DedeBIZ
/
DedeV6
关注 2
点赞 0
派生 0
代码 合并请求 0 版本发布 31 动态
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
2050 提交
3 分支
93MB
目录树: 89254ff12f
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '89254ff12f'
${ noResults }
DedeV6/src/admin/sys_safetest.php

114 行
4.0KB
原始文件 Blame 文件历史 

  1. <?php

  2. /**

  3.  * 文件扫描工具

  4.  *

  5.  * @version        $id:sys_safetest.php 2 9:25 2010-11-12 tianya $

  6.  * @package        DedeBIZ.Administrator

  7.  * @copyright      Copyright (c) 2022 DedeBIZ.COM

  8.  * @license        https://www.dedebiz.com/license

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. require_once(dirname(__FILE__).'/config.php');

  12. require_once(DEDEINC.'/libraries/dedehttpdown.class.php');

  13. CheckPurview('sys_Edit');

  14. if (empty($action)) $action = '';

  15. if (empty($filetype)) $filetype = 'php|inc';

  16. if (empty($info)) $info = 'eval|cmd|system|exec|_GET|_POST|_REQUEST|base64_decode';

  17. $fileHashURL = "https://cdn.dedebiz.com/release/{$cfg_version_detail}.json";

  18. $del = new DedeHttpDown();

  19. $del->OpenUrl($fileHashURL);

  20. $filelist = $del->GetJSON();

  21. $offFiles = array();

  22. foreach ($filelist as $key => $ff) {

  23.     $offFiles[$ff->filename] = $ff->hash;

  24. }

  25. $alter = "";

  26. if (count($offFiles) == 0) {

  27.     $alter = DedeAlert('官方文件服务器通信失败,无法保证本地文件和同官方文件服务器是否一致', ALERT_DANGER);

  28. }

  29. function TestOneFile($f)

  30. {

  31.     global $message, $info, $offFiles;

  32.     $str = '';

  33.     //排除safefile和data/tplcache目录

  34.     if (preg_match("#data/tplcache|.svn|data/cache#", $f)) return -1;

  35.     $fp = fopen($f, 'r');

  36.     while (!feof($fp)) {

  37.         $str .= fgets($fp, 1024);

  38.     }

  39.     fclose($fp);

  40.     if (preg_match("#(".$info.")[ \r\n\t]{0,}([\[\(])#i", $str)) {

  41.         $trfile = preg_replace("#^".DEDEROOT."#", '', $f);

  42.         $oldTrfile = $trfile;

  43.         $trfile = '/'.substr(str_replace("\\", "/", $trfile), 1);

  44.         $localFilehash = md5_file($f);

  45.         $remoteFilehash = isset($offFiles[$trfile]) ? $offFiles[$trfile] : '';

  46.         if ($localFilehash === $remoteFilehash) {

  47.             return 0;

  48.         }

  49.         $message .= "<div class='mb-3'><span class='d-inline-block w-75'>发现可疑文件:{$trfile}</span><a href='file_manage_view.php?fmdo=edit&filename=$oldTrfile&activepath=' target='_blank' class='btn btn-light btn-sm'><i class='fa fa-eye'></i> 查看</a><a href='sys_safetest.php?action=viewdiff&filename=$oldTrfile' target='_blank' class='btn btn-light btn-sm'><i class='fa fa-pencil-square'></i> 修改</a><a href='file_manage_view.php?fmdo=del&filename=$oldTrfile&activepath=' target='_blank' class='btn btn-danger btn-sm'><i class='fa fa-trash'></i> 删除</a></div>\r\n";

  50.         return 1;

  51.     }

  52.     return 0;

  53. }

  54. function TestSafe($tdir)

  55. {

  56.     global $filetype;

  57.     $dh = dir($tdir);

  58.     while ($fname = $dh->read()) {

  59.         $fnamef = $tdir.'/'.$fname;

  60.         if (@is_dir($fnamef) && $fname != '.' && $fname != '..') {

  61.             TestSafe($fnamef);

  62.         }

  63.         if (preg_match("#\.(".$filetype.")#i", $fnamef)) {

  64.             TestOneFile($fnamef);

  65.         }

  66.     }

  67. }

  68. //检测

  69. if ($action == 'test') {

  70.     AjaxHead();

  71.     TestSafe(DEDEROOT);

  72.     if ($message == '') $message = "没发现可疑文件";

  73.     echo $message;

  74.     exit();

  75. } else if ($action == 'viewdiff') {

  76.     $filename = isset($filename) ? $filename : "";

  77.     if (empty($filename)) {

  78.         ShowMsg("请选择对应的文件", "-1");

  79.         exit;

  80.     }

  81.     $baseFile = "https://cdn.dedebiz.com/release/{$cfg_version_detail}$filename";

  82.     $del = new DedeHttpDown();

  83.     $del->OpenUrl($baseFile);

  84.     $base = $del->GetHTML();

  85.     $file = "$cfg_basedir/$filename";

  86.     $new = "";

  87.     if (is_file($file)) {

  88.         $fp = fopen($file, "r");

  89.         $new = fread($fp, filesize($file));

  90.         fclose($fp);

  91.     }

  92.     include(dirname(__FILE__).'/templets/sys_safetest_viewdiff.htm');

  93.     exit();

  94. }

  95. //清空模板缓存

  96. else if ($action == 'clear') {

  97.     global $cfg_tplcache_dir;

  98.     $message = '';

  99.     $d = DEDEROOT.$cfg_tplcache_dir;

  100.     AjaxHead();

  101.     sleep(1);

  102.     if (preg_match("#data\/#", $cfg_tplcache_dir) && file_exists($d) && is_dir($d)) {

  103.         $dh = dir($d);

  104.         while ($filename = $dh->read()) {

  105.             if ($filename == '.' || $filename == '..' || $filename == 'index.html') continue;

  106.             @unlink($d.'/'.$filename);

  107.         }

  108.     }

  109.     $message = "成功清空模板缓存";

  110.     echo $message;

  111.     exit();

  112. }

  113. include(dirname(__FILE__).'/templets/sys_safetest.htm');

  114. ?>