panxiang/swiftadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 修复一处Linux任意文件写入bug

Browse Source
This commit is contained in:
Ying
2023-08-21 17:02:21 +08:00
parent 86c6f889d1
commit 643bc1d54e
1 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/admin/controller/Tpl.php
View File

@@ -42,9 +42,19 @@ class Tpl extends AdminController
*/ */
public function editTpl(): Response public function editTpl(): Response
{ {
$tplPath = base_path() . '/extend/conf/tpl/';
$files = glob($tplPath . '*.tpl');
$files = array_map(function ($file) {
return basename($file);
}, $files);
if (request()->isPost()) { if (request()->isPost()) {
$post = request()->post(); $post = request()->post();
$tpl = base_path().'/extend/conf/tpl/'.$post['tpl']; $file = $post['tpl'];
if (!in_array($file, $files)) {
return $this->error('模板文件不存在!');
}
$tpl = $tplPath . $file;
if (write_file($tpl,$post['content'])) { if (write_file($tpl,$post['content'])) {
return $this->success('修改邮件模板成功!'); return $this->success('修改邮件模板成功!');
} }
@@ -54,8 +64,11 @@ class Tpl extends AdminController
// 获取模板参数 // 获取模板参数
$tpl = input('p'); $tpl = input('p');
$content = read_file(base_path().'/extend/conf/tpl/'.$tpl); if (!in_array($tpl, $files)) {
return view('/tpl/edit_tpl',['tpl'=>$tpl,'content'=>$content]); return $this->error('模板文件不存在!');
}
$content = read_file($tplPath . $tpl);
return view('/tpl/edit_tpl', ['tpl' => $tpl, 'content' => $content]);
} }
} }