diff --git a/application/admin/controller/Ajax.php b/application/admin/controller/Ajax.php index d3ec69ed..d1e726c3 100644 --- a/application/admin/controller/Ajax.php +++ b/application/admin/controller/Ajax.php @@ -64,11 +64,15 @@ class Ajax extends Backend $size = (int)$upload['maxsize'] * pow(1024, isset($typeDict[$type]) ? $typeDict[$type] : 0); $fileInfo = $file->getInfo(); $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION)); - $suffix = $suffix ? $suffix : 'file'; + $suffix = $suffix && preg_match("/^[a-zA-Z0-9]+$/", $suffix) ? $suffix : 'file'; $mimetypeArr = explode(',', strtolower($upload['mimetype'])); $typeArr = explode('/', $fileInfo['type']); + //禁止上传PHP和HTML文件 + if (in_array($fileInfo['type'], ['text/x-php', 'text/html']) || in_array($suffix, ['php', 'html', 'htm'])) { + $this->error(__('Uploaded file format is limited')); + } //验证文件后缀 if ($upload['mimetype'] !== '*' && ( @@ -78,6 +82,16 @@ class Ajax extends Backend ) { $this->error(__('Uploaded file format is limited')); } + //验证是否为图片文件 + $imagewidth = $imageheight = 0; + if (in_array($fileInfo['type'], ['image/gif', 'image/jpg', 'image/jpeg', 'image/bmp', 'image/png', 'image/webp']) || in_array($suffix, ['gif', 'jpg', 'jpeg', 'bmp', 'png', 'webp'])) { + $imgInfo = getimagesize($fileInfo['tmp_name']); + if (!$imgInfo || !isset($imgInfo[0]) || !isset($imgInfo[1])) { + $this->error(__('Uploaded file is not a valid image')); + } + $imagewidth = isset($imgInfo[0]) ? $imgInfo[0] : $imagewidth; + $imageheight = isset($imgInfo[1]) ? $imgInfo[1] : $imageheight; + } $replaceArr = [ '{year}' => date("Y"), '{mon}' => date("m"), @@ -100,12 +114,6 @@ class Ajax extends Backend // $splInfo = $file->validate(['size' => $size])->move(ROOT_PATH . '/public' . $uploadDir, $fileName); if ($splInfo) { - $imagewidth = $imageheight = 0; - if (in_array($suffix, ['gif', 'jpg', 'jpeg', 'bmp', 'png', 'swf'])) { - $imgInfo = getimagesize($splInfo->getPathname()); - $imagewidth = isset($imgInfo[0]) ? $imgInfo[0] : $imagewidth; - $imageheight = isset($imgInfo[1]) ? $imgInfo[1] : $imageheight; - } $params = array( 'admin_id' => (int)$this->auth->id, 'user_id' => 0, diff --git a/application/admin/lang/zh-cn/ajax.php b/application/admin/lang/zh-cn/ajax.php index fb78e7c1..ba01561a 100644 --- a/application/admin/lang/zh-cn/ajax.php +++ b/application/admin/lang/zh-cn/ajax.php @@ -3,5 +3,6 @@ return [ 'No file upload or server upload limit exceeded' => '未上传文件或超出服务器上传限制', 'Uploaded file format is limited' => '上传文件格式受限制', + 'Uploaded file is not a valid image' => '上传文件不是有效的图片文件', 'Upload successful' => '上传成功', ]; diff --git a/application/api/controller/Common.php b/application/api/controller/Common.php index d8624cfb..c5a7d101 100644 --- a/application/api/controller/Common.php +++ b/application/api/controller/Common.php @@ -63,11 +63,15 @@ class Common extends Api $size = (int)$upload['maxsize'] * pow(1024, isset($typeDict[$type]) ? $typeDict[$type] : 0); $fileInfo = $file->getInfo(); $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION)); - $suffix = $suffix ? $suffix : 'file'; + $suffix = $suffix && preg_match("/^[a-zA-Z0-9]+$/", $suffix) ? $suffix : 'file'; $mimetypeArr = explode(',', strtolower($upload['mimetype'])); $typeArr = explode('/', $fileInfo['type']); + //禁止上传PHP和HTML文件 + if (in_array($fileInfo['type'], ['text/x-php', 'text/html']) || in_array($suffix, ['php', 'html', 'htm'])) { + $this->error(__('Uploaded file format is limited')); + } //验证文件后缀 if ($upload['mimetype'] !== '*' && ( @@ -77,6 +81,16 @@ class Common extends Api ) { $this->error(__('Uploaded file format is limited')); } + //验证是否为图片文件 + $imagewidth = $imageheight = 0; + if (in_array($fileInfo['type'], ['image/gif', 'image/jpg', 'image/jpeg', 'image/bmp', 'image/png', 'image/webp']) || in_array($suffix, ['gif', 'jpg', 'jpeg', 'bmp', 'png', 'webp'])) { + $imgInfo = getimagesize($fileInfo['tmp_name']); + if (!$imgInfo || !isset($imgInfo[0]) || !isset($imgInfo[1])) { + $this->error(__('Uploaded file is not a valid image')); + } + $imagewidth = isset($imgInfo[0]) ? $imgInfo[0] : $imagewidth; + $imageheight = isset($imgInfo[1]) ? $imgInfo[1] : $imageheight; + } $replaceArr = [ '{year}' => date("Y"), '{mon}' => date("m"), @@ -99,12 +113,6 @@ class Common extends Api // $splInfo = $file->validate(['size' => $size])->move(ROOT_PATH . '/public' . $uploadDir, $fileName); if ($splInfo) { - $imagewidth = $imageheight = 0; - if (in_array($suffix, ['gif', 'jpg', 'jpeg', 'bmp', 'png', 'swf'])) { - $imgInfo = getimagesize($splInfo->getPathname()); - $imagewidth = isset($imgInfo[0]) ? $imgInfo[0] : $imagewidth; - $imageheight = isset($imgInfo[1]) ? $imgInfo[1] : $imageheight; - } $params = array( 'admin_id' => 0, 'user_id' => (int)$this->auth->id, diff --git a/application/api/lang/zh-cn/common.php b/application/api/lang/zh-cn/common.php index fb78e7c1..ba01561a 100644 --- a/application/api/lang/zh-cn/common.php +++ b/application/api/lang/zh-cn/common.php @@ -3,5 +3,6 @@ return [ 'No file upload or server upload limit exceeded' => '未上传文件或超出服务器上传限制', 'Uploaded file format is limited' => '上传文件格式受限制', + 'Uploaded file is not a valid image' => '上传文件不是有效的图片文件', 'Upload successful' => '上传成功', ]; diff --git a/application/common/controller/Backend.php b/application/common/controller/Backend.php index 0ed0b081..6423a129 100644 --- a/application/common/controller/Backend.php +++ b/application/common/controller/Backend.php @@ -254,7 +254,7 @@ class Backend extends Controller $search = $this->request->get("search", ''); $filter = $this->request->get("filter", ''); $op = $this->request->get("op", '', 'trim'); - $sort = $this->request->get("sort", !empty($this->model) && $this->model->getPk() ?: 'id'); + $sort = $this->request->get("sort", !empty($this->model) && $this->model->getPk() ? $this->model->getPk() : 'id'); $order = $this->request->get("order", "DESC"); $offset = $this->request->get("offset", 0); $limit = $this->request->get("limit", 0); diff --git a/application/extra/upload.php b/application/extra/upload.php index 5bfa25d0..e04fd0ca 100644 --- a/application/extra/upload.php +++ b/application/extra/upload.php @@ -21,7 +21,7 @@ return [ /** * 可上传的文件类型 */ - 'mimetype' => 'jpg,png,bmp,jpeg,gif,zip,rar,xls,xlsx', + 'mimetype' => '*', /** * 是否支持批量上传 */ diff --git a/application/index/lang/zh-cn/ajax.php b/application/index/lang/zh-cn/ajax.php index fb78e7c1..ba01561a 100644 --- a/application/index/lang/zh-cn/ajax.php +++ b/application/index/lang/zh-cn/ajax.php @@ -3,5 +3,6 @@ return [ 'No file upload or server upload limit exceeded' => '未上传文件或超出服务器上传限制', 'Uploaded file format is limited' => '上传文件格式受限制', + 'Uploaded file is not a valid image' => '上传文件不是有效的图片文件', 'Upload successful' => '上传成功', ]; diff --git a/public/uploads/.htaccess b/public/uploads/.htaccess new file mode 100755 index 00000000..bac6edc5 --- /dev/null +++ b/public/uploads/.htaccess @@ -0,0 +1,4 @@ + + Order allow,deny + Deny from all + \ No newline at end of file