From 950466434a1c6422251fe1db814929788808c35f Mon Sep 17 00:00:00 2001
From: tianya <tianya@benshar.com>
Date: Wed, 9 Mar 2022 22:00:01 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=87=E4=BB=B6=E7=B1=BB=E5=9E=8B=E5=AE=89?=
=?UTF-8?q?=E5=85=A8=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
README.md | 6 ++++--
src/admin/album_edit.php | 9 +++++++++
src/admin/dialog/select_images_post.php | 9 +++++++++
src/admin/dialog/select_soft_post.php | 9 +++++++++
src/admin/file_manage_control.php | 10 ++++++++++
src/admin/friendlink_add.php | 9 +++++++++
src/admin/inc/inc_archives_functions.php | 18 ++++++++++++++++++
src/admin/media_add.php | 10 ++++++++++
src/admin/media_edit.php | 10 ++++++++++
src/admin/swfupload.php | 10 ++++++++++
src/admin/sys_info_mark.php | 9 +++++++++
src/system/common.func.php | 13 +++++++++++++
src/system/helpers/upload.helper.php | 17 +++++++++++++++++
13 files changed, 137 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 03b4dad1..8ad017de 100644
--- a/README.md
+++ b/README.md
@@ -24,13 +24,13 @@ DedeBIZ.x是一个LTS版本,支持将到2022年10月截止,目前DedeBIZ已
1.Windows 平台
-IIS/Apache/Nginx + PHP5/PHP7/PHP8 + MySQL5/8/10
+IIS/Apache/Nginx + PHP5.3+/PHP7/PHP8 + MySQL5/8/10
如果在windows环境中使用,建议用DedeCMS提供的DedeAMPZ套件以达到最佳使用性能
2.Linux/Unix 平台
-Apache/Nginx + PHP5/PHP7 + MySQL5/8/10 (PHP必须在非安全模式下运行)
+Apache/Nginx + PHP5.3+/PHP7 + MySQL5/8/10 (PHP必须在非安全模式下运行)
建议使用平台:Linux + Apache2.2 + PHP7.4 + MySQL5.0
@@ -38,6 +38,8 @@ Apache/Nginx + PHP5/PHP7 + MySQL5/8/10 (PHP必须在非安全模式下运行)
CURL:数据采集
+Fileinfo:文件上传安全校验
+
GD扩展库:图像验证码、水印、二维码生成
MySQL扩展库:数据存储
diff --git a/src/admin/album_edit.php b/src/admin/album_edit.php
index 2a8903fe..6604596a 100644
--- a/src/admin/album_edit.php
+++ b/src/admin/album_edit.php
@@ -188,6 +188,15 @@ else if ($dopost == 'save') {
$imgurls .= "{dede:img ddimg='$ddurl' text='$iinfo' width='".$imginfos[0]."' height='".$imginfos[1]."'} $iurl {/dede:img}\r\n";
continue;
}
+ $mime = get_mime_type($tmpFile);
+ if (preg_match("#^unknow#", $mime)) {
+ ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
+ exit;
+ }
+ if (!preg_match("#^image#i", $mime)) {
+ ShowMsg("非图片格式文件,无法正常上传", -1);
+ exit;
+ }
move_uploaded_file($tmpFile, $imgfile);
$imginfos = @GetImageSize($imgfile, $info);
if ($ddurl == $iurl) {
diff --git a/src/admin/dialog/select_images_post.php b/src/admin/dialog/select_images_post.php
index 58a66d32..2a01d97b 100644
--- a/src/admin/dialog/select_images_post.php
+++ b/src/admin/dialog/select_images_post.php
@@ -50,6 +50,15 @@ $fs = explode('.', $imgfile_name);
$filename = $filename.'.'.$fs[count($fs) - 1];
$filename_name = $filename_name.'.'.$fs[count($fs) - 1];
$fullfilename = $cfg_basedir.$activepath."/".$filename;
+$mime = get_mime_type($imgfile);
+if (preg_match("#^unknow#", $mime)) {
+ ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
+ exit;
+}
+if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
+ ShowMsg("仅支持媒体文件及应用程序上传", -1);
+ exit;
+}
move_uploaded_file($imgfile, $fullfilename) or die("上传文件到 $fullfilename 失败");
@unlink($imgfile);
if (empty($resize)) {
diff --git a/src/admin/dialog/select_soft_post.php b/src/admin/dialog/select_soft_post.php
index e09956af..f1b3fc6f 100644
--- a/src/admin/dialog/select_soft_post.php
+++ b/src/admin/dialog/select_soft_post.php
@@ -60,6 +60,15 @@ if (!empty($newname)) {
}
$fullfilename = $cfg_basedir.$activepath.'/'.$filename;
$fullfileurl = $activepath.'/'.$filename;
+$mime = get_mime_type($uploadfile);
+if (preg_match("#^unknow#", $mime)) {
+ ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
+ exit;
+}
+if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
+ ShowMsg("仅支持媒体文件及应用程序上传", -1);
+ exit;
+}
move_uploaded_file($uploadfile, $fullfilename) or die("上传文件到 $fullfilename 失败");
@unlink($uploadfile);
if ($uploadfile_type == 'application/x-shockwave-flash') {
diff --git a/src/admin/file_manage_control.php b/src/admin/file_manage_control.php
index f4cfa6ce..5226f2fc 100644
--- a/src/admin/file_manage_control.php
+++ b/src/admin/file_manage_control.php
@@ -102,6 +102,16 @@ else if ($fmdo == "upload") {
$upfile = ${$upfile};
$upfile_name = ${$upfile_name};
if (is_uploaded_file($upfile)) {
+ // 检查文件类型
+ $mime = get_mime_type($upfile);
+ if (preg_match("#^unknow#", $mime)) {
+ ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
+ exit;
+ }
+ if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
+ ShowMsg("仅支持媒体文件及应用程序上传", -1);
+ exit;
+ }
if (!file_exists($cfg_basedir.$activepath."/".$upfile_name)) {
move_uploaded_file($upfile, $cfg_basedir.$activepath."/".$upfile_name);
}
diff --git a/src/admin/friendlink_add.php b/src/admin/friendlink_add.php
index 2a60c689..2dda1b53 100644
--- a/src/admin/friendlink_add.php
+++ b/src/admin/friendlink_add.php
@@ -27,6 +27,15 @@ if ($dopost == "add") {
CloseFtp();
}
$imgurl = $imgurl."/".$filename;
+ $mime = get_mime_type($logoimg);
+ if (preg_match("#^unknow#", $mime)) {
+ ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
+ exit;
+ }
+ if (!preg_match("#^image#i", $mime)) {
+ ShowMsg("非图片格式文件,无法正常上传", -1);
+ exit;
+ }
move_uploaded_file($logoimg, $cfg_basedir.$imgurl) or die("复制文件到:".$cfg_basedir.$imgurl."失败");
@unlink($logoimg);
} else {
diff --git a/src/admin/inc/inc_archives_functions.php b/src/admin/inc/inc_archives_functions.php
index 215ef5c2..bd37fa33 100644
--- a/src/admin/inc/inc_archives_functions.php
+++ b/src/admin/inc/inc_archives_functions.php
@@ -393,6 +393,15 @@ function GetDDImage($litpic, $picname, $isremote)
} else {
$fullUrl = $fullUrl.".jpg";
}
+ $mime = get_mime_type($_FILES[$litpic]['tmp_name']);
+ if (preg_match("#^unknow#", $mime)) {
+ ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
+ exit;
+ }
+ if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
+ ShowMsg("仅支持媒体文件及应用程序上传", -1);
+ exit;
+ }
@move_uploaded_file($_FILES[$litpic]['tmp_name'], $cfg_basedir.$fullUrl);
$litpic = $fullUrl;
if ($GLOBALS['cfg_ddimg_full'] == 'Y') @ImageResizeNew($cfg_basedir.$fullUrl, $cfg_ddimg_width, $cfg_ddimg_height);
@@ -716,6 +725,15 @@ function UploadOneImage($upname, $handurl = '', $isremote = 1, $ntitle = '')
} else {
$fullUrl = $fullUrl.".jpg";
}
+ $mime = get_mime_type($_FILES[$upname]['tmp_name']);
+ if (preg_match("#^unknow#", $mime)) {
+ ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
+ exit;
+ }
+ if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
+ ShowMsg("仅支持媒体文件及应用程序上传", -1);
+ exit;
+ }
//保存
@move_uploaded_file($_FILES[$upname]['tmp_name'], $cfg_basedir.$fullUrl);
$filename = $fullUrl;
diff --git a/src/admin/media_add.php b/src/admin/media_add.php
index 57f22ecf..a508184d 100644
--- a/src/admin/media_add.php
+++ b/src/admin/media_add.php
@@ -65,6 +65,16 @@ if ($dopost == "upload") {
exit();
}
$fullfilename = $cfg_basedir.$filename;
+ $mime = get_mime_type(${"upfile".$i});
+ if (preg_match("#^unknow#", $mime)) {
+ ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
+ exit;
+ }
+ if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
+ ShowMsg("仅支持媒体文件及应用程序上传", -1);
+ exit;
+ }
+
if ($mediatype == 1) {
@move_uploaded_file(${"upfile".$i}, $fullfilename);
$info = '';
diff --git a/src/admin/media_edit.php b/src/admin/media_edit.php
index 4a3c2899..ca45ba3e 100644
--- a/src/admin/media_edit.php
+++ b/src/admin/media_edit.php
@@ -120,6 +120,16 @@ else if ($dopost == 'save') {
MkdirAll($cfg_basedir.$oldfile_path, 777);
CloseFtp();
}
+ $mime = get_mime_type($upfile);
+ if (preg_match("#^unknow#", $mime)) {
+ ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
+ exit;
+ }
+ if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
+ ShowMsg("仅支持媒体文件及应用程序上传", -1);
+ exit;
+ }
+
@move_uploaded_file($upfile, $fullfilename);
if ($mediatype == 1) {
require_once(DEDEINC."/image.func.php");
diff --git a/src/admin/swfupload.php b/src/admin/swfupload.php
index fac8157c..12552fb2 100644
--- a/src/admin/swfupload.php
+++ b/src/admin/swfupload.php
@@ -34,6 +34,16 @@ if (empty($dopost)) {
$FiledataNew = str_replace("\\", '/', $Filedata);
$FiledataNew = $tmpdir.'/'.preg_replace("/(.*)[\/]/isU", "", $FiledataNew);
+
+ $mime = get_mime_type($Filedata);
+ if (preg_match("#^unknow#", $mime)) {
+ echo "ERROR: Create {$tmpdir} dir Error! ";
+ exit;
+ }
+ if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
+ echo "ERROR: Create {$tmpdir} dir Error! ";
+ exit;
+ }
move_uploaded_file($Filedata, $FiledataNew);
$info = $ftype = $sname = '';
diff --git a/src/admin/sys_info_mark.php b/src/admin/sys_info_mark.php
index ebefcddd..4f48836f 100644
--- a/src/admin/sys_info_mark.php
+++ b/src/admin/sys_info_mark.php
@@ -45,6 +45,15 @@ if ($action == "save") {
exit;
}
$photo_markimg = 'mark'.$shortname;
+ $mime = get_mime_type($newimg);
+ if (preg_match("#^unknow#", $mime)) {
+ ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
+ exit;
+ }
+ if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
+ ShowMsg("仅支持媒体文件及应用程序上传", -1);
+ exit;
+ }
@move_uploaded_file($newimg, DEDEDATA."/mark/".$photo_markimg);
}
$configstr .= "\$photo_markimg = '{$photo_markimg}';\r\n";
diff --git a/src/system/common.func.php b/src/system/common.func.php
index 2a888d52..0f15ebf2 100755
--- a/src/system/common.func.php
+++ b/src/system/common.func.php
@@ -47,6 +47,19 @@ if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
}
}
+function get_mime_type($filename)
+{
+ if (! function_exists('finfo_open'))
+ {
+ return 'unknow/octet-stream';
+ }
+
+ $finfo = finfo_open(FILEINFO_MIME_TYPE);
+ $mimeType = finfo_file($finfo, $filename);
+ finfo_close($finfo);
+ return $mimeType;
+}
+
function is_all_numeric(array $array){
foreach($array as $item){
if(!is_numeric($item)) return false;
diff --git a/src/system/helpers/upload.helper.php b/src/system/helpers/upload.helper.php
index 0de977f0..2955d1b7 100755
--- a/src/system/helpers/upload.helper.php
+++ b/src/system/helpers/upload.helper.php
@@ -79,6 +79,12 @@ if (!function_exists('AdminUpload')) {
}
}
$fileurl = $filedir.'/'.$filename.'.'.$file_sname;
+
+
+ $mime = get_mime_type($file_tmp);
+ if (!preg_match("#^image#i", $mime)) {
+ return -1;
+ }
$rs = move_uploaded_file($file_tmp, $cfg_basedir.$fileurl);
if (!$rs) return -2;
if ($ftype == 'image' && $watermark) {
@@ -157,6 +163,17 @@ if (!function_exists('MemberUploads')) {
} else {
$filename = $cfg_user_dir."/{$userid}/{$exname}.".$sname;
}
+
+ $mime = get_mime_type($GLOBALS[$upname]);
+ if (preg_match("#^unknow#", $mime)) {
+ ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
+ exit;
+ }
+ if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
+ ShowMsg("仅支持媒体文件及应用程序上传", -1);
+ exit;
+ }
+
move_uploaded_file($GLOBALS[$upname], $cfg_basedir.$filename) or die("上传文件到 {$filename} 失败");
@unlink($GLOBALS[$upname]);