DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 31 Activity
Browse Source

文件类型安全校验

tags/6.1.0^2
tianya 3 years ago
parent
b16aa3f75e
commit
950466434a
13 changed files with 137 additions and 2 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -2
      README.md
  2. +9
    -0
      src/admin/album_edit.php
  3. +9
    -0
      src/admin/dialog/select_images_post.php
  4. +9
    -0
      src/admin/dialog/select_soft_post.php
  5. +10
    -0
      src/admin/file_manage_control.php
  6. +9
    -0
      src/admin/friendlink_add.php
  7. +18
    -0
      src/admin/inc/inc_archives_functions.php
  8. +10
    -0
      src/admin/media_add.php
  9. +10
    -0
      src/admin/media_edit.php
  10. +10
    -0
      src/admin/swfupload.php
  11. +9
    -0
      src/admin/sys_info_mark.php
  12. +13
    -0
      src/system/common.func.php
  13. +17
    -0
      src/system/helpers/upload.helper.php

+ 4
- 2
README.md View File

@@ -24,13 +24,13 @@ DedeBIZ.x是一个LTS版本,支持将到2022年10月截止,目前DedeBIZ已


1.Windows 平台 1.Windows 平台


IIS/Apache/Nginx + PHP5/PHP7/PHP8 + MySQL5/8/10
IIS/Apache/Nginx + PHP5.3+/PHP7/PHP8 + MySQL5/8/10


如果在windows环境中使用,建议用DedeCMS提供的DedeAMPZ套件以达到最佳使用性能 如果在windows环境中使用,建议用DedeCMS提供的DedeAMPZ套件以达到最佳使用性能


2.Linux/Unix 平台 2.Linux/Unix 平台


Apache/Nginx + PHP5/PHP7 + MySQL5/8/10 (PHP必须在非安全模式下运行)
Apache/Nginx + PHP5.3+/PHP7 + MySQL5/8/10 (PHP必须在非安全模式下运行)


建议使用平台:Linux + Apache2.2 + PHP7.4 + MySQL5.0 建议使用平台:Linux + Apache2.2 + PHP7.4 + MySQL5.0


@@ -38,6 +38,8 @@ Apache/Nginx + PHP5/PHP7 + MySQL5/8/10 (PHP必须在非安全模式下运行)


CURL:数据采集 CURL:数据采集


Fileinfo:文件上传安全校验

GD扩展库:图像验证码、水印、二维码生成 GD扩展库:图像验证码、水印、二维码生成


MySQL扩展库:数据存储 MySQL扩展库:数据存储


+ 9
- 0
src/admin/album_edit.php View File

@@ -188,6 +188,15 @@ else if ($dopost == 'save') {
$imgurls .= "{dede:img ddimg='$ddurl' text='$iinfo' width='".$imginfos[0]."' height='".$imginfos[1]."'} $iurl {/dede:img}\r\n"; $imgurls .= "{dede:img ddimg='$ddurl' text='$iinfo' width='".$imginfos[0]."' height='".$imginfos[1]."'} $iurl {/dede:img}\r\n";
continue; continue;
} }
$mime = get_mime_type($tmpFile);
if (preg_match("#^unknow#", $mime)) {
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
exit;
}
if (!preg_match("#^image#i", $mime)) {
ShowMsg("非图片格式文件,无法正常上传", -1);
exit;
}
move_uploaded_file($tmpFile, $imgfile); move_uploaded_file($tmpFile, $imgfile);
$imginfos = @GetImageSize($imgfile, $info); $imginfos = @GetImageSize($imgfile, $info);
if ($ddurl == $iurl) { if ($ddurl == $iurl) {


+ 9
- 0
src/admin/dialog/select_images_post.php View File

@@ -50,6 +50,15 @@ $fs = explode('.', $imgfile_name);
$filename = $filename.'.'.$fs[count($fs) - 1]; $filename = $filename.'.'.$fs[count($fs) - 1];
$filename_name = $filename_name.'.'.$fs[count($fs) - 1]; $filename_name = $filename_name.'.'.$fs[count($fs) - 1];
$fullfilename = $cfg_basedir.$activepath."/".$filename; $fullfilename = $cfg_basedir.$activepath."/".$filename;
$mime = get_mime_type($imgfile);
if (preg_match("#^unknow#", $mime)) {
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
exit;
}
if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
ShowMsg("仅支持媒体文件及应用程序上传", -1);
exit;
}
move_uploaded_file($imgfile, $fullfilename) or die("上传文件到 $fullfilename 失败"); move_uploaded_file($imgfile, $fullfilename) or die("上传文件到 $fullfilename 失败");
@unlink($imgfile); @unlink($imgfile);
if (empty($resize)) { if (empty($resize)) {


+ 9
- 0
src/admin/dialog/select_soft_post.php View File

@@ -60,6 +60,15 @@ if (!empty($newname)) {
} }
$fullfilename = $cfg_basedir.$activepath.'/'.$filename; $fullfilename = $cfg_basedir.$activepath.'/'.$filename;
$fullfileurl = $activepath.'/'.$filename; $fullfileurl = $activepath.'/'.$filename;
$mime = get_mime_type($uploadfile);
if (preg_match("#^unknow#", $mime)) {
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
exit;
}
if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
ShowMsg("仅支持媒体文件及应用程序上传", -1);
exit;
}
move_uploaded_file($uploadfile, $fullfilename) or die("上传文件到 $fullfilename 失败"); move_uploaded_file($uploadfile, $fullfilename) or die("上传文件到 $fullfilename 失败");
@unlink($uploadfile); @unlink($uploadfile);
if ($uploadfile_type == 'application/x-shockwave-flash') { if ($uploadfile_type == 'application/x-shockwave-flash') {


+ 10
- 0
src/admin/file_manage_control.php View File

@@ -102,6 +102,16 @@ else if ($fmdo == "upload") {
$upfile = ${$upfile}; $upfile = ${$upfile};
$upfile_name = ${$upfile_name}; $upfile_name = ${$upfile_name};
if (is_uploaded_file($upfile)) { if (is_uploaded_file($upfile)) {
// 检查文件类型
$mime = get_mime_type($upfile);
if (preg_match("#^unknow#", $mime)) {
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
exit;
}
if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
ShowMsg("仅支持媒体文件及应用程序上传", -1);
exit;
}
if (!file_exists($cfg_basedir.$activepath."/".$upfile_name)) { if (!file_exists($cfg_basedir.$activepath."/".$upfile_name)) {
move_uploaded_file($upfile, $cfg_basedir.$activepath."/".$upfile_name); move_uploaded_file($upfile, $cfg_basedir.$activepath."/".$upfile_name);
} }


+ 9
- 0
src/admin/friendlink_add.php View File

@@ -27,6 +27,15 @@ if ($dopost == "add") {
CloseFtp(); CloseFtp();
} }
$imgurl = $imgurl."/".$filename; $imgurl = $imgurl."/".$filename;
$mime = get_mime_type($logoimg);
if (preg_match("#^unknow#", $mime)) {
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
exit;
}
if (!preg_match("#^image#i", $mime)) {
ShowMsg("非图片格式文件,无法正常上传", -1);
exit;
}
move_uploaded_file($logoimg, $cfg_basedir.$imgurl) or die("复制文件到:".$cfg_basedir.$imgurl."失败"); move_uploaded_file($logoimg, $cfg_basedir.$imgurl) or die("复制文件到:".$cfg_basedir.$imgurl."失败");
@unlink($logoimg); @unlink($logoimg);
} else { } else {


+ 18
- 0
src/admin/inc/inc_archives_functions.php View File

@@ -393,6 +393,15 @@ function GetDDImage($litpic, $picname, $isremote)
} else { } else {
$fullUrl = $fullUrl.".jpg"; $fullUrl = $fullUrl.".jpg";
} }
$mime = get_mime_type($_FILES[$litpic]['tmp_name']);
if (preg_match("#^unknow#", $mime)) {
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
exit;
}
if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
ShowMsg("仅支持媒体文件及应用程序上传", -1);
exit;
}
@move_uploaded_file($_FILES[$litpic]['tmp_name'], $cfg_basedir.$fullUrl); @move_uploaded_file($_FILES[$litpic]['tmp_name'], $cfg_basedir.$fullUrl);
$litpic = $fullUrl; $litpic = $fullUrl;
if ($GLOBALS['cfg_ddimg_full'] == 'Y') @ImageResizeNew($cfg_basedir.$fullUrl, $cfg_ddimg_width, $cfg_ddimg_height); if ($GLOBALS['cfg_ddimg_full'] == 'Y') @ImageResizeNew($cfg_basedir.$fullUrl, $cfg_ddimg_width, $cfg_ddimg_height);
@@ -716,6 +725,15 @@ function UploadOneImage($upname, $handurl = '', $isremote = 1, $ntitle = '')
} else { } else {
$fullUrl = $fullUrl.".jpg"; $fullUrl = $fullUrl.".jpg";
} }
$mime = get_mime_type($_FILES[$upname]['tmp_name']);
if (preg_match("#^unknow#", $mime)) {
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
exit;
}
if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
ShowMsg("仅支持媒体文件及应用程序上传", -1);
exit;
}
//保存 //保存
@move_uploaded_file($_FILES[$upname]['tmp_name'], $cfg_basedir.$fullUrl); @move_uploaded_file($_FILES[$upname]['tmp_name'], $cfg_basedir.$fullUrl);
$filename = $fullUrl; $filename = $fullUrl;


+ 10
- 0
src/admin/media_add.php View File

@@ -65,6 +65,16 @@ if ($dopost == "upload") {
exit(); exit();
} }
$fullfilename = $cfg_basedir.$filename; $fullfilename = $cfg_basedir.$filename;
$mime = get_mime_type(${"upfile".$i});
if (preg_match("#^unknow#", $mime)) {
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
exit;
}
if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
ShowMsg("仅支持媒体文件及应用程序上传", -1);
exit;
}
if ($mediatype == 1) { if ($mediatype == 1) {
@move_uploaded_file(${"upfile".$i}, $fullfilename); @move_uploaded_file(${"upfile".$i}, $fullfilename);
$info = ''; $info = '';


+ 10
- 0
src/admin/media_edit.php View File

@@ -120,6 +120,16 @@ else if ($dopost == 'save') {
MkdirAll($cfg_basedir.$oldfile_path, 777); MkdirAll($cfg_basedir.$oldfile_path, 777);
CloseFtp(); CloseFtp();
} }
$mime = get_mime_type($upfile);
if (preg_match("#^unknow#", $mime)) {
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
exit;
}
if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
ShowMsg("仅支持媒体文件及应用程序上传", -1);
exit;
}

@move_uploaded_file($upfile, $fullfilename); @move_uploaded_file($upfile, $fullfilename);
if ($mediatype == 1) { if ($mediatype == 1) {
require_once(DEDEINC."/image.func.php"); require_once(DEDEINC."/image.func.php");


+ 10
- 0
src/admin/swfupload.php View File

@@ -34,6 +34,16 @@ if (empty($dopost)) {


$FiledataNew = str_replace("\\", '/', $Filedata); $FiledataNew = str_replace("\\", '/', $Filedata);
$FiledataNew = $tmpdir.'/'.preg_replace("/(.*)[\/]/isU", "", $FiledataNew); $FiledataNew = $tmpdir.'/'.preg_replace("/(.*)[\/]/isU", "", $FiledataNew);

$mime = get_mime_type($Filedata);
if (preg_match("#^unknow#", $mime)) {
echo "ERROR: Create {$tmpdir} dir Error! ";
exit;
}
if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
echo "ERROR: Create {$tmpdir} dir Error! ";
exit;
}
move_uploaded_file($Filedata, $FiledataNew); move_uploaded_file($Filedata, $FiledataNew);


$info = $ftype = $sname = ''; $info = $ftype = $sname = '';


+ 9
- 0
src/admin/sys_info_mark.php View File

@@ -45,6 +45,15 @@ if ($action == "save") {
exit; exit;
} }
$photo_markimg = 'mark'.$shortname; $photo_markimg = 'mark'.$shortname;
$mime = get_mime_type($newimg);
if (preg_match("#^unknow#", $mime)) {
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
exit;
}
if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
ShowMsg("仅支持媒体文件及应用程序上传", -1);
exit;
}
@move_uploaded_file($newimg, DEDEDATA."/mark/".$photo_markimg); @move_uploaded_file($newimg, DEDEDATA."/mark/".$photo_markimg);
} }
$configstr .= "\$photo_markimg = '{$photo_markimg}';\r\n"; $configstr .= "\$photo_markimg = '{$photo_markimg}';\r\n";


+ 13
- 0
src/system/common.func.php View File

@@ -47,6 +47,19 @@ if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
} }
} }


function get_mime_type($filename)
{
if (! function_exists('finfo_open'))
{
return 'unknow/octet-stream';
}

$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mimeType = finfo_file($finfo, $filename);
finfo_close($finfo);
return $mimeType;
}

function is_all_numeric(array $array){ function is_all_numeric(array $array){
foreach($array as $item){ foreach($array as $item){
if(!is_numeric($item)) return false; if(!is_numeric($item)) return false;


+ 17
- 0
src/system/helpers/upload.helper.php View File

@@ -79,6 +79,12 @@ if (!function_exists('AdminUpload')) {
} }
} }
$fileurl = $filedir.'/'.$filename.'.'.$file_sname; $fileurl = $filedir.'/'.$filename.'.'.$file_sname;
$mime = get_mime_type($file_tmp);
if (!preg_match("#^image#i", $mime)) {
return -1;
}
$rs = move_uploaded_file($file_tmp, $cfg_basedir.$fileurl); $rs = move_uploaded_file($file_tmp, $cfg_basedir.$fileurl);
if (!$rs) return -2; if (!$rs) return -2;
if ($ftype == 'image' && $watermark) { if ($ftype == 'image' && $watermark) {
@@ -157,6 +163,17 @@ if (!function_exists('MemberUploads')) {
} else { } else {
$filename = $cfg_user_dir."/{$userid}/{$exname}.".$sname; $filename = $cfg_user_dir."/{$userid}/{$exname}.".$sname;
} }
$mime = get_mime_type($GLOBALS[$upname]);
if (preg_match("#^unknow#", $mime)) {
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
exit;
}
if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
ShowMsg("仅支持媒体文件及应用程序上传", -1);
exit;
}
move_uploaded_file($GLOBALS[$upname], $cfg_basedir.$filename) or die("上传文件到 {$filename} 失败"); move_uploaded_file($GLOBALS[$upname], $cfg_basedir.$filename) or die("上传文件到 {$filename} 失败");
@unlink($GLOBALS[$upname]); @unlink($GLOBALS[$upname]);


Write Preview
Loading…
Cancel
Save