Coder Social home page Coder Social logo

icret / easyimages2.0 Goto Github PK

View Code? Open in Web Editor NEW
2.6K 21.0 396.0 86.06 MB

简单图床 - 一款功能强大无数据库的图床 2.0版

Home Page: https://png.cm

License: GNU General Public License v2.0

PHP 76.06% JavaScript 2.28% CSS 21.18% HTML 0.48% Hack 0.01%
easyimage php api zui markdown upload-images images picture image-store upload-pictures

easyimages2.0's Issues

git 473ca99 api目录403

应该是rewrite的问题

RewriteEngine on RewriteCond % !^$
RewriteRule i/(.*).(php)$ – [F]
RewriteRule public/(.*).(php)$ – [F]
RewriteRule config/(.*).(php)$ – [F]

其中 RewriteRule i/(.).(php)$ – [F] 可能会匹配 api/
所以 访问 api/ 或 api/apiTest/ 出现403错误
目前删掉 RewriteRule i/(.
).(php)$ – [F] `这行工作正常

php8.0使用出错

使用php7.4没有问题,php8.0出现以下错误
/www/wwwroot/pic/application/header.php on line 17 .css" rel="stylesheet">

Warning: Undefined variable $res in /www/wwwroot/pic/application/function.php on line 332

Warning: Undefined variable $res in /www/wwwroot/pic/application/function.php on line 352

Warning: Trying to access array offset on value of type null in /www/wwwroot/pic/application/list.php on line 113
Warning: Undefined array key "notice_status" in /www/wwwroot/pic/application/footer.php on line 7

支持视频的提案

希望图床能支持视频的上传,关于ffmeg可以在说明文档中让用户自己安装。
在我想要修改源代码添加视频支持的时候,修改了config.ini的文件名后缀识别,修改了zui.uploader.min.js中的MP4分类。但却无法上传视频,我怀疑是修改的地方不对,或者文件识别的代码还未找到。

希望作者能指明修改的方向。

CVE-2020-11023 (Medium) detected in jquery-3.4.1.slim.min.js

CVE-2020-11023 - Medium Severity Vulnerability

Vulnerable Library - jquery-3.4.1.slim.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.slim.min.js

Path to vulnerable library: /public/static/tinyfilemanager/jquery.slim.min.js

Dependency Hierarchy:

  • jquery-3.4.1.slim.min.js (Vulnerable Library)

Found in HEAD commit: f352336da07d5fd952b4d3573ba0eab6dacdbd1d

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0


Step up your Open Source Security Game with WhiteSource here

多个站点用一个图床程序是否可行

假设有域名image.a.com image.b.com都把图片使用简单图床托管
a和b站点的图片分路径存放,
是否可以分别绑定域名,访问不同的路径获取图片
不知道是否可以实现这样的功能,该怎么设置

php8语法问题

php8 会提示Warning: Undefined array key "xxx" in xxx
php8 当$xx['xxx'];未定义时会提示上述错误,请修改一下源代码使用isset()先判断一下上述变量存在再调用

upic配置不成功

已经通过curl上传成功

curl -F 'image=@/Users/yh/Documents/0/tpl.png' -F "token=xxxxx"  "https://pic.xxxxx.com/api/index.php"

但是upic配置不成功。(和配置的返回值没关,在图床上面也没见到图片)(http和https都试过)(picgo也能成功)
iShot_2022-07-15_11 11 31
iShot_2022-07-15_11 11 51
iShot_2022-07-15_11 12 19
iShot_2022-07-15_11 12 50

admin.inc.php 错误

位置:admin/admin.inc.php
Line:532,1138 <? foreach ($tokenList as $key => $value) :
手动执行: php admin.inc.php
结果:unexpected 'endforeach'
语法错误?改成 <?php foreach ($tokenList as $key => $value) :

新版本2.6.2使用caddy2+php搭建,无法登录

1、安装php环境
sudo apt install -y gnupg2 lsb-release ca-certificates apt-transport-https software-properties-common
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/sury-php.list
wget -qO - https://packages.sury.org/php/apt.gpg | sudo apt-key add -
sudo apt update --fix-missing 2> /dev/null | grep packages | cut -d '.' -f 1
sudo apt install -y php7.4-cgi php7.4-fpm php7.4-curl php7.4-gd php7.4-mbstring php7.4-xml php7.4-fileinfo php7.4-iconv php7.4-zip php7.4-mysql php7.4-exif php7.4-common php7.4-cli php7.4-sqlite3 sqlite3
sudo systemctl start php7.4-fpm.service && sudo systemctl enable php7.4-fpm.service
2、安装caddy2
echo -e "${curr_date} [DEBUG] caddy2 不存在.正在为您安装,请稍后..."
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https > /dev/null
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo tee /etc/apt/trusted.gpg.d/caddy-stable.asc
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update --fix-missing 2> /dev/null | grep packages | cut -d '.' -f 1
sudo apt install -y caddy > /dev/null
systemctl enable caddy.service
3、下载代码
cd /www && git clone https://github.com/icret/EasyImages2.0.git
chmod 755 -R /www
chmod 777 -R /www/EasyImages2.0/i
chown -R caddy:caddy /www
4、caddy2发布网站
编辑/etc/caddy/Caddyfile
king.gq {
log {
output file /etc/caddy/caddy.log
}
root * /www/EasyImages2.0
encode zstd gzip
file_server
header Access-Control-Allow-Origin *
php_fastcgi unix//run/php/php7.4-fpm.sock
}
重启caddy, systemctl restart caddy
5、访问king.gq,检查--网页安装向导--登录使用
前面都没有问题,就是登录使用这,网页显示不对,之前设置好的账号无法登录

2.1.1版本 反向代理后出现的问题

哈喽哈喽,又来反馈问题了。

起因:因为大部分都是用国外的免费空间来建,很多空间不支持绑定域名(一般不支持绑定域名的都活的很久),所以很多时候要用cloudflare worker来反代,反代后,就会出现下面的问题1,而又有一部分免费空间不支持多版本或者不支持高版本php(比如free.fr等法国德国居多的免费空间),故出现了问题2,我也是临时解决了下,基本可以用,不知道开发者有什么好的建议。

问题描述:
1、部分路径使用了 . $_SERVER['HTTP_HOST'] .,而不是之前的相对路径,导致的问题,对二级目录的兼容性不好。
其次,反代源站后,也显示的源站的IP,理论上把地址换成相对地址就可以解决。目前:2.0.2.2没这个问题。

2、PHP5.6不被支持。libs/function.php 60行-75行,替换之前的解决。

网站重新安装后登陆验证码无法显示

之前正常安装过并已经使用了挺好,后来宝塔重装了,再安装简单图床的时候,登陆验证码总是无法显示。
另外,在主页上传图片时,选定好了图片,点击上传后提示"没有文件等待上传",
请问作者,这种情况会是什么原因呢?

nginx 上传图片目录禁止运行php脚本后无法显示图片

在网站conf文件添加以下内容后无法显示图片,直接访问直链是403. 权限是 0755
root@xxx:/abcd# ls -ld EasyImages/
drwxr-xr-x 8 www-data www-data 4096 Jan 25 09:21 EasyImages/

#禁止运行php的目录 "i"是你的上传图片目录
location ~ /(i)/.*.(php|php5)?$ {
deny all;
#}

后面试着改成以下内容后又可以显示了
location ~ ^/(i)/.*\.(php|php5)?$ {

Picgo日志显示上传成功但实际上传失败

Picgo-2.3.1-beta.4使用自定义web图床插件
日志
2022-07-14 20:22:46 [PicGo INFO] Before transform
2022-07-14 20:22:46 [PicGo INFO] Transforming... Current transformer is [path]
2022-07-14 20:22:46 [PicGo INFO] Before upload
2022-07-14 20:22:46 [PicGo INFO] beforeUploadPlugins: renameFn running
2022-07-14 20:22:46 [PicGo INFO] Uploading... Current uploader is [web-uploader]
2022-07-14 20:22:47 [PicGo SUCCESS]
chrome插件可以成功上传
不知道问题出在哪儿,配置都是按照使用手册上讲的来做的

BUG反馈

Describe the bug

当图片名首字符为汉字时,广场中的缩率图无法生成;

重现步骤:

  • 上传设置中,将文件的命名方式配置为【以上传文件名称】;
  • 选择一个名称第一个字为汉字的图片上传;
  • 进入广场查看缩略图(页面已刷新多次)

版本:2.5.0

CVE-2020-11022 (Medium) detected in jquery-3.4.1.min.js - autoclosed

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Library - jquery-3.4.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Path to vulnerable library: /public/static/zui/lib/jquery/jquery-3.4.1.min.js

Dependency Hierarchy:

  • jquery-3.4.1.min.js (Vulnerable Library)

Found in HEAD commit: f352336da07d5fd952b4d3573ba0eab6dacdbd1d

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0


Step up your Open Source Security Game with WhiteSource here

能对接支持imgur.com这个图床嘛

这个也是老牌的图床储存空间了吧
因为国内被墙用的人很少

他的API限制为每天2000张 可以使用多个API来解除限制

能利用他来存储图片 他的图片URL 需要反代来显示
这样就可以弄 一个无限储存空间的图床了

他家不限制成人内容

上传图片后无法获取链接

使用docker的宝塔面板做的环境,在上传完图像后无法获取链接,进入管理界面后可看到图片链接

 Uncaught SyntaxError: Unexpected token < in JSON at position 0
    at JSON.parse (<anonymous>)
    at d.responseHandler ((index):135)
    at l.Uploader.FileUploaded (zui.uploader.min.js?v1.8.1:23)
    at l.Uploader.dispatchEvent (zui.uploader.min.js?v1.8.1:22)
    at l.Uploader.trigger (zui.uploader.min.js?v1.8.1:19)
    at f.i.status.l.UPLOADING.e.state.l.STOPPED.A.onload (zui.uploader.min.js?v1.8.1:22)
    at f.<anonymous> (zui.uploader.min.js?v1.8.1:19)
    at Array.<anonymous> (zui.uploader.min.js?v1.8.1:19)
    at n (zui.uploader.min.js?v1.8.1:19)
    at Object.c [as inSeries] (zui.uploader.min.js?v1.8.1:19)
responseHandler @ (index):135
FileUploaded @ zui.uploader.min.js?v1.8.1:23
dispatchEvent @ zui.uploader.min.js?v1.8.1:22
trigger @ zui.uploader.min.js?v1.8.1:19
i.status.l.UPLOADING.e.state.l.STOPPED.A.onload @ zui.uploader.min.js?v1.8.1:22
(anonymous) @ zui.uploader.min.js?v1.8.1:19
(anonymous) @ zui.uploader.min.js?v1.8.1:19
n @ zui.uploader.min.js?v1.8.1:19
c @ zui.uploader.min.js?v1.8.1:19
dispatchEvent @ zui.uploader.min.js?v1.8.1:19
(anonymous) @ zui.uploader.min.js?v1.8.1:20
(anonymous) @ zui.uploader.min.js?v1.8.1:19
n @ zui.uploader.min.js?v1.8.1:19
c @ zui.uploader.min.js?v1.8.1:19
dispatchEvent @ zui.uploader.min.js?v1.8.1:19
trigger @ zui.uploader.min.js?v1.8.1:19
(anonymous) @ zui.uploader.min.js?v1.8.1:21
load (async)
send @ zui.uploader.min.js?v1.8.1:21
exec @ zui.uploader.min.js?v1.8.1:19
shimExec @ zui.uploader.min.js?v1.8.1:19
exec @ zui.uploader.min.js?v1.8.1:19
r @ zui.uploader.min.js?v1.8.1:20
l @ zui.uploader.min.js?v1.8.1:20
send @ zui.uploader.min.js?v1.8.1:20
o @ zui.uploader.min.js?v1.8.1:22
x @ zui.uploader.min.js?v1.8.1:22
dispatchEvent @ zui.uploader.min.js?v1.8.1:22
trigger @ zui.uploader.min.js?v1.8.1:19
s @ zui.uploader.min.js?v1.8.1:22
start @ zui.uploader.min.js?v1.8.1:22
d.start @ zui.uploader.min.js?v1.8.1:23
(anonymous) @ zui.uploader.min.js?v1.8.1:22
dispatch @ jquery.min.js?v3.3.1:2
y.handle @ jquery.min.js?v3.3.1:2

shareX添加自定义添加之后 , 上传提醒 Url为空。

2022-04-13 20:34:05.006 - Executing: 打开主页面
2022-04-13 20:34:51.116 - UploadersConfig save started: C:\Users\Administrator\Documents\ShareX\UploadersConfig.json
2022-04-13 20:34:51.193 - UploadersConfig save successful: C:\Users\Administrator\Documents\ShareX\UploadersConfig.json
2022-04-13 20:34:55.574 - CommandLine: C:\Users\Administrator\Desktop\反.jpg
2022-04-13 20:34:55.577 - Task in queue. Job: FileUpload, Type: Image, Host: 自定义图像上传
2022-04-13 20:34:55.612 - Task status: Working
2022-04-13 20:34:55.629 - Upload started. Filename: 反.jpg, Filepath: C:\Users\Administrator\Desktop\反.jpg
2022-04-13 20:34:55.885 - Task failed. Filename: 反.jpg, Errors:
URL是空的。

希望支持关闭前台页面

希望支持关闭前台页面,我这边搭建一个图床提供给APP使用。由于是APP使用,他们只在APP里上传,也无需知道图床的地址是啥,所以我这边只需要一个API就够

希望作者支持下

提交python requests api 上传示例

import requests


def sendImg(img_name, img_type="image/jpeg"):
    f_abs = open(img_name, "rb")
    url = "http://192.168.1.221:8081/api/index.php"  # 自己想要请求的接口地址
    body = {
        "image": (img_name, f_abs, img_type)
    }
    data = {
        "token": "02559eb5cc28720d502eff1758ffd8d2"
    }
    response = requests.post(url=url, files=body, data=data,
                             )
    return response


if __name__ == "__main__":
    img_name = "2.jpg"
    res = sendImg(img_name)
    print(res.json())

方便复制的版本https://www.cnblogs.com/jackadam/p/16397655.html

api

Is your feature request related to a problem? Please describe.
今天我正在做JS的上传接口,上传后看到了删除链接,居然不是API

Describe the solution you'd like
应该有个删除的API吧,也可以用token认证

Describe alternatives you've considered
忽略反馈?我是在集成图片到odoo去,没有反馈,不知道删没删。

Additional context
Add any other context or screenshots about the feature request here.

checkLogin()函数逻辑问题

影响:
开启登录上传后,仍然可以不登录状态下上传。

原因:
/application/function.php,function checkLogin(),第70/85行。

鉴权失败后直接header("refresh:1;url=" . $config['domain'] . "/admin/index.php");跳转登录页面,没有exit();结束。手速快的情况下,可以在跳转前直接上传文件。

建议:
exit(header("refresh:1;url=" . $config['domain'] . "/admin/index.php"));

测试:
https://i1.100024.xyz/i/2022/04/10/wdc4tp.gif
https://i1.100024.xyz/i/2022/04/10/wdcd74.gif

修改后:
https://i1.100024.xyz/i/2022/04/10/x8y4gq.gif
https://i1.100024.xyz/i/2022/04/10/xcfsmx.gif

提交 Python threading+requests 压力测试示例

# use requests to upload a img
import random
import threading
import time
import uuid

import requests


def doing():
    ret = requests.request(method="POST", url='https://your url/application/upload.php',
                           data={"name": str(random.randint(10000, 99999)) + ".php"
                               , "uuid": uuid.uuid4()}
                           , files={"file": open("C:\\Users\Administrator\\Desktop\\test.jpg", "rb")})
    print(ret.text)


for i in range(1):
    threading.Thread(target=doing).start()
    time.sleep(0.05)
    print(i)

对象存储支持

如果可能希望能支持对象存储方案,如oss,cos,七牛,又拍等,谢谢!

是否可以开启/关闭 防爬模式

比如我想在广场里可以获取所有图片.以列表形式..如第一页 第二页 一直到最后一页

目前是只能按日期来,就是可以开启,让list.php 可以获取所有已存在的图片

提交JS示例代码

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
    <script src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
</head>

<body>
<!--上传文件-->
<div id="uploadDiv">
    <form id="uploadForm" enctype="multipart/form-data">
        文件:<input id="file" type="file" name="image"/>
        <input type="text" style="display: none" name="token" value="8d1dbbf08efdfba61af9667a4d3d4efb"/>
    </form>
    <button id="upload">上传文件</button>
</div>

<!--结果运用-->
<div id="resFrom">
    <form id="resForm" enctype="multipart/form-data">


        图片地址:<input type="text" id="url" name="url" value="图片地址">
        <br>
        缩略图地址:<input type="text" id="thumb" name="thumb" value="缩略图地址">
        <br>
        删除链接:<input type="text" id="delUrl" name="del" value="缩略图地址">
    </form>

</div>

<!--图片展示-->
<div id="imgDiv">
    <img id='img1' src=""/>

</div>

<!--js代码-->
<script type="text/javascript">
    $(function () {
        $("#upload").click(function () {
            var token = '8d1dbbf08efdfba61af9667a4d3d4efb'
            var formData = new FormData($('#uploadForm')[0]);
            $.ajax({
                type: 'post',
                url: "http://192.168.1.221:8081/api/index.php", //上传文件的请求路径必须是绝对路劲
                data: formData,
                cache: false,
                processData: false,
                contentType: false,
                success: (res) => {
                    $('#img1').attr('src', res.url);
                    $('#imgs').append()
                    $('#url').attr('value', res.url);
                    $('#thumb').attr('value', res.thumb);
                    $('#delUrl').attr('value', res.del);
                },
                error: () => {
                    console.log("失败");
                }
            });
        });
    });
</script>

</body>
</html>

方便复制的版本:
https://www.cnblogs.com/jackadam/p/16401967.html

关于10MB以上的图片无法生成缩略图的问题

图床本身支持最大50MB,发现当选择“访问时生成 | 推荐”时,超过10MB的图片无法在广场正常生成缩略图。
找了一下在thumb.php的63行,限制了缩略图生成的最大文件大小
define('MAX_FILE_SIZE', 10485760); // 10 Megs 是 10485760。这是我们将处理的最大内部或外部文件大小。

这个数字改大点吧,或者和设置里的“单文件最大上传”的用户设置动态联动?这样就不容易让用的人懵逼了。
对小白来说,找起来还是要费点时间。

picgo-2.3.0不能上传

日志:

2022-07-09 22:27:16 [PicGo WARN] [PicGo Server] upload failed, see picgo.log for more detail ↑
2022-07-09 22:28:51 [PicGo INFO] [PicGo Server] get the request {"list":["C:\Users\lhrxxt\AppData\Roaming\Typora\typora-user-images\image-20220709220718759.png"]}
2022-07-09 22:28:51 [PicGo INFO] [PicGo Server] upload files in list
2022-07-09 22:28:51 [PicGo INFO] Before transform
2022-07-09 22:28:51 [PicGo INFO] Transforming... Current transformer is [path]
2022-07-09 22:28:51 [PicGo INFO] Before upload
2022-07-09 22:28:51 [PicGo INFO] beforeUploadPlugins: renameFn running
2022-07-09 22:28:51 [PicGo INFO] Uploading... Current uploader is [web-uploader]
2022-07-09 22:28:52 [PicGo SUCCESS]

2022-07-09 22:28:52 [PicGo WARN] [PicGo Server] upload failed, see picgo.log for more detail ↑
image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.