DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
Browse Source

Add files via upload 

图片格式校验
tags/6.0.0
qfdong-github GitHub 3 years ago
parent
9818603e81
commit
bce548c4ce
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 55 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +12
    -55
      src/include/uploadsafe.inc.php

+ 12
- 55
src/include/uploadsafe.inc.php View File

@@ -1,13 +1,4 @@
<?php
/**
* 文件上传安全校验方法
*
* @version $Id: uploadsafe.inc.php 1 15:59 2020年8月19日Z tianya $
* @package DedeCMS.Libraries
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc.
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
if(!defined('DEDEINC')) exit('Request Error!');
if(isset($_FILES['GLOBALS'])) exit('Request not allow!');
@@ -16,9 +7,7 @@ if(isset($_FILES['GLOBALS'])) exit('Request not allow!');
//这里强制限定的某些文件类型禁止上传
$cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml";
$keyarr = array('name', 'type', 'tmp_name', 'size');
if ($GLOBALS['cfg_html_editor']=='ckeditor' && isset($_FILES['upload']) ||
$GLOBALS['cfg_html_editor']=='ckeditor4' && isset($_FILES['upload'])
)
if ($GLOBALS['cfg_html_editor']=='ckeditor' && isset($_FILES['upload']))
{
$_FILES['imgfile'] = $_FILES['upload'];
$CKUpload = TRUE;
@@ -41,33 +30,18 @@ foreach($_FILES as $_key=>$_value)
${$_key.'_name'} = $_FILES[$_key]['name'];
${$_key.'_type'} = $_FILES[$_key]['type'] = preg_replace('#[^0-9a-z\./]#i', '', $_FILES[$_key]['type']);
${$_key.'_size'} = $_FILES[$_key]['size'] = preg_replace('#[^0-9]#','',$_FILES[$_key]['size']);
if (is_array(${$_key.'_name'})) {
if (count(${$_key.'_name'}) > 0) {
foreach (${$_key.'_name'} as $key => $value) {
if (!empty($value) && (preg_match("#\.(".$cfg_not_allowall.")$#i", $value) || !preg_match("#\.#", $value))) {
if(!defined('DEDEADMIN'))
{
exit('Not Admin Upload filetype not allow !');
}
}
}
}
} else {
if(!empty(${$_key.'_name'}) && (preg_match("#\.(".$cfg_not_allowall.")$#i",${$_key.'_name'}) || !preg_match("#\.#", ${$_key.'_name'})) )
if(!empty(${$_key.'_name'}) && (preg_match("#\.(".$cfg_not_allowall.")$#i",${$_key.'_name'}) || !preg_match("#\.#", ${$_key.'_name'})) )
{
if(!defined('DEDEADMIN'))
{
if(!defined('DEDEADMIN'))
{
exit('Not Admin Upload filetype not allow !');
}
exit('Not Admin Upload filetype not allow !');
}
}
if(empty(${$_key.'_size'}))
{
${$_key.'_size'} = @filesize($$_key);
${$_key.'_size'} = @filesize($$_key);
}
$imtypes = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/xpng", "image/wbmp", "image/bmp"); if(in_array(strtolower(trim(${$_key.'_type'})), $imtypes)) { $image_dd = @getimagesize($$_key); if($image_dd == false){ continue; } if (!is_array($image_dd)) { exit('Upload filetype not allow !'); } }
$imtypes = array
(
@@ -75,30 +49,13 @@ foreach($_FILES as $_key=>$_value)
"image/xpng", "image/wbmp", "image/bmp"
);
if (is_array(${$_key.'_type'})) {
if (count(${$_key.'_type'}) > 0) {
foreach (${$_key.'_type'} as $key => $value) {
if(in_array(strtolower(trim($value)), $imtypes))
{
$image_dd = @getimagesize($$_key);
if (!is_array($image_dd))
{
exit('Upload filetype not allow !');
}
}
}
}
} else {
if(in_array(strtolower(trim(${$_key.'_type'})), $imtypes))
if(in_array(strtolower(trim(${$_key.'_type'})), $imtypes))
{
$image_dd = @getimagesize($$_key); if($image_dd == false){ continue; }
if (!is_array($image_dd))
{
$image_dd = @getimagesize($$_key);
if (!is_array($image_dd))
{
exit('Upload filetype not allow !');
}
exit('Upload filetype not allow !');
}
}
}
?>

Write Preview
Loading…
Cancel
Save