Moderate severityNVD Advisory· Published Jul 14, 2021· Updated Aug 4, 2024
CVE-2020-18151
CVE-2020-18151
Description
Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-Site Request Forgery (CSRF) in ThinkCMF v5.1.0 allows attackers to add an admin account.
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability exists in ThinkCMF version 5.1.0. The application fails to include anti-CSRF tokens in forms for user management, specifically when adding or editing admin accounts. This allows an attacker to forge requests that can create new admin users without proper authorization [1][3].
Exploitation
An attacker must trick an authenticated admin user into visiting a malicious web page or clicking a crafted link. No additional authentication or special privileges are needed. The attacker craft an HTML form or use a cross-site request technique that submits a POST request to the admin user add endpoint. When the victim's browser sends the request, it includes the victim's session cookies, so the server processes the request as if initiated by the legitimate admin [3][4].
Impact
Successful exploitation allows the attacker to create a new admin account with full privileges, gaining unauthorized administrative access to the ThinkCMF application. This leads to complete compromise of the CMS, including potential data disclosure, modification, and further attacks [3].
Mitigation
The vulnerability was fixed in subsequent commits. Reference [2] and [4] show patches that add CSRF token validation (__token__) to the relevant forms and use token validation in the UserValidate class. Users should upgrade to a patched version or apply the commits manually. No workaround is documented if the patch cannot be applied immediately [1][2][4].
References
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
thinkcmf/thinkcmfPackagist | < 6.0.8 | 6.0.8 |
Affected products
2- ThinkCMF/ThinkCMFdescription
Patches
2122 files changed · +426 −303
composer.lock+66 −62 modified@@ -8,16 +8,16 @@ "packages": [ { "name": "chamilo/pclzip", - "version": "v2.8.4", + "version": "v2.8.5", "source": { "type": "git", "url": "https://github.com/chamilo/pclzip.git", - "reference": "b94b7a190e186a31bd37f21be3a83a48c7d6b49a" + "reference": "af10d07a39922b0789bf761524a22ecefc01d405" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/chamilo/pclzip/zipball/b94b7a190e186a31bd37f21be3a83a48c7d6b49a", - "reference": "b94b7a190e186a31bd37f21be3a83a48c7d6b49a", + "url": "https://api.github.com/repos/chamilo/pclzip/zipball/af10d07a39922b0789bf761524a22ecefc01d405", + "reference": "af10d07a39922b0789bf761524a22ecefc01d405", "shasum": "" }, "replace": { @@ -46,52 +46,9 @@ ], "support": { "issues": "https://github.com/chamilo/pclzip/issues", - "source": "https://github.com/chamilo/pclzip/tree/v2.8.4" + "source": "https://github.com/chamilo/pclzip/tree/v2.8.5" }, - "time": "2017-11-28T22:14:11+00:00" - }, - { - "name": "electrolinux/phpquery", - "version": "0.9.6", - "source": { - "type": "git", - "url": "https://github.com/electrolinux/phpquery.git", - "reference": "6cb8afcfe8cd4ce45f2f8c27d561383037c27a3a" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/electrolinux/phpquery/zipball/6cb8afcfe8cd4ce45f2f8c27d561383037c27a3a", - "reference": "6cb8afcfe8cd4ce45f2f8c27d561383037c27a3a", - "shasum": "" - }, - "type": "library", - "autoload": { - "classmap": [ - "phpQuery/" - ] - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Tobiasz Cudnik", - "email": "tobiasz.cudnik@gmail.com", - "homepage": "https://github.com/TobiaszCudnik", - "role": "Developer" - }, - { - "name": "didier Belot", - "role": "Packager" - } - ], - "description": "phpQuery is a server-side, chainable, CSS3 selector driven Document Object Model (DOM) API based on jQuery JavaScript Library", - "homepage": "http://code.google.com/p/phpquery/", - "support": { - "source": "https://github.com/electrolinux/phpquery/tree/0.9.6" - }, - "time": "2013-03-21T12:39:33+00:00" + "time": "2022-09-06T21:41:44+00:00" }, { "name": "ezyang/htmlpurifier", @@ -399,18 +356,65 @@ }, "time": "2022-07-16T15:11:03+00:00" }, + { + "name": "obsoletepackage/phpquery", + "version": "1.0.2", + "source": { + "type": "git", + "url": "https://github.com/ObsoletePackage/phpquery.git", + "reference": "ebe03fabd3286fdad18a0148a5f23f6dcc0443fb" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ObsoletePackage/phpquery/zipball/ebe03fabd3286fdad18a0148a5f23f6dcc0443fb", + "reference": "ebe03fabd3286fdad18a0148a5f23f6dcc0443fb", + "shasum": "" + }, + "type": "library", + "autoload": { + "classmap": [ + "phpQuery/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Tobiasz Cudnik", + "email": "tobiasz.cudnik@gmail.com", + "homepage": "https://github.com/TobiaszCudnik", + "role": "Developer" + }, + { + "name": "didier Belot", + "role": "Packager" + }, + { + "name": "obsolete package", + "homepage": "https://github.com/ObsoletePackage" + } + ], + "description": "phpQuery is a server-side, chainable, CSS3 selector driven Document Object Model (DOM) API based on jQuery JavaScript Library", + "homepage": "http://code.google.com/p/phpquery/", + "support": { + "source": "https://github.com/ObsoletePackage/phpquery/tree/1.0.2" + }, + "time": "2022-08-21T10:51:36+00:00" + }, { "name": "phpmailer/phpmailer", - "version": "v6.6.3", + "version": "v6.6.4", "source": { "type": "git", "url": "https://github.com/PHPMailer/PHPMailer.git", - "reference": "9400f305a898f194caff5521f64e5dfa926626f3" + "reference": "a94fdebaea6bd17f51be0c2373ab80d3d681269b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/9400f305a898f194caff5521f64e5dfa926626f3", - "reference": "9400f305a898f194caff5521f64e5dfa926626f3", + "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/a94fdebaea6bd17f51be0c2373ab80d3d681269b", + "reference": "a94fdebaea6bd17f51be0c2373ab80d3d681269b", "shasum": "" }, "require": { @@ -467,15 +471,15 @@ "description": "PHPMailer is a full-featured email creation and transfer class for PHP", "support": { "issues": "https://github.com/PHPMailer/PHPMailer/issues", - "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.6.3" + "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.6.4" }, "funding": [ { "url": "https://github.com/Synchro", "type": "github" } ], - "time": "2022-06-20T09:21:02+00:00" + "time": "2022-08-22T09:22:00+00:00" }, { "name": "psr/cache", @@ -730,22 +734,22 @@ }, { "name": "thinkcmf/cmf", - "version": "v6.0.16", + "version": "v6.0.17", "source": { "type": "git", "url": "https://github.com/thinkcmf/cmf-core.git", - "reference": "bb02d518e7ee8c19442ddd88a45abcbc8cfb00a8" + "reference": "97681cdb9a205ab6c4fca0cfcca1b26b1c185712" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/thinkcmf/cmf-core/zipball/bb02d518e7ee8c19442ddd88a45abcbc8cfb00a8", - "reference": "bb02d518e7ee8c19442ddd88a45abcbc8cfb00a8", + "url": "https://api.github.com/repos/thinkcmf/cmf-core/zipball/97681cdb9a205ab6c4fca0cfcca1b26b1c185712", + "reference": "97681cdb9a205ab6c4fca0cfcca1b26b1c185712", "shasum": "" }, "require": { - "electrolinux/phpquery": "^0.9.6", "ezyang/htmlpurifier": "^4.9", "mindplay/annotations": "^1.3", + "obsoletepackage/phpquery": "^1.0.1", "phpmailer/phpmailer": "~6.0", "thinkcmf/cmf-captcha": "^3.0", "thinkcmf/cmf-extend": "~5.1.0", @@ -787,9 +791,9 @@ "description": "The ThinkCMF Core Package", "support": { "issues": "https://github.com/thinkcmf/cmf-core/issues", - "source": "https://github.com/thinkcmf/cmf-core/tree/v6.0.16" + "source": "https://github.com/thinkcmf/cmf-core/tree/v6.0.17" }, - "time": "2022-07-22T02:27:15+00:00" + "time": "2022-08-05T14:59:02+00:00" }, { "name": "thinkcmf/cmf-api",
public/themes/admin_simpleboot3/admin/user/add.html+1 −0 modified@@ -37,6 +37,7 @@ </div> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> + <input type="hidden" name="__token__" value="{:token()}" /> <button type="submit" class="btn btn-primary js-ajax-submit">{:lang('ADD')}</button> </div> </div>
public/themes/admin_simpleboot3/admin/user/edit.html+1 −0 modified@@ -40,6 +40,7 @@ <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <input type="hidden" name="id" value="{$id}" /> + <input type="hidden" name="__token__" value="{:token()}" /> <button type="submit" class="btn btn-primary js-ajax-submit">{:lang('SAVE')}</button> <a class="btn btn-default" href="javascript:history.back(-1);">{:lang('BACK')}</a> </div>
README.md+6 −2 modified@@ -1,6 +1,7 @@ -ThinkCMF 6.0.7 让你更自由地飞 +ThinkCMF 6.0.8 开发版 =============== -欢迎入坑,有问题请及时提交issue! +**`6.0.8`正在紧张开发中,请不要用于正式环境!实际项目请下载最新正式版`6.0.7`** + ### 主要特性 * 框架协议依旧为`MIT`,让你更自由地飞 @@ -120,6 +121,9 @@ https://gitee.com/thinkcmf/docker 5. `composer update` ### 更新日志 +#### 6.0.8 coding~ +* ... + #### 6.0.7 * 升级到`tp6.0.13` * 增加安装时检查API配置
vendor/chamilo/pclzip/pclzip.lib.php+7 −1 modified@@ -1,6 +1,6 @@ <?php // -------------------------------------------------------------------------------- -// PhpConcept Library - Zip Module 2.8.2 +// PhpConcept Library - Zip Module 2.8.4 // -------------------------------------------------------------------------------- // License GNU/LGPL - Vincent Blavet - August 2009 // http://www.phpconcept.net @@ -3513,6 +3513,12 @@ public function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_al } } + // Patch for Zip Traversal vulnerability + if (strpos($p_entry['stored_filename'], '../') !== false || strpos($p_entry['stored_filename'], '..\\') !== false) { + $p_entry['stored_filename'] = basename($p_entry['stored_filename']); + $p_entry['filename'] = basename($p_entry['stored_filename']); + } + // ----- Add the path if ($p_path != '') { $p_entry['filename'] = $p_path . "/" . $p_entry['filename'];
vendor/composer/autoload_classmap.php+19 −19 modified@@ -6,27 +6,27 @@ $baseDir = dirname($vendorDir); return array( - 'Callback' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', - 'CallbackBody' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', - 'CallbackParam' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', - 'CallbackParameterToReference' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', - 'CallbackReturnReference' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', - 'CallbackReturnValue' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', + 'Callback' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', + 'CallbackBody' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', + 'CallbackParam' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', + 'CallbackParameterToReference' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', + 'CallbackReturnReference' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', + 'CallbackReturnValue' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', 'Composer\\InstalledVersions' => $vendorDir . '/composer/InstalledVersions.php', - 'DOMDocumentWrapper' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/DOMDocumentWrapper.php', - 'DOMEvent' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/DOMEvent.php', - 'ICallbackNamed' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', + 'DOMDocumentWrapper' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/DOMDocumentWrapper.php', + 'DOMEvent' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/DOMEvent.php', + 'ICallbackNamed' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', 'PclZip' => $vendorDir . '/chamilo/pclzip/pclzip.lib.php', - 'phpQuery' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery.php', - 'phpQueryEvents' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/phpQueryEvents.php', - 'phpQueryObject' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/phpQueryObject.php', - 'phpQueryObjectPlugin_Scripts' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/Scripts.php', - 'phpQueryObjectPlugin_WebBrowser' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/WebBrowser.php', - 'phpQueryObjectPlugin_example' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/example.php', - 'phpQueryPlugin_Scripts' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/Scripts.php', - 'phpQueryPlugin_WebBrowser' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/WebBrowser.php', - 'phpQueryPlugin_example' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/example.php', - 'phpQueryPlugins' => $vendorDir . '/electrolinux/phpquery/phpQuery/phpQuery.php', + 'phpQuery' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery.php', + 'phpQueryEvents' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/phpQueryEvents.php', + 'phpQueryObject' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/phpQueryObject.php', + 'phpQueryObjectPlugin_Scripts' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/Scripts.php', + 'phpQueryObjectPlugin_WebBrowser' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/WebBrowser.php', + 'phpQueryObjectPlugin_example' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/example.php', + 'phpQueryPlugin_Scripts' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/Scripts.php', + 'phpQueryPlugin_WebBrowser' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/WebBrowser.php', + 'phpQueryPlugin_example' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/example.php', + 'phpQueryPlugins' => $vendorDir . '/obsoletepackage/phpquery/phpQuery/phpQuery.php', 'think\\App' => $vendorDir . '/thinkcmf/cmf/think/App.php', 'think\\Console' => $vendorDir . '/thinkcmf/cmf/think/Console.php', 'think\\Http' => $vendorDir . '/thinkcmf/cmf/think/Http.php',
vendor/composer/autoload_psr4.php+2 −2 modified@@ -11,15 +11,15 @@ 'think\\trace\\' => array($vendorDir . '/topthink/think-trace/src'), 'think\\migration\\' => array($vendorDir . '/xia/migration/src'), 'think\\captcha\\' => array($vendorDir . '/thinkcmf/cmf-captcha/src'), - 'think\\' => array($vendorDir . '/topthink/framework/src/think', $vendorDir . '/topthink/think-helper/src', $vendorDir . '/topthink/think-orm/src', $vendorDir . '/thinkcmf/cmf/think'), + 'think\\' => array($vendorDir . '/thinkcmf/cmf/think', $vendorDir . '/topthink/framework/src/think', $vendorDir . '/topthink/think-helper/src', $vendorDir . '/topthink/think-orm/src'), 'themes\\' => array($baseDir . '/public/themes'), 'plugins\\' => array($baseDir . '/public/plugins'), 'mindplay\\annotations\\' => array($vendorDir . '/mindplay/annotations/src/annotations'), 'dir\\' => array($vendorDir . '/thinkcmf/cmf-extend/src/dir'), 'cmf\\composer\\' => array($vendorDir . '/thinkcmf/cmf-root/src'), 'cmf\\' => array($vendorDir . '/thinkcmf/cmf/src'), 'app\\admin\\' => array($vendorDir . '/thinkcmf/cmf-appstore/src'), - 'app\\' => array($baseDir . '/app', $vendorDir . '/thinkcmf/cmf-install/src', $vendorDir . '/thinkcmf/cmf-app/src'), + 'app\\' => array($baseDir . '/app', $vendorDir . '/thinkcmf/cmf-app/src', $vendorDir . '/thinkcmf/cmf-install/src'), 'api\\' => array($baseDir . '/api', $vendorDir . '/thinkcmf/cmf-api/src'), 'Psr\\SimpleCache\\' => array($vendorDir . '/psr/simple-cache/src'), 'Psr\\Log\\' => array($vendorDir . '/psr/log/Psr/Log'),
vendor/composer/autoload_static.php+25 −25 modified@@ -91,10 +91,10 @@ class ComposerStaticInit409e436a19c882513f3c7d0ffdfd059f ), 'think\\' => array ( - 0 => __DIR__ . '/..' . '/topthink/framework/src/think', - 1 => __DIR__ . '/..' . '/topthink/think-helper/src', - 2 => __DIR__ . '/..' . '/topthink/think-orm/src', - 3 => __DIR__ . '/..' . '/thinkcmf/cmf/think', + 0 => __DIR__ . '/..' . '/thinkcmf/cmf/think', + 1 => __DIR__ . '/..' . '/topthink/framework/src/think', + 2 => __DIR__ . '/..' . '/topthink/think-helper/src', + 3 => __DIR__ . '/..' . '/topthink/think-orm/src', ), 'themes\\' => array ( @@ -127,8 +127,8 @@ class ComposerStaticInit409e436a19c882513f3c7d0ffdfd059f 'app\\' => array ( 0 => __DIR__ . '/../..' . '/app', - 1 => __DIR__ . '/..' . '/thinkcmf/cmf-install/src', - 2 => __DIR__ . '/..' . '/thinkcmf/cmf-app/src', + 1 => __DIR__ . '/..' . '/thinkcmf/cmf-app/src', + 2 => __DIR__ . '/..' . '/thinkcmf/cmf-install/src', ), 'api\\' => array ( @@ -192,27 +192,27 @@ class ComposerStaticInit409e436a19c882513f3c7d0ffdfd059f ); public static $classMap = array ( - 'Callback' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', - 'CallbackBody' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', - 'CallbackParam' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', - 'CallbackParameterToReference' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', - 'CallbackReturnReference' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', - 'CallbackReturnValue' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', + 'Callback' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', + 'CallbackBody' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', + 'CallbackParam' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', + 'CallbackParameterToReference' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', + 'CallbackReturnReference' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', + 'CallbackReturnValue' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', 'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php', - 'DOMDocumentWrapper' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/DOMDocumentWrapper.php', - 'DOMEvent' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/DOMEvent.php', - 'ICallbackNamed' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/Callback.php', + 'DOMDocumentWrapper' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/DOMDocumentWrapper.php', + 'DOMEvent' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/DOMEvent.php', + 'ICallbackNamed' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php', 'PclZip' => __DIR__ . '/..' . '/chamilo/pclzip/pclzip.lib.php', - 'phpQuery' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery.php', - 'phpQueryEvents' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/phpQueryEvents.php', - 'phpQueryObject' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/phpQueryObject.php', - 'phpQueryObjectPlugin_Scripts' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/Scripts.php', - 'phpQueryObjectPlugin_WebBrowser' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/WebBrowser.php', - 'phpQueryObjectPlugin_example' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/example.php', - 'phpQueryPlugin_Scripts' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/Scripts.php', - 'phpQueryPlugin_WebBrowser' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/WebBrowser.php', - 'phpQueryPlugin_example' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery/plugins/example.php', - 'phpQueryPlugins' => __DIR__ . '/..' . '/electrolinux/phpquery/phpQuery/phpQuery.php', + 'phpQuery' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery.php', + 'phpQueryEvents' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/phpQueryEvents.php', + 'phpQueryObject' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/phpQueryObject.php', + 'phpQueryObjectPlugin_Scripts' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/Scripts.php', + 'phpQueryObjectPlugin_WebBrowser' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/WebBrowser.php', + 'phpQueryObjectPlugin_example' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/example.php', + 'phpQueryPlugin_Scripts' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/Scripts.php', + 'phpQueryPlugin_WebBrowser' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/WebBrowser.php', + 'phpQueryPlugin_example' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/example.php', + 'phpQueryPlugins' => __DIR__ . '/..' . '/obsoletepackage/phpquery/phpQuery/phpQuery.php', 'think\\App' => __DIR__ . '/..' . '/thinkcmf/cmf/think/App.php', 'think\\Console' => __DIR__ . '/..' . '/thinkcmf/cmf/think/Console.php', 'think\\Http' => __DIR__ . '/..' . '/thinkcmf/cmf/think/Http.php',
vendor/composer/installed.json+72 −68 modified@@ -2,23 +2,23 @@ "packages": [ { "name": "chamilo/pclzip", - "version": "v2.8.4", - "version_normalized": "2.8.4.0", + "version": "v2.8.5", + "version_normalized": "2.8.5.0", "source": { "type": "git", "url": "https://github.com/chamilo/pclzip.git", - "reference": "b94b7a190e186a31bd37f21be3a83a48c7d6b49a" + "reference": "af10d07a39922b0789bf761524a22ecefc01d405" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/chamilo/pclzip/zipball/b94b7a190e186a31bd37f21be3a83a48c7d6b49a", - "reference": "b94b7a190e186a31bd37f21be3a83a48c7d6b49a", + "url": "https://api.github.com/repos/chamilo/pclzip/zipball/af10d07a39922b0789bf761524a22ecefc01d405", + "reference": "af10d07a39922b0789bf761524a22ecefc01d405", "shasum": "" }, "replace": { "pclzip/pclzip": "^2.8" }, - "time": "2017-11-28T22:14:11+00:00", + "time": "2022-09-06T21:41:44+00:00", "type": "library", "installation-source": "dist", "autoload": { @@ -43,56 +43,10 @@ ], "support": { "issues": "https://github.com/chamilo/pclzip/issues", - "source": "https://github.com/chamilo/pclzip/tree/v2.8.4" + "source": "https://github.com/chamilo/pclzip/tree/v2.8.5" }, "install-path": "../chamilo/pclzip" }, - { - "name": "electrolinux/phpquery", - "version": "0.9.6", - "version_normalized": "0.9.6.0", - "source": { - "type": "git", - "url": "https://github.com/electrolinux/phpquery.git", - "reference": "6cb8afcfe8cd4ce45f2f8c27d561383037c27a3a" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/electrolinux/phpquery/zipball/6cb8afcfe8cd4ce45f2f8c27d561383037c27a3a", - "reference": "6cb8afcfe8cd4ce45f2f8c27d561383037c27a3a", - "shasum": "" - }, - "time": "2013-03-21T12:39:33+00:00", - "type": "library", - "installation-source": "dist", - "autoload": { - "classmap": [ - "phpQuery/" - ] - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Tobiasz Cudnik", - "email": "tobiasz.cudnik@gmail.com", - "homepage": "https://github.com/TobiaszCudnik", - "role": "Developer" - }, - { - "name": "didier Belot", - "role": "Packager" - } - ], - "description": "phpQuery is a server-side, chainable, CSS3 selector driven Document Object Model (DOM) API based on jQuery JavaScript Library", - "homepage": "http://code.google.com/p/phpquery/", - "support": { - "source": "https://github.com/electrolinux/phpquery/tree/0.9.6" - }, - "install-path": "../electrolinux/phpquery" - }, { "name": "ezyang/htmlpurifier", "version": "v4.14.0", @@ -414,19 +368,69 @@ }, "install-path": "../mindplay/annotations" }, + { + "name": "obsoletepackage/phpquery", + "version": "1.0.2", + "version_normalized": "1.0.2.0", + "source": { + "type": "git", + "url": "https://github.com/ObsoletePackage/phpquery.git", + "reference": "ebe03fabd3286fdad18a0148a5f23f6dcc0443fb" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ObsoletePackage/phpquery/zipball/ebe03fabd3286fdad18a0148a5f23f6dcc0443fb", + "reference": "ebe03fabd3286fdad18a0148a5f23f6dcc0443fb", + "shasum": "" + }, + "time": "2022-08-21T10:51:36+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "classmap": [ + "phpQuery/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Tobiasz Cudnik", + "email": "tobiasz.cudnik@gmail.com", + "homepage": "https://github.com/TobiaszCudnik", + "role": "Developer" + }, + { + "name": "didier Belot", + "role": "Packager" + }, + { + "name": "obsolete package", + "homepage": "https://github.com/ObsoletePackage" + } + ], + "description": "phpQuery is a server-side, chainable, CSS3 selector driven Document Object Model (DOM) API based on jQuery JavaScript Library", + "homepage": "http://code.google.com/p/phpquery/", + "support": { + "source": "https://github.com/ObsoletePackage/phpquery/tree/1.0.2" + }, + "install-path": "../obsoletepackage/phpquery" + }, { "name": "phpmailer/phpmailer", - "version": "v6.6.3", - "version_normalized": "6.6.3.0", + "version": "v6.6.4", + "version_normalized": "6.6.4.0", "source": { "type": "git", "url": "https://github.com/PHPMailer/PHPMailer.git", - "reference": "9400f305a898f194caff5521f64e5dfa926626f3" + "reference": "a94fdebaea6bd17f51be0c2373ab80d3d681269b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/9400f305a898f194caff5521f64e5dfa926626f3", - "reference": "9400f305a898f194caff5521f64e5dfa926626f3", + "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/a94fdebaea6bd17f51be0c2373ab80d3d681269b", + "reference": "a94fdebaea6bd17f51be0c2373ab80d3d681269b", "shasum": "" }, "require": { @@ -453,7 +457,7 @@ "stevenmaguire/oauth2-microsoft": "Needed for Microsoft XOAUTH2 authentication", "symfony/polyfill-mbstring": "To support UTF-8 if the Mbstring PHP extension is not enabled (^1.2)" }, - "time": "2022-06-20T09:21:02+00:00", + "time": "2022-08-22T09:22:00+00:00", "type": "library", "installation-source": "dist", "autoload": { @@ -485,7 +489,7 @@ "description": "PHPMailer is a full-featured email creation and transfer class for PHP", "support": { "issues": "https://github.com/PHPMailer/PHPMailer/issues", - "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.6.3" + "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.6.4" }, "funding": [ { @@ -763,31 +767,31 @@ }, { "name": "thinkcmf/cmf", - "version": "v6.0.16", - "version_normalized": "6.0.16.0", + "version": "v6.0.17", + "version_normalized": "6.0.17.0", "source": { "type": "git", "url": "https://github.com/thinkcmf/cmf-core.git", - "reference": "bb02d518e7ee8c19442ddd88a45abcbc8cfb00a8" + "reference": "97681cdb9a205ab6c4fca0cfcca1b26b1c185712" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/thinkcmf/cmf-core/zipball/bb02d518e7ee8c19442ddd88a45abcbc8cfb00a8", - "reference": "bb02d518e7ee8c19442ddd88a45abcbc8cfb00a8", + "url": "https://api.github.com/repos/thinkcmf/cmf-core/zipball/97681cdb9a205ab6c4fca0cfcca1b26b1c185712", + "reference": "97681cdb9a205ab6c4fca0cfcca1b26b1c185712", "shasum": "" }, "require": { - "electrolinux/phpquery": "^0.9.6", "ezyang/htmlpurifier": "^4.9", "mindplay/annotations": "^1.3", + "obsoletepackage/phpquery": "^1.0.1", "phpmailer/phpmailer": "~6.0", "thinkcmf/cmf-captcha": "^3.0", "thinkcmf/cmf-extend": "~5.1.0", "topthink/framework": "~6.0.0", "topthink/think-orm": "^2.0", "xia/migration": "^6.0" }, - "time": "2022-07-22T02:27:15+00:00", + "time": "2022-08-05T14:59:02+00:00", "type": "library", "installation-source": "dist", "autoload": { @@ -823,7 +827,7 @@ "description": "The ThinkCMF Core Package", "support": { "issues": "https://github.com/thinkcmf/cmf-core/issues", - "source": "https://github.com/thinkcmf/cmf-core/tree/v6.0.16" + "source": "https://github.com/thinkcmf/cmf-core/tree/v6.0.17" }, "install-path": "../thinkcmf/cmf" },
vendor/composer/installed.php+18 −18 modified@@ -11,21 +11,12 @@ ), 'versions' => array( 'chamilo/pclzip' => array( - 'pretty_version' => 'v2.8.4', - 'version' => '2.8.4.0', + 'pretty_version' => 'v2.8.5', + 'version' => '2.8.5.0', 'type' => 'library', 'install_path' => __DIR__ . '/../chamilo/pclzip', 'aliases' => array(), - 'reference' => 'b94b7a190e186a31bd37f21be3a83a48c7d6b49a', - 'dev_requirement' => false, - ), - 'electrolinux/phpquery' => array( - 'pretty_version' => '0.9.6', - 'version' => '0.9.6.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../electrolinux/phpquery', - 'aliases' => array(), - 'reference' => '6cb8afcfe8cd4ce45f2f8c27d561383037c27a3a', + 'reference' => 'af10d07a39922b0789bf761524a22ecefc01d405', 'dev_requirement' => false, ), 'ezyang/htmlpurifier' => array( @@ -73,19 +64,28 @@ 'reference' => 'd314832b338b88299c4108361c858b0590798d2c', 'dev_requirement' => false, ), + 'obsoletepackage/phpquery' => array( + 'pretty_version' => '1.0.2', + 'version' => '1.0.2.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../obsoletepackage/phpquery', + 'aliases' => array(), + 'reference' => 'ebe03fabd3286fdad18a0148a5f23f6dcc0443fb', + 'dev_requirement' => false, + ), 'pclzip/pclzip' => array( 'dev_requirement' => false, 'replaced' => array( 0 => '^2.8', ), ), 'phpmailer/phpmailer' => array( - 'pretty_version' => 'v6.6.3', - 'version' => '6.6.3.0', + 'pretty_version' => 'v6.6.4', + 'version' => '6.6.4.0', 'type' => 'library', 'install_path' => __DIR__ . '/../phpmailer/phpmailer', 'aliases' => array(), - 'reference' => '9400f305a898f194caff5521f64e5dfa926626f3', + 'reference' => 'a94fdebaea6bd17f51be0c2373ab80d3d681269b', 'dev_requirement' => false, ), 'psr/cache' => array( @@ -134,12 +134,12 @@ 'dev_requirement' => false, ), 'thinkcmf/cmf' => array( - 'pretty_version' => 'v6.0.16', - 'version' => '6.0.16.0', + 'pretty_version' => 'v6.0.17', + 'version' => '6.0.17.0', 'type' => 'library', 'install_path' => __DIR__ . '/../thinkcmf/cmf', 'aliases' => array(), - 'reference' => 'bb02d518e7ee8c19442ddd88a45abcbc8cfb00a8', + 'reference' => '97681cdb9a205ab6c4fca0cfcca1b26b1c185712', 'dev_requirement' => false, ), 'thinkcmf/cmf-api' => array(
vendor/obsoletepackage/phpquery/api-reference/classtrees_phpQuery.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/elementindex.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/elementindex_phpQuery.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/errors.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/index.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/li_phpQuery.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/media/background.png+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/media/empty.png+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/media/style.css+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/Callback.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/CallbackParam.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/_Callback.php.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/CallbackReference.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/DOMDocumentWrapper.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/_DOMDocumentWrapper.php.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/DOMEvent.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/_DOMEvent.php.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/phpQueryEvents.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/_phpQueryEvents.php.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/phpQuery.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/phpQueryObject.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/_phpQueryObject.php.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/_phpQuery.php.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/phpQuery/phpQueryPlugins.html+0 −0 renamedvendor/obsoletepackage/phpquery/api-reference/todolist.html+0 −0 renamedvendor/obsoletepackage/phpquery/cli/phpquery+0 −0 renamedvendor/obsoletepackage/phpquery/composer.json+6 −2 renamed@@ -1,8 +1,8 @@ { - "name": "electrolinux/phpquery" + "name": "obsoletepackage/phpquery" ,"type": "library" ,"description": "phpQuery is a server-side, chainable, CSS3 selector driven Document Object Model (DOM) API based on jQuery JavaScript Library" - ,"version": "0.9.6" + ,"version": "1.0.2" ,"keywords": [] ,"homepage": "http://code.google.com/p/phpquery/" ,"license": "MIT" @@ -17,6 +17,10 @@ "name": "didier Belot" ,"role": "Packager" } + ,{ + "name": "obsolete package" + ,"homepage": "https://github.com/ObsoletePackage" + } ], "autoload": { "classmap": ["phpQuery/"]
vendor/obsoletepackage/phpquery/demo.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery/bootstrap.example.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery/Callback.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery/compat/mbstring.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery/DOMDocumentWrapper.php+6 −8 renamed@@ -131,7 +131,7 @@ protected function documentCreate($charset, $version = '1.0') { $this->document->formatOutput = true; $this->document->preserveWhiteSpace = true; } - protected function loadMarkupHTML($markup, $requestedCharset = null) { + protected function loadMarkupHTML($markup,$requestedCharset = '') { if (phpQuery::$debug) phpQuery::debug('Full markup load (HTML): '.substr($markup, 0, 250)); $this->loadMarkupReset(); @@ -157,7 +157,7 @@ protected function loadMarkupHTML($markup, $requestedCharset = null) { } // Should be careful here, still need 'magic encoding detection' since lots of pages have other 'default encoding' // Worse, some pages can have mixed encodings... we'll try not to worry about that - $requestedCharset = strtoupper($requestedCharset); + $requestedCharset = strtoupper((string)$requestedCharset); $documentCharset = strtoupper($documentCharset); phpQuery::debug("DOC: $documentCharset REQ: $requestedCharset"); if ($requestedCharset && $documentCharset && $requestedCharset !== $documentCharset) { @@ -314,8 +314,6 @@ protected function isXML($markup) { } protected function contentTypeToArray($contentType) { - $test = null; - $test = $matches = explode(';', trim(strtolower($contentType))); if (isset($matches[1])) { $matches[1] = explode('=', $matches[1]); @@ -324,7 +322,7 @@ protected function contentTypeToArray($contentType) { ? $matches[1][1] : $matches[1][0]; } else - $matches[1] = null; + $matches[1] = ''; return $matches; } /** @@ -351,7 +349,7 @@ protected function charsetFromHTML($markup) { return $contentType[1]; } protected function charsetFromXML($markup) { - $matches; + $matches = array(); // find declaration preg_match('@<'.'?xml[^>]+encoding\\s*=\\s*(["|\'])(.*?)\\1@i', $markup, $matches @@ -512,7 +510,7 @@ protected function documentFragmentCreate($source, $charset = null) { * @param $markup * @return $document */ - private function documentFragmentLoadMarkup($fragment, $charset, $markup = null) { + private function documentFragmentLoadMarkup($fragment, $charset, $markup = '') { // TODO error handling // TODO copy doctype // tempolary turn off @@ -532,7 +530,7 @@ private function documentFragmentLoadMarkup($fragment, $charset, $markup = null) } else { $markup2 = phpQuery::$defaultDoctype.'<html><head><meta http-equiv="Content-Type" content="text/html;charset=' .$charset.'"></head>'; - $noBody = strpos($markup, '<body') === false; + $noBody = strpos((string)$markup, '<body') === false; if ($noBody) $markup2 .= '<body>'; $markup2 .= $markup;
vendor/obsoletepackage/phpquery/phpQuery/phpQuery/DOMEvent.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery.php+1 −1 renamed@@ -647,7 +647,7 @@ public static function DOMNodeListToArray($DOMNodeList) { * @todo still used ? */ public static function isMarkup($input) { - return ! is_array($input) && substr(trim($input), 0, 1) == '<'; + return ! is_array($input) && substr(trim((string)$input), 0, 1) == '<'; } public static function debug($text) { if (self::$debug)
vendor/obsoletepackage/phpquery/phpQuery/phpQuery/phpQueryEvents.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery/phpQueryObject.php+69 −44 renamed@@ -313,7 +313,7 @@ protected function parseSelector($query) { // TODO include this inside parsing ? $query = trim( preg_replace('@\s+@', ' ', - preg_replace('@\s*(>|\\+|~)\s*@', '\\1', $query) + preg_replace('@\s*(>|\\+|~)\s*@', '\\1', (string)$query) ) ); $queries = array(array()); @@ -502,7 +502,7 @@ public function get($index = null, $callback1 = null, $callback2 = null, $callba * @todo maybe other name... */ public function getString($index = null, $callback1 = null, $callback2 = null, $callback3 = null) { - if ($index) + if (!is_null($index) && is_int($index)) $return = $this->eq($index)->text(); else { $return = array(); @@ -529,7 +529,7 @@ public function getString($index = null, $callback1 = null, $callback2 = null, $ * @todo maybe other name... */ public function getStrings($index = null, $callback1 = null, $callback2 = null, $callback3 = null) { - if ($index) + if (!is_null($index) && is_int($index)) $return = $this->eq($index)->text(); else { $return = array(); @@ -587,7 +587,7 @@ protected function matchClasses($class, $node) { if ( mb_strpos($class, '.', 1)) { $classes = explode('.', substr($class, 1)); $classesCount = count( $classes ); - $nodeClasses = explode(' ', $node->getAttribute('class') ); + $nodeClasses = preg_split("/[\s\t\r\n]+/", $node->getAttribute('class'),-1, PREG_SPLIT_NO_EMPTY); $nodeClassesCount = count( $nodeClasses ); if ( $classesCount > $nodeClassesCount ) return false; @@ -605,7 +605,7 @@ protected function matchClasses($class, $node) { // strip leading dot from class name substr($class, 1), // get classes for element as array - explode(' ', $node->getAttribute('class') ) + preg_split("/[\s\t\r\n]+/", $node->getAttribute('class'),-1, PREG_SPLIT_NO_EMPTY) ); } } @@ -967,16 +967,18 @@ protected function pseudoClasses($class) { break; case 'parent': $this->elements = $this->map( - create_function('$node', ' + function ($node) { return $node instanceof DOMELEMENT && $node->childNodes->length - ? $node : null;') + ? $node : null; + } )->elements; break; case 'empty': $this->elements = $this->map( - create_function('$node', ' + function ($node) { return $node instanceof DOMELEMENT && $node->childNodes->length - ? null : $node;') + ? null : $node; + } )->elements; break; case 'disabled': @@ -989,19 +991,21 @@ protected function pseudoClasses($class) { break; case 'enabled': $this->elements = $this->map( - create_function('$node', ' - return pq($node)->not(":disabled") ? $node : null;') + function ($node) { + return pq($node)->not(":disabled") ? $node : null; + } )->elements; break; case 'header': $this->elements = $this->map( - create_function('$node', - '$isHeader = isset($node->tagName) && in_array($node->tagName, array( + function ($node) { + $isHeader = isset($node->tagName) && in_array($node->tagName, array( "h1", "h2", "h3", "h4", "h5", "h6", "h7" )); return $isHeader ? $node - : null;') + : null; + } )->elements; // $this->elements = $this->map( // create_function('$node', '$node = pq($node); @@ -1018,52 +1022,56 @@ protected function pseudoClasses($class) { break; case 'only-child': $this->elements = $this->map( - create_function('$node', - 'return pq($node)->siblings()->size() == 0 ? $node : null;') + function ($node) { + return pq($node)->siblings()->size() == 0 ? $node : null; + } )->elements; break; case 'first-child': $this->elements = $this->map( - create_function('$node', 'return pq($node)->prevAll()->size() == 0 ? $node : null;') + function ($node) { return pq($node)->prevAll()->size() == 0 ? $node : null; } )->elements; break; case 'last-child': $this->elements = $this->map( - create_function('$node', 'return pq($node)->nextAll()->size() == 0 ? $node : null;') + function ($node) { return pq($node)->nextAll()->size() == 0 ? $node : null; } )->elements; break; case 'nth-child': $param = trim($args, "\"'"); if (! $param) break; // nth-child(n+b) to nth-child(1n+b) - if ($param[0] == 'n') + if (substr($param, 0, 1) == 'n') $param = '1'.$param; // :nth-child(index/even/odd/equation) if ($param == 'even' || $param == 'odd') $mapped = $this->map( - create_function('$node, $param', - '$index = pq($node)->prevAll()->size()+1; + function ($node, $param) { + $index = pq($node)->prevAll()->size()+1; if ($param == "even" && ($index%2) == 0) return $node; else if ($param == "odd" && $index%2 == 1) return $node; else - return null;'), + return null; + }, new CallbackParam(), $param ); - else if (mb_strlen($param) > 1 && $param[1] == 'n') + else if (mb_strlen($param) > 1 && preg_match('/^(\d*)n([-+]?)(\d*)/', $param) === 1) // an+b $mapped = $this->map( - create_function('$node, $param', - '$prevs = pq($node)->prevAll()->size(); + function ($node, $param) { + $prevs = pq($node)->prevAll()->size(); $index = 1+$prevs; - $b = mb_strlen($param) > 3 - ? $param{3} - : 0; - $a = $param{0}; - if ($b && $param{2} == "-") - $b = -$b; + + preg_match("/^(\d*)n([-+]?)(\d*)/", $param, $matches); + $a = intval($matches[1]); + $b = intval($matches[3]); + if( $matches[2] === "-" ) { + $b = -$b; + } + if ($a > 0) { return ($index-$b)%$a == 0 ? $node @@ -1089,20 +1097,21 @@ protected function pseudoClasses($class) { // return ($index-$b)%$a == 0 // ? $node // : null; - '), + }, new CallbackParam(), $param ); else // index $mapped = $this->map( - create_function('$node, $index', - '$prevs = pq($node)->prevAll()->size(); + function ($node, $index) { + $prevs = pq($node)->prevAll()->size(); if ($prevs && $prevs == $index-1) return $node; else if (! $prevs && $index == 1) return $node; else - return null;'), + return null; + }, new CallbackParam(), $param ); $this->elements = $mapped->elements; @@ -1654,6 +1663,8 @@ public function eq($num) { * * @return phpQueryObject|QueryTemplatesSource|QueryTemplatesParse|QueryTemplatesSourceQuery */ + + #[\ReturnTypeWillChange] public function size() { return count($this->elements); } @@ -1663,9 +1674,12 @@ public function size() { * @return phpQueryObject|QueryTemplatesSource|QueryTemplatesParse|QueryTemplatesSourceQuery * @deprecated Use length as attribute */ + #[\ReturnTypeWillChange] public function length() { return $this->size(); } + + #[\ReturnTypeWillChange] public function count() { return $this->size(); } @@ -1675,6 +1689,8 @@ public function count() { * @return phpQueryObject|QueryTemplatesSource|QueryTemplatesParse|QueryTemplatesSourceQuery * @todo $level */ + + #[\ReturnTypeWillChange] public function end($level = 1) { // $this->elements = array_pop( $this->history ); // return $this; @@ -1878,7 +1894,7 @@ public function php($code = null) { } /** * Enter description here... - * + * * @param $code * @return unknown_type */ @@ -1889,7 +1905,7 @@ public function markupPHP($code = null) { } /** * Enter description here... - * + * * @param $code * @return unknown_type */ @@ -2264,7 +2280,7 @@ public function text($text = null, $callback1 = null, $callback2 = null, $callba } return $return; } - + /** * @return The text content of each matching element, like * text() but returns an array with one entry per matched element. @@ -2277,7 +2293,7 @@ public function texts($attr = null) { } return $results; } - + /** * Enter description here... * @@ -2645,7 +2661,7 @@ public function attr($attr = null, $value = null) { return is_null($value) ? '' : $this; } - + /** * @return The same attribute of each matching element, like * attr() but returns an array with one entry per matched element. @@ -2949,7 +2965,7 @@ public function map($callback, $param1 = null, $param2 = null, $param3 = null) { } /** * Enter description here... - * + * * @param <type> $key * @param <type> $value */ @@ -2966,7 +2982,7 @@ public function data($key, $value = null) { } /** * Enter description here... - * + * * @param <type> $key */ public function removeData($key) { @@ -2980,6 +2996,7 @@ public function removeData($key) { /** * @access private */ + #[\ReturnTypeWillChange] public function rewind(){ $this->debug('iterating foreach'); // phpQuery::selectDocument($this->getDocumentID()); @@ -2995,12 +3012,14 @@ public function rewind(){ /** * @access private */ + #[\ReturnTypeWillChange] public function current(){ return $this->elementsInterator[ $this->current ]; } /** * @access private */ + #[\ReturnTypeWillChange] public function key(){ return $this->current; } @@ -3015,6 +3034,7 @@ public function key(){ * @see phpQueryObject::_next() * @return phpQueryObject|QueryTemplatesSource|QueryTemplatesParse|QueryTemplatesSourceQuery */ + #[\ReturnTypeWillChange] public function next($cssSelector = null){ // if ($cssSelector || $this->valid) // return $this->_next($cssSelector); @@ -3032,6 +3052,7 @@ public function next($cssSelector = null){ /** * @access private */ + #[\ReturnTypeWillChange] public function valid(){ return $this->valid; } @@ -3040,25 +3061,29 @@ public function valid(){ /** * @access private */ + #[\ReturnTypeWillChange] public function offsetExists($offset) { return $this->find($offset)->size() > 0; } /** * @access private */ + #[\ReturnTypeWillChange] public function offsetGet($offset) { return $this->find($offset); } /** * @access private */ + #[\ReturnTypeWillChange] public function offsetSet($offset, $value) { // $this->find($offset)->replaceWith($value); $this->find($offset)->html($value); } /** * @access private */ + #[\ReturnTypeWillChange] public function offsetUnset($offset) { // empty throw new Exception("Can't do unset, use array interface only for calling queries and replacing HTML."); @@ -3099,7 +3124,7 @@ protected function getNodeXpath($oneNode = null, $namespace = null) { : "{$node->tagName}[{$i}]"; $node = $node->parentNode; } - $xpath = join('/', array_reverse($xpath)); + $xpath = implode('/', array_reverse($xpath)); $return[] = '/'.$xpath; } return $oneNode @@ -3121,7 +3146,7 @@ public function whois($oneNode = null) { .($node->getAttribute('id') ? '#'.$node->getAttribute('id'):'') .($node->getAttribute('class') - ? '.'.join('.', split(' ', $node->getAttribute('class'))):'') + ? '.'.implode('.', explode(' ', $node->getAttribute('class'))):'') .($node->getAttribute('name') ? '[name="'.$node->getAttribute('name').'"]':'') .($node->getAttribute('value') && strpos($node->getAttribute('value'), '<'.'?php') === false
vendor/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/example.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/Scripts/__config.example.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/Scripts/example.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/Scripts/fix_webroot.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/Scripts/google_login.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/Scripts.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/Scripts/print_source.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/Scripts/print_websafe.php+0 −0 renamedvendor/obsoletepackage/phpquery/phpQuery/phpQuery/plugins/WebBrowser.php+6 −6 renamed@@ -84,8 +84,8 @@ public static function location($self, $url = null) { } return $return; } - - + + public static function download($self, $url = null) { $xhr = isset($self->document->xhr) ? $self->document->xhr @@ -266,7 +266,7 @@ public static function browserReceive($xhr) { } else return $pq; } - + /** * @param Zend_Http_Client $xhr */ @@ -278,7 +278,7 @@ public static function browserDownload($xhr) { return $body; } /** - * + * * @param $e * @param $callback * @return unknown_type @@ -385,7 +385,7 @@ function resolve_url($base, $url) { // Step 3 if (preg_match('!^[a-z]+:!i', $url)) return $url; $base = parse_url($base); - if ($url{0} == "#") { + if (substr($url, 0, 1) == "#") { // Step 2 (fragment) $base['fragment'] = substr($url, 1); return unparse_url($base); @@ -398,7 +398,7 @@ function resolve_url($base, $url) { 'scheme'=>$base['scheme'], 'path'=>substr($url,2), )); - } else if ($url{0} == "/") { + } else if (substr($url, 0, 1) == "/") { // Step 5 $base['path'] = $url; } else {
vendor/obsoletepackage/phpquery/README.md+6 −1 renamed@@ -1,5 +1,7 @@ ## phpQuery, one more fork! +**Note:** _I haven't used this package since many years, and just recently looked at the code: this is scary, buggy and unfinished. Please don't use it on any production server!_ + My intent is to have it easily integrated in differents projects, so available on packagist. I've gathered some fix and new features here and there, as will keep looking for new stuff on github about phpQuery @@ -12,14 +14,17 @@ I've gathered some fix and new features here and there, as will keep looking for ### github repos i've looked at: * https://github.com/denis-isaev/phpquery -* https://github.com/fmorrow/pQuery--PHPQuery- (big project so far) * https://github.com/r-sal/phpquery * https://github.com/damien-list/phpquery-1 * https://github.com/nev3rm0re/phpquery * https://github.com/Aurielle/phpquery * https://github.com/kevee/phpquery (include php-css-parser) * https://github.com/lucassouza1/phpquery +## Manual + +* [Manual](wiki/README.md) imported from http://code.google.com/p/phpquery/wiki + ## Extracts from fmorrow README.md: ### Whats phpQuery?
vendor/obsoletepackage/phpquery/test-cases/document-types/document-fragment-utf8.html+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-fragment-utf8.xhtml+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-fragment-utf8.xml+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-iso88592.html+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-iso88592-nocharset.html+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-iso88592-nocharset.xhtml+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-iso88592-nocharset.xml+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-iso88592.xhtml+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-iso88592.xml+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-utf8.html+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-utf8-nocharset.html+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-utf8-nocharset.xhtml+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-utf8-nocharset.xml+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-utf8.php+1 −1 renamed@@ -8,6 +8,6 @@ <body> <span>Hello World!</span> <span>ąśżźć</span> - <a href='<?php foreach($foo as $bar} { print $foo['1'] } ?>'>Attr test</a> + <a href='<?php foreach($foo as $bar) { print $foo['1'] } ?>'>Attr test</a> </body> </html>
vendor/obsoletepackage/phpquery/test-cases/document-types/document-utf8.xhtml+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document-types/document-utf8.xml+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/document_types.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/run.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_2.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_4.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_5.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_ajax_data_1+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_ajax.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_arrayaccess.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_attr.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_callback.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_charset.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_document.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_events.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test.html+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_insert.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_manipulation.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_manual.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_multidoc.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_php.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_replace.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_scripts.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_selectors.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_webbrowser.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/test_wrap.php+0 −0 renamedvendor/obsoletepackage/phpquery/test-cases/xpath.php+0 −0 renamedvendor/obsoletepackage/phpquery/unit-tests/test.html+0 −0 renamedvendor/obsoletepackage/phpquery/unit-tests/test.php+0 −0 renamedvendor/phpmailer/phpmailer/language/phpmailer.lang-el.php+24 −17 modified@@ -5,22 +5,29 @@ * @package PHPMailer */ -$PHPMAILER_LANG['authenticate'] = 'SMTP Σφάλμα: Αδυναμία πιστοποίησης (authentication).'; -$PHPMAILER_LANG['connect_host'] = 'SMTP Σφάλμα: Αδυναμία σύνδεσης στον SMTP-Host.'; -$PHPMAILER_LANG['data_not_accepted'] = 'SMTP Σφάλμα: Τα δεδομένα δεν έγιναν αποδεκτά.'; -$PHPMAILER_LANG['empty_message'] = 'Το E-Mail δεν έχει περιεχόμενο .'; -$PHPMAILER_LANG['encoding'] = 'Αγνωστο Encoding-Format: '; -$PHPMAILER_LANG['execute'] = 'Αδυναμία εκτέλεσης ακόλουθης εντολής: '; -$PHPMAILER_LANG['file_access'] = 'Αδυναμία προσπέλασης του αρχείου: '; -$PHPMAILER_LANG['file_open'] = 'Σφάλμα Αρχείου: Δεν είναι δυνατό το άνοιγμα του ακόλουθου αρχείου: '; -$PHPMAILER_LANG['from_failed'] = 'Η παρακάτω διεύθυνση αποστολέα δεν είναι σωστή: '; -$PHPMAILER_LANG['instantiate'] = 'Αδυναμία εκκίνησης Mail function.'; -$PHPMAILER_LANG['invalid_address'] = 'Το μήνυμα δεν εστάλη, η διεύθυνση δεν είναι έγκυρη: '; +$PHPMAILER_LANG['authenticate'] = 'Σφάλμα SMTP: Αδυναμία πιστοποίησης.'; +$PHPMAILER_LANG['buggy_php'] = 'Η έκδοση PHP που χρησιμοποιείτε παρουσιάζει σφάλμα που μπορεί να έχει ως αποτέλεσμα κατεστραμένα μηνύματα. Για να το διορθώσετε, αλλάξτε τον τρόπο αποστολής σε SMTP, απενεργοποιήστε την επιλογή mail.add_x_header στο αρχείο php.ini, αλλάξτε λειτουργικό σε MacOS ή Linux ή αναβαθμίστε την PHP σε έκδοση 7.0.17+ ή 7.1.3+.'; +$PHPMAILER_LANG['connect_host'] = 'Σφάλμα SMTP: Αδυναμία σύνδεσης με τον φιλοξενητή SMTP.'; +$PHPMAILER_LANG['data_not_accepted'] = 'Σφάλμα SMTP: Μη αποδεκτά δεδομένα.'; +$PHPMAILER_LANG['empty_message'] = 'Η ηλεκτρονική επιστολή δεν έχει περιεχόμενο.'; +$PHPMAILER_LANG['encoding'] = 'Άγνωστη μορφή κωδικοποίησης: '; +$PHPMAILER_LANG['execute'] = 'Αδυναμία εκτέλεσης: '; +$PHPMAILER_LANG['extension_missing'] = 'Απουσία επέκτασης: '; +$PHPMAILER_LANG['file_access'] = 'Αδυναμία πρόσβασης στο αρχείο: '; +$PHPMAILER_LANG['file_open'] = 'Σφάλμα Αρχείου: Αδυναμία ανοίγματος αρχείου: '; +$PHPMAILER_LANG['from_failed'] = 'Η ακόλουθη διεύθυνση αποστολέα δεν είναι σωστή: '; +$PHPMAILER_LANG['instantiate'] = 'Αδυναμία εκκίνησης συνάρτησης Mail.'; +$PHPMAILER_LANG['invalid_address'] = 'Μη έγκυρη διεύθυνση: '; +$PHPMAILER_LANG['invalid_header'] = 'Μη έγκυρο όνομα κεφαλίδας ή τιμή'; +$PHPMAILER_LANG['invalid_hostentry'] = 'Μη έγκυρη εισαγωγή φιλοξενητή: '; +$PHPMAILER_LANG['invalid_host'] = 'Μη έγκυρος φιλοξενητής: '; $PHPMAILER_LANG['mailer_not_supported'] = ' mailer δεν υποστηρίζεται.'; -$PHPMAILER_LANG['provide_address'] = 'Παρακαλούμε δώστε τουλάχιστον μια e-mail διεύθυνση παραλήπτη.'; -$PHPMAILER_LANG['recipients_failed'] = 'SMTP Σφάλμα: Οι παρακάτω διευθύνσεις παραλήπτη δεν είναι έγκυρες: '; +$PHPMAILER_LANG['provide_address'] = 'Δώστε τουλάχιστον μια ηλεκτρονική διεύθυνση παραλήπτη.'; +$PHPMAILER_LANG['recipients_failed'] = 'Σφάλμα SMTP: Οι παρακάτω διευθύνσεις παραλήπτη δεν είναι έγκυρες: '; $PHPMAILER_LANG['signing'] = 'Σφάλμα υπογραφής: '; -$PHPMAILER_LANG['smtp_connect_failed'] = 'Αποτυχία σύνδεσης στον SMTP Server.'; -$PHPMAILER_LANG['smtp_error'] = 'Σφάλμα από τον SMTP Server: '; -$PHPMAILER_LANG['variable_set'] = 'Αδυναμία ορισμού ή αρχικοποίησης μεταβλητής: '; -//$PHPMAILER_LANG['extension_missing'] = 'Extension missing: '; +$PHPMAILER_LANG['smtp_code'] = 'Κώδικάς SMTP: '; +$PHPMAILER_LANG['smtp_code_ex'] = 'Πρόσθετες πληροφορίες SMTP: '; +$PHPMAILER_LANG['smtp_connect_failed'] = 'Αποτυχία σύνδεσης SMTP.'; +$PHPMAILER_LANG['smtp_detail'] = 'Λεπτομέρεια: '; +$PHPMAILER_LANG['smtp_error'] = 'Σφάλμα με τον διακομιστή SMTP: '; +$PHPMAILER_LANG['variable_set'] = 'Αδυναμία ορισμού ή επαναφοράς μεταβλητής: ';
vendor/phpmailer/phpmailer/README.md+1 −0 modified@@ -10,6 +10,7 @@ [](https://packagist.org/packages/phpmailer/phpmailer) [](https://packagist.org/packages/phpmailer/phpmailer) [](https://phpmailer.github.io/PHPMailer/) +[](https://api.securityscorecards.dev/projects/github.com/PHPMailer/PHPMailer) ## Features - Probably the world's most popular code for sending email from PHP!
vendor/phpmailer/phpmailer/src/PHPMailer.php+14 −6 modified@@ -350,8 +350,8 @@ class PHPMailer public $Password = ''; /** - * SMTP auth type. - * Options are CRAM-MD5, LOGIN, PLAIN, XOAUTH2, attempted in that order if not specified. + * SMTP authentication type. Options are CRAM-MD5, LOGIN, PLAIN, XOAUTH2. + * If not specified, the first one from that list that the server supports will be selected. * * @var string */ @@ -750,7 +750,7 @@ class PHPMailer * * @var string */ - const VERSION = '6.6.3'; + const VERSION = '6.6.4'; /** * Error severity: message only, continue processing. @@ -1096,7 +1096,7 @@ protected function addOrEnqueueAnAddress($kind, $address, $name) return false; } - if ($name !== null) { + if ($name !== null && is_string($name)) { $name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim } else { $name = ''; @@ -1288,7 +1288,7 @@ public static function parseAddresses($addrstr, $useimap = true, $charset = self */ public function setFrom($address, $name = '', $auto = true) { - $address = trim($address); + $address = trim((string)$address); $name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim //Don't validate now addresses with IDN. Will be done in send(). $pos = strrpos($address, '@'); @@ -1891,7 +1891,14 @@ protected function mailSend($header, $body) foreach ($this->to as $toaddr) { $toArr[] = $this->addrFormat($toaddr); } - $to = implode(', ', $toArr); + $to = trim(implode(', ', $toArr)); + + //If there are no To-addresses (e.g. when sending only to BCC-addresses) + //the following should be added to get a correct DKIM-signature. + //Compare with $this->preSend() + if ($to === '') { + $to = 'undisclosed-recipients:;'; + } $params = null; //This sets the SMTP envelope sender which gets turned into a return-path header by the receiver @@ -4470,6 +4477,7 @@ public static function _mime_types($ext = '') 'ics' => 'text/calendar', 'xml' => 'text/xml', 'xsl' => 'text/xml', + 'csv' => 'text/csv', 'wmv' => 'video/x-ms-wmv', 'mpeg' => 'video/mpeg', 'mpe' => 'video/mpeg',
vendor/phpmailer/phpmailer/src/POP3.php+1 −1 modified@@ -46,7 +46,7 @@ class POP3 * * @var string */ - const VERSION = '6.6.3'; + const VERSION = '6.6.4'; /** * Default POP3 port number.
vendor/phpmailer/phpmailer/src/SMTP.php+1 −1 modified@@ -35,7 +35,7 @@ class SMTP * * @var string */ - const VERSION = '6.6.3'; + const VERSION = '6.6.4'; /** * SMTP line break constant.
vendor/phpmailer/phpmailer/VERSION+1 −1 modified@@ -1 +1 @@ -6.6.3 \ No newline at end of file +6.6.4 \ No newline at end of file
vendor/services.php+1 −1 modified@@ -1,5 +1,5 @@ <?php -// This file is automatically generated at:2022-07-22 10:33:19 +// This file is automatically generated at:2022-09-14 14:34:45 declare (strict_types = 1); return array ( 0 => 'app\\admin\\AppStoreService',
vendor/thinkcmf/cmf-app/src/admin/controller/IndexController.php+1 −1 modified@@ -21,7 +21,7 @@ class IndexController extends AdminBaseController public function initialize() { $adminSettings = cmf_get_option('admin_settings'); - if (empty($adminSettings['admin_password']) || $this->request->pathinfo() == $adminSettings['admin_password'] || true) { + if (empty($adminSettings['admin_password']) || $this->request->pathinfo() == $adminSettings['admin_password']) { $adminId = cmf_get_current_admin_id(); if (empty($adminId)) { session("__LOGIN_BY_CMF_ADMIN_PW__", 1);//设置后台登录加密码
vendor/thinkcmf/cmf-app/src/admin/controller/SlideController.php+2 −2 modified@@ -83,7 +83,7 @@ public function add() public function addPost() { if ($this->request->isPost()) { - $data = $this->request->param(); + $data = $this->request->param('',null,'strip_tags'); $slidePostModel = new SlideModel(); $result = $this->validate($data, 'Slide'); if ($result !== true) { @@ -133,7 +133,7 @@ public function edit() public function editPost() { if ($this->request->isPost()) { - $data = $this->request->param(); + $data = $this->request->param('',null,'strip_tags'); $result = $this->validate($data, 'Slide'); if ($result !== true) { $this->error($result);
vendor/thinkcmf/cmf-app/src/admin/controller/SlideItemController.php+2 −2 modified@@ -91,7 +91,7 @@ public function add() public function addPost() { if ($this->request->isPost()) { - $data = $this->request->param(); + $data = $this->request->param('',null,'strip_tags'); SlideItemModel::insert($data['post']); $this->success(lang('ADD_SUCCESS'), url('SlideItem/index', ['slide_id' => $data['post']['slide_id']])); } @@ -142,7 +142,7 @@ public function edit() public function editPost() { if ($this->request->isPost()) { - $data = $this->request->param(); + $data = $this->request->param('',null,'strip_tags'); $data['post']['image'] = cmf_asset_relative_url($data['post']['image']);
vendor/thinkcmf/cmf-app/src/admin/controller/UserController.php+21 −4 modified@@ -10,6 +10,7 @@ // +---------------------------------------------------------------------- namespace app\admin\controller; +use app\admin\logic\UserLogic; use app\admin\model\RoleModel; use app\admin\model\RoleUserModel; use app\admin\model\UserModel; @@ -131,11 +132,13 @@ public function addPost() $roleIds = $this->request->param('role_id/a'); if (!empty($roleIds) && is_array($roleIds)) { $data = $this->request->param(); - $result = $this->validate($data, 'User'); + $result = $this->validate($data, 'User.add'); if ($result !== true) { $this->error($result); } else { - $data['user_pass'] = cmf_password($data['user_pass']); + $data['user_pass'] = cmf_password($data['user_pass']); + $data['create_time'] = time(); + $data['last_login_time'] = $data['create_time']; $userId = UserModel::strict(false)->insertGetId($data); if ($userId !== false) { //$role_user_model=M("RoleUser"); @@ -177,7 +180,9 @@ public function edit() if (!empty($content)) { return $content; } - + if(!UserLogic::isCreator()){ + $this->error('为了网站的安全,非网站创建者不可访问编辑页面'); + } $id = $this->request->param('id', 0, 'intval'); $roles = RoleModel::where('status', 1)->order("id DESC")->select(); $this->assign("roles", $roles); @@ -205,6 +210,9 @@ public function edit() public function editPost() { if ($this->request->isPost()) { + if(!UserLogic::isCreator()){ + $this->error('为了网站的安全,非网站创建者不可编辑'); + } $roleIds = $this->request->param('role_id/a'); if (!empty($roleIds) && is_array($roleIds)) { $data = $this->request->param(); @@ -220,7 +228,7 @@ public function editPost() $this->error($result); } else { $userId = $this->request->param('id', 0, 'intval'); - $result = UserModel::strict(false)->where('id', $userId)->update($data); + $result = UserModel::strict(false)->where('id', $userId)->save($data); if ($result !== false) { RoleUserModel::where("user_id", $userId)->delete(); foreach ($roleIds as $roleId) { @@ -308,6 +316,9 @@ public function delete() { if ($this->request->isPost()) { $id = $this->request->param('id', 0, 'intval'); + if(!UserLogic::isCreator()){ + $this->error('为了网站的安全,非网站创建者不可删除'); + } if ($id == 1) { $this->error("最高管理员不能删除!"); } @@ -339,6 +350,9 @@ public function ban() if ($this->request->isPost()) { $id = $this->request->param('id', 0, 'intval'); if (!empty($id)) { + if(!UserLogic::isCreator()){ + $this->error('为了网站的安全,非网站创建者不可拉黑'); + } $result = UserModel::where(['id' => $id, 'user_type' => 1])->update(['user_status' => '0']); if ($result !== false) { $this->success('管理员停用成功!', url('User/index')); @@ -369,6 +383,9 @@ public function cancelBan() if ($this->request->isPost()) { $id = $this->request->param('id', 0, 'intval'); if (!empty($id)) { + if(!UserLogic::isCreator()){ + $this->error('为了网站的安全,非网站创建者不可启用'); + } $result = UserModel::where(['id' => $id, 'user_type' => 1])->update(['user_status' => '1']); if ($result !== false) { $this->success('管理员启用成功!', url('User/index'));
vendor/thinkcmf/cmf-app/src/admin/lang/en-us/admin_menu.php+3 −0 modified@@ -82,6 +82,9 @@ 'ADMIN_SLIDECAT_ADD_POST' => '提交添加', 'ADMIN_SLIDECAT_EDIT_POST' => '提交编辑', 'ADMIN_SLIDECAT_INDEX' => '幻灯片分类', + 'ADMIN_SLIDEITEM_INDEX' => '幻灯片页面管理', + 'ADMIN_SLIDEITEM_ADD' => '幻灯片页面添加', + 'ADMIN_SLIDEITEM_EDIT' => '幻灯片页面编辑', 'ADMIN_STORAGE_INDEX' => '文件存储', 'ADMIN_STORAGE_SETTING_POST' => '文件存储设置提交', 'ADMIN_USER_ADD_POST' => '添加提交',
vendor/thinkcmf/cmf-app/src/admin/lang/zh-cn/admin_menu.php+3 −0 modified@@ -78,6 +78,9 @@ 'ADMIN_SLIDE_TOGGLE' => '幻灯片显示切换', 'ADMIN_SLIDECAT_ADD_POST' => '提交添加', 'ADMIN_SLIDECAT_EDIT_POST' => '提交编辑', + 'ADMIN_SLIDEITEM_INDEX' => '幻灯片页面管理', + 'ADMIN_SLIDEITEM_ADD' => '幻灯片页面添加', + 'ADMIN_SLIDEITEM_EDIT' => '幻灯片页面编辑', 'ADMIN_SLIDECAT_INDEX' => '幻灯片分类', 'ADMIN_STORAGE_INDEX' => '文件存储', 'ADMIN_STORAGE_SETTING_POST' => '文件存储设置提交',
vendor/thinkcmf/cmf-app/src/admin/lang/zh-cn.php+1 −1 modified@@ -128,7 +128,7 @@ 'Sub Navigations' => '菜单管理', 'Parent' => '上级', 'Full Url' => '原始网址', - 'Short Url' => '原始网址', + 'Short Url' => '显示网址', 'SHORT_URL_HELP_BLOCK_TEXT' => 'url格式一般为list/:param1/:param2或 list-<param1>-<param2>', 'Image' => '图片', 'Installed successfully' => '安装成功!',
vendor/thinkcmf/cmf-app/src/admin/logic/UserLogic.php+10 −0 added@@ -0,0 +1,10 @@ +<?php +namespace app\admin\logic; + +class UserLogic +{ + public static function isCreator() + { + return (cmf_get_current_admin_id() == 1); + } +} \ No newline at end of file
vendor/thinkcmf/cmf-app/src/admin/model/SlideItemModel.php+4 −0 modified@@ -19,4 +19,8 @@ class SlideItemModel extends Model * @var string */ protected $name = 'slide_item'; + + protected $type = [ + 'more' => 'array' + ]; }
vendor/thinkcmf/cmf-app/src/admin/model/UserModel.php+1 −0 modified@@ -24,4 +24,5 @@ class UserModel extends Model 'more' => 'array', ]; + protected $autoWriteTimestamp = true; }
vendor/thinkcmf/cmf-app/src/admin/validate/UserValidate.php+1 −1 modified@@ -15,7 +15,7 @@ class UserValidate extends Validate { protected $rule = [ - 'user_login' => 'require|unique:user,user_login', + 'user_login' => 'require|unique:user,user_login|token', 'user_pass' => 'require', 'user_email' => 'require|email|unique:user,user_email', ];
vendor/thinkcmf/cmf-app/src/user/controller/AdminIndexController.php+6 −2 modified@@ -129,8 +129,12 @@ public function cancelBan() { $id = $this->request->param('id', 0, 'intval'); if ($id) { - UserModel::where(["id" => $id, "user_type" => 2])->update(['user_status' => 1]); - $this->success("会员启用成功!", ''); + $result = UserModel::where(["id" => $id, "user_type" => 2])->update(['user_status' => 1]); + if ($result) { + $this->success("会员启用成功!", "adminIndex/index"); + } else { + $this->error('会员启用失败,会员不存在,或者是管理员!'); + } } else { $this->error('数据传入失败!'); }
vendor/thinkcmf/cmf/composer.json+1 −1 modified@@ -13,7 +13,7 @@ "phpmailer/phpmailer": "~6.0", "mindplay/annotations": "^1.3", "ezyang/htmlpurifier": "^4.9", - "electrolinux/phpquery": "^0.9.6", + "obsoletepackage/phpquery": "^1.0.1", "thinkcmf/cmf-extend": "~5.1.0", "topthink/think-orm": "^2.0", "xia/migration": "^6.0",
vendor/thinkcmf/cmf/README.md+3 −0 modified@@ -1,6 +1,9 @@ # ThinkCMF核心包 ## 更新日志 +### v6.0.17 +* 替换`phpquery`包 + ### v6.0.16 * 修复qrcode库php8.0及以上报错 * 优化语言包加载
vendor/thinkcmf/cmf/src/common.php+11 −1 modified@@ -2306,7 +2306,7 @@ function str_to_arr($string) */ function cmf_is_cli() { - return PHP_SAPI === 'cli' || defined('STDIN'); + return PHP_SAPI === 'cli' || defined('STDIN'); } /** @@ -2333,3 +2333,13 @@ function cmf_mobile_mask($mobile) { return substr($mobile, 0, 3) . '****' . substr($mobile, -4, 4); } + +/** + * 吾辈当自强 + * @param string $dayDayUp + * @return string + */ +function cmf_together(string $dayDayUp = '2022-08-03 01:58') +{ + return "吾辈当自强!\n$dayDayUp"; +}
vendor/thinkcmf/cmf/src/controller/RestBaseController.php+1 −1 modified@@ -93,7 +93,7 @@ protected function initialize() private function _initUser() { - $token = $this->request->header('Authorization'); + $token = $this->request->header('Authorization',''); if (substr($token, 0, 7) === 'Bearer ') { $token = substr($token, 7); }
4 files changed · +4 −2
public/themes/admin_simpleboot3/admin/user/add.html+1 −0 modified@@ -37,6 +37,7 @@ </div> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> + <input type="hidden" name="__token__" value="{:token()}" /> <button type="submit" class="btn btn-primary js-ajax-submit">{:lang('ADD')}</button> </div> </div>
public/themes/admin_simpleboot3/admin/user/edit.html+1 −0 modified@@ -40,6 +40,7 @@ <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <input type="hidden" name="id" value="{$id}" /> + <input type="hidden" name="__token__" value="{:token()}" /> <button type="submit" class="btn btn-primary js-ajax-submit">{:lang('SAVE')}</button> <a class="btn btn-default" href="javascript:history.back(-1);">{:lang('BACK')}</a> </div>
vendor/thinkcmf/cmf-app/src/admin/controller/UserController.php+1 −1 modified@@ -132,7 +132,7 @@ public function addPost() $roleIds = $this->request->param('role_id/a'); if (!empty($roleIds) && is_array($roleIds)) { $data = $this->request->param(); - $result = $this->validate($data, 'User'); + $result = $this->validate($data, 'User.add'); if ($result !== true) { $this->error($result); } else {
vendor/thinkcmf/cmf-app/src/admin/validate/UserValidate.php+1 −1 modified@@ -15,7 +15,7 @@ class UserValidate extends Validate { protected $rule = [ - 'user_login' => 'require|unique:user,user_login', + 'user_login' => 'require|unique:user,user_login|token', 'user_pass' => 'require', 'user_email' => 'require|email|unique:user,user_email', ];
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-842m-vp3r-qwwrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-18151ghsaADVISORY
- github.com/thinkcmf/thinkcmf/commit/321faa20865e74540e5f0a63e4c3f4ea75093d59ghsaWEB
- github.com/thinkcmf/thinkcmf/commit/b61636134aa57d4693967f35772200c779099740ghsaWEB
- github.com/thinkcmf/thinkcmf/issues/580ghsax_refsource_MISCWEB
- github.com/thinkcmf/thinkcmf/issues/736ghsaWEB
News mentions
0No linked articles in our index yet.