@@ -58,6 +58,10 @@ if (!empty($newname)) { | |||||
} | } | ||||
$filename = $filename.'.'.$fs[count($fs) - 1]; | $filename = $filename.'.'.$fs[count($fs) - 1]; | ||||
} | } | ||||
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))) { | |||||
ShowMsg("你指定的文件名被系统禁止",'javascript:;'); | |||||
exit(); | |||||
} | |||||
$fullfilename = $cfg_basedir.$activepath.'/'.$filename; | $fullfilename = $cfg_basedir.$activepath.'/'.$filename; | ||||
$fullfileurl = $activepath.'/'.$filename; | $fullfileurl = $activepath.'/'.$filename; | ||||
$mime = get_mime_type($uploadfile); | $mime = get_mime_type($uploadfile); | ||||
@@ -52,10 +52,9 @@ if ($dopost == "upload") { | |||||
MkdirAll($cfg_basedir.$savePath, 777); | MkdirAll($cfg_basedir.$savePath, 777); | ||||
CloseFtp(); | CloseFtp(); | ||||
} | } | ||||
//后台文件任意上传漏洞:早期版本后台存在大量的富文本修改器,该控件提供了一些文件上传接口,同时对上传文件的后缀类型未进行严格的限制,这导致了黑客可以上传WEBSHELL,获取网站后台权限 | |||||
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) { | |||||
ShowMsg("您指定的文件名被系统禁止", "javascript:;"); | |||||
exit(); | |||||
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))) { | |||||
ShowMsg("你指定的文件名被系统禁止!",'javascript:;'); | |||||
exit(); | |||||
} | } | ||||
$fullfilename = $cfg_basedir.$filename; | $fullfilename = $cfg_basedir.$filename; | ||||
$mime = get_mime_type(${"upfile".$i}); | $mime = get_mime_type(${"upfile".$i}); | ||||
@@ -155,7 +155,7 @@ else if ($dopost == 'save') { | |||||
$softurl1 = stripslashes($softurl1); | $softurl1 = stripslashes($softurl1); | ||||
$nsoftsize = ''; | $nsoftsize = ''; | ||||
if ($softurl1 != '') { | if ($softurl1 != '') { | ||||
$urls .= "{dede:link islocal='1' text='{$servermsg1}'} $softurl1 {/dede:link}\r\n"; | |||||
if (preg_match("#}(.*?){/dede:link}{dede:#sim", $servermsg1) != 1) { $urls .= "{dede:link islocal='1' text='{$servermsg1}'} $softurl1 {/dede:link}\r\n"; } | |||||
$autosize = empty($autosize) ? FALSE : TRUE; | $autosize = empty($autosize) ? FALSE : TRUE; | ||||
if ($autosize && empty($softsize)) { | if ($autosize && empty($softsize)) { | ||||
$nsoftsize = @filesize($cfg_basedir.$softurl1); | $nsoftsize = @filesize($cfg_basedir.$softurl1); | ||||
@@ -53,7 +53,8 @@ if (empty($typeid)) { | |||||
} | } | ||||
} | } | ||||
} | } | ||||
$keyword = addslashes(cn_substr($keyword, 30)); | |||||
$typeid = intval($typeid); | |||||
$keyword = addslashes(cn_substr($keyword,30)); | |||||
$typeid = intval($typeid); | $typeid = intval($typeid); | ||||
if ($cfg_notallowstr != '' && preg_match("#".$cfg_notallowstr."#i", $keyword)) { | if ($cfg_notallowstr != '' && preg_match("#".$cfg_notallowstr."#i", $keyword)) { | ||||
ShowMsg("您的搜索关键词中存在非法文档,被系统禁止", "-1"); | ShowMsg("您的搜索关键词中存在非法文档,被系统禁止", "-1"); | ||||
@@ -33,7 +33,7 @@ function _FilterAll($fk, &$svar) | |||||
$svar = preg_replace('/'.$cfg_replacestr.'/i', "***", $svar); | $svar = preg_replace('/'.$cfg_replacestr.'/i', "***", $svar); | ||||
} | } | ||||
} | } | ||||
return $svar; | |||||
return addslashes($svar); | |||||
} | } | ||||
/* 对_GET,_POST,_COOKIE进行过滤 */ | /* 对_GET,_POST,_COOKIE进行过滤 */ | ||||
foreach (array('_GET', '_POST', '_COOKIE') as $_request) { | foreach (array('_GET', '_POST', '_COOKIE') as $_request) { | ||||