1，修复一处安全隐患。

2，用户中心上传头像支持base64编码方式参数名imgdata。
3，其他细节。

application/extra/version.php

@@ -3,7 +3,7 @@ return array (
     'name' => '苹果CMS内容管理系统',
     'copyright' => 'MacCMS',
     'url' => '//github.com/magicblack',
-    'code' => '2020.1000.1059',
+    'code' => '2020.1000.1060',
     'license' => '免费版',
 );
 ?>

application/index/controller/Label.php

@@ -15,7 +15,8 @@ class Label extends Base
             if(!empty($param['file'])){
                 $file = $param['file'];
             }
-            if(!file_exists($GLOBALS['MAC_ROOT_TEMPLATE'] . 'label/'. $file.'.html' )){
+            $file = str_replace('\\','/',$file);
+            if(!file_exists($GLOBALS['MAC_ROOT_TEMPLATE'] . 'label/'. $file.'.html') || strpos($file,'/')!==false){
                 return $this->error(lang('illegal_request'));
             }
             echo $this->label_fetch('label/'.$file);

application/index/controller/User.php

@@ -386,18 +386,9 @@ class User extends Base
         if ($GLOBALS['config']['user']['portrait_status'] == 0) {
             return json(['code' => 0, 'msg' => lang('index/portrait_tip1')]);
         }
-
+        $base64_img = input('post.imgdata');
         $file = request()->file('file');
-        if (empty($file)) {
-            return json(['code' => 0, 'msg' => lang('index/portrait_no_upload')]);
-        }
-
-        $upload_image_ext = 'jpg,png,gif';
-        if ($file->checkExt($upload_image_ext)) {
-            $type = 'image';
-        } else {
-            return json(['code' => 0, 'msg' => lang('index/portrait_ext')]);
-        }
+        $upload_image_ext = ['jpeg','jpg','gif','png'];
 
         $uniq = $GLOBALS['user']['user_id'] % 10;
         // 上传附件路径
@@ -410,10 +401,39 @@ class User extends Base
             mac_mkdirss($_save_path);
         }
 
-        $upfile = $file->move($_upload_path, $_save_name);
-        if (!is_file($_upload_path . $_save_name)) {
-            return json(['code' => 0, 'msg' => lang('index/upload_err')]);
+        if(!empty($base64_img)){
+            if(preg_match('/^(data:\s*image\/(\w+);base64,)/', $base64_img, $result)){
+                $type = $result[2];
+                if(in_array($type, $upload_image_ext)){
+                    if(!file_put_contents($_save_path.$_save_name, base64_decode(str_replace($result[1], '', $base64_img)))){
+                        return json(['code' => 0, 'msg' => lang('index/upload_err')]);
+                    }
+                }
+                else {
+                    return json(['code' => 0, 'msg' => lang('index/portrait_ext')]);
+                }
+            }
+            else{
+                return json(['code' => 0, 'msg' => lang('index/portrait_no_upload')]);
+            }
+        }
+        elseif(!empty($file)) {
+            if ($file->checkExt($upload_image_ext)) {
+                $type = 'image';
+            }
+            else {
+                return json(['code' => 0, 'msg' => lang('index/portrait_ext')]);
+            }
+            $upfile = $file->move($_upload_path, $_save_name);
+            if (!is_file($_upload_path . $_save_name)) {
+                return json(['code' => 0, 'msg' => lang('index/upload_err')]);
+            }
+
         }
+        else{
+            return json(['code' => 0, 'msg' => lang('index/portrait_no_upload')]);
+        }
+
         $file = $_save_path . str_replace('\\', '/', $_save_name);
         $config = [
             'thumb_type' => 6,
@@ -614,7 +634,7 @@ class User extends Base
         $this->assign('type_tree', $type_tree);
 
         $n = 1;
-        $ids = [1 => lang('index/page_type'), 2 => lang('index/page_detail'), 3 => lang('index/page_play'), 4 => lang('index/page_down'), '5' => lang('index/trysee')];
+        $ids = [1 => lang('index/page_type'), 2 => lang('index/page_detail'), 3 => lang('index/page_play'), 4 => lang('index/page_down'), '5' => lang('index/try_see')];
         foreach ($type_tree as $k1 => $v1) {
             unset($type_tree[$k1]['type_extend']);
             foreach ($ids as $a => $b) {

application/index/view/index/index.html

@@ -8,10 +8,7 @@
     <title>{$title} - 苹果CMS</title>
     <link rel="stylesheet" href="__STATIC__/layui/css/layui.css">
     <link rel="stylesheet" href="__STATIC__/css/admin_style.css">
-    <script>
-        var ROOT_PATH = "__ROOT__", ADMIN_PATH="{$_SERVER['SCRIPT_NAME']}";
-        var maccms ="{$maccms|json_encode}";
-    </script>
+    <script>var maccms={"path":"__ROOT__","mid":"{$maccms['mid']}","aid":"{$maccms['aid']}","url":"{$maccms['site_url']}","wapurl":"{$maccms['site_wapurl']}","mob_status":"{$maccms['mob_status']}"};</script>
 </head>
 <body>
 link标签：<br>

application/lang/zh-cn.php

@@ -720,7 +720,7 @@ return [
     'index/logincallback2'=>'获取第三方用户信息失败，请重试',
     'index/reg_ok'=> '注册成功',
     'index/portrait_tip1'=> '未开启自定义头像功能',
-    'index/portrait_no_upload'=> '未找到上传的文件(原因：表单名可能错误，默认表单名“file”)！',
+    'index/portrait_no_upload'=> '未找到上传的文件(原因：表单名可能错误，默认表单名“file”或“imgdata”)！',
     'index/portrait_ext'=> '非系统允许的上传格式！',
     'index/upload_err'=>'文件上传失败！',
     'index/portrait_err'=>'更新会员头像信息失败！',
@@ -732,7 +732,7 @@ return [
     'index/page_detail'=>'内容页',
     'index/page_play'=>'播放页',
     'index/page_down'=>'下载页',
-    'index/tree_see'=>'试看',
+    'index/try_see'=>'试看',
 
     'admin/public/head/title'=>'安全第一请勿泄露后台地址 - Copyright by 苹果CMS内容管理系统',
     'admin/public/jump/title'=>'跳转提示',

application/lang/zh-tw.php

@@ -720,7 +720,7 @@ return [
     'index/logincallback2'=>'獲取第三方用戶信息失敗，請重試',
     'index/reg_ok'=> '註冊成功',
     'index/portrait_tip1'=> '未開啟自定義頭像功能',
-    'index/portrait_no_upload'=> '未找到上傳的文件(原因：表單名可能錯誤，默認表單名“file”)！',
+    'index/portrait_no_upload'=> '未找到上傳的文件(原因：表單名可能錯誤，默認表單名“file”或“imgdata”)！',
     'index/portrait_ext'=> '非系統允許的上傳格式！',
     'index/upload_err'=>'文件上傳失敗！',
     'index/portrait_err'=>'更新會員頭像信息失敗！',
@@ -732,7 +732,7 @@ return [
     'index/page_detail'=>'內容頁',
     'index/page_play'=>'播放頁',
     'index/page_down'=>'下載頁',
-    'index/tree_see'=>'試看',
+    'index/try_see'=>'試看',
 
     'admin/public/head/title'=>'安全第壹請勿泄露後臺地址 - Copyright by 蘋果CMS內容管理系統',
     'admin/public/jump/title'=>'跳轉提示',