From 9205015782e90c22d22a7414cce9b1a5a0edad2b Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Oct 2021 08:01:31 +0000 Subject: [PATCH] fix CSRF, try fix %20 --- common.php | 138 +++++++++++++++++++++++++---------- index.php | 2 +- platform/AliyunFC.php | 14 +++- platform/BaiduCFC.php | 1 + platform/HuaweiFG_env.php | 1 + platform/HuaweiFG_file.php | 1 + platform/TencentSCF_env.php | 3 +- platform/TencentSCF_file.php | 3 +- theme/classic.html | 23 ++++-- 9 files changed, 135 insertions(+), 51 deletions(-) diff --git a/common.php b/common.php index 121e18d..f12a28b 100644 --- a/common.php +++ b/common.php @@ -182,11 +182,15 @@ function main($path) if (isset($_POST['password1'])) { $compareresult = compareadminsha1($_POST['password1'], $_POST['timestamp'], getConfig('admin')); if ($compareresult=='') { - return adminform('admin', adminpass2cookie('admin', getConfig('admin')), $url); + $timestamp = time()+7*24*60*60; + $randnum = rand(10, 99999); + $admincookie = adminpass2cookie('admin', getConfig('admin'), $timestamp, $randnum); + $adminlocalstorage = adminpass2storage('admin', getConfig('admin'), $timestamp, $randnum); + return adminform('admin', $admincookie, $adminlocalstorage, $url); } else return adminform($compareresult); } else return adminform(); } - if ( isset($_COOKIE['admin'])&&compareadminmd5($_COOKIE['admin'], 'admin', getConfig('admin')) ) { + if ( isset($_COOKIE['admin'])&&compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin']) ) { $_SERVER['admin']=1; $_SERVER['needUpdate'] = needUpdate(); } else { @@ -394,6 +398,7 @@ function main($path) $url = $files['url']; if ( strtolower(splitlast($files['name'], '.')[1])=='html' ) return output($files['content']['body'], $files['content']['stat']); else { + if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && strtotime($files['time'])==strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE'])) return output('', 304); $fileConduitSize = getConfig('fileConduitSize', $_SERVER['disktag']); $fileConduitCacheTime = getConfig('fileConduitCacheTime', $_SERVER['disktag']); if (!!$fileConduitSize || !!$fileConduitCacheTime) { @@ -401,10 +406,27 @@ function main($path) else $fileConduitSize = 1024*1024; if ($fileConduitCacheTime>1) $fileConduitCacheTime *= 3600; else $fileConduitCacheTime = 3600; + /*if ($_SERVER['HTTP_RANGE']!='') { + $header['Range'] = $_SERVER['HTTP_RANGE']; + $response = curl('GET', $files['url'], '', $header, 1); + //return output($header['Range'] . json_encode($response['returnhead'])); + return output( + $response['body'], + $response['stat'], + //$response['returnhead'], + ['Content-Type' => $files['mime'], 'Cache-Control' => 'max-age=' . $fileConduitCacheTime], + false + ); + }*/ if ($files['size']<$fileConduitSize) return output( base64_encode(file_get_contents($files['url'])), 200, - ['Content-Type' => $files['mime'], 'Cache-Control' => 'max-age=' . $fileConduitCacheTime], + [ + 'Content-Type' => $files['mime'], + 'Cache-Control' => 'max-age=' . $fileConduitCacheTime, + //'Cache-Control' => 'max-age=0', + 'Last-Modified' => gmdate('D, d M Y H:i:s T', strtotime($files['time'])) + ], true ); } @@ -482,20 +504,31 @@ function isreferhost() { return false; } -function adminpass2cookie($name, $pass) +function adminpass2cookie($name, $pass, $timestamp) { - $timestamp = time()+7*24*60*60; return md5($name . ':' . md5($pass) . '@' . $timestamp) . "(" . $timestamp . ")"; } -function compareadminmd5($admincookie, $name, $pass) +function adminpass2storage($name, $pass, $timestamp, $rand) { + return md5($timestamp . '/' . $pass . '^' . $name . '*' . $rand) . "(" . $rand . ")"; +} +function compareadminmd5($name, $pass, $cookie, $storage = 'default') { - $c = splitfirst($admincookie, '('); + $c = splitfirst($cookie, '('); $c_md5 = $c[0]; $c_time = substr($c[1], 0, -1); if (!is_numeric($c_time)) return false; if (time() > $c_time) return false; - if (md5($name . ':' . md5($pass) . '@' . $c_time) == $c_md5) return true; - else return false; + if ($storage == 'default') { + if (md5($name . ':' . md5($pass) . '@' . $c_time) == $c_md5) return true; + else return false; + } else { + $s = splitfirst($storage, '('); + $s_md5 = $s[0]; + $s_rand = substr($s[1], 0, -1); + if (md5($c_time . '/' . $pass . '^' . $name . '*' . $s_rand) == $s_md5) return true; + else return false; + } + return false; } function compareadminsha1($adminsha1, $timestamp, $pass) @@ -720,6 +753,7 @@ function curl($method, $url, $data = '', $headers = [], $returnheader = 0, $loca //$response['body'] = curl_exec($ch); if ($returnheader) { list($returnhead, $response['body']) = explode("\r\n\r\n", curl_exec($ch)); + //echo "HEAD:" . $returnhead; foreach (explode("\r\n", $returnhead) as $head) { $tmp = explode(': ', $head); $heads[$tmp[0]] = $tmp[1]; @@ -971,15 +1005,19 @@ function time_format($ISO) return date('Y-m-d H:i:s',strtotime($ISO . " UTC")); } -function adminform($name = '', $pass = '', $path = '') +function adminform($name = '', $pass = '', $storage = '', $path = '') { $html = '' . getconstStr('AdminLogin') . ''; if ($name=='admin'&&$pass!='') { $html .= ' - ' . getconstStr('LoginSuccess') . ''; + ' . getconstStr('LoginSuccess') . ' + + '; $statusCode = 201; date_default_timezone_set('UTC'); - $_SERVER['Set-Cookie'] = $name . '=' . $pass . '; path=/; expires=' . date(DATE_COOKIE, strtotime('+7day')); + $_SERVER['Set-Cookie'] = $name . '=' . $pass . '; path=' . $_SERVER['base_path'] . '; expires=' . date(DATE_COOKIE, strtotime('+7day')); return output($html, $statusCode); } $statusCode = 401; @@ -1028,7 +1066,18 @@ function adminoperate($path) $tmpget = $_GET; $tmppost = $_POST; $tmparr['statusCode'] = 0; + + if (isset($tmpget['RefreshCache'])) { + //$path1 = path_format($_SERVER['list_path'] . path_format($path)); + //if ($path1!='/'&&substr($path1, -1)=='/') $path1=substr($path1, 0, -1); + savecache('path_' . $path1 . '/?password', '', $_SERVER['disktag'], 1); + savecache('customTheme', '', '', 1); + return message(' + ', getconstStr('RefreshCache'), 202); + } + if ( (isset($tmpget['rename_newname'])&&$tmpget['rename_newname']!=$tmpget['rename_oldname'] && $tmpget['rename_newname']!='') || (isset($tmppost['rename_newname'])&&$tmppost['rename_newname']!=$tmppost['rename_oldname'] && $tmppost['rename_newname']!='') ) { + if (!compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin'], $_POST['_admin'])) return ['statusCode'=>403]; if (isset($tmppost['rename_newname'])) $VAR = 'tmppost'; else $VAR = 'tmpget'; // rename 重命名 @@ -1038,6 +1087,7 @@ function adminoperate($path) return $drive->Rename($file, ${$VAR}['rename_newname']); } if (isset($tmpget['delete_name']) || isset($tmppost['delete_name'])) { + if (!compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin'], $_POST['_admin'])) return ['statusCode'=>403]; if (isset($tmppost['delete_name'])) $VAR = 'tmppost'; else $VAR = 'tmpget'; // delete 删除 @@ -1047,6 +1097,7 @@ function adminoperate($path) return $drive->Delete($file); } if ( (isset($tmpget['operate_action'])&&$tmpget['operate_action']==getconstStr('Encrypt')) || (isset($tmppost['operate_action'])&&$tmppost['operate_action']==getconstStr('Encrypt')) ) { + if (!compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin'], $_POST['_admin'])) return ['statusCode'=>403]; if (isset($tmppost['operate_action'])) $VAR = 'tmppost'; else $VAR = 'tmpget'; // encrypt 加密 @@ -1058,6 +1109,7 @@ function adminoperate($path) return $drive->Encrypt($folder, getConfig('passfile'), ${$VAR}['encrypt_newpass']); } if (isset($tmpget['move_folder']) || isset($tmppost['move_folder'])) { + if (!compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin'], $_POST['_admin'])) return ['statusCode'=>403]; if (isset($tmppost['move_folder'])) $VAR = 'tmppost'; else $VAR = 'tmpget'; // move 移动 @@ -1082,6 +1134,7 @@ function adminoperate($path) } } if (isset($tmpget['copy_name']) || isset($tmppost['copy_name'])) { + if (!compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin'], $_POST['_admin'])) return ['statusCode'=>403]; if (isset($tmppost['copy_name'])) $VAR = 'tmppost'; else $VAR = 'tmpget'; // copy 复制 @@ -1091,6 +1144,7 @@ function adminoperate($path) return $drive->Copy($file); } if (isset($tmppost['editfile'])) { + if (!compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin'], $_POST['_admin'])) return ['statusCode'=>403]; // edit 编辑 $file['path'] = $path1; $file['name'] = ''; @@ -1098,6 +1152,7 @@ function adminoperate($path) return $drive->Edit($file, $tmppost['editfile']); } if (isset($tmpget['create_name']) || isset($tmppost['create_name'])) { + if (!compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin'], $_POST['_admin'])) return ['statusCode'=>403]; if (isset($tmppost['create_name'])) $VAR = 'tmppost'; else $VAR = 'tmpget'; // create 新建 @@ -1106,14 +1161,6 @@ function adminoperate($path) $parent['id'] = ${$VAR}['create_fileid']; return $drive->Create($parent, ${$VAR}['create_type'], ${$VAR}['create_name'], ${$VAR}['create_text']); } - if (isset($tmpget['RefreshCache'])) { - //$path1 = path_format($_SERVER['list_path'] . path_format($path)); - //if ($path1!='/'&&substr($path1, -1)=='/') $path1=substr($path1, 0, -1); - savecache('path_' . $path1 . '/?password', '', $_SERVER['disktag'], 1); - savecache('customTheme', '', '', 1); - return message(' - ', getconstStr('RefreshCache'), 202); - } return $tmparr; } @@ -1174,7 +1221,7 @@ function EnvOpt($needUpdate = 0) $envs = substr(json_encode(array_keys ($EnvConfigs)), 1, -1); $html = 'OneManager '.getconstStr('Setup').''; - if (isset($_POST['updateProgram'])&&$_POST['updateProgram']==getconstStr('updateProgram')) { + if (isset($_POST['updateProgram'])&&$_POST['updateProgram']==getconstStr('updateProgram')) if (compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin'], $_POST['_admin'])) { $response = setConfigResponse(OnekeyUpate($_POST['auth'], $_POST['project'], $_POST['branch'])); if (api_error($response)) { $html = api_error_msg($response); @@ -1186,8 +1233,8 @@ function EnvOpt($needUpdate = 0) $title = getconstStr('Setup'); return message($html, $title, 202, 1); } - } - if (isset($_POST['submit1'])) { + } else return message('please login again', 'Need login', 403); + if (isset($_POST['submit1'])) if (compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin'], $_POST['_admin'])) { $_SERVER['disk_oprating'] = ''; foreach ($_POST as $k => $v) { if (isShowedEnv($k) || $k=='disktag_del' || $k=='disktag_add' || $k=='disktag_rename' || $k=='disktag_copy') { @@ -1237,8 +1284,8 @@ function EnvOpt($needUpdate = 0) $title = getconstStr('Setup'); return message($html, $title, 200, 1); } - } - if (isset($_POST['config_b'])) { + } else return message('please login again', 'Need login', 403); + if (isset($_POST['config_b'])) if (compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin'], $_POST['_admin'])) { if (!$_POST['pass']) return output("{\"Error\": \"No admin pass\"}", 403); if (!is_numeric($_POST['timestamp'])) return output("{\"Error\": \"Error time\"}", 403); if (abs(time() - $_POST['timestamp']/1000) > 5*60) return output("{\"Error\": \"Timeout\"}", 403); @@ -1295,8 +1342,8 @@ function EnvOpt($needUpdate = 0) } else { return output("{\"Error\": \"Admin pass error\"}", 403); } - } - if (isset($_POST['changePass'])) { + } else return message('please login again', 'Need login', 403); + if (isset($_POST['changePass'])) if (compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin'], $_POST['_admin'])) { if (!is_numeric($_POST['timestamp'])) return message("Error time" . getconstStr('Back') . "", "Error", 403); if (abs(time() - $_POST['timestamp']/1000) > 5*60) return message("Timeout" . getconstStr('Back') . "", "Error", 403); if ($_POST['newPass1']==''||$_POST['newPass2']=='') return message("Empty new pass" . getconstStr('Back') . "", "Error", 403); @@ -1313,7 +1360,7 @@ function EnvOpt($needUpdate = 0) } else { return message("Old pass error" . getconstStr('Back') . "", "Error", 403); } - } + } else return message('please login again', 'Need login', 403); if (isset($_GET['preview'])) { $preurl = $_SERVER['PHP_SELF'] . '?preview'; @@ -1360,7 +1407,8 @@ output: if ($_GET['setup']==='platform') { $frame .= ' - '; + + '; foreach ($EnvConfigs as $key => $val) if (isCommonEnv($key) && isShowedEnv($key)) { $frame .= ' @@ -1420,6 +1468,7 @@ output: @@ -1464,6 +1515,7 @@ output: $frame .= ' + '; foreach ($EnvConfigs as $key => $val) if (isInnerEnv($key) && isShowedEnv($key)) { $frame .= ' @@ -1536,6 +1588,7 @@ output:
+ @@ -1431,12 +1480,14 @@ output:
+
+
+ '; $num = 0; foreach ($disktags as $disktag) { @@ -1641,6 +1694,7 @@ output: } else { $frame .= ' + @@ -1691,6 +1745,7 @@ output:
+ @@ -1708,6 +1763,7 @@ output:
' . getconstStr('OldPassword') . ':

+ @@ -1846,6 +1902,12 @@ output:
' . getconstStr('AdminPassword') . ':

'; $html .= $frame; + $html .= ''; return message($html, getconstStr('Setup')); } @@ -1859,11 +1921,12 @@ function render_list($path = '', $files = []) //$htmlcontent = fetch_files(spurlencode(path_format(urldecode($path) . '/index.html'), '/'))['content']; $htmlcontent = get_content(spurlencode(path_format(urldecode($path) . '/index.html'), '/'))['content']; return output($htmlcontent['body'], $htmlcontent['stat']); - } - $path = str_replace('%20','%2520',$path); + }//echo $path . "
\n"; + //$path = str_replace('%20','%2520',$path); $path = str_replace('+','%2B',$path); $path = str_replace('&','&',path_format(urldecode($path))) ; - $path = str_replace('%20',' ',$path); + //echo $path . "
\n"; + //$path = str_replace('%20',' ',$path); $path = str_replace('#','%23',$path); $p_path=''; if ($path !== '/') { @@ -2233,8 +2296,8 @@ function render_list($path = '', $files = []) $html = str_replace('', '', $html); $html = str_replace('', '', $html); } - $html = str_replace('', encode_str_replace(path_format($_SERVER['base_disk_path'] . '/' . str_replace('&', '&', $path))), $html); - $html = str_replace('', encode_str_replace(path_format($_SERVER['base_disk_path'] . '/' . str_replace('&', '&', $path))), $html); + $html = str_replace('', encode_str_replace(path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); + $html = str_replace('', (path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); $ext = strtolower(substr($path, strrpos($path, '.') + 1)); if (in_array($ext, $exts['img'])) $ext = 'img'; @@ -2261,11 +2324,12 @@ function render_list($path = '', $files = []) $html = str_replace('', '', $html); } //while (strpos($html, '')) $html = str_replace('', $files['url'], $html); - while (strpos($html, '')) $html = str_replace('', encode_str_replace(path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); - while (strpos($html, '')) $html = str_replace('', encode_str_replace(path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); + while (strpos($html, '')) $html = str_replace('', (path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); + //echo $path . "
\n"; + while (strpos($html, '')) $html = str_replace('', (path_format($_SERVER['base_disk_path'] . '/' . str_replace('&', '&', $path))), $html); while (strpos($html, '')) $html = str_replace('', $files['name'], $html); while (strpos($html, '')) $html = str_replace('', urlencode($files['url']), $html); - //while (strpos($html, '')) $html = str_replace('', urlencode(path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); + //while (strpos($html, '')) $html = str_replace('', urlencode($_SERVER['host'] . path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); $html = str_replace('', getconstStr('ClicktoEdit'), $html); $html = str_replace('', getconstStr('CancelEdit'), $html); $html = str_replace('', getconstStr('Save'), $html); diff --git a/index.php b/index.php index 1c78c03..56fecf2 100644 --- a/index.php +++ b/index.php @@ -108,7 +108,7 @@ function handler($event, $context) $re = main($path); - return new RingCentral\Psr7\Response($re['statusCode'], $re['headers'], $re['body']); + return new RingCentral\Psr7\Response($re['statusCode'], $re['headers'], $re['isBase64Encoded']?base64_decode($re['body']):$re['body']); } elseif ($_SERVER['_APP_SHARE_DIR']=='/var/share/CFF/processrouter') { // Huawei FG diff --git a/platform/AliyunFC.php b/platform/AliyunFC.php index 184879d..02dba5b 100644 --- a/platform/AliyunFC.php +++ b/platform/AliyunFC.php @@ -37,13 +37,20 @@ function GetPathSetting($event, $context) $_SERVER['region'] = $context['region']; $_SERVER['service_name'] = $context['service']['name']; $_SERVER['function_name'] = $context['function']['name']; - $path = urldecode($event['path']); + //$path = str_replace('%5D', ']', str_replace('%5B', '[', $event['path']));//%5B + //$path = $event['path']; + $path = $event['requestURI']; + if (strpos($path, '?')) $path = substr($path, 0, strpos($path, '?')); $tmp = urldecode($event['requestURI']); if (strpos($tmp, '?')) $tmp = substr($tmp, 0, strpos($tmp, '?')); if ($path=='/'||$path=='') { $_SERVER['base_path'] = $tmp; } else { - $_SERVER['base_path'] = substr($tmp, 0, strlen($tmp)-strlen($path)+1); + while ($tmp!=urldecode($tmp)) $tmp = urldecode($tmp); + $tmp1 = urldecode($event['path']); + while ($tmp1!=urldecode($tmp1)) $tmp1 = urldecode($tmp1); + $_SERVER['base_path'] = substr($tmp, 0, strlen($tmp)-strlen($tmp1)+1); + //$_SERVER['base_path'] = substr($tmp, 0, strlen(urldecode($event['path']))); } $_SERVER['base_path'] = spurlencode($_SERVER['base_path'], '/'); @@ -63,7 +70,8 @@ function GetPathSetting($event, $context) $_SERVER['referhost'] = explode('/', $event['headers']['Referer'][0])[2]; $_SERVER['HTTP_IF_MODIFIED_SINCE'] = $event['headers']['If-Modified-Since'][0]; $_SERVER['FC_SERVER_PATH'] = '/var/fc/runtime/php7.2'; - return spurlencode($path, '/'); + return $path; + //return spurlencode($path, '/'); } function getConfig($str, $disktag = '') diff --git a/platform/BaiduCFC.php b/platform/BaiduCFC.php index e9fbcbb..c8ba09e 100644 --- a/platform/BaiduCFC.php +++ b/platform/BaiduCFC.php @@ -50,6 +50,7 @@ function GetPathSetting($event, $context) $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST']; $_SERVER['referhost'] = explode('/', $event['headers']['Referer'])[2]; $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f' + $_SERVER['HTTP_IF_MODIFIED_SINCE'] = $event['headers']['If-Modified-Since']; $_SERVER['BCE_CFC_RUNTIME_NAME'] = 'php7'; return $path; } diff --git a/platform/HuaweiFG_env.php b/platform/HuaweiFG_env.php index 1b09178..45387c4 100644 --- a/platform/HuaweiFG_env.php +++ b/platform/HuaweiFG_env.php @@ -71,6 +71,7 @@ function GetPathSetting($event, $context) $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST']; $_SERVER['referhost'] = explode('/', $event['headers']['referer'])[2]; $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f' + $_SERVER['HTTP_IF_MODIFIED_SINCE'] = $event['headers']['if-modified-since']; $_SERVER['_APP_SHARE_DIR'] = '/var/share/CFF/processrouter'; return $path; } diff --git a/platform/HuaweiFG_file.php b/platform/HuaweiFG_file.php index a615736..8304222 100644 --- a/platform/HuaweiFG_file.php +++ b/platform/HuaweiFG_file.php @@ -71,6 +71,7 @@ function GetPathSetting($event, $context) $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST']; $_SERVER['referhost'] = explode('/', $event['headers']['referer'])[2]; $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f' + $_SERVER['HTTP_IF_MODIFIED_SINCE'] = $event['headers']['if-modified-since']; $_SERVER['_APP_SHARE_DIR'] = '/var/share/CFF/processrouter'; return $path; } diff --git a/platform/TencentSCF_env.php b/platform/TencentSCF_env.php index 5bcc2df..6210d6b 100644 --- a/platform/TencentSCF_env.php +++ b/platform/TencentSCF_env.php @@ -56,7 +56,8 @@ function GetPathSetting($event, $context) //$_SERVER['REQUEST_SCHEME'] = $event['headers']['x-forwarded-proto']; $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST']; $_SERVER['referhost'] = explode('/', $event['headers']['referer'])[2]; - $_SERVER['HTTP_TRANSLATE']==$event['headers']['translate'];//'f' + $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f' + $_SERVER['HTTP_IF_MODIFIED_SINCE'] = $event['headers']['if-modified-since']; $_SERVER['USER'] = 'qcloud'; return $path; } diff --git a/platform/TencentSCF_file.php b/platform/TencentSCF_file.php index 1a0f256..27acaa1 100644 --- a/platform/TencentSCF_file.php +++ b/platform/TencentSCF_file.php @@ -56,7 +56,8 @@ function GetPathSetting($event, $context) //$_SERVER['REQUEST_SCHEME'] = $event['headers']['x-forwarded-proto']; $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST']; $_SERVER['referhost'] = explode('/', $event['headers']['referer'])[2]; - $_SERVER['HTTP_TRANSLATE']==$event['headers']['translate'];//'f' + $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f' + $_SERVER['HTTP_IF_MODIFIED_SINCE'] = $event['headers']['if-modified-since']; $_SERVER['USER'] = 'qcloud'; return $path; } diff --git a/theme/classic.html b/theme/classic.html index 1a41e31..dc64c56 100644 --- a/theme/classic.html +++ b/theme/classic.html @@ -94,12 +94,12 @@   - + -->
@@ -202,6 +202,7 @@
+     @@ -209,6 +210,12 @@ +
@@ -988,7 +995,7 @@ delete uploading[upbigfilename]; } } - xhr1.send('upbigfilename='+ upbigfilename +'&filesize='+ file.size +'&filelastModified='+ file.lastModified +'&filemd5='+ filemd5); + xhr1.send('upbigfilename='+ upbigfilename +'&filesize='+ file.size +'&filelastModified='+ file.lastModified +'&filemd5='+ filemd5 + '&_admin=' + localStorage.getItem("admin")); } } @@ -1239,7 +1246,7 @@ getuplink(i); }*/ } - xhr1.send('upbigfilename='+ upbigfilename +'&filesize='+ file.size +'&filelastModified='+ file.lastModified + '&filesha1=' + filesha1 + '&chunksize=' + chunksize); + xhr1.send('upbigfilename='+ upbigfilename +'&filesize='+ file.size +'&filelastModified='+ file.lastModified + '&filesha1=' + filesha1 + '&chunksize=' + chunksize + '&_admin=' + localStorage.getItem("admin")); } } } @@ -1325,7 +1332,7 @@ } delete uploading[filename]; } - xhr1.send('uploadid=' + uploadid + '&fileid=' + fileid + '&etag=' + JSON.stringify(res['ETag'])); + xhr1.send('uploadid=' + uploadid + '&fileid=' + fileid + '&etag=' + JSON.stringify(res['ETag']) + '&_admin=' + localStorage.getItem("admin")); } else { var binary = this.result; var xhr = new XMLHttpRequest(); @@ -1396,7 +1403,7 @@ } delete uploading[filename]; } - xhr1.send('uploadid=' + uploadid + '&fileid=' + fileid + '&etag=' + JSON.stringify(res['ETag'])); + xhr1.send('uploadid=' + uploadid + '&fileid=' + fileid + '&etag=' + JSON.stringify(res['ETag']) + '&_admin=' + localStorage.getItem("admin")); // uploadbuttonshow(); } else { readblob(asize); @@ -1439,7 +1446,7 @@ var expd = new Date(); expd.setTime(expd.getTime()+1000); var expires = "expires="+expd.toGMTString(); - document.cookie = "admin=; path=/; "+expires; + document.cookie = "admin=; path=; "+expires; location.href = location.href; } /*for some mobile browser*/ @@ -1533,7 +1540,7 @@ document.getElementById(str+'_div').style.display='none'; document.getElementById('mask').style.display='none'; } - xhr.send(serializeForm(str+'_form')); + xhr.send(serializeForm(str+'_form') + '&_admin=' + localStorage.getItem("admin")); return false; } function addelement(html) {