wolf-leo / easyadmin8 Goto Github PK

requirejs已经更新到2.3.7版本，时隔6年，框架的依赖也可以同步更新了，包括vue2的依赖和jQuery的依赖等等...

新手没有地方可以交流，肯请大佬建个群吧
我不论是windows还是linux 都没有办法实现用curd命令生成表，就是自己建好表了用curd命令生成表也是会报错，能不能给指点一下，后台都可以正常访问登陆使用。
SQLSTATE[42S02]: Base table or view not found: 1146 Table 'easyadmin8.ea8_spm_text' doesn't exist
[email protected]

Enter the backend, find the configuration options, and add the upload type PHP
http://localhost/admin/index/index.html#/admin/system.uploadfile/index.html

Click on product management options： http://www.easyadmin8.com/admin/index/index.html#/admin/mall.goods/index.html
add a new product
click image icon

upload a.php

then getshell

Fix for file upload vulnerability:

1. The upload module needs to exist on the website, and permission authentication needs to be done to prevent anonymous users from accessing it.
2. The file upload directory is set to prohibit script file execution. Even if the dynamic script of the uploaded backdoor cannot be parsed, causing the attacker to abandon this attack path.
3. Set up a whitelist for uploading, which only allows images to be uploaded, such as jpg png gif. Other files are not allowed to be uploaded.
4. The uploaded suffix name must be set to an image format such as jpg png gif.

因为想长期使用这套系统~~~

CheckLogin.php
$this->error('登录已过期，请重新登录', [], __url('admin/login/index'));
建议修改
$this->error('登录已过期，请重新登录', [], __url(env("EASYADMIN.ADMIN").'/login/index'));