@@ -45,7 +45,7 @@ if (!empty($newname)) { | |||||
if (!preg_match("#\.#", $filename)) $fs = explode('.', $uploadfile_name); | if (!preg_match("#\.#", $filename)) $fs = explode('.', $uploadfile_name); | ||||
else $fs = explode('.', $filename); | else $fs = explode('.', $filename); | ||||
if (preg_match("#".$cfg_not_allowall."#", $fs[count($fs) - 1])) { | if (preg_match("#".$cfg_not_allowall."#", $fs[count($fs) - 1])) { | ||||
ShowMsg("指定的文件名已被系统禁止", 'javascript:;'); | |||||
ShowMsg("指定的文件名已被系统禁止", "javascript:;"); | |||||
exit(); | exit(); | ||||
} | } | ||||
if (!preg_match("#\.#", $filename)) $filename = $filename.'.'.$fs[count($fs) - 1]; | if (!preg_match("#\.#", $filename)) $filename = $filename.'.'.$fs[count($fs) - 1]; | ||||
@@ -58,8 +58,8 @@ if (!empty($newname)) { | |||||
} | } | ||||
$filename = $filename.'.'.$fs[count($fs) - 1]; | $filename = $filename.'.'.$fs[count($fs) - 1]; | ||||
} | } | ||||
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))) { | |||||
ShowMsg("指定的文件名已被系统禁止",'javascript:;'); | |||||
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($filename))) { | |||||
ShowMsg("指定的文件名已被系统禁止", "javascript:;"); | |||||
exit(); | exit(); | ||||
} | } | ||||
$fullfilename = $cfg_basedir.$activepath.'/'.$filename; | $fullfilename = $cfg_basedir.$activepath.'/'.$filename; | ||||
@@ -30,14 +30,12 @@ class FileManagement | |||||
$newname = $this->baseDir.$this->activeDir."/".$newname; | $newname = $this->baseDir.$this->activeDir."/".$newname; | ||||
$oldext = pathinfo($oldname)['extension']; | $oldext = pathinfo($oldname)['extension']; | ||||
$newext = pathinfo($newname)['extension']; | $newext = pathinfo($newname)['extension']; | ||||
if ($oldext != $newext) { | if ($oldext != $newext) { | ||||
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($newname))) { | if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($newname))) { | ||||
ShowMsg("指定的文件名已被系统禁止", "javascript:;"); | ShowMsg("指定的文件名已被系统禁止", "javascript:;"); | ||||
exit(); | exit(); | ||||
} | } | ||||
} | } | ||||
if (($newname != $oldname) && is_writable($oldname)) { | if (($newname != $oldname) && is_writable($oldname)) { | ||||
rename($oldname, $newname); | rename($oldname, $newname); | ||||
} | } | ||||
@@ -52,8 +52,8 @@ if ($dopost == "upload") { | |||||
MkdirAll($cfg_basedir.$savePath, 777); | MkdirAll($cfg_basedir.$savePath, 777); | ||||
CloseFtp(); | CloseFtp(); | ||||
} | } | ||||
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))) { | |||||
ShowMsg("指定的文件名已被系统禁止",'javascript:;'); | |||||
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($newname))) { | |||||
ShowMsg("指定的文件名已被系统禁止", "javascript:;"); | |||||
exit(); | exit(); | ||||
} | } | ||||
$fullfilename = $cfg_basedir.$filename; | $fullfilename = $cfg_basedir.$filename; | ||||