DedeBIZ
/
DedeV6
關註 2
收藏 0
複製 0
程式碼 合併請求 0 版本發佈 31 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
86 Commit
3 分支
93MB
目錄樹: a3619b7ef6
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from 'a3619b7ef6'
${ noResults }
DedeV6/src/include/uploadsafe.inc.php

104 line
3.3KB
原始文件 Blame 文件歷史 

  1. <?php

  2. /**

  3.  * 文件上传安全校验方法

  4.  *

  5.  * @version        $Id: uploadsafe.inc.php 1 15:59 2020年8月19日Z tianya $

  6.  * @package        DedeCMS.Libraries

  7.  * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.

  8.  * @license        http://help.dedecms.com/usersguide/license.html

  9.  * @link           http://www.dedecms.com

  10.  */

  11. if(!defined('DEDEINC')) exit('Request Error!');

  12. 

  13. if(isset($_FILES['GLOBALS'])) exit('Request not allow!');

  14. 

  15. //为了防止用户通过注入的可能性改动了数据库

  16. //这里强制限定的某些文件类型禁止上传

  17. $cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml";

  18. $keyarr = array('name', 'type', 'tmp_name', 'size');

  19. if ($GLOBALS['cfg_html_editor']=='ckeditor' && isset($_FILES['upload']) || 

  20. $GLOBALS['cfg_html_editor']=='ckeditor4' && isset($_FILES['upload'])

  21. )

  22. {

  23.     $_FILES['imgfile'] = $_FILES['upload'];

  24.     $CKUpload = TRUE;

  25.     unset($_FILES['upload']);

  26. }

  27. foreach($_FILES as $_key=>$_value)

  28. {

  29.     foreach($keyarr as $k)

  30.     {

  31.         if(!isset($_FILES[$_key][$k]))

  32.         {

  33.             exit('Request Error!');

  34.         }

  35.     }

  36.     if( preg_match('#^(cfg_|GLOBALS)#', $_key) )

  37.     {

  38.         exit('Request var not allow for uploadsafe!');

  39.     }

  40.     $$_key = $_FILES[$_key]['tmp_name'];

  41.     ${$_key.'_name'} = $_FILES[$_key]['name'];

  42.     ${$_key.'_type'} = $_FILES[$_key]['type'] = preg_replace('#[^0-9a-z\./]#i', '', $_FILES[$_key]['type']);

  43.     ${$_key.'_size'} = $_FILES[$_key]['size'] = preg_replace('#[^0-9]#','',$_FILES[$_key]['size']);

  44. 

  45.     if (is_array(${$_key.'_name'})) {

  46.         if (count(${$_key.'_name'}) > 0) {

  47.             foreach (${$_key.'_name'} as $key => $value) {

  48.                 if (!empty($value) && (preg_match("#\.(".$cfg_not_allowall.")$#i", $value) || !preg_match("#\.#", $value))) {

  49.                     if(!defined('DEDEADMIN'))

  50.                     {

  51.                         exit('Not Admin Upload filetype not allow !');

  52.                     }

  53.                 }

  54.             }

  55.         }

  56.     } else {

  57.         if(!empty(${$_key.'_name'}) && (preg_match("#\.(".$cfg_not_allowall.")$#i",${$_key.'_name'}) || !preg_match("#\.#", ${$_key.'_name'})) )

  58.         {

  59.             if(!defined('DEDEADMIN'))

  60.             {

  61.                 exit('Not Admin Upload filetype not allow !');

  62.             }

  63.         }

  64.     }

  65.     

  66. 

  67.     if(empty(${$_key.'_size'}))

  68.     {

  69.         ${$_key.'_size'} = @filesize($$_key);

  70.     }

  71.     

  72.     $imtypes = array

  73.     (

  74.         "image/pjpeg", "image/jpeg", "image/gif", "image/png", 

  75.         "image/xpng", "image/wbmp", "image/bmp"

  76.     );

  77. 

  78.     if (is_array(${$_key.'_type'})) {

  79.         if (count(${$_key.'_type'}) > 0) {

  80.             foreach (${$_key.'_type'} as $key => $value) {

  81.                 if(in_array(strtolower(trim($value)), $imtypes))

  82.                 {

  83.                     $image_dd = @getimagesize($$_key);

  84.                     if (!is_array($image_dd))

  85.                     {

  86.                         exit('Upload filetype not allow !');

  87.                     }

  88.                 }

  89.             }

  90.         }

  91.     } else {

  92.         if(in_array(strtolower(trim(${$_key.'_type'})), $imtypes))

  93.         {

  94.             $image_dd = @getimagesize($$_key);

  95.             if (!is_array($image_dd))

  96.             {

  97.                 exit('Upload filetype not allow !');

  98.             }

  99.         }

  100.     }

  101. 

  102. 

  103. }

  104. ?>