xushubieli
1 year ago
3 changed files with 18 additions and 21 deletions
Split View
Diff Options
-
+2 -2src/admin/file_manage_control.php
-
+2 -5src/admin/media_add.php
-
+14 -14src/admin/templets/file_manage_main.htm
+ 2
- 2
src/admin/file_manage_control.php
View File
| @@ -133,7 +133,7 @@ else if ($fmdo == "space") { | |||
| } else { | |||
| $ecpath = $activepath; | |||
| } | |||
| $titleinfo = "目录 <a href='file_manage_main.php?activepath=$activepath'>$ecpath</a> 空间使用状况:<br>"; | |||
| $titleinfo = "目录[<a href='file_manage_main.php?activepath=$activepath'>$ecpath</a>]空间使用状况:<br>"; | |||
| $wintitle = "文件管理"; | |||
| $wecome_info = "文件管理::空间大小检查 [<a href='file_manage_main.php?activepath=$activepath'>文件浏览器</a>]</a>"; | |||
| $activepath = $cfg_basedir.$activepath; | |||
| @@ -145,7 +145,7 @@ else if ($fmdo == "space") { | |||
| $win = new OxWindow(); | |||
| $win->Init("", "js/blank.js", "POST"); | |||
| $win->AddTitle($titleinfo); | |||
| $win->AddMsgItem(" $totalmb M<br> $totalkb KB<br> $total 字节"); | |||
| $win->AddMsgItem("$totalmb M<br>$totalkb KB<br>$total 字节"); | |||
| $winform = $win->GetWindow(""); | |||
| $win->Display(); | |||
| } | |||
+ 2
- 5
src/admin/media_add.php
View File
| @@ -34,7 +34,7 @@ if ($dopost == "upload") { | |||
| $mediatype = 2; | |||
| $savePath = $cfg_other_medias."/".$dpath; | |||
| } | |||
| //2011-6-2 修复附件无法上传的错误(by:tianya) | |||
| //修复附件无法上传的错误 | |||
| else if (preg_match('#audio|media|video#i', $upfile_type) && preg_match("#\.".$cfg_mediatype."$#i", $upfile_name)) { | |||
| $mediatype = 3; | |||
| $savePath = $cfg_other_medias."/".$dpath; | |||
| @@ -52,10 +52,7 @@ if ($dopost == "upload") { | |||
| MkdirAll($cfg_basedir.$savePath, 777); | |||
| CloseFtp(); | |||
| } | |||
| /* | |||
| 后台文件任意上传漏洞 | |||
| 漏洞描述:早期版本后台存在大量的富文本编辑器,该控件提供了一些文件上传接口,同时对上传文件的后缀类型未进行严格的限制,这导致了黑客可以上传WEBSHELL,获取网站后台权限 | |||
| */ | |||
| //后台文件任意上传漏洞:早期版本后台存在大量的富文本编辑器,该控件提供了一些文件上传接口,同时对上传文件的后缀类型未进行严格的限制,这导致了黑客可以上传WEBSHELL,获取网站后台权限 | |||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) { | |||
| ShowMsg("您指定的文件名被系统禁止", "javascript:;"); | |||
| exit(); | |||
+ 14
- 14
src/admin/templets/file_manage_main.htm
View File
| @@ -93,7 +93,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } | |||
| else if(preg_match("#\.(jpg)#i",$file)) | |||
| { | |||
| @@ -108,7 +108,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } | |||
| else if(preg_match("#\.(swf|fla|fly)#i",$file)) | |||
| { | |||
| @@ -123,7 +123,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } | |||
| else if(preg_match("#\.(zip|rar|tar.gz)#i",$file)) | |||
| { | |||
| @@ -138,7 +138,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } | |||
| else if(preg_match("#\.(exe)#i",$file)) | |||
| { | |||
| @@ -153,7 +153,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } | |||
| else if(preg_match("#\.(mp3|wma)#i",$file)) | |||
| { | |||
| @@ -168,7 +168,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } | |||
| else if(preg_match("#\.(wmv|api)#i",$file)) | |||
| { | |||
| @@ -183,7 +183,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } | |||
| else if(preg_match("#\.(rm|rmvb)#i",$file)) | |||
| { | |||
| @@ -198,7 +198,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } | |||
| else if(preg_match("#\.(txt|inc|pl|cgi|asp|xml|xsl|aspx|cfm)#",$file)) | |||
| { | |||
| @@ -215,7 +215,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } | |||
| else if(preg_match("#\.(htm|html)#i",$file)) | |||
| { | |||
| @@ -232,7 +232,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } | |||
| else if(preg_match("#\.(php)#i",$file)) | |||
| { | |||
| @@ -249,7 +249,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } | |||
| else if(preg_match("#\.(js)#i",$file)) | |||
| { | |||
| @@ -266,7 +266,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } | |||
| else if(preg_match("#\.(css)#i",$file)) | |||
| { | |||
| @@ -283,7 +283,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } else { | |||
| $line = "\n<tr onMouseMove=\"javascript:this.bgColor='#FBFCE2';\" onMouseOut=\"javascript:this.bgColor='#ffffff';\"> | |||
| <td><a href='$activeurl/$file' target='_blank'>$file</td> | |||
| @@ -295,7 +295,7 @@ | |||
| <a href='file_manage_view.php?fmdo=move&filename=".urlencode($file)."&activepath=".urlencode($activepath)."' class='btn btn-success btn-sm'><i class='fa fa-share-square'></i> 移动</a> | |||
| </td> | |||
| </tr>"; | |||
| $files[] = $line; | |||
| $files[] = $line; | |||
| } | |||
| } | |||
| foreach ($dirs as $dir) | |||