From 454fdcded9d028bc65a3cf78a594bbc3b44f1767 Mon Sep 17 00:00:00 2001 From: Karson Date: Thu, 1 Apr 2021 17:36:22 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=88=86=E7=89=87=E4=B8=8A?= =?UTF-8?q?=E4=BC=A0=E5=8F=82=E6=95=B0=E8=BF=87=E6=BB=A4=E4=B8=8D=E4=B8=A5?= =?UTF-8?q?=E7=9A=84BUG?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/common/library/Upload.php | 53 ++++++++++++++++++--------- 1 file changed, 36 insertions(+), 17 deletions(-) diff --git a/application/common/library/Upload.php b/application/common/library/Upload.php index ffa3eecf..5f1424e1 100644 --- a/application/common/library/Upload.php +++ b/application/common/library/Upload.php @@ -76,6 +76,7 @@ class Upload $this->file = $file; $this->fileInfo = $fileInfo; + $this->checkExecutable(); } protected function checkExecutable() @@ -171,6 +172,9 @@ class Upload */ public function clean($chunkid) { + if (!preg_match('/^[a-z0-9\-]{36}$/', $chunkid)) { + throw new UploadException(__('Invalid parameters')); + } $iterator = new \GlobIterator($this->chunkDir . DS . $chunkid . '-*', FilesystemIterator::KEY_AS_FILENAME); $array = iterator_to_array($iterator); foreach ($array as $index => &$item) { @@ -190,6 +194,10 @@ class Upload */ public function merge($chunkid, $chunkcount, $filename) { + if (!preg_match('/^[a-z0-9\-]{36}$/', $chunkid)) { + throw new UploadException(__('Invalid parameters')); + } + $filePath = $this->chunkDir . DS . $chunkid; $completed = true; @@ -229,27 +237,34 @@ class Upload } @fclose($destFile); - $file = new File($uploadPath); - $info = [ - 'name' => $filename, - 'type' => $file->getMime(), - 'tmp_name' => $uploadPath, - 'error' => 0, - 'size' => $file->getSize() - ]; - $file->setSaveName($filename)->setUploadInfo($info); - $file->isTest(true); + $attachment = null; + try { + $file = new File($uploadPath); + $info = [ + 'name' => $filename, + 'type' => $file->getMime(), + 'tmp_name' => $uploadPath, + 'error' => 0, + 'size' => $file->getSize() + ]; + $file->setSaveName($filename)->setUploadInfo($info); + $file->isTest(true); - //重新设置文件 - $this->setFile($file); + //重新设置文件 + $this->setFile($file); - unset($file); - $this->merging = true; + unset($file); + $this->merging = true; - //允许大文件 - $this->config['maxsize'] = "1024G"; + //允许大文件 + $this->config['maxsize'] = "1024G"; - return $this->upload(); + $attachment = $this->upload(); + } catch (\Exception $e) { + @unlink($destFile); + throw new UploadException($e->getMessage()); + } + return $attachment; } /** @@ -263,6 +278,10 @@ class Upload throw new UploadException(__('Uploaded file format is limited')); } + if (!preg_match('/^[a-z0-9\-]{36}$/', $chunkid)) { + throw new UploadException(__('Invalid parameters')); + } + $destDir = RUNTIME_PATH . 'chunks'; $fileName = $chunkid . "-" . $chunkindex . '.part'; $destFile = $destDir . DS . $fileName;