Changeset 3421596
- Timestamp:
- 12/17/2025 07:29:15 AM (3 months ago)
- Location:
- infility-global/trunk
- Files:
-
- 4 edited
-
infility_global.php (modified) (3 diffs)
-
widgets/infility-import-data/include/infility-import-site.php (modified) (4 diffs)
-
widgets/infility-import-data/infility-import-data.php (modified) (6 diffs)
-
widgets/infility-import-data/js/infility_import_data.js (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
infility-global/trunk/infility_global.php
r3420635 r3421596 4 4 Plugin URI: https://www.infility.cn/ 5 5 Description: Infility公共插件 6 Version: 2.14.4 36 Version: 2.14.44 7 7 Author: Infility 8 8 Author URI: https://www.infility.cn/ … … 138 138 v2.14.37 (20251203) Ben: 新增古腾堡样式类型 139 139 v2.14.43 (20251216) Ben: 修复导入文件漏洞 140 v2.14.43 (20251217) Ben: 修复导入文件漏洞添加nonce 140 141 */ 141 142 … … 143 144 function __construct() 144 145 { 145 define( 'INFILITY_GLOBAL_VERSION', '2.14.4 3' );146 define( 'INFILITY_GLOBAL_VERSION', '2.14.44' ); 146 147 define( 'INFILITY_GLOBAL_PATH', plugin_dir_path( __FILE__ ) ); // fullpath/wp-content/plugins/infility-global/ // 有斜杠 147 148 define( 'INFILITY_GLOBAL_URL', plugins_url( '/', __FILE__ ) ); // https://the_domain/wp-content/plugins/infility-global/ // 斜杠是自己加的 -
infility-global/trunk/widgets/infility-import-data/include/infility-import-site.php
r3420609 r3421596 1099 1099 1100 1100 $page_format_target = $this->format_target($page_tag); 1101 $page_tag = $this->getHtmlTag($html,$page_format_target['format'],$page_format_target['type'],['href' ]);1101 $page_tag = $this->getHtmlTag($html,$page_format_target['format'],$page_format_target['type'],['href','class']); 1102 1102 1103 1103 $sql = "SELECT url FROM $url_table WHERE list_id=$list_id AND `type`='category'"; 1104 1104 $check_repeat = $wpdb->get_col($sql); 1105 1106 $first_page_check = ['1','Page1']; 1105 1107 1106 1108 $pages = []; … … 1109 1111 1110 1112 foreach($page_tag as $k=>$v){ 1111 if(empty($v['link'])){continue;} 1113 if(empty($v['link'])){ 1114 if(in_array($v['value'],$first_page_check)){ 1115 $v['link'] = $url; 1116 }else{ 1117 continue; 1118 } 1119 } 1112 1120 if(in_array($v['link'],$check_repeat)){continue;} 1113 1121 if(in_array($v['link'],$pages)){continue;} … … 1116 1124 1117 1125 $last_page_num = $this->getLastPageFromHrefs($pages,$url); 1126 if(count($pages)!=$last_page_num){return false;} 1127 1118 1128 foreach($pages as $k=>$v){ 1119 1129 $page_num = $k+1; … … 1183 1193 $check_repeat = $wpdb->get_col($sql); 1184 1194 1195 $first_page_check = ['1','Page1']; 1196 1185 1197 $list = []; 1186 1198 $repeat_list = []; 1187 1199 if(!empty($list_tag)){ 1188 1200 foreach($list_tag as $k=>$v){ 1189 if(empty($v['link'])){continue;} 1201 if(empty($v['link'])){ 1202 if(in_array($v['value'],$first_page_check)){ 1203 $v['link'] = $url; 1204 }else{ 1205 continue; 1206 } 1207 } 1190 1208 if(in_array($v['link'],$check_repeat)){ 1191 1209 $repeat_list[] = $v['link']; -
infility-global/trunk/widgets/infility-import-data/infility-import-data.php
r3420635 r3421596 335 335 $taxonomy_list = get_taxonomies(['public' => true]); 336 336 337 $nonce = wp_create_nonce('infility_import_data'); 338 337 339 ob_start(); 338 340 ?> … … 387 389 <div class="row"> 388 390 <input type="hidden" class="list_id" name="id"> 391 <input type="hidden" name="nonce" value="<?php echo $nonce;?>"> 389 392 <button class="form_button">开始</button> 390 393 </div> … … 436 439 <div class="row"> 437 440 <input type="hidden" class="list_id" name="id"> 441 <input type="hidden" name="nonce" value="<?php echo $nonce;?>"> 438 442 <button class="form_button">开始</button> 439 443 </div> … … 527 531 <div class="row"> 528 532 <input type="hidden" class="list_id" name="id"> 533 <input type="hidden" name="nonce" value="<?php echo $nonce;?>"> 529 534 <button class="form_button">开始</button> 530 535 </div> … … 550 555 551 556 public function import_data(){ 552 if(empty($_POST['type'])){str::e_json(['res'=>'Type is wrong'],1);} 557 if(empty($_POST['type'])){str::e_json(['res'=>'Type is wrong'],1);} 558 if(empty($_POST['nonce'])){str::e_json(['res'=>'Nonce is wrong'],1);} 559 $nonce = $_POST['nonce']; 560 if(!wp_verify_nonce($nonce, 'infility_import_data')){str::e_json(['res'=>'Nonce is wrong'],1);} 553 561 554 562 $type = $_POST['type']; … … 889 897 890 898 public function get_extract_file(){ 899 if(empty($_POST['nonce'])){str::e_json(['res'=>'Nonce is wrong'],1);} 900 $nonce = $_POST['nonce']; 901 if(!wp_verify_nonce($nonce, 'infility_import_data')){str::e_json(['res'=>'Nonce is wrong'],1);} 902 891 903 $import_file_class = new infility_import_file(); 892 904 $file = [ -
infility-global/trunk/widgets/infility-import-data/js/infility_import_data.js
r3395561 r3421596 106 106 let post_type = $("#file_form select[name='post_type']").val(); 107 107 if(!post_type){global_obj.win_alert('请先选择post_type');return false;} 108 108 109 let nonce = $("#file_form input[name='nonce']").val(); 110 if(!nonce){global_obj.win_alert('请先获取nonce');return false;} 111 109 112 let formData = new FormData(); 110 113 formData.append('file', file); 111 114 formData.append('post_type',post_type); 115 formData.append('nonce',nonce); 112 116 formData.append('action','get_extract_file'); 113 117 fetch(ajax_object.ajax_url, { … … 214 218 215 219 let id = data.id; 220 let nonce = form_obj.find("input[name='nonce']").val(); 221 if(!nonce){ 222 global_obj.win_alert('nonce出错'); 223 button_obj.attr("is_run","false"); 224 button_obj.text('继续'); 225 return false; 226 } 216 227 if(type==='url'){ 217 228 let page_type = form_obj.find("select[name='page_type']").val(); … … 219 230 let run_data = []; 220 231 if(page_type==='post'){ 221 run_data.push({action:'get_post_detail',id:id });//10%232 run_data.push({action:'get_post_detail',id:id,nonce:nonce});//10% 222 233 }else if(page_type==='category'){ 223 run_data.push({action:'search_category_page',id:id });//10%224 run_data.push({action:'search_category_post',id:id });//10%225 run_data.push({action:'get_post_detail',id:id });//10%234 run_data.push({action:'search_category_page',id:id,nonce:nonce});//10% 235 run_data.push({action:'search_category_post',id:id,nonce:nonce});//10% 236 run_data.push({action:'get_post_detail',id:id,nonce:nonce});//10% 226 237 } 227 238 … … 231 242 let id = data.id; 232 243 let run_data = []; 233 run_data.push({action:'add_excel_post',id:id });//10%244 run_data.push({action:'add_excel_post',id:id,nonce:nonce});//10% 234 245 form_obj.find(".list_id").val(id); 235 246 runProcess(run_data,button_obj,$("#import_page .result .progress"),$("#import_page .result .content")); … … 237 248 let id = data.id; 238 249 let run_data = []; 239 run_data.push({action:'import_main_image',id:id });//10%250 run_data.push({action:'import_main_image',id:id,nonce:nonce});//10% 240 251 form_obj.find(".list_id").val(id); 241 252 runProcess(run_data,button_obj,$("#import_page .result .progress"),$("#import_page .result .content"));
Note: See TracChangeset
for help on using the changeset viewer.