diff --git a/function/common.php b/function/common.php index 555a847..4cc8460 100644 --- a/function/common.php +++ b/function/common.php @@ -518,8 +518,8 @@ function main($path) } else { $adminloginpage = getConfig('adminloginpage'); } - if ($_GET[$adminloginpage]) { - if ($_GET['preview']) { + if (isset($_GET[$adminloginpage])) { + if (isset($_GET['preview'])) { $url = $_SERVER['PHP_SELF'] . '?preview'; } else { $url = path_format($_SERVER['PHP_SELF'] . '/'); @@ -533,13 +533,13 @@ function main($path) } } if (getConfig('admin')!='') - if ( $_COOKIE['admin']==md5(getConfig('admin')) || $_POST['password1']==getConfig('admin') ) { + if ( (isset($_COOKIE['admin'])&&$_COOKIE['admin']==md5(getConfig('admin'))) || (isset($_POST['password1'])&&$_POST['password1']==getConfig('admin')) ) { $_SERVER['admin']=1; $_SERVER['needUpdate'] = needUpdate(); } else { $_SERVER['admin']=0; } - if ($_GET['setup']) + if (isset($_GET['setup'])) if ($_SERVER['admin']) { // setup Environments. 设置,对环境变量操作 return EnvOpt($_SERVER['needUpdate']); @@ -550,7 +550,7 @@ function main($path) if (getConfig('admin')=='') return install(); config_oauth(); - if ($_SERVER['admin']) if ($_GET['AddDisk']||$_GET['authorization_code']) return get_refresh_token(); + if ($_SERVER['admin']) if (isset($_GET['AddDisk'])||isset($_GET['authorization_code'])) return get_refresh_token(); $refresh_token = getConfig('refresh_token'); //if (!$refresh_token) return get_refresh_token(); if (!$refresh_token) { @@ -608,7 +608,7 @@ function main($path) if ($_SERVER['ajax']) return output(getconstStr('RefreshtoLogin'),401); } $_SERVER['ishidden'] = passhidden($path); - if ($_GET['thumbnails']) { + if (isset($_GET['thumbnails'])) { if ($_SERVER['ishidden']<4) { if (in_array(strtolower(substr($path, strrpos($path, '.') + 1)), $exts['img'])) { return get_thumbnails_url($path); @@ -631,7 +631,7 @@ function main($path) } else return output('',404); } else return output('',401); } - if (isset($files['file']) && !$_GET['preview']) { + if (isset($files['file']) && !isset($_GET['preview'])) { // is file && not preview mode if ( $_SERVER['ishidden']<4 || (!!getConfig('downloadencrypt')&&$files['name']!=getConfig('passfile')) ) return output('', 302, [ 'Location' => $files['@microsoft.graph.downloadUrl'] ]); } @@ -702,7 +702,7 @@ function adminoperate($path) $path1 = path_format($_SERVER['list_path'] . path_format($path)); if (substr($path1,-1)=='/') $path1=substr($path1,0,-1); $tmparr['statusCode'] = 0; - if ($_GET['rename_newname']!=$_GET['rename_oldname'] && $_GET['rename_newname']!='') { + if (isset($_GET['rename_newname'])&&$_GET['rename_newname']!=$_GET['rename_oldname'] && $_GET['rename_newname']!='') { // rename 重命名 $oldname = spurlencode($_GET['rename_oldname']); $oldname = path_format($path1 . '/' . $oldname); @@ -712,7 +712,7 @@ function adminoperate($path) //savecache('path_' . $path1, json_decode('{}',true), 1); return output($result['body'], $result['stat']); } - if ($_GET['delete_name']!='') { + if (isset($_GET['delete_name'])) { // delete 删除 $filename = spurlencode($_GET['delete_name']); $filename = path_format($path1 . '/' . $filename); @@ -721,7 +721,7 @@ function adminoperate($path) //savecache('path_' . $path1, json_decode('{}',true), 1); return output($result['body'], $result['stat']); } - if ($_GET['operate_action']==getconstStr('encrypt')) { + if (isset($_GET['operate_action'])&&$_GET['operate_action']==getconstStr('encrypt')) { // encrypt 加密 if (getConfig('passfile')=='') return message(getconstStr('SetpassfileBfEncrypt'),'',403); if ($_GET['encrypt_folder']=='/') $_GET['encrypt_folder']==''; @@ -733,7 +733,7 @@ function adminoperate($path) savecache('path_' . $path1 . '/?password', '', 1); return output($result['body'], $result['stat']); } - if ($_GET['move_folder']!='') { + if (isset($_GET['move_folder'])) { // move 移动 $moveable = 1; if ($path == '/' && $_GET['move_folder'] == '/../') $moveable=0; @@ -753,7 +753,7 @@ function adminoperate($path) return output('{"error":"'.getconstStr('CannotMove').'"}', 403); } } - if ($_GET['copy_name']!='') { + if (isset($_GET['copy_name'])) { // copy 复制 $filename = spurlencode($_GET['copy_name']); $filename = path_format($path1 . '/' . $filename); @@ -789,7 +789,7 @@ function adminoperate($path) //savecache('path_' . $path2, json_decode('{}',true), 1); return output($result['body'].json_encode($result['Location']), $result['stat']); } - if ($_POST['editfile']!='') { + if (isset($_POST['editfile'])) { // edit 编辑 $data = $_POST['editfile']; /*TXT一般不会超过4M,不用二段上传 @@ -802,7 +802,7 @@ function adminoperate($path) $resultarry = json_decode($result,true); if (isset($resultarry['error'])) return message($resultarry['error']['message']. '
' . json_encode(json_decode($tmp['body']), JSON_PRETTY_PRINT) . '', $tmp['stat']); //return message('
' . json_encode($ret, JSON_PRETTY_PRINT) . '', 500); } - if ($_GET['install1']) { + if (isset($_GET['install1'])) { $_SERVER['disk_oprating'] = $_COOKIE['disktag']; $_SERVER['disktag'] = $_COOKIE['disktag']; config_oauth(); @@ -1170,7 +1171,7 @@ function get_refresh_token() return message('something error, try after a few seconds.', 'retry', 201); } } - if ($_GET['install0']) { + if (isset($_GET['install0'])) { if ($_POST['disktag_add']!='' && ($_POST['Onedrive_ver']=='MS' || $_POST['Onedrive_ver']=='CN' || $_POST['Onedrive_ver']=='MSC')) { if (in_array($_COOKIE['disktag'], $CommonEnv)) { return message('Do not input ' . $envs . '