diff --git a/publish/changeLog.md b/publish/changeLog.md index e4e1f890..baaeb038 100644 --- a/publish/changeLog.md +++ b/publish/changeLog.md @@ -12,6 +12,7 @@ ### 修复 - 修复快速切换歌曲时, 会出现播放的歌曲和界面展示的歌曲不一致的问题 +- 修复了一个由版本更新日志显示导致的潜在远程代码执行攻击漏洞,该漏洞影响v1.6.1及之前的所有版本,请务必更新到最新版本 ### 其他 diff --git a/publish/utils/updateChangeLog.js b/publish/utils/updateChangeLog.js index 81a11a82..a966a0ca 100644 --- a/publish/utils/updateChangeLog.js +++ b/publish/utils/updateChangeLog.js @@ -44,7 +44,7 @@ module.exports = async newVerNum => { desc: version.desc, }) version.version = newVerNum - version.desc = newChangeLog + version.desc = newMDChangeLog.replace(/(?:^|(\n))#{1,6} (.+)\n/g, '$1$2').trim() pkg.version = newVerNum console.log(chalk.blue('new version: ') + chalk.green(newVerNum)) diff --git a/src/renderer/components/material/VersionModal.vue b/src/renderer/components/material/VersionModal.vue index ddc89780..2d398110 100644 --- a/src/renderer/components/material/VersionModal.vue +++ b/src/renderer/components/material/VersionModal.vue @@ -3,17 +3,17 @@ material-modal(:show="version.showModal" @close="handleClose" v-if="version.newV main(:class="$style.main" v-if="version.isDownloaded") h2 🚀程序更新🚀 - div.scroll(:class="$style.info") + div.scroll.select(:class="$style.info") div(:class="$style.current") h3 最新版本:{{version.newVersion.version}} h3 当前版本:{{version.version}} h3 版本变化: - p(:class="$style.desc" v-html="version.newVersion.desc") + pre(:class="$style.desc" v-text="version.newVersion.desc") div(:class="[$style.history, $style.desc]" v-if="history.length") h3 历史版本: div(:class="$style.item" v-for="ver in history") h4 v{{ver.version}} - p(v-html="ver.desc") + pre(v-text="ver.desc") div(:class="$style.footer") div(:class="$style.desc") p 新版本已下载完毕, @@ -27,17 +27,17 @@ material-modal(:show="version.showModal" @close="handleClose" v-if="version.newV main(:class="$style.main" v-else-if="version.isError && !version.isUnknow && version.newVersion.version != version.version") h2 ❌ 版本更新出错 ❌ - div.scroll(:class="$style.info") + div.scroll.select(:class="$style.info") div(:class="$style.current") h3 最新版本:{{version.newVersion.version}} h3 当前版本:{{version.version}} h3 版本变化: - p(:class="$style.desc" v-html="version.newVersion.desc") + pre(:class="$style.desc" v-text="version.newVersion.desc") div(:class="[$style.history, $style.desc]" v-if="history.length") h3 历史版本: div(:class="$style.item" v-for="ver in history") h4 v{{ver.version}} - p(v-html="ver.desc") + pre(v-text="ver.desc") div(:class="$style.footer") div(:class="$style.desc") @@ -58,7 +58,7 @@ material-modal(:show="version.showModal" @close="handleClose" v-if="version.newV main(:class="$style.main" v-else-if="version.isDownloading && version.isTimeOut && !version.isUnknow") h2 ❗️ 新版本下载超时 ❗️ div(:class="$style.desc") - p 你当前所在网络访问GitHub较慢,导致新版本下载超时(已经下了半个钟了😳),建议手动更新版本! + p 你当前所在网络访问GitHub较慢,导致新版本下载超时(已经下了半个钟了😳),你仍可选择继续等,但墙裂建议手动更新版本! p | 你可以去 material-btn(min @click="handleOpenUrl('https://github.com/lyswhut/lx-music-desktop/releases')" tips="点击打开") 软件发布页 @@ -75,7 +75,7 @@ material-modal(:show="version.showModal" @close="handleClose" v-if="version.newV main(:class="$style.main" v-else-if="version.isUnknow") h2 ❓ 获取最新版本信息失败 ❓ - div.scroll(:class="$style.info") + div.scroll.select(:class="$style.info") div(:class="$style.current") h3 当前版本:{{version.version}} div(:class="$style.desc") @@ -94,17 +94,17 @@ material-modal(:show="version.showModal" @close="handleClose" v-if="version.newV main(:class="$style.main" v-else) h2 🌟发现新版本🌟 - div.scroll(:class="$style.info") + div.scroll.select(:class="$style.info") div(:class="$style.current") h3 最新版本:{{version.newVersion.version}} h3 当前版本:{{version.version}} h3 版本变化: - p(:class="$style.desc" v-html="version.newVersion.desc") + pre(:class="$style.desc" v-text="version.newVersion.desc") div(:class="[$style.history, $style.desc]" v-if="history.length") h3 历史版本: div(:class="$style.item" v-for="ver in history") h4 v{{ver.version}} - p(v-html="ver.desc") + pre(v-text="ver.desc") div(:class="$style.footer") div(:class="$style.desc") @@ -207,6 +207,11 @@ export default { font-size: 14px; line-height: 1.3; } + pre { + white-space: pre-wrap; + text-align: justify; + margin-top: 10px; + } } .info { diff --git a/src/renderer/store/actions.js b/src/renderer/store/actions.js index ed8b8ec1..266dd7d5 100644 --- a/src/renderer/store/actions.js +++ b/src/renderer/store/actions.js @@ -19,16 +19,31 @@ export default { }, getVersionInfo2(state, retryNum = 0) { return new Promise((resolve, reject) => { - httpGet('https://cdn.stsky.cn/lx-music/desktop/version.json', { + httpGet('https://gitee.com/lyswhut/lx-music-desktop-versions/raw/master/version.json', { timeout: 20000, }, (err, resp, body) => { + if (!err && !body.version) err = new Error(JSON.stringify(body)) if (err) { return ++retryNum > 3 - ? reject(err) + ? this.dispatch('getVersionInfo3').then(resolve).catch(reject) : this.dispatch('getVersionInfo2', retryNum).then(resolve).catch(reject) } resolve(body) }) }) }, + getVersionInfo3(state, retryNum = 0) { + return new Promise((resolve, reject) => { + httpGet('https://cdn.stsky.cn/lx-music/desktop/version.json', { + timeout: 20000, + }, (err, resp, body) => { + if (err) { + return ++retryNum > 3 + ? reject(err) + : this.dispatch('getVersionInfo3', retryNum).then(resolve).catch(reject) + } + resolve(body) + }) + }) + }, }