Explorar el Código

文件上传漏洞修复

tags/6.2.12
tianya hace 8 meses
padre
commit
0bfb60f3ac
Se han modificado 1 ficheros con 4 adiciones y 0 borrados
  1. +4
    -0
      src/admin/file_manage_control.php

+ 4
- 0
src/admin/file_manage_control.php Ver fichero

@@ -69,6 +69,10 @@ else if ($fmdo == "upload") {
}
$upfile = ${$upfile};
$upfile_name = ${$upfile_name};
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($upfile_name))) {
ShowMsg("文件扩展名已被系统禁止", "javascript:;");
exit();
}
if (is_uploaded_file($upfile)) {
//检查文件类型
$mime = get_mime_type($upfile);


Cargando…
Cancelar
Guardar