From bc722e2d6c7a19e472665c7c9e8176e16e69a2e9 Mon Sep 17 00:00:00 2001
From: tianya <tianya@benshar.com>
Date: Tue, 22 Mar 2022 20:58:46 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AE=89=E5=85=A8=E9=97=AE=E9=A2=98=E4=BF=AE?=
 =?UTF-8?q?=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/admin/file_class.php      | 10 ++++++++++
 src/admin/friendlink_edit.php |  1 +
 2 files changed, 11 insertions(+)

diff --git a/src/admin/file_class.php b/src/admin/file_class.php
index be96f2b5..d1db82ea 100644
--- a/src/admin/file_class.php
+++ b/src/admin/file_class.php
@@ -28,6 +28,16 @@ class FileManagement
     {
         $oldname = $this->baseDir.$this->activeDir."/".$oldname;
         $newname = $this->baseDir.$this->activeDir."/".$newname;
+        $oldext = pathinfo($oldname)['extension'];
+        $newext = pathinfo($newname)['extension'];
+
+        if ($oldext != $newext) {
+            if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($newname))) {
+                ShowMsg("您指定的文件名被系统禁止", "javascript:;");
+                exit();
+            }
+        }
+        
         if (($newname != $oldname) && is_writable($oldname)) {
             rename($oldname, $newname);
         }
diff --git a/src/admin/friendlink_edit.php b/src/admin/friendlink_edit.php
index 39fcf7f0..84cb440e 100644
--- a/src/admin/friendlink_edit.php
+++ b/src/admin/friendlink_edit.php
@@ -58,5 +58,6 @@ if ($dopost == "delete") {
     ShowMsg("成功修改一个链接", $ENV_GOBACK_URL);
     exit();
 }
+$id = preg_replace("#[^0-9]#", "", $id);
 $myLink = $dsql->GetOne("SELECT `#@__flink`.*,`#@__flinktype`.typename FROM `#@__flink` LEFT JOIN `#@__flinktype` ON `#@__flink`.typeid=`#@__flinktype`.id WHERE `#@__flink`.id=$id");
 include DedeInclude('templets/friendlink_edit.htm');
\ No newline at end of file