叙述、别离
3 years ago
5 changed files with 11 additions and 7 deletions
Unified View
Diff Options
-
+4 -0src/admin/dialog/select_soft_post.php
-
+3 -4src/admin/media_add.php
-
+1 -1src/admin/soft_add.php
-
+2 -1src/apps/search.php
-
+1 -1src/system/filter.inc.php
+ 4
- 0
src/admin/dialog/select_soft_post.php
View File
| @@ -58,6 +58,10 @@ if (!empty($newname)) { | |||||
| } | } | ||||
| $filename = $filename.'.'.$fs[count($fs) - 1]; | $filename = $filename.'.'.$fs[count($fs) - 1]; | ||||
| } | } | ||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))) { | |||||
| ShowMsg("你指定的文件名被系统禁止",'javascript:;'); | |||||
| exit(); | |||||
| } | |||||
| $fullfilename = $cfg_basedir.$activepath.'/'.$filename; | $fullfilename = $cfg_basedir.$activepath.'/'.$filename; | ||||
| $fullfileurl = $activepath.'/'.$filename; | $fullfileurl = $activepath.'/'.$filename; | ||||
| $mime = get_mime_type($uploadfile); | $mime = get_mime_type($uploadfile); | ||||
+ 3
- 4
src/admin/media_add.php
View File
| @@ -52,10 +52,9 @@ if ($dopost == "upload") { | |||||
| MkdirAll($cfg_basedir.$savePath, 777); | MkdirAll($cfg_basedir.$savePath, 777); | ||||
| CloseFtp(); | CloseFtp(); | ||||
| } | } | ||||
| //后台文件任意上传漏洞:早期版本后台存在大量的富文本修改器,该控件提供了一些文件上传接口,同时对上传文件的后缀类型未进行严格的限制,这导致了黑客可以上传WEBSHELL,获取网站后台权限 | |||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) { | |||||
| ShowMsg("您指定的文件名被系统禁止", "javascript:;"); | |||||
| exit(); | |||||
| if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))) { | |||||
| ShowMsg("你指定的文件名被系统禁止!",'javascript:;'); | |||||
| exit(); | |||||
| } | } | ||||
| $fullfilename = $cfg_basedir.$filename; | $fullfilename = $cfg_basedir.$filename; | ||||
| $mime = get_mime_type(${"upfile".$i}); | $mime = get_mime_type(${"upfile".$i}); | ||||
+ 1
- 1
src/admin/soft_add.php
View File
| @@ -155,7 +155,7 @@ else if ($dopost == 'save') { | |||||
| $softurl1 = stripslashes($softurl1); | $softurl1 = stripslashes($softurl1); | ||||
| $nsoftsize = ''; | $nsoftsize = ''; | ||||
| if ($softurl1 != '') { | if ($softurl1 != '') { | ||||
| $urls .= "{dede:link islocal='1' text='{$servermsg1}'} $softurl1 {/dede:link}\r\n"; | |||||
| if (preg_match("#}(.*?){/dede:link}{dede:#sim", $servermsg1) != 1) { $urls .= "{dede:link islocal='1' text='{$servermsg1}'} $softurl1 {/dede:link}\r\n"; } | |||||
| $autosize = empty($autosize) ? FALSE : TRUE; | $autosize = empty($autosize) ? FALSE : TRUE; | ||||
| if ($autosize && empty($softsize)) { | if ($autosize && empty($softsize)) { | ||||
| $nsoftsize = @filesize($cfg_basedir.$softurl1); | $nsoftsize = @filesize($cfg_basedir.$softurl1); | ||||
+ 2
- 1
src/apps/search.php
View File
| @@ -53,7 +53,8 @@ if (empty($typeid)) { | |||||
| } | } | ||||
| } | } | ||||
| } | } | ||||
| $keyword = addslashes(cn_substr($keyword, 30)); | |||||
| $typeid = intval($typeid); | |||||
| $keyword = addslashes(cn_substr($keyword,30)); | |||||
| $typeid = intval($typeid); | $typeid = intval($typeid); | ||||
| if ($cfg_notallowstr != '' && preg_match("#".$cfg_notallowstr."#i", $keyword)) { | if ($cfg_notallowstr != '' && preg_match("#".$cfg_notallowstr."#i", $keyword)) { | ||||
| ShowMsg("您的搜索关键词中存在非法文档,被系统禁止", "-1"); | ShowMsg("您的搜索关键词中存在非法文档,被系统禁止", "-1"); | ||||
+ 1
- 1
src/system/filter.inc.php
View File
| @@ -33,7 +33,7 @@ function _FilterAll($fk, &$svar) | |||||
| $svar = preg_replace('/'.$cfg_replacestr.'/i', "***", $svar); | $svar = preg_replace('/'.$cfg_replacestr.'/i', "***", $svar); | ||||
| } | } | ||||
| } | } | ||||
| return $svar; | |||||
| return addslashes($svar); | |||||
| } | } | ||||
| /* 对_GET,_POST,_COOKIE进行过滤 */ | /* 对_GET,_POST,_COOKIE进行过滤 */ | ||||
| foreach (array('_GET', '_POST', '_COOKIE') as $_request) { | foreach (array('_GET', '_POST', '_COOKIE') as $_request) { | ||||