EC+(ecjia)到家是一款可开展O2O业务的移动电商系统。它包含:移动端APP,采用原生模式开发,覆盖使用iOS 及Android系统的移 动终端;后台系统,针对平台日常运营维护的平台后台,针对入驻店铺管理的商家后台,独立并行;移动端H5,能够灵活部署于微信及其他APP、网页等。
Home Page: https://daojia.ecjia.com
License: Other
自提订单,无法取消、用户也无法申请退款。
接单设置对于自提订单也无效
商家后台:【配送】-【历史配送】中,有些订单是抢单类型的,但是目前全部显示派单
在申请商家入驻时,申请资料填写如下信息.
在后台审核时
这里过滤规则是匹配到单双引号前面加\反斜线,没有过滤<>符号,然后对内容长度做了限制最长20个字符长度限制,按照上面的图填写则可以绕过这个长度限制,解析后的html如下.
店铺关键字是50个字符就直接写xss代码了,进入申请的详情页面查看
修复建议,使用php htmlspecialchars 把html代码都过滤成html实体.
In the info.php file, the 48th line of code calls a dangerous function phpinfo(), which leaks sensitive information and may cause harm to the server.
图形验证码偶尔报错,不定期出现
helper.php file line 315 creates the .env file Content is:$envPath = base_path() . DIRECTORY_SEPARATOR . '.env';
Its content is to create a .env file in the root directory and write the database account, password, and database name
类型为text,编辑时使用了回车,但是公众号里是没有回车排版的
但是其他第三方平台及微信公众号自带后台都可以正确识别回车排版...
Fatal error: Uncaught TypeError: Argument 1 passed to Royalcms\Component\Exception\PlainDisplayer::display() must be an instance of Exception, instance of Error given, called in /www/ec+/bootstrap/compiled.php on line 11505 and defined in /www/ec+/bootstrap/compiled.php:11338 Stack trace: #0 /www/ec+/bootstrap/compiled.php(11505): Royalcms\Component\Exception\PlainDisplayer->display(Object(Error)) #1 /www/ec+/bootstrap/compiled.php(11455): Royalcms\Component\Exception\Handler->displayException(Object(Error)) #2 /www/ec+/bootstrap/compiled.php(11459): Royalcms\Component\Exception\Handler->handleException(Object(Error)) #3 [internal function]: Royalcms\Component\Exception\Handler->handleUncaughtException(Object(Error)) #4 {main} thrown in /www/ec+/bootstrap/compiled.php on line 11338
另外怎么开启debug;怎么查看错误信息?求帮助
提示错误
error.ERROR: Width or height needs to be defined.
安装程序在安装数据库时出现如下提示:
提示:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1000-01-01''' at line 1 (SQL: ALTER TABLE ecjia_users CHANGE email email VARCHAR(60) DEFAULT NULL COLLATE utf8mb4_unicode_ci, CHANGE password password VARCHAR(32) DEFAULT NULL COLLATE utf8mb4_unicode_ci, CHANGE birthday birthday DATE DEFAULT ''1000-01-01'')
本机配置:
PHP 7.3.14
MariaDB 10.3.22
Apache 2.4.38
我自查了一下环境,和阅读提示,应该是1000-01-01不符合我这个数据库DATE的格式。但是我查询MySQL和MariaDB的文档,但是 Year4-Month2-Day2 这样的数据也是合法的。
然后我发现 这个日期对应的时间戳位址为 -30610253143
然后我的设备还是32位的,时间整型可容许范围是 -2147483648~2147483647
应该是超出了我的CPU数据处理能力
安装时勾选了安装测试数据
然后我全文检索了一下文件,然后参照苹果以前的解决方式,将时间改为 2000-01-01,文件名是 2017_03_14_150031_create_users_table.php 还有 admin.php
无效
并且神奇的是
我修改完了重启安装程序,报错信息还是包含 2000-01-01
提示:SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '2000-01-01''' at line 1 (SQL: ALTER TABLE ecjia_users CHANGE email email VARCHAR(60) DEFAULT NULL COLLATE utf8mb4_unicode_ci, CHANGE password password VARCHAR(32) DEFAULT NULL COLLATE utf8mb4_unicode_ci, CHANGE birthday birthday DATE DEFAULT ''2000-01-01'')
奇了个怪
用户点击他人分享的链接后,定位后会跳转到首页,而不是回到分享的页面
v1.12
打开 admin_message 页面
你们在1.12日志说重构了后台的session, 用新的表session来管理
session_model.class.php 这个文件还是用sessions,重设置后
admin_message.php 又使用了sessions的字段adminid去获取管理员
【需修复】平台后台删除会员数据时,余额数目过大换行显示了,应该自适应显示
广告位的图片保存路径目前是 data/adsense,大部分安卓浏览器以及 PC 浏览器装有广告屏蔽插件都会屏蔽,导致无法正常显示图片
test
商家后台的收款二维码,用户第一次扫码后会跳转到商城首页,第二次才会进入买单页面。
test
店铺商品多了之后,店铺页面商品列表数据翻页后会有重复的,重复商品随机,不固定
平台发放的红包显示“指定自营店铺使用”,应该为平台通用
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.