Skip to content

Commit

Permalink
V1.4.10
Browse files Browse the repository at this point in the history
  • Loading branch information
@Andy0520
Andy0520 committed Jun 29, 2022
1 parent 973732a commit 44dba1c
Show file tree
Hide file tree
Showing 12 changed files with 73 additions and 48 deletions.
8 changes: 6 additions & 2 deletions api/StatisticalController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,9 @@ public function exportGoods()
$where = ['is_recycle' => 0, 'merchant_id' => $merchant_id, 'AppID' => $AppID];
$orderBy = [];
foreach ($sort as $key => $value) {
$orderBy[$key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
if (!sql_check($key)) {
$orderBy[$key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
}
}
$data = M('goods', 'Goods')::find()
->where($where)
Expand Down Expand Up @@ -206,7 +208,9 @@ public function exportUsers()
$where = ['user.is_deleted' => 0, 'user.AppID' => $AppID];
$orderBy = [];
foreach ($sort as $key => $value) {
$orderBy['statistical.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
if (!sql_check($key)) {
$orderBy['statistical.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
}
}
$data = M('users', 'User')::find()
->alias('user')
Expand Down
10 changes: 5 additions & 5 deletions components/Upload.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,16 +63,16 @@ public function __construct($upload_way = 0, $image_limit = 2097152, $compress_s
*/
public function image_base64($base64_img, $prefix = '')
{
self::$size = strlen(file_get_contents($base64_img));
//图片大小限制
if ((self::$size > self::$image_limit) && ( self::$image_limit > 0) ) {
Error('图片不能大于' . (self::$image_limit / 1024 / 1024) . 'MB');
}
if (preg_match('/^(data:\s*image\/(\w+);base64,)/', $base64_img, $result)) {
//文件后缀
$ext = $result[2];
//判断是否是图片
if (in_array($ext, array('pjpeg', 'jpeg', 'jpg', 'gif', 'bmp', 'png'))) {
self::$size = strlen(file_get_contents($base64_img));
//图片大小限制
if ((self::$size > self::$image_limit) && ( self::$image_limit > 0) ) {
Error('图片不能大于' . (self::$image_limit / 1024 / 1024) . 'MB');
}
if ($prefix) {
$path = $this->get_url('image/' . $prefix); //获取当日目录
} else {
Expand Down
4 changes: 3 additions & 1 deletion modules/goods/api/IndexController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -345,7 +345,9 @@ public function actionSearch()
if ($key == 'promoter_sales') {
$orderBy['p.sales'] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
} else {
$orderBy['g.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
if (!sql_check($key)) {
$orderBy['g.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
}
}

}
Expand Down
4 changes: 3 additions & 1 deletion modules/goods/app/IndexController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -314,7 +314,9 @@ public function actionSearch()
$orderBy = ['created_time' => SORT_DESC];
} else {
foreach ($sort as $key => $value) {
$orderBy[$key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
if (!sql_check($key)) {
$orderBy[$key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
}
}
}
//判断是否安装
Expand Down
42 changes: 22 additions & 20 deletions modules/order/api/AfterController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -310,7 +310,9 @@ public function actionSearch()
$orderBy = ['after.created_time' => SORT_DESC];
} else {
foreach ($sort as $key => $value) {
$orderBy['after.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
if (!sql_check($key)) {
$orderBy['after.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
}
}
}

Expand Down Expand Up @@ -517,13 +519,13 @@ public function pass()
} else {
//退款
$model->status = 111;
$order_sn = $model->order_sn;
$order_info = M('order', 'Order')::find()->where(['order_sn' => $order_sn])->one();
$order_sn = $model->order_sn;
$order_info = M('order', 'Order')::find()->where(['order_sn' => $order_sn])->one();
if ($order_info->status === 201 && $order_info->freight_amount > 0 && $model->order_goods_id) {
$a_g_count = OrderAfter::find()->where(['and',['order_sn'=>$order_sn],['>','status',110],['<','status',201]])->sum('return_number');//退款商品数
$a_g_count = OrderAfter::find()->where(['and', ['order_sn' => $order_sn], ['>', 'status', 110], ['<', 'status', 201]])->sum('return_number'); //退款商品数
$a_g_count = $a_g_count ?: 0;
$o_g_count = M('order', 'OrderGoods')::find()->where(['order_sn'=>$order_sn])->sum('goods_number');//订单商品数
if (($a_g_count+$model->return_number) >= $o_g_count) {
$o_g_count = M('order', 'OrderGoods')::find()->where(['order_sn' => $order_sn])->sum('goods_number'); //订单商品数
if (($a_g_count + $model->return_number) >= $o_g_count) {
$model->return_freight = $order_info->freight_amount;
$model->return_amount += $model->return_freight;
}
Expand Down Expand Up @@ -579,13 +581,13 @@ public function refund()
$return_sn = get_sn('rsn');

return Yii::$app->payment->refund($return_order, $return_sn, $actual_refund, function () use ($model, $actual_refund, $actual_score, $return_sn) {
$time = time();
$model->actual_refund = $actual_refund;
$model->actual_score = $actual_score;
$model->return_sn = $return_sn;
$model->status = 200;
$model->return_time = $time;
$model->finish_time = $time;
$time = time();
$model->actual_refund = $actual_refund;
$model->actual_score = $actual_score;
$model->return_sn = $return_sn;
$model->status = 200;
$model->return_time = $time;
$model->finish_time = $time;

$process = to_array($model->process);
array_unshift($process, ['label' => '卖家', 'content' => '退款' . date('Y-m-d H:i:s', $time)]);
Expand Down Expand Up @@ -739,13 +741,13 @@ public function salesReturn()
];
$return_sn = get_sn('rsn');
return Yii::$app->payment->refund($return_order, $return_sn, $actual_refund, function () use ($model, $actual_refund, $actual_score, $return_sn) {
$time = time();
$model->actual_refund = $actual_refund;
$model->actual_score = $actual_score;
$model->return_sn = $return_sn;
$model->status = 200;
$model->return_time = $time;
$model->finish_time = $time;
$time = time();
$model->actual_refund = $actual_refund;
$model->actual_score = $actual_score;
$model->return_sn = $return_sn;
$model->status = 200;
$model->return_time = $time;
$model->finish_time = $time;

$process = to_array($model->process);
array_unshift($process, ['label' => '卖家', 'content' => '确认收货并退款' . date('Y-m-d H:i:s', $time)]);
Expand Down
4 changes: 3 additions & 1 deletion modules/order/api/IndexController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,9 @@ public function actionSearch()
$orderBy = ['order.created_time' => SORT_DESC];
} else {
foreach ($sort as $key => $value) {
$orderBy['order.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
if (!sql_check($key)) {
$orderBy['order.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
}
}
}

Expand Down
12 changes: 7 additions & 5 deletions modules/promoter/api/IndexController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,9 @@ public function actionSearch()
} elseif ($key == 'sales_amount' || $key == 'all_commission_amount') {
$orderBy['com.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
} else {
$orderBy['p.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
if (!sql_check($key)) {
$orderBy['p.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
}
}

}
Expand Down Expand Up @@ -631,10 +633,10 @@ private function pass()

$model->status = 2;
$model->join_time = time();
$invite_nickname = '';
$invite_nickname = '';
if ($model->invite_id < 0) {
$model->invite_id = abs($model->invite_id);
$invite_user = User::findOne($model->invite_id);
$invite_user = User::findOne($model->invite_id);
if ($invite_user) {
$invite_nickname = $invite_user->nickname;
}
Expand Down Expand Up @@ -675,8 +677,8 @@ private function pass()
],
];
$this->module->trigger('send_sms');
$model->apply_content = to_array($model->apply_content);
$data = $model->toArray();
$model->apply_content = to_array($model->apply_content);
$data = $model->toArray();
$data['invite_nickname'] = $invite_nickname;
return $data;
} else {
Expand Down
19 changes: 10 additions & 9 deletions modules/promoter/app/GoodsController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,10 @@ public function actionIndex()
$commission_key = $setting['count_rules'] == 1 ? 'max_price' : 'max_profits';
$sort_key = $get['sort_key'] ?? $commission_key;
$sort_value = $get['sort_value'] ?? 'DESC';
if ($sort_key) {
$orderBy = [];
if ($sort_key && !sql_check($sort_key)) {
$sort_key = $sort_key == 'commission' ? $commission_key : $sort_key;
$key = $sort_key == 'sales'?'p.' . $sort_key:'g.' . $sort_key;
$key = $sort_key == 'sales' ? 'p.' . $sort_key : 'g.' . $sort_key;
$orderBy[$key] = $sort_value === 'ASC' ? SORT_ASC : SORT_DESC;
}

Expand Down Expand Up @@ -76,13 +77,13 @@ public function actionIndex()
foreach ($list as &$value) {
$value['slideshow'] = to_array($value['slideshow']);
yii::error([$commission_key, $value[$commission_key], $scale]);
$value['commission'] = qm_round($value[$commission_key] * $scale, 2, 'floor');
}
$value['commission'] = qm_round($value[$commission_key] * $scale, 2, 'floor');
}

//将所有返回内容中的本地地址代替字符串替换为域名
$list = str2url($list);
$data->setModels($list);
return $data;
}
//将所有返回内容中的本地地址代替字符串替换为域名
$list = str2url($list);
$data->setModels($list);
return $data;
}

}
5 changes: 3 additions & 2 deletions modules/users/api/IndexController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,8 +286,9 @@ public function actionSearch()
if (in_array($key, ['buy_number', 'buy_amount', 'last_buy_time', 'last_visit_time'])) {
$orderBy['statistical.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
} else {

$orderBy['user.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
if (!sql_check($key)) {
$orderBy['user.' . $key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
}
}
}
}
Expand Down
4 changes: 3 additions & 1 deletion modules/users/api/LabelController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,9 @@ public function actionSearch()
$orderBy = ['created_time' => SORT_DESC];
} else {
foreach ($sort as $key => $value) {
$orderBy[$key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
if (!sql_check($key)) {
$orderBy[$key] = $value === 'ASC' ? SORT_ASC : SORT_DESC;
}
}
}

Expand Down
7 changes: 7 additions & 0 deletions system/functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -908,6 +908,13 @@ function dd($arg, $dumpAndDie = true)
}
}

if (!function_exists('sql_check')) {
function sql_check($str)
{
return preg_match("/select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile/i", $str); // 进行过滤
}
}

if (!function_exists('make_dir')) {
/**
* Create the directory by pathname
Expand Down
2 changes: 1 addition & 1 deletion web/version.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"version":"1.4.9"}
{"version":"1.4.10"}

0 comments on commit 44dba1c

Please sign in to comment.