From 9b74beecf85b37e4c3b028d964f5a41c150e640d Mon Sep 17 00:00:00 2001
From: Devil <fuxiang.gong@qq.com>
Date: Tue, 10 Aug 2021 20:47:44 +0800
Subject: [PATCH] =?UTF-8?q?=E5=B0=8F=E7=A8=8B=E5=BA=8F=E4=B8=BB=E9=A2=98?=
 =?UTF-8?q?=E4=B8=8A=E4=BC=A0=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/admin/view/default/appmini/upload.html | 14 ++--
 app/service/AppMiniService.php             | 77 +++++++++++++++++++---
 2 files changed, 76 insertions(+), 15 deletions(-)

diff --git a/app/admin/view/default/appmini/upload.html b/app/admin/view/default/appmini/upload.html
index 375c2bcea..71242d58d 100644
--- a/app/admin/view/default/appmini/upload.html
+++ b/app/admin/view/default/appmini/upload.html
@@ -12,12 +12,14 @@
         
         <!-- form start -->
         <form class="am-form form-validation view-save am-margin-top-sm" action="{{:MyUrl('admin/appmini/themeupload')}}" method="POST" request-type="ajax-url" request-value="{{:MyUrl('admin/appmini/index', ['nav_type'=>$nav_type])}}" enctype="multipart/form-data">
-            <div class="am-form-group am-form-group-refreshing am-margin-bottom-0 am-form-file">
-                <button type="button" class="am-btn am-btn-default am-btn-sm am-radius">
-                <i class="am-icon-cloud-upload"></i> 选择文件</button>
-                <input type="file" name="theme" class="file-event" data-tips-tag="#form-theme-tips" data-validation-message="请选择需要上传的文件" accept=".zip" required />
-                <span class="tips am-text-xs">上传一个zip压缩格式的主题安装包</span>
-                <div id="form-theme-tips" class="am-margin-top-xs"></div>
+            <div class="am-form-group am-form-group-refreshing am-margin-bottom-0">
+                <div class="am-form-file">
+                    <button type="button" class="am-btn am-btn-default am-btn-sm am-radius">
+                    <i class="am-icon-cloud-upload"></i> 选择文件</button>
+                    <input type="file" name="theme" class="file-event" data-tips-tag="#form-theme-tips" data-validation-message="请选择需要上传的文件" accept=".zip" required />
+                    <span class="tips am-text-xs">上传一个zip压缩格式的主题安装包</span>
+                    <div id="form-theme-tips" class="am-margin-top-xs"></div>
+                </div>
             </div>
             <div class="am-form-group am-form-group-refreshing">
                 <input type="hidden" name="nav_type" value="{{$nav_type}}" />
diff --git a/app/service/AppMiniService.php b/app/service/AppMiniService.php
index 7051ffa60..9fa4b5e6d 100755
--- a/app/service/AppMiniService.php
+++ b/app/service/AppMiniService.php
@@ -33,6 +33,9 @@ class AppMiniService
     // 当前默认主题
     public static $default_theme;
 
+    // 排除的文件后缀
+    private static $exclude_ext = ['php'];
+
     /**
      * @author   Devil
      * @blog    http://gong.gg/
@@ -46,6 +49,12 @@ class AppMiniService
         // 当前小程序包名称
         self::$application_name = isset($params['application_name']) ? $params['application_name'] : 'weixin';
 
+        // 小程序类型校验
+        if(!array_key_exists(self::$application_name, lang('common_appmini_type')))
+        {
+            return DataReturn('小程序类型有误['.self::$application_name.']', -1);
+        }
+
         // 原包地址/操作地址
         self::$old_root = ROOT.'sourcecode';
         self::$new_root = ROOT.'public'.DS.'download'.DS.'sourcecode';
@@ -54,6 +63,8 @@ class AppMiniService
 
         // 默认主题
         self::$default_theme = self::DefaultTheme();
+
+        return DataReturn('success', 0);
     }
 
     /**
@@ -84,7 +95,12 @@ class AppMiniService
         if(empty(self::$application_name))
         {
             // 初始化
-            self::Init($params);
+            $ret = self::Init($params);
+            if($ret['code'] != 0)
+            {
+                // 如果类型错误则使用 weixin 作为默认
+                self::$application_name = 'weixin';
+            }
         }
 
         return 'common_app_mini_'.self::$application_name.'_default_theme';
@@ -102,7 +118,11 @@ class AppMiniService
     public static function ThemeList($params = [])
     {
         // 初始化
-        self::Init($params);
+        $ret = self::Init($params);
+        if($ret['code'] != 0)
+        {
+            return [];
+        }
 
         // 读取目录
         $result = [];
@@ -192,7 +212,11 @@ class AppMiniService
     public static function ThemeUploadHandle($package_file, $params = [])
     {
         // 初始化
-        self::Init($params);
+        $ret = self::Init($params);
+        if($ret['code'] != 0)
+        {
+            return $ret;
+        }
 
         // 主题目录
         $dir = self::$old_path.DS;
@@ -218,6 +242,17 @@ class AppMiniService
                     continue;
                 }
 
+                // 排除后缀文件
+                $pos = strripos($file, '.');
+                if($pos !== false)
+                {
+                    $info = pathinfo($file);
+                    if(isset($info['extension']) && in_array($info['extension'], self::$exclude_ext))
+                    {
+                        continue;
+                    }
+                }
+
                 // 截取文件路径
                 $file_path = $dir.substr($file, 0, strrpos($file, '/'));
 
@@ -268,7 +303,11 @@ class AppMiniService
         }
 
         // 初始化
-        self::Init($params);
+        $ret = self::Init($params);
+        if($ret['code'] != 0)
+        {
+            return $ret;
+        }
 
         // 防止路径回溯
         $id = htmlentities(str_replace(array('.', '/', '\\', ':'), '', strip_tags($params['id'])));
@@ -323,7 +362,11 @@ class AppMiniService
         }
 
         // 初始化
-        self::Init($params);
+        $ret = self::Init($params);
+        if($ret['code'] != 0)
+        {
+            return $ret;
+        }
 
         // 是否开启开发者模式
         if(MyConfig('shopxo.is_develop') !== true)
@@ -401,7 +444,11 @@ class AppMiniService
     public static function MiniThemeConfig($theme, $params)
     {
         // 初始化
-        self::Init($params);
+        $ret = self::Init($params);
+        if($ret['code'] != 0)
+        {
+            return $ret;
+        }
 
         // 获取配置信息
         $config_file = self::$old_path.DS.$theme.DS.'config.json';
@@ -428,7 +475,11 @@ class AppMiniService
     public static function DownloadDataList($params = [])
     {
         // 初始化
-        self::Init($params);
+        $ret = self::Init($params);
+        if($ret['code'] != 0)
+        {
+            return $ret;
+        }
 
         // 获取包列表
         $result = [];
@@ -477,7 +528,11 @@ class AppMiniService
         }
 
         // 初始化
-        self::Init($params);
+        $ret = self::Init($params);
+        if($ret['code'] != 0)
+        {
+            return $ret;
+        }
 
         // 配置内容
         $title = MyC('common_app_mini_'.self::$application_name.'_title');
@@ -708,7 +763,11 @@ class AppMiniService
         }
 
         // 初始化
-        self::Init($params);
+        $ret = self::Init($params);
+        if($ret['code'] != 0)
+        {
+            return $ret;
+        }
 
         // 循环操作
         $sucs = 0;