国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.

sys_safetest.php 4.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141
  1. <?php
  2. /**
  3. * 安全检测
  4. *
  5. * @version $Id: sys_safetest.php 2 9:25 2010-11-12 tianya $
  6. * @package DedeBIZ.Administrator
  7. * @copyright Copyright (c) 2021, DedeBIZ.COM
  8. * @license https://www.dedebiz.com/license
  9. * @link https://www.dedebiz.com
  10. */
  11. require_once(dirname(__FILE__) . '/config.php');
  12. CheckPurview('sys_Edit');
  13. if (empty($action)) $action = '';
  14. if (empty($message)) $message = '尚未进行检测……';
  15. if (empty($filetype)) $filetype = 'php|inc';
  16. if (empty($info)) $info = 'eval|cmd|system|exec|_GET|_POST|_REQUEST|base64_decode';
  17. $fileHashURL = "https://cdn.dedebiz.com/release/{$cfg_version_detail}.json";
  18. $del = new DedeHttpDown();
  19. $del->OpenUrl($fileHashURL);
  20. $filelist = $del->GetJSON();
  21. $offFiles = array();
  22. foreach ($filelist as $key => $ff) {
  23. $offFiles[$ff->filename] = $ff->hash;
  24. }
  25. $alter = "";
  26. if (count($offFiles) == 0) {
  27. $alter = 'EOT
  28. <div class="alert alert-danger maintable mb-2" style="margin:0 auto;" role="alert">
  29. 无法同官方网站文件服务器通信,校验时候无法保证本地文件是否同官方服务器文件是否一致。
  30. </div>';
  31. }
  32. function TestOneFile($f)
  33. {
  34. global $message, $info, $offFiles;
  35. $str = '';
  36. //排除safefile和data/tplcache目录
  37. if (preg_match("#data/tplcache|.svn|data/cache#", $f)) return -1;
  38. $fp = fopen($f, 'r');
  39. while (!feof($fp)) {
  40. $str .= fgets($fp, 1024);
  41. }
  42. fclose($fp);
  43. if (preg_match("#(" . $info . ")[ \r\n\t]{0,}([\[\(])#i", $str)) {
  44. $trfile = preg_replace("#^" . DEDEROOT . "#", '', $f);
  45. $oldTrfile = $trfile;
  46. $trfile = substr(str_replace("/", "\\", $trfile), 1);
  47. $localFilehash = md5_file($f);
  48. $remoteFilehash = isset($offFiles[$trfile]) ? $offFiles[$trfile] : '';
  49. if ($localFilehash === $remoteFilehash) {
  50. return 0;
  51. }
  52. $message .= "<div style='clear:both;'>
  53. <div style='width:350px;float:left'>可疑文件:{$trfile}</div>
  54. <a class='btn btn-success btn-sm' href='sys_safetest.php?action=viewdiff&filename=$oldTrfile' target='_blank'>更改记录</a>
  55. <a class='btn btn-success btn-sm' href='file_manage_view.php?fmdo=del&filename=$oldTrfile&activepath=' target='_blank'>删除</a>
  56. <a class='btn btn-success btn-sm' href='file_manage_view.php?fmdo=edit&filename=$oldTrfile&activepath=' target='_blank'>查看源码</a>
  57. </div></div><hr>\r\n";
  58. return 1;
  59. }
  60. return 0;
  61. }
  62. function TestSafe($tdir)
  63. {
  64. global $filetype;
  65. $dh = dir($tdir);
  66. while ($fname = $dh->read()) {
  67. $fnamef = $tdir . '/' . $fname;
  68. if (@is_dir($fnamef) && $fname != '.' && $fname != '..') {
  69. TestSafe($fnamef);
  70. }
  71. if (preg_match("#\.(" . $filetype . ")#i", $fnamef)) {
  72. TestOneFile($fnamef);
  73. }
  74. }
  75. }
  76. //检测
  77. if ($action == 'test') {
  78. $message = '<link rel="stylesheet" href="../static/css/bootstrap.min.css"><link href="../static/font-awesome/css/font-awesome.min.css" rel="stylesheet">';
  79. AjaxHead();
  80. TestSafe(DEDEROOT);
  81. if ($message == '') $message = "<font color='green' style='font-size:14px'>没发现可疑文件!</font>";
  82. echo $message;
  83. exit();
  84. } else if ($action == 'viewdiff') {
  85. $filename = isset($filename) ? $filename : "";
  86. if (empty($filename)) {
  87. ShowMsg("没有选择对应的文件", "-1");
  88. exit;
  89. }
  90. $baseFile = "https://cdn.dedebiz.com/release/{$cfg_version_detail}$filename";
  91. $del = new DedeHttpDown();
  92. $del->OpenUrl($baseFile);
  93. $base = $del->GetHTML();
  94. $file = "$cfg_basedir/$filename";
  95. $new = "";
  96. if (is_file($file)) {
  97. $fp = fopen($file, "r");
  98. $new = fread($fp, filesize($file));
  99. fclose($fp);
  100. }
  101. include(dirname(__FILE__) . '/templets/sys_safetest_viewdiff.htm');
  102. exit();
  103. }
  104. //清空模板缓存
  105. else if ($action == 'clear') {
  106. global $cfg_tplcache_dir;
  107. $message = '';
  108. $d = DEDEROOT . $cfg_tplcache_dir;
  109. AjaxHead();
  110. sleep(1);
  111. if (preg_match("#data\/#", $cfg_tplcache_dir) && file_exists($d) && is_dir($d)) {
  112. $dh = dir($d);
  113. while ($filename = $dh->read()) {
  114. if ($filename == '.' || $filename == '..' || $filename == 'index.html') continue;
  115. @unlink($d . '/' . $filename);
  116. }
  117. }
  118. $message = "<font color='green' style='font-size:14px'>成功清空模板缓存!</font>";
  119. echo $message;
  120. exit();
  121. }
  122. include(dirname(__FILE__) . '/templets/sys_safetest.htm');
  123. ?>