From 2f5502ba3e1fede815743497fe004a12109164b7 Mon Sep 17 00:00:00 2001
From: tianya <tianya@benshar.com>
Date: Thu, 10 Mar 2022 21:30:43 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AE=89=E5=85=A8=E9=97=AE=E9=A2=98=E4=BF=AE?=
 =?UTF-8?q?=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/admin/file_manage_control.php | 4 ++++
 src/admin/media_add.php           | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/admin/file_manage_control.php b/src/admin/file_manage_control.php
index 5226f2fc..35ccddc6 100644
--- a/src/admin/file_manage_control.php
+++ b/src/admin/file_manage_control.php
@@ -55,6 +55,10 @@ function __saveEdit();
 else if ($fmdo == "edit") {
     CheckCSRF();
     $filename = str_replace("..", "", $filename);
+    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
+        ShowMsg("您指定的文件名被系统禁止", "javascript:;");
+        exit();
+    }
     $file = "$cfg_basedir$activepath/$filename";
     $str = stripslashes($str);
     $fp = fopen($file, "w");
diff --git a/src/admin/media_add.php b/src/admin/media_add.php
index a508184d..66cb921c 100644
--- a/src/admin/media_add.php
+++ b/src/admin/media_add.php
@@ -60,7 +60,7 @@ if ($dopost == "upload") {
 			dedecms后台文件任意上传漏洞
 			漏洞描述：dedecms早期版本后台存在大量的富文本编辑器，该控件提供了一些文件上传接口，同时dedecms对上传文件的后缀类型未进行严格的限制，这导致了黑客可以上传WEBSHELL，获取网站后台权限
 			*/
-            if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))) {
+            if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
                 ShowMsg("您指定的文件名被系统禁止", "javascript:;");
                 exit();
             }