DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
Browse Source

文件上传漏洞修复

tags/6.2.12
tianya 8 months ago
parent
72431c5a8d
commit
0bfb60f3ac
1 changed files with 4 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -0
      src/admin/file_manage_control.php

+ 4
- 0
src/admin/file_manage_control.php View File

@@ -69,6 +69,10 @@ else if ($fmdo == "upload") {
}
$upfile = ${$upfile};
$upfile_name = ${$upfile_name};
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($upfile_name))) {
ShowMsg("文件扩展名已被系统禁止", "javascript:;");
exit();
}
if (is_uploaded_file($upfile)) {
//检查文件类型
$mime = get_mime_type($upfile);


Write Preview
Loading…
Cancel
Save