1 year ago · 43c5ffff15
--- a/src/admin/dialog/select_soft_post.php
+++ b/src/admin/dialog/select_soft_post.php
@@ -58,6 +58,10 @@ if (!empty($newname)) {
    }
    $filename = $filename.'.'.$fs[count($fs) - 1];
 }
 if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))) {
    ShowMsg("你指定的文件名被系统禁止",'javascript:;');
    exit();
 }
 $fullfilename = $cfg_basedir.$activepath.'/'.$filename;
 $fullfileurl = $activepath.'/'.$filename;
 $mime = get_mime_type($uploadfile);
--- a/src/admin/media_add.php
+++ b/src/admin/media_add.php
@@ -52,10 +52,9 @@ if ($dopost == "upload") {
                MkdirAll($cfg_basedir.$savePath, 777);
                CloseFtp();
            }
 			//后台文件任意上传漏洞：早期版本后台存在大量的富文本修改器，该控件提供了一些文件上传接口，同时对上传文件的后缀类型未进行严格的限制，这导致了黑客可以上传WEBSHELL，获取网站后台权限
            if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
                ShowMsg("您指定的文件名被系统禁止", "javascript:;");
                exit();
            if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))) { 
                ShowMsg("你指定的文件名被系统禁止！",'javascript:;'); 
                exit(); 
            }
            $fullfilename = $cfg_basedir.$filename;
            $mime = get_mime_type(${"upfile".$i});
--- a/src/admin/soft_add.php
+++ b/src/admin/soft_add.php
@@ -155,7 +155,7 @@ else if ($dopost == 'save') {
    $softurl1 = stripslashes($softurl1);
    $nsoftsize = '';
    if ($softurl1 != '') {
        $urls .= "{dede:link islocal='1' text='{$servermsg1}'} $softurl1 {/dede:link}\r\n";
        if (preg_match("#}(.*?){/dede:link}{dede:#sim", $servermsg1) != 1) { $urls .= "{dede:link islocal='1' text='{$servermsg1}'} $softurl1 {/dede:link}\r\n"; }
        $autosize = empty($autosize) ? FALSE : TRUE;
        if ($autosize && empty($softsize)) {
            $nsoftsize = @filesize($cfg_basedir.$softurl1);
--- a/src/apps/search.php
+++ b/src/apps/search.php
@@ -53,7 +53,8 @@ if (empty($typeid)) {
        }
    }
 }
 $keyword = addslashes(cn_substr($keyword, 30));
 $typeid = intval($typeid);
 $keyword = addslashes(cn_substr($keyword,30));
 $typeid = intval($typeid);
 if ($cfg_notallowstr != '' && preg_match("#".$cfg_notallowstr."#i", $keyword)) {
    ShowMsg("您的搜索关键词中存在非法文档，被系统禁止", "-1");
--- a/src/system/filter.inc.php
+++ b/src/system/filter.inc.php
@@ -33,7 +33,7 @@ function _FilterAll($fk, &$svar)
            $svar = preg_replace('/'.$cfg_replacestr.'/i', "***", $svar);
        }
    }
    return $svar;
    return addslashes($svar);
 }
 /* 对_GET,_POST,_COOKIE进行过滤 */
 foreach (array('_GET', '_POST', '_COOKIE') as $_request) {