3 months ago · 2e74b5bc83
--- a/src/admin/api.php
+++ b/src/admin/api.php
@@ -393,7 +393,7 @@ if ($action === 'is_need_check_code') {
    $filename = $filename.'.'.$fs[count($fs) - 1];
    $filename_name = $filename_name.'.'.$fs[count($fs) - 1];
    $fullfilename = $cfg_basedir.$activepath."/".$filename;
    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($fullfilename))) {
    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($fullfilename))) {
        echo json_encode(array(
            "code" => -1,
            "uploaded" => 0,
--- a/src/admin/dialog/select_soft_post.php
+++ b/src/admin/dialog/select_soft_post.php
@@ -58,7 +58,7 @@ if (!empty($newname)) {
    }
    $filename = $filename.'.'.$fs[count($fs) - 1];
 }
 if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
 if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($filename))) {
    ShowMsg("文件扩展名已被系统禁止", "javascript:;");
    exit();
 }
--- a/src/admin/file_manage_control.php
+++ b/src/admin/file_manage_control.php
@@ -86,11 +86,15 @@ else if ($fmdo == "del") {
 else if ($fmdo == "edit") {
    CheckCSRF();
    $filename = str_replace("..", "", $filename);
    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($filename))) {
        ShowMsg("文件扩展名已被系统禁止", "javascript:;");
        exit();
    }
    $file = "$cfg_basedir$activepath/$filename";
    if (in_array($file,$realFiles)) {
        ShowMsg("系统文件禁止编辑", "javascript:;");
        exit();
    }
    $str = stripslashes($str);
    $fp = fopen($file, "w");
    fputs($fp, $str);
@@ -113,7 +117,7 @@ else if ($fmdo == "upload") {
        }
        $upfile = ${$upfile};
        $upfile_name = ${$upfile_name};
        if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($upfile_name))) {
        if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($upfile_name))) {
            ShowMsg("文件扩展名已被系统禁止", "javascript:;");
            exit();
        }
--- a/src/admin/file_manage_view.php
+++ b/src/admin/file_manage_view.php
@@ -86,6 +86,9 @@ else if ($fmdo == "del") {
 }
 //修改文件
 else if ($fmdo == "edit") {
    if (DEDEBIZ_SAFE_MODE) {
        die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
    }
    if (!isset($backurl)) {
        $backurl = '';
    }
--- a/src/admin/makehtml_homepage.php
+++ b/src/admin/makehtml_homepage.php
@@ -60,7 +60,7 @@ if ($dopost == "view") {
    }
    $remotepos = empty($remotepos) ? '../index.html' : $remotepos;
    $serviterm = empty($serviterm) ? "" : $serviterm;
    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($position))) {
    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($position))) {
        ShowMsg("文件扩展名已被系统禁止", "javascript:;");
        exit();
    }
--- a/src/admin/media_add.php
+++ b/src/admin/media_add.php
@@ -51,7 +51,7 @@ if ($dopost == "upload") {
            if (!is_dir($cfg_basedir.$savePath)) {
                MkdirAll($cfg_basedir.$savePath, 777);
            }
            if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($newname))) { 
            if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($newname)) || preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) { 
                ShowMsg("文件扩展名已被系统禁止", "javascript:;"); 
                exit(); 
            }
--- a/src/system/common.func.php
+++ b/src/system/common.func.php
@@ -84,7 +84,7 @@ function get_mime_type($filename)
    }
    $finfo = finfo_open(FILEINFO_MIME_TYPE);
    $mimeType = finfo_file($finfo, $filename);
    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($filename))) {
        return 'forbid/octet-stream';
    }
    finfo_close($finfo);
--- a/src/system/helpers/upload.helper.php
+++ b/src/system/helpers/upload.helper.php
@@ -136,7 +136,7 @@ if (!function_exists('MemberUploads')) {
                exit();
            }
            //强制禁止的文件类型
            if (preg_match("/(asp|php|pl|cgi|shtm|js)$/", $sname)) {
            if (preg_match("/(asp|php|pl|cgi|shtm|js|htm)$/", $sname)) {
                ShowMsg("您上传的文件已被系统禁止", '-1');
                exit();
            }
@@ -177,7 +177,7 @@ if (!function_exists('MemberUploads')) {
            //强制禁止的文件类型
            if ($handname == '') {
                return $handname;
            } else if (preg_match("/\.(asp|php|pl|cgi|shtm|js)$/", $handname)) {
            } else if (preg_match("/\.(asp|php|pl|cgi|shtm|js|htm)$/", $handname)) {
                exit('Not allow filename for not safe!');
            } else if (!preg_match("/\.(".$allAllowType.")$/", $handname)) {
                exit('Not allow filename for filetype!');
--- a/src/system/uploadsafe.inc.php
+++ b/src/system/uploadsafe.inc.php
@@ -11,7 +11,7 @@ if (isset($_FILES['GLOBALS'])) exit ('Request not allow!');
 * @link           https://www.dedebiz.com
 */
 //为了防止会员通过注入，这里强制限定的某些文件类型禁止上传
 $cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml";
 $cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml|htm";
 $keyarr = array('name', 'type', 'tmp_name', 'size');
 if (
    ($GLOBALS['cfg_html_editor'] == 'ckeditor' ||