liu21st

liu21st

Member Since 10 years ago

TOPThink, ShangHai,China

Experience Points
1.2k
follower
Lessons Completed
2
follow
Lessons Completed
26
stars
Best Reply Awards
7
repos

145 contributions in the last year

Pinned
⚡ a content manager framework base on thinkphp3.2
⚡ ThinkPHP扩展中心,欢迎大家提交!
⚡ ThinkPHP示例库,不断更新!
⚡ 《大话设计模式》php版本
⚡ The Master Firefox OS Website https://wiki.mozilla.org/Websites/Master_Firefox_OS
⚡ ThinkPHP 文档
Activity
May
19
3 days ago
push

liu21st push top-think/think-orm

liu21st
liu21st

修正分页查询指定缓存标识的出错情况

commit sha: a1a952e5822b2d6ebda73c10832dcef3be618888

push time in 3 days ago
May
10
1 week ago
Activity icon
issue

liu21st issue comment top-think/framework

liu21st
liu21st

Thinkphp6.0.12分页+缓存导致致命错误

版本号: Thinkphp6.0.12 废话不说, 直接上代码

Db::name('project_comment')->json(['img'])->where('pid', '=', $project_id)->order('id', 'desc')->cacheAlways('test_key',Time::secondDay())->paginate(['list_rows' => 15, 'query' => request()->param()])

这个代码里, 同时使用了paginate和cache以后, 只要自定义cache的key, 就会报错.如果不自定义key就是正常的. 错误如下: #0 [0]TypeError in PDOConnection.php line 695 think\db\PDOConnection::pdoQuery(): Return value must be of type array, string returned

   if ($query->getOptions('cache')) {
            // 检查查询缓存
            $cacheItem = $this->parseCache($query, $query->getOptions('cache'));
            $key       = $cacheItem->getKey();
            $data = $this->cache->get($key);
            if (null !== $data) {
                return $data;
            }
        }
        if ($sql instanceof Closure) {
            $sql  = $sql($query);
            $bind = $query->getBind();
        }
        if (!isset($master)) {

致命错误,静待更新. 需要了解其他情况, 请随时联系我. QQ:252333696 Email:[email protected]

liu21st
liu21st

检测下你自定义key是否已经存在缓存数据了

May
3
2 weeks ago
pull request

liu21st pull request top-think/think-orm

liu21st
liu21st

修复Model直接实例化传参不能保存有类型转换的字段

修改前:

$model = new Model([
   'name' => 'some',
   'type' => $type, // 是个对象,定义了类型转换
]);
$model->save(); // type 不见了,查看 SQL 也没有,数据库当然也没有

修改后:

$model = new Model([
   'name' => 'some',
   'type' => $type, // 是个对象,定义了类型转换
]);
$model->save(); // type 被转换为正常的值并成功保存到数据库
pull request

liu21st pull request top-think/think-orm

liu21st
liu21st

Update Mysql.php

防止批量插入时因为1062错误而中断

Activity icon
issue

liu21st issue comment top-think/think-orm

liu21st
liu21st

Update Mysql.php

防止批量插入时因为1062错误而中断

liu21st
liu21st

extra方法就是用于这种需求的

push

liu21st push top-think/think-orm

liu21st
liu21st
liu21st
liu21st

更新 psr/log psr/simple-cache 兼容 2.0

commit sha: e74640cb9272b1f9397206afbc88992d9a9ab6ce

push time in 2 weeks ago
pull request

liu21st pull request top-think/think-orm

liu21st
liu21st

更新 composer 兼容 psr/log 2.0

push

liu21st push top-think/think-orm

liu21st
liu21st

数据集对象hidden visible append方法增加merge参数 调整merge参数默认值为false

commit sha: d267daf92f8e9a7326800c2761ff5e2df242f541

push time in 2 weeks ago
Apr
24
4 weeks ago
Activity icon
issue

liu21st issue comment top-think/think-orm

liu21st
liu21st

修复Model直接实例化传参不能保存有类型转换的字段

修改前:

$model = new Model([
   'name' => 'some',
   'type' => $type, // 是个对象,定义了类型转换
]);
$model->save(); // type 不见了,查看 SQL 也没有,数据库当然也没有

修改后:

$model = new Model([
   'name' => 'some',
   'type' => $type, // 是个对象,定义了类型转换
]);
$model->save(); // type 被转换为正常的值并成功保存到数据库
liu21st
liu21st

实例化方法传入数据主要是查询的时候被newInstance调用的 这个时候传入的都是数据库存储的原始数据 自己实例化应该尽量使用data方法处理

Apr
23
4 weeks ago
Activity icon
issue

liu21st issue comment top-think/think-orm

liu21st
liu21st

修复Model直接实例化传参不能保存有类型转换的字段

修改前:

$model = new Model([
   'name' => 'some',
   'type' => $type, // 是个对象,定义了类型转换
]);
$model->save(); // type 不见了,查看 SQL 也没有,数据库当然也没有

修改后:

$model = new Model([
   'name' => 'some',
   'type' => $type, // 是个对象,定义了类型转换
]);
$model->save(); // type 被转换为正常的值并成功保存到数据库
liu21st
liu21st

直接实例化传入的数据就是原始数据 data方法才是设置数据

Activity icon
issue

liu21st issue top-think/think-orm

liu21st
liu21st

2.0.51、52版本,一对一关联预查询,绑定属性到父模型上,返回结果会把关联表全部信息都返回?

F192F2E25BE1A73570AA688A2CD9285A

60BDAB358475578B1E6139FC6C7E0421

Apr
20
1 month ago
Activity icon
created branch

liu21st in top-think/think-swoole create branch analysis-0gYeVn

createdAt 1 month ago
Apr
12
1 month ago
Activity icon
issue

liu21st issue comment top-think/framework

liu21st
liu21st

路由传数组不支持逗号?

比如 /userIds/1,2,3 我这边收到的只剩下 1 了?目前我用 1_2_3 来代替,不过为何逗号失败呢?

liu21st
liu21st

自定义变量规则才行

Activity icon
issue

liu21st issue top-think/framework

liu21st
liu21st

路由传数组不支持逗号?

比如 /userIds/1,2,3 我这边收到的只剩下 1 了?目前我用 1_2_3 来代替,不过为何逗号失败呢?

Mar
25
1 month ago
Activity icon
issue

liu21st issue comment top-think/think-validate

liu21st
liu21st

这个验证器是不是放弃维护了,我看thinkphp6种的验证码又变成内置验证码了

rt

liu21st
liu21st

当初很多库确实是想独立的 但后来还是并入核心了的

Mar
23
1 month ago
Activity icon
issue

liu21st issue top-think/think-captcha

liu21st
liu21st

mt_rand小数在php8.1报错

mt_rand小数在php8.1报错 本来更新前,四位数好好的,更新后就只能显示3位数,其余被遮挡,不设置宽高也一样,中英文和算术都有这个问题

Activity icon
issue

liu21st issue comment top-think/framework

liu21st
liu21st

路由分组动态路由失效!还有控制器中间件$request->变量 传参无效

截屏2022-03-21 16 52 20 在分组里面使用动态路由list_:page$ 失效 ,不用分组是可以的。

还有路由器中间件$request赋值, 到控制器$request 里面没有这个变量

框架版本6.0.12 使用场景是多应用模式 。 php版本8.1.1

liu21st
liu21st

最好是统一路由变量的用法

Activity icon
issue

liu21st issue comment top-think/think-captcha

liu21st
liu21st

3.0.5版本的验证码图片显示不全啊,4个字符的只显示3个,回退到3.0.4就正常了

3.0.5版本的验证码图片显示不全啊,4个字符的只显示3个,回退到3.0.4就正常了

liu21st
liu21st

用最新版本测试下

Activity icon
published release V3.0.6

liu21st in top-think/think-captcha create published release V3.0.6

createdAt 1 month ago
Activity icon
created tag
createdAt 1 month ago
Mar
22
2 months ago
Activity icon
issue

liu21st issue top-think/framework

liu21st
liu21st

SQL注入问题

当group by和count一起使用时,就会出现SQL注入。

$id = Request::get('id');
$fqModel = new FqAnswers();
$fqModel->where(['form_id' => $id])->group('identify')->count();

跟踪代码发现,count()方法中,判断是否有group,如果有的话,就会构建子查询,这时就出问题了。

public function count($field = '*')
    {
        // 会导致SQL注入,将这段注释掉就好了
        if (!empty($this->options['group'])) {
            // 支持GROUP
            $options = $this->getOptions();
            $subSql  = $this->options($options)
                ->field('count(' . $field . ') AS think_count')
                ->bind($this->bind)
                ->buildSql();

            $query = $this->newQuery()->table([$subSql => '_group_count_']);

            if (!empty($options['fetch_sql'])) {
                $query->fetchSql(true);
            }

            $count = $query->aggregate('COUNT', '*', true);
        } else {
            $count = $this->aggregate('COUNT', $field, true);
        }

        return is_string($count) ? $count : (int) $count;
    }

测试了5.1.41和6.0版本都有这个问题。 image 1 AND (SELECT 1555 FROM (SELECT(SLEEP(2)))Tfbh)

push

liu21st push top-think/think-orm

liu21st
liu21st

当count与group同时使用时,对count传入字段做验证

commit sha: ccdbf7e991c689716833e0d72213944c20434fa1

push time in 2 months ago
pull request

liu21st pull request top-think/think-orm

liu21st
liu21st

修复count和group同时使用时,count的sql注入问题

用法如下时:

        $title = FacadeRequest::get('title');
        $field = FacadeRequest::get('field');       // id  AND (SELECT 1555 FROM (SELECT(SLEEP(4)))Tfbh)

        $fqModel = new MallGoods();
        $result = $fqModel->where(['title' => $title])
        ->group('cate_id')
        ->count($field);

传入的filed会被注入:

public function count(string $field = '*'): int
    {
        if (!empty($this->options['group'])) {
            // 支持GROUP

            if (!preg_match('/^[\w\.\*]+$/', $field)) {
                throw new DbException('not support data:' . $field);
            }

            $options = $this->getOptions();
            $subSql  = $this->options($options)
                ->field('count(' . $field . ') AS think_count')
                ->bind($this->bind)
                ->buildSql();

            $query = $this->newQuery()->table([$subSql => '_group_count_']);

            $count = $query->aggregate('COUNT', '*');
        } else {
            $count = $this->aggregate('COUNT', $field);
        }

        return (int) $count;
    }

其他聚合方法传入的数据最终都会被builderparseKey方法检查,但是count与group一同使用时,使用的子查询并没有验证字段.

AggregateQuery:
    public function sum($field): float
    {
        return $this->aggregate('SUM', $field, true);
    }
    protected function aggregate(string $aggregate, $field, bool $force = false)
    {
        return $this->connection->aggregate($this, $aggregate, $field, $force);
    }
....
PDO:
    public function aggregate(BaseQuery $query, string $aggregate, $field, bool $force = false)
    {
        if (is_string($field) && 0 === stripos($field, 'DISTINCT ')) {
            [$distinct, $field] = explode(' ', $field);
        }

        $field = $aggregate . '(' . (!empty($distinct) ? 'DISTINCT ' : '') . $this->builder->parseKey($query, $field, true) . ') AS think_' . strtolower($aggregate);

        $result = $this->value($query, $field, 0);

        return $force ? (float) $result : $result;
    }
Activity icon
issue

liu21st issue comment top-think/think-captcha

liu21st
liu21st

mt_rand小数在php8.1报错

mt_rand小数在php8.1报错 本来更新前,四位数好好的,更新后就只能显示3位数,其余被遮挡,不设置宽高也一样,中英文和算术都有这个问题

liu21st
liu21st

我说的是 验证码库的开发版 不是框架开发版

Activity icon
issue

liu21st issue top-think/think-orm

liu21st
liu21st

最新版的2.0.53怎么更新不下来 php版本有限制?

最新版的2.0.53怎么更新不下来 php版本有限制?

Activity icon
issue

liu21st issue comment top-think/think-orm

liu21st
liu21st

最新版的2.0.53怎么更新不下来 php版本有限制?

最新版的2.0.53怎么更新不下来 php版本有限制?

liu21st
liu21st

换镜像或者官方源试下

Mar
21
2 months ago
Activity icon
issue

liu21st issue comment top-think/think-captcha

liu21st
liu21st

mt_rand小数在php8.1报错

mt_rand小数在php8.1报错 本来更新前,四位数好好的,更新后就只能显示3位数,其余被遮挡,不设置宽高也一样,中英文和算术都有这个问题

liu21st
liu21st

用开发版测试下可以

Mar
17
2 months ago
Activity icon
published release V3.0.5

liu21st in top-think/think-captcha create published release V3.0.5

createdAt 2 months ago
Previous