Browse Source

后台文件上传漏洞修复

tags/6.3.0
tianya 6 months ago
parent
commit
0a2e502f0a
6 changed files with 60 additions and 39 deletions
  1. +3
    -3
      src/admin/log_list.php
  2. +1
    -0
      src/install/index.php
  3. +0
    -28
      src/system/common.func.php
  4. +1
    -0
      src/system/common.inc.php
  5. +38
    -0
      src/system/dedealert.func.php
  6. +17
    -8
      src/system/uploadsafe.inc.php

+ 3
- 3
src/admin/log_list.php View File

@@ -17,12 +17,12 @@ $sql = $where = '';
if (empty($adminid)) $adminid = 0;
if (empty($cip)) $cip = '';
if (empty($dtime)) $dtime = 0;
if ($adminid > 0) $where .= " AND #@__log.adminid='$adminid' ";
if ($cip != "") $where .= " AND #@__log.cip LIKE '%$cip%' ";
if ($adminid > 0) $where .= " AND `#@__log`.adminid='$adminid' ";
if ($cip != "") $where .= " AND `#@__log`.cip LIKE '%$cip%' ";
if ($dtime > 0) {
$nowtime = time();
$starttime = $nowtime - ($dtime * 24 * 3600);
$where .= " AND #@__log.dtime>'$starttime' ";
$where .= " AND `#@__log`.dtime>'$starttime' ";
}
$sql = "SELECT `#@__log`.*,`#@__admin`.userid FROM `#@__log` LEFT JOIN `#@__admin` ON `#@__admin`.id=`#@__log`.adminid WHERE 1=1 $where ORDER BY `#@__log`.lid DESC";
$adminlist = '';


+ 1
- 0
src/install/index.php View File

@@ -25,6 +25,7 @@ foreach(Array('_GET','_POST','_COOKIE') as $_request)
{
foreach($$_request as $_k => $_v) ${$_k} = RunMagicQuotes($_v);
}
require_once(DEDEINC.'/dedealert.func.php');
require_once(DEDEINC.'/common.func.php');
if (file_exists(INSLOCKFILE)) {
die(DedeAlert("完成软件安装,如果您要重新安装,安装目录找到install文件夹,然后删除install_lock.txt文件",ALERT_DANGER));


+ 0
- 28
src/system/common.func.php View File

@@ -9,34 +9,6 @@ if (!defined('DEDEINC')) exit ('dedebiz');
* @license GNU GPL v2 (https://www.dedebiz.com/license)
* @link https://www.dedebiz.com
*/
//类似Bootstrap警告框
define('ALERT_PRIMARY', 1);
define('ALERT_SECONDARY', 2);
define('ALERT_SUCCESS', 3);
define('ALERT_DANGER', 4);
define('ALERT_WARNING', 5);
define('ALERT_INFO', 6);
define('ALERT_LIGHT', 7);
define('ALERT_DARK', 8);
define("ALERT_TPL", '<div style="position:relative;padding:0.75rem 1.25rem;margin-bottom:1rem;width:auto;font-size:14px;color:~color~;background:~background~;border-color:~border~;border:1px solid transparent;border-radius:0.5rem">~content~</div>');
//$content:文档,$type:alert类型
function DedeAlert($content, $type = ALERT_PRIMARY, $isHTML = false)
{
$colors = array(
ALERT_PRIMARY => array('#cfe2ff','#b6d4fe','#084298'),
ALERT_SECONDARY => array('#e2e3e5','#d3d6d8','#41464b'),
ALERT_SUCCESS => array('#d1e7dd','#badbcc','#0f5132'),
ALERT_DANGER => array('#f8d7da','#f5c2c7','#842029'),
ALERT_WARNING => array('#fff3cd','#ffecb5','#664d03'),
ALERT_INFO => array('#cff4fc','#b6effb','#055160'),
ALERT_LIGHT => array('#fefefe','#fdfdfe','#636464'),
ALERT_DARK => array('#d3d3d4','#bcbebf','#141619'),
);
$content = $isHTML? RemoveXSS($content) : htmlspecialchars($content);
$colors = isset($colors[$type])? $colors[$type] : $colors[ALERT_PRIMARY];
list($background, $border, $color) = $colors;
return str_replace(array('~color~','~background~','~border~', '~content~'),array($color,$background,$border,$content),ALERT_TPL);
}
if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
if (!function_exists('mysql_connect') and function_exists('mysqli_connect')) {
function mysql_connect($server, $username, $password)


+ 1
- 0
src/system/common.inc.php View File

@@ -122,6 +122,7 @@ if (!is_dir($sessSavePath)) mkdir($sessSavePath);
if (is_writeable($sessSavePath) && is_readable($sessSavePath)) {
@session_save_path($sessSavePath);
}
require_once DEDEINC.'/dedealert.func.php';
//转换上传的文件相关的变量及安全处理,并引用前台通用的上传函数
if ($_FILES) {
require_once(DEDEINC.'/uploadsafe.inc.php');


+ 38
- 0
src/system/dedealert.func.php View File

@@ -0,0 +1,38 @@
<?php
if (!defined('DEDEINC')) exit ('dedebiz');
/**
* 提示框函数
* @version $id:dedealert.func.php 2023年12月31日 tianya $
* @package DedeBIZ.Libraries
* @copyright Copyright (c) 2022 DedeBIZ.COM
* @license GNU GPL v2 (https://www.dedebiz.com/license)
* @link https://www.dedebiz.com
*/
//类似Bootstrap警告框
define('ALERT_PRIMARY', 1);
define('ALERT_SECONDARY', 2);
define('ALERT_SUCCESS', 3);
define('ALERT_DANGER', 4);
define('ALERT_WARNING', 5);
define('ALERT_INFO', 6);
define('ALERT_LIGHT', 7);
define('ALERT_DARK', 8);
define("ALERT_TPL", '<div style="position:relative;padding:0.75rem 1.25rem;margin-bottom:1rem;width:auto;font-size:14px;color:~color~;background:~background~;border-color:~border~;border:1px solid transparent;border-radius:0.5rem">~content~</div>');
//$content:文档,$type:alert类型
function DedeAlert($content, $type = ALERT_PRIMARY, $isHTML = false)
{
$colors = array(
ALERT_PRIMARY => array('#cfe2ff','#b6d4fe','#084298'),
ALERT_SECONDARY => array('#e2e3e5','#d3d6d8','#41464b'),
ALERT_SUCCESS => array('#d1e7dd','#badbcc','#0f5132'),
ALERT_DANGER => array('#f8d7da','#f5c2c7','#842029'),
ALERT_WARNING => array('#fff3cd','#ffecb5','#664d03'),
ALERT_INFO => array('#cff4fc','#b6effb','#055160'),
ALERT_LIGHT => array('#fefefe','#fdfdfe','#636464'),
ALERT_DARK => array('#d3d3d4','#bcbebf','#141619'),
);
$content = $isHTML? RemoveXSS($content) : htmlspecialchars($content);
$colors = isset($colors[$type])? $colors[$type] : $colors[ALERT_PRIMARY];
list($background, $border, $color) = $colors;
return str_replace(array('~color~','~background~','~border~', '~content~'),array($color,$background,$border,$content),ALERT_TPL);
}

+ 17
- 8
src/system/uploadsafe.inc.php View File

@@ -28,7 +28,8 @@ foreach ($_FILES as $_key => $_value) {
}
}
if (preg_match('#^(cfg_|GLOBALS)#', $_key)) {
exit('Request var not allow for uploadsafe!');
echo DedeAlert('危险的请求参数', ALERT_DANGER);
exit;
}
$$_key = $_FILES[$_key]['tmp_name'];
${$_key.'_name'} = $_FILES[$_key]['name'];
@@ -36,16 +37,20 @@ foreach ($_FILES as $_key => $_value) {
${$_key.'_size'} = $_FILES[$_key]['size'] = preg_replace('#[^0-9]#', '', $_FILES[$_key]['size']);
if (is_array(${$_key.'_name'}) && count(${$_key.'_name'}) > 0) {
foreach (${$_key.'_name'} as $key => $value) {
$value = trim($value);
if (!empty($value) && (preg_match("#\.(".$cfg_not_allowall.")$#i", $value) || !preg_match("#\.#", $value))) {
if (!defined('DEDEADMIN')) {
exit('Not Admin Upload filetype not allow !');
echo DedeAlert('禁止上传当前格式的文件', ALERT_DANGER);
exit;
}
}
}
} else {
if (!empty(${$_key.'_name'}) && (preg_match("#\.(".$cfg_not_allowall.")$#i", ${$_key.'_name'}) || !preg_match("#\.#", ${$_key.'_name'}))) {
$fname = trim(${$_key.'_name'});
if (!empty($fname) && (preg_match("#\.(".$cfg_not_allowall.")$#i", $fname) || !preg_match("#\.#", $fname))) {
if (!defined('DEDEADMIN')) {
exit('Not Admin Upload filetype not allow !');
echo DedeAlert('禁止上传当前格式的文件', ALERT_DANGER);
exit;
}
}
}
@@ -61,7 +66,8 @@ foreach ($_FILES as $_key => $_value) {
continue;
}
if (!is_array($image_dd)) {
exit('Upload filetype not allow !');
echo DedeAlert('禁止上传当前格式的文件', ALERT_DANGER);
exit;
}
}
$imtypes = array(
@@ -73,7 +79,8 @@ foreach ($_FILES as $_key => $_value) {
continue;
}
if (!is_array($image_dd)) {
exit('Upload filetype not allow !');
echo DedeAlert('禁止上传当前格式的文件', ALERT_DANGER);
exit;
}
}
}
@@ -84,7 +91,8 @@ foreach ($_FILES as $_key => $_value) {
continue;
}
if (!is_array($image_dd)) {
exit('Upload filetype not allow !');
echo DedeAlert('禁止上传当前格式的文件', ALERT_DANGER);
exit;
}
}
$imtypes = array(
@@ -96,7 +104,8 @@ foreach ($_FILES as $_key => $_value) {
continue;
}
if (!is_array($image_dd)) {
exit('Upload filetype not allow !');
echo DedeAlert('禁止上传当前格式的文件', ALERT_DANGER);
exit;
}
}
}


Loading…
Cancel
Save