From 032a73096135d05a770936fa2f725bc96890917d Mon Sep 17 00:00:00 2001
From: xiaochong0302 <xiaochong0302@gmail.com>
Date: Tue, 22 Sep 2020 19:57:44 +0800
Subject: [PATCH] =?UTF-8?q?=E5=90=88=E5=B9=B6=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Admin/Controllers/Controller.php | 11 +++++++++++
 app/Http/Admin/Services/Setting.php       |  8 ++++++++
 2 files changed, 19 insertions(+)

diff --git a/app/Http/Admin/Controllers/Controller.php b/app/Http/Admin/Controllers/Controller.php
index b38fabe5..ed8264ee 100644
--- a/app/Http/Admin/Controllers/Controller.php
+++ b/app/Http/Admin/Controllers/Controller.php
@@ -21,6 +21,17 @@ class Controller extends \Phalcon\Mvc\Controller
 
     public function beforeExecuteRoute(Dispatcher $dispatcher)
     {
+        /**
+         * demo分支拒绝数据提交
+         */
+        if ($this->isNotSafeRequest()) {
+            $dispatcher->forward([
+                'controller' => 'public',
+                'action' => 'forbidden',
+            ]);
+            return false;
+        }
+
         if ($this->isNotSafeRequest()) {
             $this->checkHttpReferer();
             $this->checkCsrfToken();
diff --git a/app/Http/Admin/Services/Setting.php b/app/Http/Admin/Services/Setting.php
index d8c97936..2a19326b 100644
--- a/app/Http/Admin/Services/Setting.php
+++ b/app/Http/Admin/Services/Setting.php
@@ -57,8 +57,16 @@ class Setting extends Service
 
         $result = [];
 
+        /**
+         * demo分支过滤敏感数据
+         */
         if ($items->count() > 0) {
             foreach ($items as $item) {
+                $case1 = preg_match('/(id|auth|key|secret|password|pwd)$/', $item->item_key);
+                $case2 = $this->dispatcher->getControllerName() == 'setting';
+                if ($case1 && $case2) {
+                    $item->item_value = '***';
+                }
                 $result[$item->item_key] = $item->item_value;
             }
         }