DedeBIZ
/
DedeV6
Seguir 2
Destacar 0
Fork 0
Código Pull Requests 0 Lanzamientos 25 Actividad
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
172 Commits
3 Ramas
1.8GB
Árbol: 8d541209e5
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde '8d541209e5'
${ noResults }
DedeV6/src/include/uploadsafe.inc.php

120 líneas
4.3KB
Original Blame Histórico 

  1. <?php

  2. 

  3. /**

  4.  * 文件上传安全校验方法

  5.  *

  6.  * @version        $Id: uploadsafe.inc.php 1 15:59 2020年8月19日Z tianya $

  7.  * @package        DedeCMS.Libraries

  8.  * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.

  9.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  10.  * @license        https://www.dedebiz.com/license/v6

  11.  * @link           https://www.dedebiz.com

  12.  */

  13. if (!defined('DEDEINC')) exit('Request Error!');

  14. 

  15. if (isset($_FILES['GLOBALS'])) exit('Request not allow!');

  16. 

  17. //为了防止用户通过注入的可能性改动了数据库

  18. //这里强制限定的某些文件类型禁止上传

  19. $cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml";

  20. $keyarr = array('name', 'type', 'tmp_name', 'size');

  21. if (

  22.     ($GLOBALS['cfg_html_editor'] == 'ckeditor' ||

  23.         $GLOBALS['cfg_html_editor'] == 'ckeditor4')  && isset($_FILES['upload'])

  24. ) {

  25.     $_FILES['imgfile'] = $_FILES['upload'];

  26.     $CKUpload = TRUE;

  27.     unset($_FILES['upload']);

  28. }

  29. foreach ($_FILES as $_key => $_value) {

  30.     foreach ($keyarr as $k) {

  31.         if (!isset($_FILES[$_key][$k])) {

  32.             exit('Request Error!');

  33.         }

  34.     }

  35.     if (preg_match('#^(cfg_|GLOBALS)#', $_key)) {

  36.         exit('Request var not allow for uploadsafe!');

  37.     }

  38.     $$_key = $_FILES[$_key]['tmp_name'];

  39.     ${$_key . '_name'} = $_FILES[$_key]['name'];

  40.     ${$_key . '_type'} = $_FILES[$_key]['type'] = preg_replace('#[^0-9a-z\./]#i', '', $_FILES[$_key]['type']);

  41.     ${$_key . '_size'} = $_FILES[$_key]['size'] = preg_replace('#[^0-9]#', '', $_FILES[$_key]['size']);

  42.     

  43.     if (is_array(${$_key.'_name'}) && count(${$_key.'_name'}) > 0) {

  44.         foreach (${$_key.'_name'} as $key => $value) {

  45.             if (!empty($value) && (preg_match("#\.(" . $cfg_not_allowall . ")$#i", $value) || !preg_match("#\.#", $value))) {

  46.                 if (!defined('DEDEADMIN')) {

  47.                     exit('Not Admin Upload filetype not allow !');

  48.                 }

  49.             }

  50.         }

  51.     } else {

  52.         if (!empty(${$_key . '_name'}) && (preg_match("#\.(" . $cfg_not_allowall . ")$#i", ${$_key . '_name'}) || !preg_match("#\.#", ${$_key . '_name'}))) {

  53.             if (!defined('DEDEADMIN')) {

  54.                 exit('Not Admin Upload filetype not allow !');

  55.             }

  56.         }

  57.     }

  58. 

  59.     if (empty(${$_key . '_size'})) {

  60.         ${$_key . '_size'} = @filesize($$_key);

  61.     }

  62.     $imtypes = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/xpng", "image/wbmp", "image/bmp");

  63. 

  64.     if (is_array(${$_key.'_type'}) && count(${$_key.'_type'}) > 0) {

  65.         foreach (${$_key.'_type'} as $key => $value) {

  66.             if (in_array(strtolower(trim($value)), $imtypes)) {

  67.                 $image_dd = @getimagesize($$_key);

  68.                 if ($image_dd == false) {

  69.                     continue;

  70.                 }

  71.                 if (!is_array($image_dd)) {

  72.                     exit('Upload filetype not allow !');

  73.                 }

  74.             }

  75.         

  76.             $imtypes = array(

  77.                 "image/pjpeg", "image/jpeg", "image/gif", "image/png",

  78.                 "image/xpng", "image/wbmp", "image/bmp"

  79.             );

  80.         

  81.             if (in_array(strtolower(trim($value)), $imtypes)) {

  82.                 $image_dd = @getimagesize($$_key);

  83.                 if ($image_dd == false) {

  84.                     continue;

  85.                 }

  86.                 if (!is_array($image_dd)) {

  87.                     exit('Upload filetype not allow !');

  88.                 }

  89.             }

  90.         }

  91.     } else {

  92.         if (in_array(strtolower(trim(${$_key . '_type'})), $imtypes)) {

  93.             $image_dd = @getimagesize($$_key);

  94.             if ($image_dd == false) {

  95.                 continue;

  96.             }

  97.             if (!is_array($image_dd)) {

  98.                 exit('Upload filetype not allow !');

  99.             }

  100.         }

  101.     

  102.         $imtypes = array(

  103.             "image/pjpeg", "image/jpeg", "image/gif", "image/png",

  104.             "image/xpng", "image/wbmp", "image/bmp"

  105.         );

  106.     

  107.         if (in_array(strtolower(trim(${$_key . '_type'})), $imtypes)) {

  108.             $image_dd = @getimagesize($$_key);

  109.             if ($image_dd == false) {

  110.                 continue;

  111.             }

  112.             if (!is_array($image_dd)) {

  113.                 exit('Upload filetype not allow !');

  114.             }

  115.         }

  116.     }

  117. 

  118. 

  119. }