Browse Source

系统安全提升

tags/6.3.0
tianya 9 months ago
parent
commit
2e74b5bc83
9 changed files with 17 additions and 10 deletions
  1. +1
    -1
      src/admin/api.php
  2. +1
    -1
      src/admin/dialog/select_soft_post.php
  3. +6
    -2
      src/admin/file_manage_control.php
  4. +3
    -0
      src/admin/file_manage_view.php
  5. +1
    -1
      src/admin/makehtml_homepage.php
  6. +1
    -1
      src/admin/media_add.php
  7. +1
    -1
      src/system/common.func.php
  8. +2
    -2
      src/system/helpers/upload.helper.php
  9. +1
    -1
      src/system/uploadsafe.inc.php

+ 1
- 1
src/admin/api.php View File

@@ -393,7 +393,7 @@ if ($action === 'is_need_check_code') {
$filename = $filename.'.'.$fs[count($fs) - 1];
$filename_name = $filename_name.'.'.$fs[count($fs) - 1];
$fullfilename = $cfg_basedir.$activepath."/".$filename;
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($fullfilename))) {
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($fullfilename))) {
echo json_encode(array(
"code" => -1,
"uploaded" => 0,


+ 1
- 1
src/admin/dialog/select_soft_post.php View File

@@ -58,7 +58,7 @@ if (!empty($newname)) {
}
$filename = $filename.'.'.$fs[count($fs) - 1];
}
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($filename))) {
ShowMsg("文件扩展名已被系统禁止", "javascript:;");
exit();
}


+ 6
- 2
src/admin/file_manage_control.php View File

@@ -86,11 +86,15 @@ else if ($fmdo == "del") {
else if ($fmdo == "edit") {
CheckCSRF();
$filename = str_replace("..", "", $filename);
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($filename))) {
ShowMsg("文件扩展名已被系统禁止", "javascript:;");
exit();
}
$file = "$cfg_basedir$activepath/$filename";
if (in_array($file,$realFiles)) {
ShowMsg("系统文件禁止编辑", "javascript:;");
exit();
}
$str = stripslashes($str);
$fp = fopen($file, "w");
fputs($fp, $str);
@@ -113,7 +117,7 @@ else if ($fmdo == "upload") {
}
$upfile = ${$upfile};
$upfile_name = ${$upfile_name};
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($upfile_name))) {
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($upfile_name))) {
ShowMsg("文件扩展名已被系统禁止", "javascript:;");
exit();
}


+ 3
- 0
src/admin/file_manage_view.php View File

@@ -86,6 +86,9 @@ else if ($fmdo == "del") {
}
//修改文件
else if ($fmdo == "edit") {
if (DEDEBIZ_SAFE_MODE) {
die(DedeAlert("系统已启用安全模式,无法使用当前功能",ALERT_DANGER));
}
if (!isset($backurl)) {
$backurl = '';
}


+ 1
- 1
src/admin/makehtml_homepage.php View File

@@ -60,7 +60,7 @@ if ($dopost == "view") {
}
$remotepos = empty($remotepos) ? '../index.html' : $remotepos;
$serviterm = empty($serviterm) ? "" : $serviterm;
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($position))) {
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($position))) {
ShowMsg("文件扩展名已被系统禁止", "javascript:;");
exit();
}


+ 1
- 1
src/admin/media_add.php View File

@@ -51,7 +51,7 @@ if ($dopost == "upload") {
if (!is_dir($cfg_basedir.$savePath)) {
MkdirAll($cfg_basedir.$savePath, 777);
}
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($newname))) {
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($newname)) || preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
ShowMsg("文件扩展名已被系统禁止", "javascript:;");
exit();
}


+ 1
- 1
src/system/common.func.php View File

@@ -84,7 +84,7 @@ function get_mime_type($filename)
}
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mimeType = finfo_file($finfo, $filename);
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($filename))) {
return 'forbid/octet-stream';
}
finfo_close($finfo);


+ 2
- 2
src/system/helpers/upload.helper.php View File

@@ -136,7 +136,7 @@ if (!function_exists('MemberUploads')) {
exit();
}
//强制禁止的文件类型
if (preg_match("/(asp|php|pl|cgi|shtm|js)$/", $sname)) {
if (preg_match("/(asp|php|pl|cgi|shtm|js|htm)$/", $sname)) {
ShowMsg("您上传的文件已被系统禁止", '-1');
exit();
}
@@ -177,7 +177,7 @@ if (!function_exists('MemberUploads')) {
//强制禁止的文件类型
if ($handname == '') {
return $handname;
} else if (preg_match("/\.(asp|php|pl|cgi|shtm|js)$/", $handname)) {
} else if (preg_match("/\.(asp|php|pl|cgi|shtm|js|htm)$/", $handname)) {
exit('Not allow filename for not safe!');
} else if (!preg_match("/\.(".$allAllowType.")$/", $handname)) {
exit('Not allow filename for filetype!');


+ 1
- 1
src/system/uploadsafe.inc.php View File

@@ -11,7 +11,7 @@ if (isset($_FILES['GLOBALS'])) exit ('Request not allow!');
* @link https://www.dedebiz.com
*/
//为了防止会员通过注入,这里强制限定的某些文件类型禁止上传
$cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml";
$cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml|htm";
$keyarr = array('name', 'type', 'tmp_name', 'size');
if (
($GLOBALS['cfg_html_editor'] == 'ckeditor' ||


Loading…
Cancel
Save