thinkphp5安全版本搭建记录

thinkphp5安全版本搭建记录

作者 安全运维

tp5历史上有很多安全漏洞,记录thinkphp5安全版本的搭建过程。

安装php7

启用 EPEL 和 Remi 仓库

sudo yum install -y epel-release
sudo yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm

启用 Remi 的 PHP 7 仓库,这里以 PHP 7.4 为例,如果需要其他版本,可以将 remi-php74 替换为 remi-php73 或其他版本号。

sudo yum-config-manager --enable remi-php74

安装 PHP 7.x 及其扩展。

sudo yum install -y php php-cli php-mbstring php-xml php-mysqlnd php-pdo php-fpm

验证 PHP 版本

[root@VM-0-42-centos ~]# php -v
PHP 7.4.33 (cli) (built: Apr 10 2024 09:34:29) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies

安装Composer

wget -O composer-setup.php https://getcomposer.org/installer
sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer

使用Composer安装thinkphp5

默认会安装thinkphp5的最新版本。

[root@VM-0-42-centos ~]# composer create-project topthink/think tp5
Creating a "topthink/think" project at "./tp5"
Installing topthink/think (v5.0.24)
  - Downloading topthink/think (v5.0.24)
  - Installing topthink/think (v5.0.24): Extracting archive
Created project in /root/tp5
Loading composer repositories with package information
Updating dependencies
Lock file operations: 2 installs, 0 updates, 0 removals
  - Locking topthink/framework (v5.0.25)
  - Locking topthink/think-installer (v1.0.14)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 2 installs, 0 updates, 0 removals
  - Downloading topthink/think-installer (v1.0.14)
  - Downloading topthink/framework (v5.0.25)
topthink/think-installer contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "topthink/think-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] y
  - Installing topthink/think-installer (v1.0.14): Extracting archive
  - Installing topthink/framework (v5.0.25): Extracting archive
Generating autoload files

确认thinkphp框架信息。

cd tp5/
composer show topthink/framework
cd public/
php -S 0.0.0.0:8000

thinkphp5已经安装成功了,网页访问也没有问题。

在 ThinkPHP5 项目中,业务代码通常放置在 application 目录下,接下来就可以部署业务代码了。

Post Views: 16
赞赏

微信赞赏支付宝赞赏
Zgao

愿有一日,安全圈的师傅们都能用上Zgao写的工具。

发表评论