适配typecho1.3+新增文件管理接口 #32
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
新增接口:用户列表、发表文章、新增分类/标签 新增apiToken校验
发表评论/发表文章/新增分类接口增加校验csrfToken、 文章详情不返回csrfToken、 单元测试修改
发布文章、新增标签/分类接口修改 增加可选校验高敏接口设置
kirainmoe
requested changes
Sep 25, 2025
| protected \Typecho\Widget\Response $response; | ||
|
|
||
|
|
||
| protected $version; |
There was a problem hiding this comment.
这里 $version 始终是常量?常量不会变,不需要作为类成员
|
|
||
| ### 2025-07-21 | ||
|
|
||
| - 适配typecho1.3 |
| $this->sendCORS(); | ||
| $this->parseRequest(); | ||
|
|
||
| // 1.3不会调用、手动调用方法 |
| private function sendCORS() | ||
| { | ||
| $httpOrigin = $this->request->getServer('HTTP_ORIGIN'); | ||
| $httpHost = $this->request->getServer('HTTP_HOST'); |
There was a problem hiding this comment.
origin 和 host 不是一个概念吧?origin 会包含协议,这里改成 host 是不是 breaking change 了
| private function parseRequest() | ||
| { | ||
| if ($this->request->isPost()) { | ||
| $pathInfo = (string)$this->request->getPathInfo(); |
| if ($this->config->validateLogin == 1 && !$this->widget('Widget_User')->hasLogin()) { | ||
| $this->throwError('User must be logged in', 401); | ||
| } | ||
| if (empty($_FILES)) { |
There was a problem hiding this comment.
这些解析请求体上传文件的逻辑单独拆到一个文件里,插件 controller 只要关心最终解析出来的文件结果即可。
不要把复杂逻辑耦合在这里。
| /** | ||
| * 上传文件 | ||
| */ | ||
| public function uploadAction() |
| { | ||
| $this->lockMethod('post'); | ||
| $this->checkState('deleteFile'); | ||
| if ($this->config->validateLogin == 1 && !$this->widget('Widget_User')->hasLogin()) { |
| # 变更日志 | ||
|
|
||
| ### 2025-09-15 | ||
| - 新增文件管理接口 |
There was a problem hiding this comment.
这里引入文件管理接口,想要解决的问题是什么?
个人觉得引入操作文件的 API 很可能有安全风险。
|
有个问题,引入文件管理接口,想要解决的问题是什么呢?我似乎不能推导出这个功能使用的场景。 而且引入操作文件的 API 很可能有安全风险,需要有严格的权限控制和校验,很容易引入漏洞。感觉 ROI 并不高。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#31