国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

142 lines
4.6KB

  1. <?php
  2. /**
  3. * 安全检测
  4. *
  5. * @version $Id: sys_safetest.php 2 9:25 2010-11-12 tianya $
  6. * @package DedeBIZ.Administrator
  7. * @copyright Copyright (c) 2020, DedeBIZ.COM
  8. * @license https://www.dedebiz.com/license
  9. * @link https://www.dedebiz.com
  10. */
  11. require_once(dirname(__FILE__) . '/config.php');
  12. CheckPurview('sys_Edit');
  13. if (empty($action)) $action = '';
  14. if (empty($message)) $message = '尚未进行检测……';
  15. if (empty($filetype)) $filetype = 'php|inc';
  16. if (empty($info)) $info = 'eval|cmd|system|exec|_GET|_POST|_REQUEST|base64_decode';
  17. $fileHashURL = "https://cdn.dedebiz.com/release/{$cfg_version_detail}.json";
  18. $del = new DedeHttpDown();
  19. $del->OpenUrl($fileHashURL);
  20. $filelist = $del->GetJSON();
  21. $offFiles = array();
  22. foreach ($filelist as $key => $ff) {
  23. $offFiles[$ff->filename] = $ff->hash;
  24. }
  25. $alter = "";
  26. if (count($offFiles) == 0) {
  27. $alter = <<<EOT
  28. <div class="alert alert-danger maintable mb-2" style="margin:0 auto;" role="alert">
  29. 无法同官方网站文件服务器通信,校验时候无法保证本地文件是否同官方服务器文件是否一致。
  30. </div>
  31. EOT;;
  32. }
  33. function TestOneFile($f)
  34. {
  35. global $message, $info, $offFiles;
  36. $str = '';
  37. //排除safefile和data/tplcache目录
  38. if (preg_match("#data/tplcache|.svn|data/cache#", $f)) return -1;
  39. $fp = fopen($f, 'r');
  40. while (!feof($fp)) {
  41. $str .= fgets($fp, 1024);
  42. }
  43. fclose($fp);
  44. if (preg_match("#(" . $info . ")[ \r\n\t]{0,}([\[\(])#i", $str)) {
  45. $trfile = preg_replace("#^" . DEDEROOT . "#", '', $f);
  46. $oldTrfile = $trfile;
  47. $trfile = substr(str_replace("/", "\\", $trfile), 1);
  48. $localFilehash = md5_file($f);
  49. $remoteFilehash = isset($offFiles[$trfile]) ? $offFiles[$trfile] : '';
  50. if ($localFilehash === $remoteFilehash) {
  51. return 0;
  52. }
  53. $message .= "<div style='clear:both;'>
  54. <div style='width:350px;float:left'>可疑文件:{$trfile}</div>
  55. <a class='btn btn-secondary btn-sm' href='sys_safetest.php?action=viewdiff&filename=$oldTrfile' target='_blank'>更改记录</a>
  56. <a class='btn btn-secondary btn-sm' href='file_manage_view.php?fmdo=del&filename=$oldTrfile&activepath=' target='_blank'>删除</a>
  57. <a class='btn btn-secondary btn-sm' href='file_manage_view.php?fmdo=edit&filename=$oldTrfile&activepath=' target='_blank'>查看源码</a>
  58. </div></div><hr>\r\n";
  59. return 1;
  60. }
  61. return 0;
  62. }
  63. function TestSafe($tdir)
  64. {
  65. global $filetype;
  66. $dh = dir($tdir);
  67. while ($fname = $dh->read()) {
  68. $fnamef = $tdir . '/' . $fname;
  69. if (@is_dir($fnamef) && $fname != '.' && $fname != '..') {
  70. TestSafe($fnamef);
  71. }
  72. if (preg_match("#\.(" . $filetype . ")#i", $fnamef)) {
  73. TestOneFile($fnamef);
  74. }
  75. }
  76. }
  77. //检测
  78. if ($action == 'test') {
  79. $message = '<link rel="stylesheet" href="../static/css/bootstrap.min.css"><link href="../static/font-awesome/css/font-awesome.min.css" rel="stylesheet">';
  80. AjaxHead();
  81. TestSafe(DEDEROOT);
  82. if ($message == '') $message = "<font color='green' style='font-size:14px'>没发现可疑文件!</font>";
  83. echo $message;
  84. exit();
  85. } else if ($action == 'viewdiff') {
  86. $filename = isset($filename) ? $filename : "";
  87. if (empty($filename)) {
  88. ShowMsg("没有选择对应的文件", "-1");
  89. exit;
  90. }
  91. $baseFile = "https://cdn.dedebiz.com/release/{$cfg_version_detail}$filename";
  92. $del = new DedeHttpDown();
  93. $del->OpenUrl($baseFile);
  94. $base = $del->GetHTML();
  95. $file = "$cfg_basedir/$filename";
  96. $new = "";
  97. if (is_file($file)) {
  98. $fp = fopen($file, "r");
  99. $new = fread($fp, filesize($file));
  100. fclose($fp);
  101. }
  102. include(dirname(__FILE__) . '/templets/sys_safetest_viewdiff.htm');
  103. exit();
  104. }
  105. //清空模板缓存
  106. else if ($action == 'clear') {
  107. global $cfg_tplcache_dir;
  108. $message = '';
  109. $d = DEDEROOT . $cfg_tplcache_dir;
  110. AjaxHead();
  111. sleep(1);
  112. if (preg_match("#data\/#", $cfg_tplcache_dir) && file_exists($d) && is_dir($d)) {
  113. $dh = dir($d);
  114. while ($filename = $dh->read()) {
  115. if ($filename == '.' || $filename == '..' || $filename == 'index.html') continue;
  116. @unlink($d . '/' . $filename);
  117. }
  118. }
  119. $message = "<font color='green' style='font-size:14px'>成功清空模板缓存!</font>";
  120. echo $message;
  121. exit();
  122. }
  123. include(dirname(__FILE__) . '/templets/sys_safetest.htm');