Changeset 3127334

Timestamp:

07/29/2024 12:07:06 PM (19 months ago)

Author:

zhengdon

Message:

v2.6.1 add file type validation for file uploads and delete the default password

Location:

keydatas/trunk

Files:

• keydatas.php (modified) (8 diffs)
• publish-setting.php (modified) (4 diffs)
• readme.txt (modified) (3 diffs)

keydatas/trunk/keydatas.php

@@ -3 +3 @@
 Plugin Name: 简数采集平台
 Plugin URI: http://www.keydatas.com/caiji/wordpress-cms-caiji
-Description: 简数采集器(keydatas.com)是一个通用、简单、智能、在线的网页数据采集器，功能强大，操作简单。支持按关键词采集；集成翻译等服务；图片下载支持存储到阿里云OSS、七牛对象存储、腾讯云对象存储等。
-Version: 2.5.2
+Description: 简数采集器(keydatas.com)是一个通用、简单、智能、在线的网页数据采集器，功能强大，操作简单。支持按关键词采集；集成AI大模型接口、翻译等服务；图片下载支持存储到阿里云OSS、七牛、腾讯云对象存储等。
+Version: 2.6.1
 Author: keydatas
 Author URI: http://www.keydatas.com
@@ -19 +19 @@
 
 function keydatas_rsp($result = 1,$code = 0, $data = "", $msg = "") {
-    die(json_encode(array("rs" => $result, "code" => $code, "data" => $data, "msg" => urlencode($msg))));
+    die(wp_json_encode(array("rs" => $result, "code" => $code, "data" => $data, "msg" => urlencode($msg))));
 }
 function keydatas_genRandomIp(){
-    $randIP = "".mt_rand(0,255).".".mt_rand(0,255).".".mt_rand(0,255).".".mt_rand(0,255);
+    $randIP = "".wp_rand(0,255).".".wp_rand(0,255).".".wp_rand(0,255).".".wp_rand(0,255);
     return $randIP;
 }
@@ -40 +40 @@
  */
 function keydatas_randFloat($min=0, $max=1){
-    return $min + mt_rand()/mt_getrandmax() * ($max-$min);
+    return $min + wp_rand()/mt_getrandmax() * ($max-$min);
 }
 
@@ -69 +69 @@
     if (!empty($kds_flag)){
         //$_REQ = keydatas_mergeRequest();
-        $kds_password = get_option('keydatas_password', "keydatas.com");
+        $kds_password = get_option('keydatas_password', '');
+        if (empty($kds_password)) {
+            keydatas_failRsp(1403, "password empty", "提交的发布密码为空");
+        }
         $post_password = keydatas_getPostValSafe('kds_password');
         if (empty($post_password) || $post_password != $kds_password) {
@@ -373 +376 @@
 
 function  keydatas_downloadImages(){
+ $allowedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'bmp', 'tiff', 'webp', 'ico'];  
  try{
     $downloadFlag = keydatas_getPostValSafe("__kds_download_imgs_flag");
@@ -382 +386 @@
                 $upload_dir = wp_upload_dir();
                 foreach ($docImgs as $imgUrl) {
+                    // 清理和验证URL  
+                    $imgUrl = filter_var($imgUrl, FILTER_SANITIZE_URL);  
+                    if (!filter_var($imgUrl, FILTER_VALIDATE_URL)) {  
+                        continue; // 跳过非法的URL  
+                    } 
+                    // 尝试获取图片扩展名  
+                    $parsedUrl = parse_url($imgUrl);  
+                    $path = isset($parsedUrl['path']) ? $parsedUrl['path'] : '';  
+                    $extension = pathinfo($path, PATHINFO_EXTENSION);  
+
+                    // 检查扩展名是否在允许的图片格式中
+                    if (!in_array(strtolower($extension), $allowedExtensions)) {  
+                        continue; // 跳过非图片格式的URL  
+                    } 
                     $urlItemArr = explode('/',$imgUrl);
                     $itemLen=count($urlItemArr);
@@ -392 +410 @@
                             $file = $finalPath . '/' . $imgName;
                             if(!file_exists($file)){
+                                // 下载图片前，先检查HTTP响应头是否为图片  
+                                $headers = @get_headers($imgUrl, 1);  
+                                if (strpos($headers[0], '200 OK') !== false && strpos($headers['Content-Type'], 'image/') !== false) {  
                                 $doc_image_data = file_get_contents($imgUrl);
-                                file_put_contents($file, $doc_image_data);
+                                if ($doc_image_data !== false) { 
+                                    file_put_contents($file, $doc_image_data);
+                                }
+                                }
                             }
                         }
@@ -406 +430 @@
 }
 
-
 ?>

keydatas/trunk/publish-setting.php

@@ -29 +29 @@
 </style>
 <?php
+
+function keydatas_genRandomPassword($length = 32) {  
+    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';  
+    $charactersLength = strlen($characters);  
+    $randomString = '';  
+    for ($i = 0; $i < $length; $i++) {  
+        $randomString .= $characters[wp_rand(0, $charactersLength - 1)];  
+    }  
+    return $randomString;  
+}  
 /**
 保存处理
 */
-$keydatas_password= 'keydatas.com';
+$keydatas_password= keydatas_genRandomPassword();// 生成默认随机密码
 $keydatas_title_unique=false;
 $keydatas_tbk_link_enble=false;
@@ -57 +67 @@
     $keydatas_tbk_link_enble = get_option('keydatas_tbk_link_enble', $keydatas_tbk_link_enble);
 }
+ 
 ?>
 <div class="wrap">
@@ -85 +96 @@
           </tr>
           <tr>
-            <td>插件密码:</td>
-            <td><input type="text" name="keydatas_password" class="config-input" value="<?php echo esc_textarea($keydatas_password); ?>" />（请注意修改并保管好）
+            <td>插件密码<font color="red">*</font>:</td>
+            <td><input type="text" name="keydatas_password" class="config-input" value="<?php echo esc_textarea($keydatas_password); ?>" />（重要：请注意修改并保存）
             </td>
           </tr>
@@ -126 +137 @@
           <div class="feature">4.<strong>全自动化：定时采集+自动发送</strong>;</div>
           <div class="feature">5.支持规则处理，包括：字段补充内容或关键词、关键词内链、简繁体转换、翻译、第三方API等；</div>
-          <div class="feature">6.支持关键词泛采集;</div>
-          <div class="feature">7.与WordPress系统无缝结合，数据可轻松发送到WordPress系统中。</div>
+          <div class="feature">6.<strong>支持对接多种AI大模型API</strong>，轻松进行内容生成创作。支持：百度文心一言、Kimi、豆包、通义千问、讯飞星火大模型等;</div>
+          <div class="feature">7.支持关键词泛采集;</div>
+          <div class="feature">8.与WordPress系统无缝结合，数据可轻松发送到WordPress系统中。</div>
           </td>
         </tr>   

keydatas/trunk/readme.txt

@@ -5 +5 @@
 Author URI: http://www.keydatas.com
 Plugin URI: http://www.keydatas.com/wordpress-plugin
-Stable tag: 2.5.2
+Stable tag: 2.6.1
 Requires at least: 4.1
-Tested up to: 6.3.1
+Tested up to: 6.6.1
 Requires PHP: 5.2.4
 License: GPLv2 or later
@@ -23 +23 @@
 4.定时自动采集更新；<br>
 5.图片支持下载到（阿里云OSS、七牛对象存储、腾讯云COS、又拍云）；<br>
-6.相比其它采集器，简数采集器更加简单易用，功能同样强大，且没有繁杂的流程；<br>
-7.其它相关：火车头、八爪鱼、后羿；<br>
-8.realation: caiji,seo,mip,keyword,description,jianshu,weixin,wechat,robot,spider,jinritoutiao,taobaoke,aliyun,qiniu,tengxunyun,baidu,huochetou,houyicaiji,shenjian,CSDN,cnblogs,zhihu,jianshu,wenzhang,gongzhonghao,locoy,bazhuayu,shenjianshou,wpspider,WP-AutoPost(WP-AutoBlog),WP-Jpost,5118,QQWorld.<br>
-9.SEO Plugin,huochetou,google XML sitemap,WP Baidu Map,baiduxzh,Sitemap,baidu-submit-link,AutoTags,Github.<br>
+6.支持对接多种AI大模型API，轻松进行内容生成创作。支持：百度文心一言、Kimi、豆包、通义千问、5118、讯飞星火大模型等。
+7.相比其它采集器，简数采集器更加简单易用，功能同样强大，且没有繁杂的流程；<br>
+8.其它相关：火车头、八爪鱼、后羿；<br>
+9.realation: caiji,seo,mip,keyword,description,jianshu,weixin,wechat,robot,spider,jinritoutiao,taobaoke,aliyun,qiniu,tengxunyun,baidu,huochetou,houyicaiji,shenjian,CSDN,cnblogs,zhihu,jianshu,wenzhang,gongzhonghao,locoy,bazhuayu,shenjianshou,wpspider,WP-AutoPost(WP-AutoBlog),WP-Jpost,5118,QQWorld.<br>
+10.SEO Plugin,huochetou,google XML sitemap,WP Baidu Map,baiduxzh,Sitemap,baidu-submit-link,AutoTags,Github.<br>
 autospider,fanyi,Translate,LightSNS,collect<br>
-10.wordpress插件推荐：百度熊掌号,百度推送,WordPress HTTPS (SSL),wp encrypt,really simple ssl,WPJAM-Basic,wp-super-cache,WP Rocket,All-in-One SEO Pack,login LockDown,Comments Link Redirect,Add Post URL,BackWPup,DX-auto-publish,Link Manager,No Category Parents,Platinum SEO Pack,WP Keyword Link,Yet Another Related Posts Plugin,Fix image width,Role Manager,Search & Replace,WordPress Database Backup,WP-PostViews,WP PHP widget,Baidu Sitemap Generator,DB Cache Reloaded Fix + Hyper Cache,SEO Friendly Images,BackWPup,Simple URLs,Redirection.
+11.wordpress插件推荐：百度熊掌号,百度推送,WordPress HTTPS (SSL),wp encrypt,really simple ssl,WPJAM-Basic,wp-super-cache,WP Rocket,All-in-One SEO Pack,login LockDown,Comments Link Redirect,Add Post URL,BackWPup,DX-auto-publish,Link Manager,No Category Parents,Platinum SEO Pack,WP Keyword Link,Yet Another Related Posts Plugin,Fix image width,Role Manager,Search & Replace,WordPress Database Backup,WP-PostViews,WP PHP widget,Baidu Sitemap Generator,DB Cache Reloaded Fix + Hyper Cache,SEO Friendly Images,BackWPup,Simple URLs,Redirection.
 
 == Installation ==
@@ -38 +39 @@
 
 == Changelog ==
+= 2.6.1 =
+* 下载图片做类型的校验
 = 2.5.1 =
 * 兼容php 8