From 2e74b5bc83ba80f989c8062a6dc54806fa22a428 Mon Sep 17 00:00:00 2001
From: tianya <yanghuxiao@vip.qq.com>
Date: Sun, 31 Dec 2023 22:31:32 +0800
Subject: [PATCH] =?UTF-8?q?=E7=B3=BB=E7=BB=9F=E5=AE=89=E5=85=A8=E6=8F=90?=
 =?UTF-8?q?=E5=8D=87?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/admin/api.php                     | 2 +-
 src/admin/dialog/select_soft_post.php | 2 +-
 src/admin/file_manage_control.php     | 8 ++++++--
 src/admin/file_manage_view.php        | 3 +++
 src/admin/makehtml_homepage.php       | 2 +-
 src/admin/media_add.php               | 2 +-
 src/system/common.func.php            | 2 +-
 src/system/helpers/upload.helper.php  | 4 ++--
 src/system/uploadsafe.inc.php         | 2 +-
 9 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/src/admin/api.php b/src/admin/api.php
index e12f54c9..3b9e4e45 100644
--- a/src/admin/api.php
+++ b/src/admin/api.php
@@ -393,7 +393,7 @@ if ($action === 'is_need_check_code') {
     $filename = $filename.'.'.$fs[count($fs) - 1];
     $filename_name = $filename_name.'.'.$fs[count($fs) - 1];
     $fullfilename = $cfg_basedir.$activepath."/".$filename;
-    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($fullfilename))) {
+    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($fullfilename))) {
         echo json_encode(array(
             "code" => -1,
             "uploaded" => 0,
diff --git a/src/admin/dialog/select_soft_post.php b/src/admin/dialog/select_soft_post.php
index b6f87426..b7225e47 100644
--- a/src/admin/dialog/select_soft_post.php
+++ b/src/admin/dialog/select_soft_post.php
@@ -58,7 +58,7 @@ if (!empty($newname)) {
     }
     $filename = $filename.'.'.$fs[count($fs) - 1];
 }
-if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
+if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($filename))) {
     ShowMsg("文件扩展名已被系统禁止", "javascript:;");
     exit();
 }
diff --git a/src/admin/file_manage_control.php b/src/admin/file_manage_control.php
index 73eabd7a..6d5353f4 100644
--- a/src/admin/file_manage_control.php
+++ b/src/admin/file_manage_control.php
@@ -86,11 +86,15 @@ else if ($fmdo == "del") {
 else if ($fmdo == "edit") {
     CheckCSRF();
     $filename = str_replace("..", "", $filename);
-    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
+    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($filename))) {
         ShowMsg("文件扩展名已被系统禁止", "javascript:;");
         exit();
     }
     $file = "$cfg_basedir$activepath/$filename";
+    if (in_array($file,$realFiles)) {
+        ShowMsg("系统文件禁止编辑", "javascript:;");
+        exit();
+    }
     $str = stripslashes($str);
     $fp = fopen($file, "w");
     fputs($fp, $str);
@@ -113,7 +117,7 @@ else if ($fmdo == "upload") {
         }
         $upfile = ${$upfile};
         $upfile_name = ${$upfile_name};
-        if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($upfile_name))) {
+        if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($upfile_name))) {
             ShowMsg("文件扩展名已被系统禁止", "javascript:;");
             exit();
         }
diff --git a/src/admin/file_manage_view.php b/src/admin/file_manage_view.php
index c35ff352..2e3865de 100644
--- a/src/admin/file_manage_view.php
+++ b/src/admin/file_manage_view.php
@@ -86,6 +86,9 @@ else if ($fmdo == "del") {
 }
 //修改文件
 else if ($fmdo == "edit") {
+    if (DEDEBIZ_SAFE_MODE) {
+        die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+    }
     if (!isset($backurl)) {
         $backurl = '';
     }
diff --git a/src/admin/makehtml_homepage.php b/src/admin/makehtml_homepage.php
index 6ea8af51..80fd2d53 100644
--- a/src/admin/makehtml_homepage.php
+++ b/src/admin/makehtml_homepage.php
@@ -60,7 +60,7 @@ if ($dopost == "view") {
     }
     $remotepos = empty($remotepos) ? '../index.html' : $remotepos;
     $serviterm = empty($serviterm) ? "" : $serviterm;
-    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($position))) {
+    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($position))) {
         ShowMsg("文件扩展名已被系统禁止", "javascript:;");
         exit();
     }
diff --git a/src/admin/media_add.php b/src/admin/media_add.php
index 22f08f48..1c40309e 100644
--- a/src/admin/media_add.php
+++ b/src/admin/media_add.php
@@ -51,7 +51,7 @@ if ($dopost == "upload") {
             if (!is_dir($cfg_basedir.$savePath)) {
                 MkdirAll($cfg_basedir.$savePath, 777);
             }
-            if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($newname))) { 
+            if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($newname)) || preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) { 
                 ShowMsg("文件扩展名已被系统禁止", "javascript:;"); 
                 exit(); 
             }
diff --git a/src/system/common.func.php b/src/system/common.func.php
index f17323c6..15684151 100755
--- a/src/system/common.func.php
+++ b/src/system/common.func.php
@@ -84,7 +84,7 @@ function get_mime_type($filename)
     }
     $finfo = finfo_open(FILEINFO_MIME_TYPE);
     $mimeType = finfo_file($finfo, $filename);
-    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
+    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($filename))) {
         return 'forbid/octet-stream';
     }
     finfo_close($finfo);
diff --git a/src/system/helpers/upload.helper.php b/src/system/helpers/upload.helper.php
index 80d4ace5..edfbe276 100755
--- a/src/system/helpers/upload.helper.php
+++ b/src/system/helpers/upload.helper.php
@@ -136,7 +136,7 @@ if (!function_exists('MemberUploads')) {
                 exit();
             }
             //强制禁止的文件类型
-            if (preg_match("/(asp|php|pl|cgi|shtm|js)$/", $sname)) {
+            if (preg_match("/(asp|php|pl|cgi|shtm|js|htm)$/", $sname)) {
                 ShowMsg("您上传的文件已被系统禁止", '-1');
                 exit();
             }
@@ -177,7 +177,7 @@ if (!function_exists('MemberUploads')) {
             //强制禁止的文件类型
             if ($handname == '') {
                 return $handname;
-            } else if (preg_match("/\.(asp|php|pl|cgi|shtm|js)$/", $handname)) {
+            } else if (preg_match("/\.(asp|php|pl|cgi|shtm|js|htm)$/", $handname)) {
                 exit('Not allow filename for not safe!');
             } else if (!preg_match("/\.(".$allAllowType.")$/", $handname)) {
                 exit('Not allow filename for filetype!');
diff --git a/src/system/uploadsafe.inc.php b/src/system/uploadsafe.inc.php
index ad4ff6f9..4b818a47 100755
--- a/src/system/uploadsafe.inc.php
+++ b/src/system/uploadsafe.inc.php
@@ -11,7 +11,7 @@ if (isset($_FILES['GLOBALS'])) exit ('Request not allow!');
  * @link           https://www.dedebiz.com
  */
 //为了防止会员通过注入，这里强制限定的某些文件类型禁止上传
-$cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml";
+$cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml|htm";
 $keyarr = array('name', 'type', 'tmp_name', 'size');
 if (
     ($GLOBALS['cfg_html_editor'] == 'ckeditor' ||