优化附件列表变量输出

优化前后台退出机制

application/admin/controller/Index.php

@@ -114,9 +114,15 @@ class Index extends Backend
      */
     public function logout()
     {
-        $this->auth->logout();
-        Hook::listen("admin_logout_after", $this->request);
-        $this->success(__('Logout successful'), 'index/login');
+        if ($this->request->isPost()) {
+            $this->auth->logout();
+            Hook::listen("admin_logout_after", $this->request);
+            $this->success(__('Logout successful'), 'index/login');
+        }
+        $html = "<form id='logout_submit' name='logout_submit' action='' method='post'>" . token() . "<input type='submit' value='ok' style='display:none;'></form>";
+        $html .= "<script>document.forms['logout_submit'].submit();</script>";
+
+        return $html;
     }
 
 }

application/admin/view/general/attachment/select.html

@@ -1,10 +1,8 @@
-{if !$Think.get.mimetype}
 <style>
     #one .commonsearch-table{
         padding-top:15px!important;
     }
 </style>
-{/if}
 <div class="panel panel-default panel-intro">
     <div class="panel-heading">
         {:build_heading(null,FALSE)}
@@ -22,7 +20,7 @@
                 <div class="widget-body no-padding">
                     <div id="toolbar" class="toolbar">
                         {:build_toolbar('refresh')}
-                        <span><button type="button" id="faupload-image" class="btn btn-success faupload" data-mimetype="{$Think.get.mimetype|default=''}" data-multiple="true"><i class="fa fa-upload"></i> {:__('Upload')}</button></span>
+                        <span><button type="button" id="faupload-image" class="btn btn-success faupload" data-mimetype="{$Think.get.mimetype|default=''|htmlentities}" data-multiple="true"><i class="fa fa-upload"></i> {:__('Upload')}</button></span>
                         {if request()->get('multiple') == 'true'}
                         <a class="btn btn-danger btn-choose-multi"><i class="fa fa-check"></i> {:__('Choose')}</a>
                         {/if}

application/api/controller/User.php

@@ -105,7 +105,7 @@ class User extends Api
      * @param string $password 密码
      * @param string $email    邮箱
      * @param string $mobile   手机号
-     * @param string $code   验证码
+     * @param string $code     验证码
      */
     public function register()
     {
@@ -138,9 +138,13 @@ class User extends Api
 
     /**
      * 退出登录
+     * @ApiMethod (POST)
      */
     public function logout()
     {
+        if (!$this->request->isPost()) {
+            $this->error(__('Invalid parameters'));
+        }
         $this->auth->logout();
         $this->success(__('Logout successful'));
     }
@@ -220,7 +224,7 @@ class User extends Api
      * 修改手机号
      *
      * @ApiMethod (POST)
-     * @param string $mobile   手机号
+     * @param string $mobile  手机号
      * @param string $captcha 验证码
      */
     public function changemobile()

application/index/controller/User.php

@@ -198,9 +198,16 @@ class User extends Frontend
      */
     public function logout()
     {
-        //退出本站
-        $this->auth->logout();
-        $this->success(__('Logout successful'), url('user/index'));
+        if ($this->request->isPost()) {
+            $this->token();
+            //退出本站
+            $this->auth->logout();
+            $this->success(__('Logout successful'), url('user/index'));
+        }
+        $html = "<form id='logout_submit' name='logout_submit' action='' method='post'>" . token() . "<input type='submit' value='ok' style='display:none;'></form>";
+        $html .= "<script>document.forms['logout_submit'].submit();</script>";
+
+        return $html;
     }
 
     /**

public/api.html

@@ -2616,7 +2616,7 @@
                                 <div class="panel panel-default">
                     <div class="panel-heading" id="heading-17">
                         <h4 class="panel-title">
-                            <span class="label label-success">GET</span>
+                            <span class="label label-primary">POST</span>
                             <a data-toggle="collapse" data-parent="#accordion17" href="#collapseOne17"> 退出登录 <span class="text-muted">/api/user/logout</span></a>
                         </h4>
                     </div>
@@ -2682,7 +2682,7 @@
                                                 </div>
                                                 </div>
                                                 <div class="panel-body">
-                                                    <form enctype="application/x-www-form-urlencoded" role="form" action="/api/user/logout" method="get" name="form17" id="form17">
+                                                    <form enctype="application/x-www-form-urlencoded" role="form" action="/api/user/logout" method="POST" name="form17" id="form17">
                                                                                                                 <div class="form-group">
                                                             无
                                                         </div>
@@ -4600,7 +4600,7 @@
 
                 </div>
                 <div class="col-md-6" align="right">
-                    Generated on 2021-06-08 17:27:40 <a href="./" target="_blank">我的网站</a>
+                    Generated on 2021-07-20 17:32:13 <a href="./" target="_blank">我的网站</a>
                 </div>
             </div>