修复评论区QQ头像显示 #1315
Open
修复评论区QQ头像显示 #1315
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR fixes QQ avatar display in the comment section by switching from a deprecated QQ API to a new one that requires an API key. The implementation also improves the encryption security for QQ numbers and adds proper key management.
- Replaces deprecated QQ API with a new API that requires authentication
- Updates encryption method to use proper random IV instead of repeated key
- Adds configuration option for the new API key
- Implements secure key generation and storage mechanism
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| opt/options/theme-options.php | Adds configuration field for QQ Avatar API Key |
| inc/classes/QQ.php | Updates API endpoint and improves encryption decryption logic |
| functions.php | Fixes encryption implementation and adds secure key management |
| $iv_length = openssl_cipher_iv_length('aes-128-cbc'); | ||
| $iv = openssl_random_pseudo_bytes($iv_length); | ||
|
|
||
| $iv = substr(md5($sakura_privkey), 0, 16); |
There was a problem hiding this comment.
Using a deterministic IV derived from the key weakens encryption security. The IV should be randomly generated for each encryption operation to ensure semantic security.
Copilot uses AI. Check for mistakes.
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
|
走非官方api让我很难办啊 |
想保留这个功能的话,大概只能这样了 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.