Bladeren bron

安全调整检查

tags/6.2.0
叙述、别离 1 jaar geleden
bovenliggende
commit
f7ece4b6c9
3 gewijzigde bestanden met toevoegingen van 5 en 7 verwijderingen
  1. +3
    -3
      src/admin/dialog/select_soft_post.php
  2. +0
    -2
      src/admin/file_class.php
  3. +2
    -2
      src/admin/media_add.php

+ 3
- 3
src/admin/dialog/select_soft_post.php Bestand weergeven

@@ -45,7 +45,7 @@ if (!empty($newname)) {
if (!preg_match("#\.#", $filename)) $fs = explode('.', $uploadfile_name);
else $fs = explode('.', $filename);
if (preg_match("#".$cfg_not_allowall."#", $fs[count($fs) - 1])) {
ShowMsg("指定的文件名已被系统禁止", 'javascript:;');
ShowMsg("指定的文件名已被系统禁止", "javascript:;");
exit();
}
if (!preg_match("#\.#", $filename)) $filename = $filename.'.'.$fs[count($fs) - 1];
@@ -58,8 +58,8 @@ if (!empty($newname)) {
}
$filename = $filename.'.'.$fs[count($fs) - 1];
}
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))) {
ShowMsg("指定的文件名已被系统禁止",'javascript:;');
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) {
ShowMsg("指定的文件名已被系统禁止", "javascript:;");
exit();
}
$fullfilename = $cfg_basedir.$activepath.'/'.$filename;


+ 0
- 2
src/admin/file_class.php Bestand weergeven

@@ -30,14 +30,12 @@ class FileManagement
$newname = $this->baseDir.$this->activeDir."/".$newname;
$oldext = pathinfo($oldname)['extension'];
$newext = pathinfo($newname)['extension'];

if ($oldext != $newext) {
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($newname))) {
ShowMsg("指定的文件名已被系统禁止", "javascript:;");
exit();
}
}
if (($newname != $oldname) && is_writable($oldname)) {
rename($oldname, $newname);
}


+ 2
- 2
src/admin/media_add.php Bestand weergeven

@@ -52,8 +52,8 @@ if ($dopost == "upload") {
MkdirAll($cfg_basedir.$savePath, 777);
CloseFtp();
}
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))) {
ShowMsg("指定的文件名已被系统禁止",'javascript:;');
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($newname))) {
ShowMsg("指定的文件名已被系统禁止", "javascript:;");
exit();
}
$fullfilename = $cfg_basedir.$filename;


Laden…
Annuleren
Opslaan