tianya
1 year ago
9 changed files with 17 additions and 10 deletions
Unified View
Diff Options
-
+1 -1src/admin/api.php
-
+1 -1src/admin/dialog/select_soft_post.php
-
+6 -2src/admin/file_manage_control.php
-
+3 -0src/admin/file_manage_view.php
-
+1 -1src/admin/makehtml_homepage.php
-
+1 -1src/admin/media_add.php
-
+1 -1src/system/common.func.php
-
+2 -2src/system/helpers/upload.helper.php
-
+1 -1src/system/uploadsafe.inc.php
+ 1
- 1
src/admin/api.php
View File
| @@ -393,7 +393,7 @@ if ($action === 'is_need_check_code') { | |||||
| $filename = $filename.'.'.$fs[count($fs) - 1]; | $filename = $filename.'.'.$fs[count($fs) - 1]; | ||||
| $filename_name = $filename_name.'.'.$fs[count($fs) - 1]; | $filename_name = $filename_name.'.'.$fs[count($fs) - 1]; | ||||
| $fullfilename = $cfg_basedir.$activepath."/".$filename; | $fullfilename = $cfg_basedir.$activepath."/".$filename; | ||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($fullfilename))) { | |||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($fullfilename))) { | |||||
| echo json_encode(array( | echo json_encode(array( | ||||
| "code" => -1, | "code" => -1, | ||||
| "uploaded" => 0, | "uploaded" => 0, | ||||
+ 1
- 1
src/admin/dialog/select_soft_post.php
View File
| @@ -58,7 +58,7 @@ if (!empty($newname)) { | |||||
| } | } | ||||
| $filename = $filename.'.'.$fs[count($fs) - 1]; | $filename = $filename.'.'.$fs[count($fs) - 1]; | ||||
| } | } | ||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) { | |||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($filename))) { | |||||
| ShowMsg("文件扩展名已被系统禁止", "javascript:;"); | ShowMsg("文件扩展名已被系统禁止", "javascript:;"); | ||||
| exit(); | exit(); | ||||
| } | } | ||||
+ 6
- 2
src/admin/file_manage_control.php
View File
| @@ -86,11 +86,15 @@ else if ($fmdo == "del") { | |||||
| else if ($fmdo == "edit") { | else if ($fmdo == "edit") { | ||||
| CheckCSRF(); | CheckCSRF(); | ||||
| $filename = str_replace("..", "", $filename); | $filename = str_replace("..", "", $filename); | ||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) { | |||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($filename))) { | |||||
| ShowMsg("文件扩展名已被系统禁止", "javascript:;"); | ShowMsg("文件扩展名已被系统禁止", "javascript:;"); | ||||
| exit(); | exit(); | ||||
| } | } | ||||
| $file = "$cfg_basedir$activepath/$filename"; | $file = "$cfg_basedir$activepath/$filename"; | ||||
| if (in_array($file,$realFiles)) { | |||||
| ShowMsg("系统文件禁止编辑", "javascript:;"); | |||||
| exit(); | |||||
| } | |||||
| $str = stripslashes($str); | $str = stripslashes($str); | ||||
| $fp = fopen($file, "w"); | $fp = fopen($file, "w"); | ||||
| fputs($fp, $str); | fputs($fp, $str); | ||||
| @@ -113,7 +117,7 @@ else if ($fmdo == "upload") { | |||||
| } | } | ||||
| $upfile = ${$upfile}; | $upfile = ${$upfile}; | ||||
| $upfile_name = ${$upfile_name}; | $upfile_name = ${$upfile_name}; | ||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($upfile_name))) { | |||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($upfile_name))) { | |||||
| ShowMsg("文件扩展名已被系统禁止", "javascript:;"); | ShowMsg("文件扩展名已被系统禁止", "javascript:;"); | ||||
| exit(); | exit(); | ||||
| } | } | ||||
+ 3
- 0
src/admin/file_manage_view.php
View File
| @@ -86,6 +86,9 @@ else if ($fmdo == "del") { | |||||
| } | } | ||||
| //修改文件 | //修改文件 | ||||
| else if ($fmdo == "edit") { | else if ($fmdo == "edit") { | ||||
| if (DEDEBIZ_SAFE_MODE) { | |||||
| die(DedeAlert("系统已启用安全模式,无法使用当前功能",ALERT_DANGER)); | |||||
| } | |||||
| if (!isset($backurl)) { | if (!isset($backurl)) { | ||||
| $backurl = ''; | $backurl = ''; | ||||
| } | } | ||||
+ 1
- 1
src/admin/makehtml_homepage.php
View File
| @@ -60,7 +60,7 @@ if ($dopost == "view") { | |||||
| } | } | ||||
| $remotepos = empty($remotepos) ? '../index.html' : $remotepos; | $remotepos = empty($remotepos) ? '../index.html' : $remotepos; | ||||
| $serviterm = empty($serviterm) ? "" : $serviterm; | $serviterm = empty($serviterm) ? "" : $serviterm; | ||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($position))) { | |||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($position))) { | |||||
| ShowMsg("文件扩展名已被系统禁止", "javascript:;"); | ShowMsg("文件扩展名已被系统禁止", "javascript:;"); | ||||
| exit(); | exit(); | ||||
| } | } | ||||
+ 1
- 1
src/admin/media_add.php
View File
| @@ -51,7 +51,7 @@ if ($dopost == "upload") { | |||||
| if (!is_dir($cfg_basedir.$savePath)) { | if (!is_dir($cfg_basedir.$savePath)) { | ||||
| MkdirAll($cfg_basedir.$savePath, 777); | MkdirAll($cfg_basedir.$savePath, 777); | ||||
| } | } | ||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($newname))) { | |||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($newname)) || preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) { | |||||
| ShowMsg("文件扩展名已被系统禁止", "javascript:;"); | ShowMsg("文件扩展名已被系统禁止", "javascript:;"); | ||||
| exit(); | exit(); | ||||
| } | } | ||||
+ 1
- 1
src/system/common.func.php
View File
| @@ -84,7 +84,7 @@ function get_mime_type($filename) | |||||
| } | } | ||||
| $finfo = finfo_open(FILEINFO_MIME_TYPE); | $finfo = finfo_open(FILEINFO_MIME_TYPE); | ||||
| $mimeType = finfo_file($finfo, $filename); | $mimeType = finfo_file($finfo, $filename); | ||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) { | |||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($filename))) { | |||||
| return 'forbid/octet-stream'; | return 'forbid/octet-stream'; | ||||
| } | } | ||||
| finfo_close($finfo); | finfo_close($finfo); | ||||
+ 2
- 2
src/system/helpers/upload.helper.php
View File
| @@ -136,7 +136,7 @@ if (!function_exists('MemberUploads')) { | |||||
| exit(); | exit(); | ||||
| } | } | ||||
| //强制禁止的文件类型 | //强制禁止的文件类型 | ||||
| if (preg_match("/(asp|php|pl|cgi|shtm|js)$/", $sname)) { | |||||
| if (preg_match("/(asp|php|pl|cgi|shtm|js|htm)$/", $sname)) { | |||||
| ShowMsg("您上传的文件已被系统禁止", '-1'); | ShowMsg("您上传的文件已被系统禁止", '-1'); | ||||
| exit(); | exit(); | ||||
| } | } | ||||
| @@ -177,7 +177,7 @@ if (!function_exists('MemberUploads')) { | |||||
| //强制禁止的文件类型 | //强制禁止的文件类型 | ||||
| if ($handname == '') { | if ($handname == '') { | ||||
| return $handname; | return $handname; | ||||
| } else if (preg_match("/\.(asp|php|pl|cgi|shtm|js)$/", $handname)) { | |||||
| } else if (preg_match("/\.(asp|php|pl|cgi|shtm|js|htm)$/", $handname)) { | |||||
| exit('Not allow filename for not safe!'); | exit('Not allow filename for not safe!'); | ||||
| } else if (!preg_match("/\.(".$allAllowType.")$/", $handname)) { | } else if (!preg_match("/\.(".$allAllowType.")$/", $handname)) { | ||||
| exit('Not allow filename for filetype!'); | exit('Not allow filename for filetype!'); | ||||
+ 1
- 1
src/system/uploadsafe.inc.php
View File
| @@ -11,7 +11,7 @@ if (isset($_FILES['GLOBALS'])) exit ('Request not allow!'); | |||||
| * @link https://www.dedebiz.com | * @link https://www.dedebiz.com | ||||
| */ | */ | ||||
| //为了防止会员通过注入,这里强制限定的某些文件类型禁止上传 | //为了防止会员通过注入,这里强制限定的某些文件类型禁止上传 | ||||
| $cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml"; | |||||
| $cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml|htm"; | |||||
| $keyarr = array('name', 'type', 'tmp_name', 'size'); | $keyarr = array('name', 'type', 'tmp_name', 'size'); | ||||
| if ( | if ( | ||||
| ($GLOBALS['cfg_html_editor'] == 'ckeditor' || | ($GLOBALS['cfg_html_editor'] == 'ckeditor' || | ||||