diff --git a/README.md b/README.md index 03b4dad1..8ad017de 100644 --- a/README.md +++ b/README.md @@ -24,13 +24,13 @@ DedeBIZ.x是一个LTS版本,支持将到2022年10月截止,目前DedeBIZ已 1.Windows 平台 -IIS/Apache/Nginx + PHP5/PHP7/PHP8 + MySQL5/8/10 +IIS/Apache/Nginx + PHP5.3+/PHP7/PHP8 + MySQL5/8/10 如果在windows环境中使用,建议用DedeCMS提供的DedeAMPZ套件以达到最佳使用性能 2.Linux/Unix 平台 -Apache/Nginx + PHP5/PHP7 + MySQL5/8/10 (PHP必须在非安全模式下运行) +Apache/Nginx + PHP5.3+/PHP7 + MySQL5/8/10 (PHP必须在非安全模式下运行) 建议使用平台:Linux + Apache2.2 + PHP7.4 + MySQL5.0 @@ -38,6 +38,8 @@ Apache/Nginx + PHP5/PHP7 + MySQL5/8/10 (PHP必须在非安全模式下运行) CURL:数据采集 +Fileinfo:文件上传安全校验 + GD扩展库:图像验证码、水印、二维码生成 MySQL扩展库:数据存储 diff --git a/src/admin/album_edit.php b/src/admin/album_edit.php index 2a8903fe..6604596a 100644 --- a/src/admin/album_edit.php +++ b/src/admin/album_edit.php @@ -188,6 +188,15 @@ else if ($dopost == 'save') { $imgurls .= "{dede:img ddimg='$ddurl' text='$iinfo' width='".$imginfos[0]."' height='".$imginfos[1]."'} $iurl {/dede:img}\r\n"; continue; } + $mime = get_mime_type($tmpFile); + if (preg_match("#^unknow#", $mime)) { + ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); + exit; + } + if (!preg_match("#^image#i", $mime)) { + ShowMsg("非图片格式文件,无法正常上传", -1); + exit; + } move_uploaded_file($tmpFile, $imgfile); $imginfos = @GetImageSize($imgfile, $info); if ($ddurl == $iurl) { diff --git a/src/admin/dialog/select_images_post.php b/src/admin/dialog/select_images_post.php index 58a66d32..2a01d97b 100644 --- a/src/admin/dialog/select_images_post.php +++ b/src/admin/dialog/select_images_post.php @@ -50,6 +50,15 @@ $fs = explode('.', $imgfile_name); $filename = $filename.'.'.$fs[count($fs) - 1]; $filename_name = $filename_name.'.'.$fs[count($fs) - 1]; $fullfilename = $cfg_basedir.$activepath."/".$filename; +$mime = get_mime_type($imgfile); +if (preg_match("#^unknow#", $mime)) { + ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); + exit; +} +if (!preg_match("#^(image|video|audio|application)#i", $mime)) { + ShowMsg("仅支持媒体文件及应用程序上传", -1); + exit; +} move_uploaded_file($imgfile, $fullfilename) or die("上传文件到 $fullfilename 失败"); @unlink($imgfile); if (empty($resize)) { diff --git a/src/admin/dialog/select_soft_post.php b/src/admin/dialog/select_soft_post.php index e09956af..f1b3fc6f 100644 --- a/src/admin/dialog/select_soft_post.php +++ b/src/admin/dialog/select_soft_post.php @@ -60,6 +60,15 @@ if (!empty($newname)) { } $fullfilename = $cfg_basedir.$activepath.'/'.$filename; $fullfileurl = $activepath.'/'.$filename; +$mime = get_mime_type($uploadfile); +if (preg_match("#^unknow#", $mime)) { + ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); + exit; +} +if (!preg_match("#^(image|video|audio|application)#i", $mime)) { + ShowMsg("仅支持媒体文件及应用程序上传", -1); + exit; +} move_uploaded_file($uploadfile, $fullfilename) or die("上传文件到 $fullfilename 失败"); @unlink($uploadfile); if ($uploadfile_type == 'application/x-shockwave-flash') { diff --git a/src/admin/file_manage_control.php b/src/admin/file_manage_control.php index f4cfa6ce..5226f2fc 100644 --- a/src/admin/file_manage_control.php +++ b/src/admin/file_manage_control.php @@ -102,6 +102,16 @@ else if ($fmdo == "upload") { $upfile = ${$upfile}; $upfile_name = ${$upfile_name}; if (is_uploaded_file($upfile)) { + // 检查文件类型 + $mime = get_mime_type($upfile); + if (preg_match("#^unknow#", $mime)) { + ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); + exit; + } + if (!preg_match("#^(image|video|audio|application)#i", $mime)) { + ShowMsg("仅支持媒体文件及应用程序上传", -1); + exit; + } if (!file_exists($cfg_basedir.$activepath."/".$upfile_name)) { move_uploaded_file($upfile, $cfg_basedir.$activepath."/".$upfile_name); } diff --git a/src/admin/friendlink_add.php b/src/admin/friendlink_add.php index 2a60c689..2dda1b53 100644 --- a/src/admin/friendlink_add.php +++ b/src/admin/friendlink_add.php @@ -27,6 +27,15 @@ if ($dopost == "add") { CloseFtp(); } $imgurl = $imgurl."/".$filename; + $mime = get_mime_type($logoimg); + if (preg_match("#^unknow#", $mime)) { + ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); + exit; + } + if (!preg_match("#^image#i", $mime)) { + ShowMsg("非图片格式文件,无法正常上传", -1); + exit; + } move_uploaded_file($logoimg, $cfg_basedir.$imgurl) or die("复制文件到:".$cfg_basedir.$imgurl."失败"); @unlink($logoimg); } else { diff --git a/src/admin/inc/inc_archives_functions.php b/src/admin/inc/inc_archives_functions.php index 215ef5c2..bd37fa33 100644 --- a/src/admin/inc/inc_archives_functions.php +++ b/src/admin/inc/inc_archives_functions.php @@ -393,6 +393,15 @@ function GetDDImage($litpic, $picname, $isremote) } else { $fullUrl = $fullUrl.".jpg"; } + $mime = get_mime_type($_FILES[$litpic]['tmp_name']); + if (preg_match("#^unknow#", $mime)) { + ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); + exit; + } + if (!preg_match("#^(image|video|audio|application)#i", $mime)) { + ShowMsg("仅支持媒体文件及应用程序上传", -1); + exit; + } @move_uploaded_file($_FILES[$litpic]['tmp_name'], $cfg_basedir.$fullUrl); $litpic = $fullUrl; if ($GLOBALS['cfg_ddimg_full'] == 'Y') @ImageResizeNew($cfg_basedir.$fullUrl, $cfg_ddimg_width, $cfg_ddimg_height); @@ -716,6 +725,15 @@ function UploadOneImage($upname, $handurl = '', $isremote = 1, $ntitle = '') } else { $fullUrl = $fullUrl.".jpg"; } + $mime = get_mime_type($_FILES[$upname]['tmp_name']); + if (preg_match("#^unknow#", $mime)) { + ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); + exit; + } + if (!preg_match("#^(image|video|audio|application)#i", $mime)) { + ShowMsg("仅支持媒体文件及应用程序上传", -1); + exit; + } //保存 @move_uploaded_file($_FILES[$upname]['tmp_name'], $cfg_basedir.$fullUrl); $filename = $fullUrl; diff --git a/src/admin/media_add.php b/src/admin/media_add.php index 57f22ecf..a508184d 100644 --- a/src/admin/media_add.php +++ b/src/admin/media_add.php @@ -65,6 +65,16 @@ if ($dopost == "upload") { exit(); } $fullfilename = $cfg_basedir.$filename; + $mime = get_mime_type(${"upfile".$i}); + if (preg_match("#^unknow#", $mime)) { + ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); + exit; + } + if (!preg_match("#^(image|video|audio|application)#i", $mime)) { + ShowMsg("仅支持媒体文件及应用程序上传", -1); + exit; + } + if ($mediatype == 1) { @move_uploaded_file(${"upfile".$i}, $fullfilename); $info = ''; diff --git a/src/admin/media_edit.php b/src/admin/media_edit.php index 4a3c2899..ca45ba3e 100644 --- a/src/admin/media_edit.php +++ b/src/admin/media_edit.php @@ -120,6 +120,16 @@ else if ($dopost == 'save') { MkdirAll($cfg_basedir.$oldfile_path, 777); CloseFtp(); } + $mime = get_mime_type($upfile); + if (preg_match("#^unknow#", $mime)) { + ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); + exit; + } + if (!preg_match("#^(image|video|audio|application)#i", $mime)) { + ShowMsg("仅支持媒体文件及应用程序上传", -1); + exit; + } + @move_uploaded_file($upfile, $fullfilename); if ($mediatype == 1) { require_once(DEDEINC."/image.func.php"); diff --git a/src/admin/swfupload.php b/src/admin/swfupload.php index fac8157c..12552fb2 100644 --- a/src/admin/swfupload.php +++ b/src/admin/swfupload.php @@ -34,6 +34,16 @@ if (empty($dopost)) { $FiledataNew = str_replace("\\", '/', $Filedata); $FiledataNew = $tmpdir.'/'.preg_replace("/(.*)[\/]/isU", "", $FiledataNew); + + $mime = get_mime_type($Filedata); + if (preg_match("#^unknow#", $mime)) { + echo "ERROR: Create {$tmpdir} dir Error! "; + exit; + } + if (!preg_match("#^(image|video|audio|application)#i", $mime)) { + echo "ERROR: Create {$tmpdir} dir Error! "; + exit; + } move_uploaded_file($Filedata, $FiledataNew); $info = $ftype = $sname = ''; diff --git a/src/admin/sys_info_mark.php b/src/admin/sys_info_mark.php index ebefcddd..4f48836f 100644 --- a/src/admin/sys_info_mark.php +++ b/src/admin/sys_info_mark.php @@ -45,6 +45,15 @@ if ($action == "save") { exit; } $photo_markimg = 'mark'.$shortname; + $mime = get_mime_type($newimg); + if (preg_match("#^unknow#", $mime)) { + ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); + exit; + } + if (!preg_match("#^(image|video|audio|application)#i", $mime)) { + ShowMsg("仅支持媒体文件及应用程序上传", -1); + exit; + } @move_uploaded_file($newimg, DEDEDATA."/mark/".$photo_markimg); } $configstr .= "\$photo_markimg = '{$photo_markimg}';\r\n"; diff --git a/src/system/common.func.php b/src/system/common.func.php index 2a888d52..0f15ebf2 100755 --- a/src/system/common.func.php +++ b/src/system/common.func.php @@ -47,6 +47,19 @@ if (version_compare(PHP_VERSION, '7.0.0', '>=')) { } } +function get_mime_type($filename) +{ + if (! function_exists('finfo_open')) + { + return 'unknow/octet-stream'; + } + + $finfo = finfo_open(FILEINFO_MIME_TYPE); + $mimeType = finfo_file($finfo, $filename); + finfo_close($finfo); + return $mimeType; +} + function is_all_numeric(array $array){ foreach($array as $item){ if(!is_numeric($item)) return false; diff --git a/src/system/helpers/upload.helper.php b/src/system/helpers/upload.helper.php index 0de977f0..2955d1b7 100755 --- a/src/system/helpers/upload.helper.php +++ b/src/system/helpers/upload.helper.php @@ -79,6 +79,12 @@ if (!function_exists('AdminUpload')) { } } $fileurl = $filedir.'/'.$filename.'.'.$file_sname; + + + $mime = get_mime_type($file_tmp); + if (!preg_match("#^image#i", $mime)) { + return -1; + } $rs = move_uploaded_file($file_tmp, $cfg_basedir.$fileurl); if (!$rs) return -2; if ($ftype == 'image' && $watermark) { @@ -157,6 +163,17 @@ if (!function_exists('MemberUploads')) { } else { $filename = $cfg_user_dir."/{$userid}/{$exname}.".$sname; } + + $mime = get_mime_type($GLOBALS[$upname]); + if (preg_match("#^unknow#", $mime)) { + ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); + exit; + } + if (!preg_match("#^(image|video|audio|application)#i", $mime)) { + ShowMsg("仅支持媒体文件及应用程序上传", -1); + exit; + } + move_uploaded_file($GLOBALS[$upname], $cfg_basedir.$filename) or die("上传文件到 {$filename} 失败"); @unlink($GLOBALS[$upname]);