MeEdu - 开源的在线视频点播系统。
| 插件 | 插件 | 插件 |
|---|---|---|
| 问答模块 | 试题插件 | 团购 |
| 秒杀 | 阿里云HLS加密播放 | 腾讯云HLS加密播放 |
| 学习路径 | 图文收费 | 电子书模块 |
感谢下面小伙伴提供支付宝和微信相关支付账号(排名不分前后):
| 昵称 | |
|---|---|
Baiyuetribe |
https://github.com/Baiyuetribe |
逸企邦 |
https://easeco.cn |
Aunger |
https://www.aunwen.com |
\app\Http\Controllers\Backend\Api\V1\UploadController.php
public function imageUpload(Request $request)
{
$url = $request->input('url');
if (!$url) {
return $this->error('请输入图片地址');
}
$extension = '';
if (preg_match('/\.png/i', $url)) {
$extension = 'png';
} elseif (preg_match('/\.jpg/i', $url)) {
$extension = 'jpg';
} elseif (preg_match('/\.gif/i', $url)) {
$extension = 'gif';
} elseif (preg_match('/\.jpeg/i', $url)) {
$extension = 'jpeg';
}
if (!$extension) {
return $this->error('无法检测图片格式');
}
try {
// 将图片保存到本地临时文件
$content = file_get_contents($url);
$tmpPath = config('meedu.upload.image.path') . '/' . Str::random(32) . '.' . $extension;
// 保存到storage
$disk = config('meedu.upload.image.disk');
Storage::disk($disk)->put($tmpPath, $content);
$url = url(Storage::disk($disk)->url($tmpPath));
return $this->successData([
'path' => $tmpPath,
'url' => $url,
]);
} catch (\Exception $e) {
return $this->error($e->getMessage());
}
}
读取一个url,然后保存文件。后缀判断逻辑错误,仅判断了包含这几个后缀,应该判断为以这几个后缀结尾。
payload:
{"url":"file:///www\/wwwroot\/demo.meedu.vip/.png/../.env"}
文件: /app/Http/Requests/Backend/Administrator/AdministratorRequest.php
public function filldata()
{
$data = ['name' => $this->input('name', '')];
$this->input('password') && $data['password'] = bcrypt($this->input('password'));
if ($this->isMethod('post')) {
$data['email'] = $this->input('email');
}
return $data;
}
如果编辑管理员资料的时候不填密码, 那么则会吧此管理员的密码值为空。
问题代码:$this->input('password') && $data['password'] = bcrypt($this->input('password'));
unsert($data['password'])有增加相关功能的想法么? 类似于添加讲师管理的功能吧。 协同者可以有自己的管理账号,自己添加课程,看到自己的收益,全站订阅可以设置分成比例之类的。 如果本身主机性能一般,能通过七牛云之类的云视频平台来做视频存放就更爽了。 最近想和朋友一起做硬件课程来着,本来想自己学Laravel来弄个试试,没想到搜到你的项目了。
duplicatemeedu/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Mime/Headers/MailboxHeader.php
这个文件的normalizeMailboxes 函数,foreach ($mailboxes as $key => $value)执行的时候,$key如果是数据库里的值,会直接用整条json作为email的addr,从而导致最后发送邮件失败。
log里我打印了信息:
[2019-03-28 11:03:40] local.INFO: eaddr valueExample [2019-03-28 11:03:40] local.INFO: eaddr:[email protected] [2019-03-28 11:03:40] local.INFO: eaddr value [2019-03-28 11:03:40] local.INFO: eaddr:{"id":1,"email":"[email protected]","created_at":"2019-03-22 21:00:57","updated_at":"2019-03-22 21:00:57"} [2019-03-28 11:03:40] local.ERROR: Address in mailbox given [{"id":1,"email":"[email protected]","created_at":"2019-03-22 21:00:57","updated_at":"2019-03-22 21:00:57"}] does not comply with R FC 2822, 3.6.2. {"exception":"[object] (Swift_RfcComplianceException(code: 0): Address in mailbox given [{"id":1,"email":"[email protected]","created_at":"2019-03-22 21:00:57","upd ated_at":"2019-03-22 21:00:57"}] does not comply with RFC 2822, 3.6.2.
向开源精神致敬~ 发现个小问题, 还望抽空指导一下...
点击幻灯片菜单会报错, 错误码为 500, 但是没有错误提示.
我追了一下源码, 发现没有定义 backend/api/v1/slider 路由, 而且我在app/Http/Controllers/Backend/Api/V1目录下也没有找到slider控制器, 请问是我安装的问题, 还是源码未完善?
@Qsnh @git-zjx
浏览器console报错 Access to XMLHttpRequest at 'http://192.168.199.128/backend/api/v1/captcha/image' from origin 'http://192.168.199.128:88' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested
测试网站 :https://vip.english.thingswell.cn/
备案号指向的URL应该是 https://beian.miit.gov.cn/ 实际URL是 http://www.beian.miit.gov.cn/
按照备案要求,不合规。
后台管理只有修改备案号,没有修改备案地址的功能。
MeEdu版本 v3.7.2 后台版本 v3.7 内核版本 Laravel 6.18.42 PHP版本 7.2.33
在测试的时候,阿里云视频点播的节点选择的是北京(cn-beijing),配置完成后,上传点播视频时报错
[2021-04-17 08:37:59] local.ERROR: exception {"message":"InvalidStorage.NotFound: The storageLocation does not exist. RequestId: ****-9E1F-4367-821D-****GET \"http://vod.cn-shanghai.aliyuncs.com\" 403","code":403,"line":343,"params":{"title":"****.mp4","filename":"****.mp4"},"url":"http://*****/backend/api/v1/video/token/aliyun/create","method":"POST","ip":["******"]} {"request_id":"78RibM*****"}
经过查询阿里云官方文档,在调用 CreateUploadVideo 方法时,需要设置 host(uri) 属性,具体实现如下:
<?php
use AlibabaCloud\Client\AlibabaCloud;
use AlibabaCloud\Client\Exception\ClientException;
use AlibabaCloud\Client\Exception\ServerException;
// Download:https://github.com/aliyun/openapi-sdk-php
// Usage:https://github.com/aliyun/openapi-sdk-php/blob/master/README.md
AlibabaCloud::accessKeyClient('<accessKeyId>', '<accessSecret>')
->regionId('cn-beijing')
->asDefaultClient();
try {
$result = AlibabaCloud::rpc()
->product('vod')
// ->scheme('https') // https | http
->version('2017-03-21')
->action('CreateUploadVideo')
->method('POST')
->host('vod.cn-beijing.aliyuncs.com')
->options([
'query' => [
'Title' => "***.mp4",
'FileName' => "***.mp4",
],
])
->request();
print_r($result->toArray());
} catch (ClientException $e) {
echo $e->getErrorMessage() . PHP_EOL;
} catch (ServerException $e) {
echo $e->getErrorMessage() . PHP_EOL;
}
经过整体排查,其他调用vod接口部分也存在相关问题,一并添加设置host方法即可。
建议增加配置项增加设置host属性的灵活性。
Bumps laravel/framework from 6.18.42 to 6.20.12.
Sourced from laravel/framework's releases.
v6.20.12
v6.20.12 (2021-01-13)
v6.20.11
v6.20.11 (2021-01-13)
Fixed
- Limit expected bindings (#35865)
v6.20.10
v6.20.10 (2021-01-12)
Added
- Added new line to
DetectsLostConnections(#35790)Fixed
- Fixed error from missing null check on PHP 8 in
Illuminate\Validation\Concerns\ValidatesAttributes::validateJson()(#35797)v6.20.9
v6.20.9 (2021-01-05)
Added
v6.20.8
v6.20.8 (2020-12-22)
Fixed
- Fixed
Illuminate\Validation\Concerns\ValidatesAttributes::validateJson()for PHP8 (#35646)- Catch DecryptException with invalid X-XSRF-TOKEN in
Illuminate\Foundation\Http\Middleware\VerifyCsrfToken(#35671)v6.20.7
v6.20.7 (2020-12-08)
Fixed
- Backport for fix issue with polymorphic morphMaps with literal 0 (#35487)
- Fixed mime validation for jpeg files (#35518)
v6.20.6
v6.20.6 (2020-12-01)
Fixed
... (truncated)
Sourced from laravel/framework's changelog.
v6.20.12 (2021-01-13)
v6.20.11 (2021-01-13)
Fixed
- Limit expected bindings (#35865)
v6.20.10 (2021-01-12)
Added
- Added new line to
DetectsLostConnections(#35790)Fixed
- Fixed error from missing null check on PHP 8 in
Illuminate\Validation\Concerns\ValidatesAttributes::validateJson()(#35797)v6.20.9 (2021-01-05)
Added
v6.20.8 (2020-12-22)
Fixed
- Fixed
Illuminate\Validation\Concerns\ValidatesAttributes::validateJson()for PHP8 (#35646)- Catch DecryptException with invalid X-XSRF-TOKEN in
Illuminate\Foundation\Http\Middleware\VerifyCsrfToken(#35671)v6.20.7 (2020-12-08)
Fixed
- Backport for fix issue with polymorphic morphMaps with literal 0 (#35487)
- Fixed mime validation for jpeg files (#35518)
v6.20.6 (2020-12-01)
Fixed
- Backport Redis context option (#35370)
- Fixed validating image/jpeg images after Symfony/Mime update (#35419)
v6.20.5 (2020-11-24)
Fixed
... (truncated)
49f9db0 version212d7f4 Re-enable query builder tests (#35894)29c831d versiond0954f4 [6.x] Limit expected bindings (#35865)594c08a [6.x] update changelog88dced8 version7a0517e [6.x] update changelog08b1b19 [6.x] Fix #35795 (#35797)006180a Retry if DNS lookup fails (#35790)4686f22 versionDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.
Bumps ini from 1.3.5 to 1.3.8.
a2c5da8 1.3.8af5c6bb Do not use Object.create(null)8b648a1 don't test where our devdeps don't even workc74c8af 1.3.7024b8b5 update deps, add linting032fbaf Use Object.create(null) to avoid default object property hazards2da9039 1.3.6cfea636 better git push script, before publish instead of after56d2805 do not allow invalid hazardous string as section nameThis version was pushed to npm by isaacs, a new releaser for ini since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.
● 新增用户已购录播课、已购课时、录播课课时学习记录API ● 新增后台管理员操作日志 ● 新增学员注销、学员删除 ● 新增学员登录日志 ● 新增图片上传日志 ● 新增不再使用的老旧API开关配置 ● 新增内存缓存
● 优化后台权限,管理员权限分配更简单明了 ● 修复部分浏览器设置视频禁止快进播放无效bug ● 修复清空学员标签报错bug ● 优化部分代码 ● 优化社交登录,新增V3版本的社交登录API ● 优化腾讯云扩展依赖包(项目整体体积由原先的40MB缩减到12MB) ● 修复注册IP解析(当开启队列时会出现) ● 优化学员的多端口登录限制 ● 修复学员VIP属性编辑错误bug ● 修复视频文件尺寸过大导致本地未记录已上传视频的bug ● 优化支付宝回调处理(部分使用者配置了退款回调导致系统会将退款回调也当做支付成功回调处理) ● 修复学员批量导入未设置VIP过期时间导致报错bug ● 修复订单支付成功的积分奖励备注额度错误的bug ● 优化课时批量导入的检测和错误提示
● 移除学员邀请码功能 ● 移除邀请相关API ● 移除学员邀请送积分配置 ● 移除小程序相关功能和API ● 移除课时的单独订阅购买
Source code(tar.gz)修复部分情况下微信JSAPI支付回调跳转地址错误的bug
Source code(tar.gz)fixed: 微信小程序支付
Source code(tar.gz)本次更新是一个里程碑的版本。
fixed: QQ登录
Source code(tar.gz)1.fixed: 默认播放器播放腾讯云HLS加密视频无法快进 2.HTML的默认lang改为zh-CN(原先默认的en部分国产浏览器会提示翻译) 3.fixed: 微信公众号登录和授权登录的api接口登录成功后的跳转bug
Source code(tar.gz)fixed: 社交登录在强制绑定手机号下无法绑定已注册的手机号账户
Source code(tar.gz)1.fixed: 任意文件读取漏洞 2.sweetalert升级到sweetalert2
Source code(tar.gz)fixed: 缓存时间
Source code(tar.gz)fixed: 推荐课程Bug
Source code(tar.gz)60/分钟 改为 120/分钟