wukongopensource / wukongcrm-9.0-php Goto Github PK
View Code? Open in Web Editor NEW悟空CRM-基于TP5.0+vue+ElementUI的前后端分离CRM系统
Home Page: http://www.5kcrm.com
License: Other
wukongcrm-9.0-php's People
Contributors
Stargazers
Watchers
Forkers
walimaker wukongcrm syj54p ludashi001 gggflash liu33851861 shadowhwli cheungfei2018 zhidemai yanshaozhi atzq1234 jackycgq makecoder qq781548819 haifeng007 headplan yaruiyang imanner 872409 hiopro2016 feik zhanghaodongshuai yadongwang110 hellocrab giangdn github653224 folkevil ziyoushan vlmz gengxiaoxu flinger123 yuanliyin mracale connectdtk chree188 774649283 foooy snake95king splp ztiney zanderzhg a794581572 sleekwindor xiaoyu0816 gcywolf michealjou flxa888 biofer bconline2002 xxi-arch awesomhe beyondlex comenie duolaimi mingeven fanyixie sevenyoo sherry0109 myttyy skymysky yjqphp 13607873353 a121009910 kwangchin numbqr123 shallmentmo leeyu35 nakexn jack2jsz mercis huangzhuquan yanwei0624 steak747 crpeng2004 jmluang zmxzmx stozen waybq cuiguangji ibaoger orientswift aa3112719 vancens-com rsempere xuliangsmj 15661645521 b-deng liuman02 pengyishu jeffreymo yst726 gjianbo zhangzhoyu shengtao wanggrplus123 goodrain-apps zhangyongjack weijuntao edhugo88 blue-cosmoswukongcrm-9.0-php's Issues
好东西 感谢
没仔细看
安装完成,其他没问题,就是修改网站LOGO后,网站LOGO一直就是×,再次修改还是×,请求解决。
安装完成,其他没问题,就是修改网站LOGO后,网站LOGO一直就是×,再次修改还是×,请求解决。
良心作品--数据导出报错
类型错误: Argument 3 passed to app\admin\model\Excel::exportCsv() must be an instance of app\admin\model\callback, instance of Closure given, called in /www/wwwroot/crm.95ym.cn/application/crm/controller/Customer.php on line 581
导出报错
php版本5.6.40环境不通过
请问这种情况大概是什么原因呢?
数据类型错误
大哥啊,第二次了。这边应该是数组 $taskWhere = [];不是字符。。。。
登录频繁退出
为什么总是出现登录了没多久,就被迫退出的情况?
https情况下无法使用地图定位功能
php7
public function getDataById($id = '', $user_id, $types = '')
public function getDataById($id = '', $user_id=‘’, $types = '')
一键安装URL 找不到 请问怎么解决
我看项目文件中 install目录在admin/view目录下 路径对应不上
$groups = ''; $groupids = ''; 定义字符类型,后面以数组操作导致报错。。。
手机端没办法用吗? 钉钉对接从哪里设置呢 谢谢
这开源协议真恶心
这开源协议真恶心
世界上没有人写这么恶心的开源协议
致命错误: [] operator not supported for strings
请求模块:/admin/users/index
请求主体:page=1&limit=15&search=&structure_id=2&status=all
具体代码:
$groups = '';
$groupids = '';
foreach ($groupsArr as $key=>$val) {
$groups[] = $val['title'];
$groupids[] = $val['id'];
}
错误说明:$groups = '';$groupids = '';定义为字符类型,后面以数组操作导致报错。。。
良心之作,感谢悟空为开源软件做出的贡献!
良心之作,感谢悟空为开源软件做出的贡献!
大量报错,子类方法与父类参数不匹配。 犯这种低级错误? 你们开发软件有用心么?
Declaration of app\admin\model\File::createData($files, $param, $x = '150', $y = '150') should be compatible with app\admin\model\Common::createData($param)
admin/model/common.php
public function delDataById($id = '', $delSon = false)
application\admin\model\Group.php 里。
//删除角色 public function delDataById($group_id) { $dataInfo = $this->get($group_id); if(!$dataInfo){ $this->error = '该角色不存在或已删除';
啥时候换新版UI呀
RT
72crm v9 has Arbitrary file upload vulnerability in the avatar upload
Brief of this vulnerability
72crm v9 has Arbitrary file upload vulnerability Where to upload the avatar
Test Environment
- Windows10
- PHP 5.6.9+Apache/2.4.39
Affect version
72crm v9
Vulnerable Code
application\admin\controller\Users.php line 259
After follow-up, it was found that the validate was not set, and the move operation was performed directly, resulting in the ability to upload any file
follow-up move function(set filename)
line 352:
follow up function
Generate time-based file names with php as a suffix
then move_uploaded_file with this filename (thinkphp\library\think\File.php line 369)
Vulnerability display
First enter the background
Click as shown,go to the Enterprise management background
Click to change avatar
Capture the packet and modify the content as follows
Although it is judged as an illegal file, the file has been uploaded successfully, and the file path will be exposed when the debug mode is turned on
getshell
note:
Even if debug is not turned on, the file name can be blasted out through the file name naming rules
宝塔面板Nginx的装上用不了
宝塔面板Nginx的装上用不了,用宝塔系统自带的伪静态转换规则转换了之后用不了,不知道是伪静态的问题还是,不支持宝塔的环境呢,希望出一个宝塔Nginx的安装教程
Trying to get in touch regarding a security issue
Hey there!
I'd like to report a security issue but cannot find contact instructions on your repository.
If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
Is it available in English
Is it available in English?
日程创建, 周、日 下 选择时间 报错
还是php7下
https://github.com/72crm/72crm/blob/58d446279867ab3f5f171fc2173bbd5fa438cfbb/application/crm/model/ConfigData.php#L52
还是php7下,参数
源:public function getData()
建议:public function getData($name = NULL)
本地安装ok ,服务器上安装走到 miss() 中去了。
index.php/admin/install/index.html
` // miss 路由:处理没有匹配到的路由规则
public function miss()
{
if (Request::instance()->isOptions()) {
return ;
} else {
echo '悟空软件';
}
}`
如能添加邮件短信批量发送功能就好了
No language selection available
Hey this is Philipp from Germany, I just installed this application on my local server. But i can't find the language selection. My chinese skills are like zero, but i like this software and I want to use it :)
求官方出一套详细安装教程,视频的最好
本人习惯使用宝塔面板搭建的环境,但是以前源码放到空间,就可以用了。现在还有什么前端后端的,搞不懂了,求官方出教程,谢谢。
建议开个PHP7分支
系统配置设置公司名和logo失败
系统配置设置公司名和logo,保存时提示成功,返回工作台界面后信息都未改变。数据库已插入正确的数据。
Parse error: syntax error, unexpected '.', expecting '&' or variable (T_VARIABLE) 这个是什么原因,用的是php5.6的,访问一键安装的时候直接报错了
72crm v9 has Arbitrary file upload vulnerability
Brief of this vulnerability
72crm v9 has Arbitrary file upload vulnerability Where to upload the logo
Test Environment
- Windows10
- PHP 5.6.9+Apache/2.4.39
Affect version
72crm v9
Vulnerable Code
application\admin\controller\System.php line 51
After follow-up, it was found that the validate was not set, and the move operation was performed directly, resulting in the ability to upload any file
follow-up move function(set filename)
line 352:
follow up function
Generate time-based file names with php as a suffix
then move_uploaded_file with this filename (thinkphp\library\think\File.php line 369)
Vulnerability display
First enter the background
Click as shown,go to the Enterprise management background
click this
Just upload a picture and capture the package, modify the content as follows
Back to enterprise management background
access image address
php code executed successfully
Notice:Because it is uploaded at the logo, unauthorized users can also access this php code
参数未指定默认值,PHP7下报错
https://github.com/72crm/72crm/blob/58d446279867ab3f5f171fc2173bbd5fa438cfbb/application/admin/model/File.php#L32
参数未指定默认值,PHP7下报错(php毕竟不会停留在5.6)
源代码:public function createData($files, $param, $x = '150', $y = '150')
建議修改為:public function createData($files='', $param=[], $x = '150', $y = '150')
config.php 中开启app_debug无效
config.php 中的app_debug设置为true.但是页面依然是TP5的错误页面,没有错误原因
72crm v9 has sql injection vulnerability
Brief of this vulnerability
72crm v9 has sql injection vulnerability in View the task calendar
Test Environment
- Windows10
- PHP 5.6.9+Apache/2.4.39
Affect version
72crm v9
Vulnerable Code
application\work\controller\Task.php line 506
The $param parameter is passed to getDateList
The start_time parameter and stop_time parameter are directly spliced into $whereDate, and then executed on line 493. resulting in sql injection vulnerability
Vulnerability display
First enter the background
Click as shown,go to the View the task calendar and capture the packet
payload: start_time=1&stop_time=1))+or+sleep(2)--+
Sleep successfully for 2 seconds
If debug mode is enabled
payload:start_time=1&stop_time=1))+or+updatexml(1,concat(0x7e,database(),0x7e,version()),1)--+
Successfully obtained the database name and version number
Declaration of app\admin\model\Group::delDataById($group_id, $delSon = false) should be compatible with app\admin\model\Common::delDataById($id = '', $delSon = false)
PHP7.2.10 下delDataById方法重写,由于参数不同报错(php5.6没问题)
源代码位置:/application/admin/model/Group.php#L106
源代码:public function delDataById($group_id)
建议修改为:public function delDataById($group_id= '', $delSon = false)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.