
Code Issues Projects Releases Wiki Activity

1,修复了支付方面一个安全隐患

Browse source 
2,取消使用in_array,使用更快的方法取代,也算是加快速度了
This commit is contained in:
云落 2021-10-07 22:43:05 +08:00
parent 2f66c5ddfe
commit 06a1503f02
8 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
class/Payjs.php
View file

@ -89,6 +89,7 @@ class GDK_Payjs
public function post($data) { public function post($data) {
$data = $this->sign($data); $data = $this->sign($data);
$ch = curl_init(); $ch = curl_init();
curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS );
curl_setopt($ch, CURLOPT_URL, $this->url); curl_setopt($ch, CURLOPT_URL, $this->url);
curl_setopt($ch, CURLOPT_USERAGENT, 'HTTP CLIENT'); curl_setopt($ch, CURLOPT_USERAGENT, 'HTTP CLIENT');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

2
framework/metabox.php
View file

@ -166,7 +166,7 @@ if (!class_exists('myCustomFields')) {
return; return;
} }
if (!in_array($post->post_type, $this->postTypes)) { if (!array_key_exists($post->post_type, $this->postTypes)) {
return; return;
} }

2
framework/plugin-options.php
View file

@ -155,7 +155,7 @@ break;
foreach ($option['options'] as $id => $name): ?> foreach ($option['options'] as $id => $name): ?>
<label> <label>
<input type="checkbox" name="<?php echo $id; ?>[]" id="<?php echo $id; ?>[]" value="<?php echo $id; ?>" <?php checked(in_array($id, $checkboxValues), true); ?>> <input type="checkbox" name="<?php echo $id; ?>[]" id="<?php echo $id; ?>[]" value="<?php echo $id; ?>" <?php checked(array_key_exists($id, $checkboxValues), 1); ?>>
<?php echo $name; ?> <?php echo $name; ?>
</label> </label>
<?php endforeach; ?> <?php endforeach; ?>

6
functions/Ajax.php
View file

@ -65,7 +65,7 @@ function gdk_pasteup_imag()
$wp_upload_dir = wp_upload_dir(); $wp_upload_dir = wp_upload_dir();
$file = $_FILES['imageFile']; $file = $_FILES['imageFile'];
$result = array('success' => false, 'message' => 'Null'); $result = array('success' => false, 'message' => 'Null');
if (in_array($file['type'], array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png'))) { if (array_key_exists($file['type'], array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png'))) {
if ($file['error'] > 0) { if ($file['error'] > 0) {
$result['message'] = 'error'; $result['message'] = 'error';
} else { } else {
@ -200,7 +200,7 @@ function add_code()
add_post_meta($id, 'pay_log', $code, true) or update_post_meta($id, 'pay_log', $pay_log . ',' . $code); //没有新建,有就更新 add_post_meta($id, 'pay_log', $code, true) or update_post_meta($id, 'pay_log', $pay_log . ',' . $code); //没有新建,有就更新
$pay_log = get_post_meta($id, 'pay_log', true); //获取新的购买记录数据 $pay_log = get_post_meta($id, 'pay_log', true); //获取新的购买记录数据
$pay_arr = explode(",", $pay_log); $pay_arr = explode(",", $pay_log);
if (in_array($code, $pay_arr)) { if (array_key_exists($code, $pay_arr)) {
exit('200'); //OK exit('200'); //OK
} else { } else {
exit('400'); //NO exit('400'); //NO
@ -228,7 +228,7 @@ function check_code()
$code = trim($code); //清理一下 $code = trim($code); //清理一下
$pay_log = get_post_meta($id, 'pay_log', true); //购买记录数据 $pay_log = get_post_meta($id, 'pay_log', true); //购买记录数据
$pay_arr = explode(",", $pay_log); $pay_arr = explode(",", $pay_log);
if (in_array($code, $pay_arr)) { if (array_key_exists($code, $pay_arr)) {
exit('200'); exit('200');
} else { } else {
exit('400'); exit('400');

10
functions/Common.php
View file

@ -185,13 +185,13 @@ function nc_get_translated_role_name($user_id)
{ {
$data = get_userdata($user_id); $data = get_userdata($user_id);
$roles = $data->roles; $roles = $data->roles;
if (in_array('administrator', $roles)) { if (array_key_exists('administrator', $roles)) {
return __('Administrator', 'jimu'); return __('Administrator', 'jimu');
} elseif (in_array('editor', $roles)) { } elseif (array_key_exists('editor', $roles)) {
return __('Certified Editor', 'jimu'); return __('Certified Editor', 'jimu');
} elseif (in_array('author', $roles)) { } elseif (array_key_exists('author', $roles)) {
return __('Special Author', 'jimu'); return __('Special Author', 'jimu');
} elseif (in_array('subscriber', $roles)) { } elseif (array_key_exists('subscriber', $roles)) {
return __('Subscriber', 'jimu'); return __('Subscriber', 'jimu');
} }
@ -226,7 +226,7 @@ function gdk_is_mobile()
//判断是否是登陆页面 //判断是否是登陆页面
function is_login() function is_login()
{ {
return in_array($GLOBALS['pagenow'], ['wp-login.php', 'wp-register.php']); return array_key_exists($GLOBALS['pagenow'], ['wp-login.php', 'wp-register.php']);
} }
//判断字符串内是否有指定字符串 //判断字符串内是否有指定字符串

2
functions/optimization.php
View file

@ -349,7 +349,7 @@ if (gdk_option('gdk_upload_rename')) {
$ext = $info['extension']; $ext = $info['extension'];
$ignore_exts = ['zip', 'rar', '7z']; $ignore_exts = ['zip', 'rar', '7z'];
//被忽略的文件格式 //被忽略的文件格式
if (!in_array($ext, $ignore_exts)) { if (!array_key_exists($ext, $ignore_exts)) {
$filedate = date('YmdHis') . mt_rand(100, 999); $filedate = date('YmdHis') . mt_rand(100, 999);
$file['name'] = $filedate . '.' . $ext; $file['name'] = $filedate . '.' . $ext;
} }

2
functions/security.php
View file

@ -170,7 +170,7 @@ function gdk_disable_login_errors($error)
{ {
global $errors; global $errors;
$err_codes = $errors->get_error_codes(); $err_codes = $errors->get_error_codes();
if (!in_array('too_many_tried', $err_codes)) { if (!array_key_exists('too_many_tried', $err_codes)) {
// For security reason // For security reason
return esc_attr('Access Denied!'); return esc_attr('Access Denied!');
} }

2
gdk.php
View file

@ -10,7 +10,7 @@ Compatible:5.8.1
*/ */
//万能的开头 //万能的开头
if (!defined('ABSPATH')) {exit;} if (!defined('ABSPATH')) exit;
//版本和兼容检查 //版本和兼容检查
function deactivate_myself() function deactivate_myself()