Browse Source

常规安全问题修复

tags/6.2.8
tianya 10 months ago
parent
commit
c366541f94
4 changed files with 46 additions and 10 deletions
  1. +5
    -0
      src/admin/article_test_same.php
  2. +31
    -6
      src/admin/index_body.php
  3. +5
    -2
      src/system/database/dedesqli.class.php
  4. +5
    -2
      src/system/database/dedesqlite.class.php

+ 5
- 0
src/admin/article_test_same.php View File

@@ -20,6 +20,7 @@ if ($dopost == 'analyse') {
showmsg('栏目id不正确,无法处理', 'javascript:;');
exit();
}
$pagesize = intval($pagesize);
$dsql->SetQuery("SELECT COUNT(title) AS dd,title FROM `$maintable` WHERE channel='$channelid' GROUP BY title ORDER BY dd DESC LIMIT 0, $pagesize");
$dsql->Execute();
$allarc = 0;
@@ -36,6 +37,10 @@ else if ($dopost == 'delsel') {
echo "没有指定删除的文档";
exit();
}
if (!$dsql->IsTable($maintable)) {
ShowMsg("数据表名称错误", "javascript:;");
exit();
}
$titless = split('`', $titles);
if ($channelid < -1) {
$orderby = ($deltype == 'delnew' ? " ORDER BY aid DESC " : " ORDER BY aid ASC ");


+ 31
- 6
src/admin/index_body.php View File

@@ -65,18 +65,43 @@ if (empty($dopost)) {
<?php
exit;
} elseif ($dopost == "system_info") {
if (!extension_loaded("openssl")) {
if (empty(trim($cfg_auth_code))) {
$indexHTML = "";
if (file_exists(DEDEROOT."/index.html")) {
$indexHTML = file_get_contents(DEDEROOT."/index.html");
} else {
$row = $dsql->GetOne("SELECT * FROM `#@__homepageset`");
$row['templet'] = MfTemplet($row['templet']);
$pv = new PartView();
$pv->SetTemplet($cfg_basedir.$cfg_templets_dir."/".$row['templet']);
$row['showmod'] = isset($row['showmod']) ? $row['showmod'] : 0;
if ($row['showmod'] == 0) {
ob_start();
$pv->Display();
$indexHTML = ob_get_contents();
ob_end_clean();
}
}
$pattern = '/<a\s[^>]*href=["\']?([^"\'>\s]*)["\']?[^>]*>/is';
preg_match_all($pattern, $indexHTML, $matches);
$hasPowered = false;
foreach ($matches[1] as $href) {
if (preg_match("#^https://www.dedebiz.com#",$href)) {
$hasPowered = true;
}
}
$poweredStr = $hasPowered? "" : "请保留正确的<a href='https://www.dedebiz.com/powered_by_dedebiz' class='text-primary'>底部版权信息</a>,";
echo json_encode(array(
"code" => -1001,
"msg" => "PHP不支持OpenSSL,无法完成商业版授权",
"code" => -1002,
"msg" => "当前站点已授权社区版,{$poweredStr}获取更多官方技术支持,请选择<a href='https://www.dedebiz.com/auth' class='text-primary'>商业版</a>",
"result" => null,
));
exit;
}
if (empty(trim($cfg_auth_code))) {
if (!extension_loaded("openssl")) {
echo json_encode(array(
"code" => -1002,
"msg" => "当前站点已授权社区版,获取更多官方技术支持,请选择<a href='https://www.dedebiz.com/auth' class='text-primary'>商业版</a>",
"code" => -1001,
"msg" => "PHP不支持OpenSSL,无法完成商业版授权",
"result" => null,
));
exit;


+ 5
- 2
src/system/database/dedesqli.class.php View File

@@ -375,11 +375,14 @@ class DedeSqli
function IsTable($tbname)
{
global $dsqli;
$prefix = "#@__";
$tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname);
if (!preg_match('/^[\p{L}_][\p{L}\p{N}@$#\-_]*$/u', $tbname)) {
return FALSE;
}
if (!$dsqli->isInit) {
$this->Init($this->pconnect);
}
$prefix = "#@__";
$tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname);
if (mysqli_num_rows(@mysqli_query($this->linkID, "SHOW TABLES LIKE '".$tbname."'"))) {
return TRUE;
}


+ 5
- 2
src/system/database/dedesqlite.class.php View File

@@ -352,11 +352,14 @@ class DedeSqlite
function IsTable($tbname)
{
global $dsqlite;
$prefix = "#@__";
$tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname);
if (!preg_match('/^[\p{L}_][\p{L}\p{N}@$#\-_]*$/u', $tbname)) {
return FALSE;
}
if (!$dsqlite->isInit) {
$this->Init($this->pconnect);
}
$prefix = "#@__";
$tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname);
$row = $this->linkID->querySingle("PRAGMA table_info({$tbname});");
if ($row !== null) {
return TRUE;


Loading…
Cancel
Save