Changeset 3452498
- Timestamp:
- 02/03/2026 01:48:14 AM (2 months ago)
- Location:
- infility-global/trunk
- Files:
-
- 3 edited
-
include/class/action.class.php (modified) (5 diffs)
-
infility_global.php (modified) (4 diffs)
-
readme.txt (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
infility-global/trunk/include/class/action.class.php
r3184193 r3452498 1 <?php 1 <?php 2 2 3 3 class action{ … … 24 24 public static function get_form_post(){ 25 25 global $wpdb; 26 26 27 27 $data = db::get_all('wp_posts',"post_type='wpcf7_contact_form'"); 28 28 … … 61 61 if (!$table) str::e_json('table不能为空',-1); 62 62 $table = $wpdb->prefix . $table; 63 64 63 64 65 65 $data = db::get_limit_page($table,$where,$field,$order,$page,$pageLimit); 66 66 … … 70 70 // } 71 71 // } 72 72 73 73 $result = [ 74 74 'data' => $data, … … 87 87 $optionAry['plugins'][$key] = $Checked; 88 88 }else{ 89 str::e_json('ERROR',-1); 89 str::e_json('ERROR',-1); 90 90 } 91 91 92 update_option(INFILITY_GLOBAL_OPTION_KEY,$optionAry); 92 update_option(INFILITY_GLOBAL_OPTION_KEY,$optionAry); 93 93 str::e_json($Checked?'开启成功':'关闭成功',1); 94 94 } 95 95 } 96 97 ?> -
infility-global/trunk/infility_global.php
r3449187 r3452498 4 4 Plugin URI: https://www.infility.cn/ 5 5 Description: Infility公共插件 6 Version: 2.14.5 16 Version: 2.14.52 7 7 Author: Infility 8 8 Author URI: https://www.infility.cn/ 9 9 License: GPLv2 10 10 Requires at least: 5.6 11 Tested up to: 6. 7.011 Tested up to: 6.8.3 12 12 Requires PHP: 7.3 13 13 … … 139 139 v2.14.43 (20251216) Ben: 修复导入文件漏洞 140 140 v2.14.43 (20251217) Ben: 修复导入文件漏洞添加nonce 141 v2.14.52 (20260203) Step: 修复 infility_get_data 接口的安全问题。 141 142 */ 142 143 … … 609 610 ) return true; 610 611 612 error_log("[infility global] api_action: " . json_encode($_GET)); 613 611 614 $ACTION_DATA = str::json_data(base64_decode($_GET['i']),'decode'); 612 615 @extract($ACTION_DATA, EXTR_PREFIX_ALL, 'g'); … … 622 625 if ( isset( $_SERVER['REMOTE_ADDR'] ) && in_array( $_SERVER['REMOTE_ADDR'], $allowed_ips ) ) { 623 626 // OK 624 } else if ( isset( $_SERVER['HTTP_X_REAL_IP'] ) && in_array( $_SERVER['HTTP_X_REAL_IP'], $allowed_ips ) ) {625 // OK626 } else if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && in_array( $_SERVER['HTTP_X_FORWARDED_FOR'], $allowed_ips ) ) {627 // OK627 // } else if ( isset( $_SERVER['HTTP_X_REAL_IP'] ) && in_array( $_SERVER['HTTP_X_REAL_IP'], $allowed_ips ) ) { 628 // // OK 629 // } else if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && in_array( $_SERVER['HTTP_X_FORWARDED_FOR'], $allowed_ips ) ) { 630 // // OK 628 631 } else { 629 632 // 不允许 -
infility-global/trunk/readme.txt
r3400110 r3452498 370 370 = 2.14.35 = 371 371 修复wcf7表单代理ip出现2个时,地址显示错误问题 372 373 = 2.14.52 = 374 安全问题修复
Note: See TracChangeset
for help on using the changeset viewer.