Merge remote-tracking branch 'gitee/xiaochong0302/I280IZ' into xiaochong0302/I280IZ

app/Http/Admin/Controllers/Controller.php

@@ -21,6 +21,17 @@ class Controller extends \Phalcon\Mvc\Controller
 
     public function beforeExecuteRoute(Dispatcher $dispatcher)
     {
+        /**
+         * demo分支拒绝数据提交
+         */
+        if ($this->isNotSafeRequest()) {
+            $dispatcher->forward([
+                'controller' => 'public',
+                'action' => 'forbidden',
+            ]);
+            return false;
+        }
+
         if ($this->isNotSafeRequest()) {
             $this->checkHttpReferer();
             $this->checkCsrfToken();

app/Http/Admin/Services/Setting.php

@@ -86,8 +86,16 @@ class Setting extends Service
 
         $result = [];
 
+        /**
+         * demo分支过滤敏感数据
+         */
         if ($items->count() > 0) {
             foreach ($items as $item) {
+                $case1 = preg_match('/(id|auth|key|secret|password|pwd)$/', $item->item_key);
+                $case2 = $this->dispatcher->getControllerName() == 'setting';
+                if ($case1 && $case2) {
+                    $item->item_value = '***';
+                }
                 $result[$item->item_key] = $item->item_value;
             }
         }

app/Http/Admin/Views/templates/main.volt

@@ -22,5 +22,12 @@
 
 {% block include_js %}{% endblock %}
 {% block inline_js %}{% endblock %}
+
+{% set site = setting('site') %}
+
+{% if site['analytics_enabled'] == 1 %}
+    {{ site['analytics_script'] }}
+{% endif %}
+
 </body>
 </html>