GithubHelp home page GithubHelp logo

kongphp / twcms Goto Github PK

View Code? Open in Web Editor NEW
26.0 2.0 10.0 6.11 MB

通王网站内容管理系统(TWCMS),基于PHP+MySQL的技术架构。

Home Page: http://www.twcms.cn

PHP 81.20% CSS 9.27% JavaScript 9.52%

twcms's Introduction

通王网站内容管理系统(TWCMS),基于PHP+MySQL的技术架构。

TWCMS2.0定位于高安全、高性能、高扩展、高SEO、高傻瓜化。

TWCMS2.0目录结构
	|--admin					后台文件目录
	|--static					静态文件目录
	|--twcms					核心目录
		|--block				模块目录
		|--config				配置目录
		|--control				控制器目录
		|--install				安装目录
		|--log					日志目录
		|--kongphp				框架目录
		|--model				模型目录
		|--plugin				插件目录
		|--runtime				运行目录
			|--twcms_control		控制器编译缓存目录
			|--twcms_model			模型编译缓存目录
			|--twcms_view			视图编译缓存目录
			|--twcms_view_diy		DIY视图编译缓存目录
		|--view					视图目录
	|--upload					上传文件目录


TWCMS2.0简易模板引擎(共8个标签)
1. 包含模板
{inc:header.htm}

2. {hook:header_before.htm}
模板钩子(方便插件修改模板)

3. {php}{/php}
模板支持PHP代码 (不支持<??><?php?>的写法)

4. {block:}{/block}
模板模块

5. {loop:}{/loop}
数组遍历

6. {if:} {else} {eleseif:} {/if}
逻辑判断

7. {$变量}
显示变量

8. {@$k+1}
显示逻辑变量 (用于运算时的输出,一般用的很少)

twcms's People

Contributors

kongphp avatar

Stargazers

lmath avatar avatar avatar avatar avatar tiankong avatar avatar avatar 常乐 avatar my1e0n avatar Liu avatar avatar Emily Brown avatar liuzhihao avatar Angus H. avatar Chen Zhidong avatar 柏锦龙 avatar stuart.shi avatar Falco Lee avatar avatar Wu Guowen avatar Daniel Liu avatar Z.X.PING avatar maxincai avatar avatar avatar

Watchers

Daniel Liu avatar avatar

Forkers

reake webest zacharyzhang-dev freedream520 lyjlzh greenjoson liuzhangfu caiguai maro666 jerry-wolf

twcms's Issues

a xss vulnerability on TWCMS2.0.3

There is a xss vulnerablilty on TWCMS2.0.3,the address of the TWCMS is https://github.com/kongphp/TWCMS
image text
image text
On line 24 of "/TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources, triggering an xss vulnerability.
The POC is http://localhost/twcms-gh-pages/index.php?keyword=1&mid=2%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Ealert(9678)%3C/ScRiPt%3E&u=search-index
http://localhost/twcms-gh-pages/index.php?keyword=1&mid=%22%3Cacx%3E%3Cscript%3Ealert(/12345/)%3C/script%3E&u=search-index
image text

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.