DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
Browse Source

安全问题修复

tags/6.1.2
tianya 2 years ago
parent
c243c4de33
commit
bc722e2d6c
2 changed files with 11 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +10
    -0
      src/admin/file_class.php
  2. +1
    -0
      src/admin/friendlink_edit.php

+ 10
- 0
src/admin/file_class.php View File

@@ -28,6 +28,16 @@ class FileManagement
{
$oldname = $this->baseDir.$this->activeDir."/".$oldname;
$newname = $this->baseDir.$this->activeDir."/".$newname;
$oldext = pathinfo($oldname)['extension'];
$newext = pathinfo($newname)['extension'];

if ($oldext != $newext) {
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($newname))) {
ShowMsg("您指定的文件名被系统禁止", "javascript:;");
exit();
}
}
if (($newname != $oldname) && is_writable($oldname)) {
rename($oldname, $newname);
}


+ 1
- 0
src/admin/friendlink_edit.php View File

@@ -58,5 +58,6 @@ if ($dopost == "delete") {
ShowMsg("成功修改一个链接", $ENV_GOBACK_URL);
exit();
}
$id = preg_replace("#[^0-9]#", "", $id);
$myLink = $dsql->GetOne("SELECT `#@__flink`.*,`#@__flinktype`.typename FROM `#@__flink` LEFT JOIN `#@__flinktype` ON `#@__flink`.typeid=`#@__flinktype`.id WHERE `#@__flink`.id=$id");
include DedeInclude('templets/friendlink_edit.htm');

Write Preview
Loading…
Cancel
Save