Changeset 3420635
- Timestamp:
- 12/16/2025 03:57:02 AM (4 months ago)
- Location:
- infility-global/trunk
- Files:
-
- 2 edited
-
infility_global.php (modified) (3 diffs)
-
widgets/infility-import-data/infility-import-data.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
infility-global/trunk/infility_global.php
r3420609 r3420635 4 4 Plugin URI: https://www.infility.cn/ 5 5 Description: Infility公共插件 6 Version: 2.14.4 26 Version: 2.14.43 7 7 Author: Infility 8 8 Author URI: https://www.infility.cn/ … … 137 137 v2.14.36 (20251121) Ben: 新增导入文件字段错误提示 138 138 v2.14.37 (20251203) Ben: 新增古腾堡样式类型 139 v2.14.43 (20251216) Ben: 修复导入文件漏洞 139 140 */ 140 141 … … 142 143 function __construct() 143 144 { 144 define( 'INFILITY_GLOBAL_VERSION', '2.14.4 2' );145 define( 'INFILITY_GLOBAL_VERSION', '2.14.43' ); 145 146 define( 'INFILITY_GLOBAL_PATH', plugin_dir_path( __FILE__ ) ); // fullpath/wp-content/plugins/infility-global/ // 有斜杠 146 147 define( 'INFILITY_GLOBAL_URL', plugins_url( '/', __FILE__ ) ); // https://the_domain/wp-content/plugins/infility-global/ // 斜杠是自己加的 -
infility-global/trunk/widgets/infility-import-data/infility-import-data.php
r3419855 r3420635 106 106 107 107 public function register_admin_menu_page(){ 108 add_menu_page('infility_import','导入数据列表',' read','infility_import',[$this,'import_list'],'',6);109 add_submenu_page( 'infility_import', 'infility_import' , '导入数据' , ' read','import_page',[$this,'import_page']);110 add_submenu_page( 'infility_import', 'infility_import' , '导入数据详情' , ' read','import_detail',[$this,'import_detail']);108 add_menu_page('infility_import','导入数据列表','edit_pages','infility_import',[$this,'import_list'],'',6); 109 add_submenu_page( 'infility_import', 'infility_import' , '导入数据' , 'edit_pages','import_page',[$this,'import_page']); 110 add_submenu_page( 'infility_import', 'infility_import' , '导入数据详情' , 'edit_pages','import_detail',[$this,'import_detail']); 111 111 } 112 112 … … 857 857 $system_field = $_POST['system_field']; 858 858 859 860 if(!current_user_can('edit_pages')){str::e_json(['res'=>'Your can not control'],1); } 861 862 $check = $this->check_file($file,'zip'); 863 if(!$check){str::e_json(['res'=>'File must be zip'],1);} 864 $res = $import_file_class->upload_file($file,true); 865 if(!$res){str::e_json(['res'=>$import_file_class->error],1);} 866 867 $file_data = $import_file_class->get_zip_data($res); 868 $signs = []; 869 foreach($file_data as $sign=>$v){ 870 $signs[] = $sign; 871 } 872 $data = ['post_type'=>$post_type,'system_field'=>$system_field,'signs'=>$signs,'queue'=>$signs]; 873 874 $list_data = [ 875 'name'=>$name, 876 'type'=>'file', 877 'status'=>0, 878 'source'=>$res, 879 'data'=>json_encode($data), 880 'add_time'=>time(), 881 ]; 882 883 $wpdb->insert($table,$list_data); 884 $list_id = $wpdb->insert_id; 885 } 886 887 return ['res'=>'ok','id'=>$list_id]; 888 } 889 890 public function get_extract_file(){ 891 $import_file_class = new infility_import_file(); 892 $file = [ 893 'name'=>$_FILES['file']['name'], 894 'path'=>$_FILES['file']['tmp_name'] 895 ]; 896 $res = $import_file_class->check($file); 897 if(!$res){str::e_json(['res'=>$import_file_class->error],1);} 898 899 if(empty($_POST['post_type'])){str::e_json(['res'=>'类型不能为空'],1); } 900 $post_type = $_POST['post_type']; 901 902 $file_data = $import_file_class->get_field_data($file); 903 if(!$file_data){str::e_json(['res'=>$import_file_class->error],1);} 904 $system_field = $import_file_class->get_system_field($post_type); 905 $html = $import_file_class->get_field_html($file_data,$system_field); 906 907 str::e_json(['res'=>'ok','html'=>$html]); 908 } 909 910 public function import_main_image(){ 911 if(empty($_POST['id'])){return false;} 912 913 $import_file_class = new infility_import_file(); 914 $res = $import_file_class->import_main_image($_POST['id']); 915 if(!$res){str::e_json(['res'=>$import_file_class->error,'progress'=>$import_file_class->progress],1);} 916 str::e_json(['res'=>'ok','progress'=>$import_file_class->progress]); 917 } 918 919 /*-----------------导入文件 end-------------------------*/ 920 921 function get_url_from_absolute_path($absolute_path) { 922 $upload_dir = wp_upload_dir(); // 包含 baseurl 和 basedir 923 $basedir = $upload_dir['basedir']; // 本地路径 /var/www/html/wp-content/uploads 924 $baseurl = $upload_dir['baseurl']; // 对应 URL:https://example.com/wp-content/uploads 925 926 // 确保路径存在于上传目录内 927 if (strpos($absolute_path, $basedir) === 0) { 928 $relative_path = ltrim(str_replace($basedir, '', $absolute_path), '/'); 929 return $baseurl . '/' . $relative_path; 930 } else { 931 return false; // 路径不在 uploads 内 932 } 933 } 934 935 function check_file($file,$type){ 936 if($type=='zip'){ 859 937 // 兼容不同系统对 ZIP 的 MIME 类型标识(Windows/Mac/Linux) 860 938 $allowedZipMimes = [ … … 867 945 $isZipByMime = isset($file['type']) && in_array($file['type'], $allowedZipMimes, true); 868 946 $isZipByName = isset($file['name']) && preg_match('/\.zip$/i', $file['name']); 869 if(!$isZipByMime && !$isZipByName){str::e_json(['res'=>'File must be zip'],1);} 870 $res = $import_file_class->upload_file($file,true); 871 if(!$res){str::e_json(['res'=>$import_file_class->error],1);} 872 873 $file_data = $import_file_class->get_zip_data($res); 874 $signs = []; 875 foreach($file_data as $sign=>$v){ 876 $signs[] = $sign; 877 } 878 $data = ['post_type'=>$post_type,'system_field'=>$system_field,'signs'=>$signs,'queue'=>$signs]; 879 880 $list_data = [ 881 'name'=>$name, 882 'type'=>'file', 883 'status'=>0, 884 'source'=>$res, 885 'data'=>json_encode($data), 886 'add_time'=>time(), 887 ]; 888 889 $wpdb->insert($table,$list_data); 890 $list_id = $wpdb->insert_id; 891 } 892 893 return ['res'=>'ok','id'=>$list_id]; 894 } 895 896 public function get_extract_file(){ 897 $import_file_class = new infility_import_file(); 898 $file = [ 899 'name'=>$_FILES['file']['name'], 900 'path'=>$_FILES['file']['tmp_name'] 901 ]; 902 $res = $import_file_class->check($file); 903 if(!$res){str::e_json(['res'=>$import_file_class->error],1);} 904 905 if(empty($_POST['post_type'])){str::e_json(['res'=>'类型不能为空'],1); } 906 $post_type = $_POST['post_type']; 907 908 $file_data = $import_file_class->get_field_data($file); 909 if(!$file_data){str::e_json(['res'=>$import_file_class->error],1);} 910 $system_field = $import_file_class->get_system_field($post_type); 911 $html = $import_file_class->get_field_html($file_data,$system_field); 912 913 str::e_json(['res'=>'ok','html'=>$html]); 914 } 915 916 public function import_main_image(){ 917 if(empty($_POST['id'])){return false;} 918 919 $import_file_class = new infility_import_file(); 920 $res = $import_file_class->import_main_image($_POST['id']); 921 if(!$res){str::e_json(['res'=>$import_file_class->error,'progress'=>$import_file_class->progress],1);} 922 str::e_json(['res'=>'ok','progress'=>$import_file_class->progress]); 923 } 924 925 /*-----------------导入文件 end-------------------------*/ 926 927 function get_url_from_absolute_path($absolute_path) { 928 $upload_dir = wp_upload_dir(); // 包含 baseurl 和 basedir 929 $basedir = $upload_dir['basedir']; // 本地路径 /var/www/html/wp-content/uploads 930 $baseurl = $upload_dir['baseurl']; // 对应 URL:https://example.com/wp-content/uploads 931 932 // 确保路径存在于上传目录内 933 if (strpos($absolute_path, $basedir) === 0) { 934 $relative_path = ltrim(str_replace($basedir, '', $absolute_path), '/'); 935 return $baseurl . '/' . $relative_path; 936 } else { 937 return false; // 路径不在 uploads 内 938 } 947 if(!$isZipByMime && !$isZipByName){return false;} 948 $mime_type = mime_content_type($file['tmp_name']); 949 if(!in_array($mime_type,$allowedZipMimes)){return false;} 950 } 951 952 return true; 939 953 } 940 954 }
Note: See TracChangeset
for help on using the changeset viewer.