From fbb1370005661189f3818d9521f4a38ceb1c75a0 Mon Sep 17 00:00:00 2001 From: Karson Date: Wed, 3 Jul 2019 23:16:15 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=8E=92=E5=BA=8F=E5=AD=97?= =?UTF-8?q?=E6=AE=B5=E9=94=99=E8=AF=AFBUG=20=E4=BC=98=E5=8C=96=E4=B8=8A?= =?UTF-8?q?=E4=BC=A0=E6=96=87=E4=BB=B6=E5=9B=BE=E7=89=87=E6=A3=80=E6=B5=8B?= =?UTF-8?q?,=E7=A6=81=E6=AD=A2=E4=B8=8A=E4=BC=A0PHP=E5=92=8CHTML?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/admin/controller/Ajax.php | 22 +++++++++++++++------- application/admin/lang/zh-cn/ajax.php | 1 + application/api/controller/Common.php | 22 +++++++++++++++------- application/api/lang/zh-cn/common.php | 1 + application/common/controller/Backend.php | 2 +- application/extra/upload.php | 2 +- application/index/lang/zh-cn/ajax.php | 1 + public/uploads/.htaccess | 4 ++++ 8 files changed, 39 insertions(+), 16 deletions(-) create mode 100755 public/uploads/.htaccess diff --git a/application/admin/controller/Ajax.php b/application/admin/controller/Ajax.php index d3ec69ed..d1e726c3 100644 --- a/application/admin/controller/Ajax.php +++ b/application/admin/controller/Ajax.php @@ -64,11 +64,15 @@ class Ajax extends Backend $size = (int)$upload['maxsize'] * pow(1024, isset($typeDict[$type]) ? $typeDict[$type] : 0); $fileInfo = $file->getInfo(); $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION)); - $suffix = $suffix ? $suffix : 'file'; + $suffix = $suffix && preg_match("/^[a-zA-Z0-9]+$/", $suffix) ? $suffix : 'file'; $mimetypeArr = explode(',', strtolower($upload['mimetype'])); $typeArr = explode('/', $fileInfo['type']); + //禁止上传PHP和HTML文件 + if (in_array($fileInfo['type'], ['text/x-php', 'text/html']) || in_array($suffix, ['php', 'html', 'htm'])) { + $this->error(__('Uploaded file format is limited')); + } //验证文件后缀 if ($upload['mimetype'] !== '*' && ( @@ -78,6 +82,16 @@ class Ajax extends Backend ) { $this->error(__('Uploaded file format is limited')); } + //验证是否为图片文件 + $imagewidth = $imageheight = 0; + if (in_array($fileInfo['type'], ['image/gif', 'image/jpg', 'image/jpeg', 'image/bmp', 'image/png', 'image/webp']) || in_array($suffix, ['gif', 'jpg', 'jpeg', 'bmp', 'png', 'webp'])) { + $imgInfo = getimagesize($fileInfo['tmp_name']); + if (!$imgInfo || !isset($imgInfo[0]) || !isset($imgInfo[1])) { + $this->error(__('Uploaded file is not a valid image')); + } + $imagewidth = isset($imgInfo[0]) ? $imgInfo[0] : $imagewidth; + $imageheight = isset($imgInfo[1]) ? $imgInfo[1] : $imageheight; + } $replaceArr = [ '{year}' => date("Y"), '{mon}' => date("m"), @@ -100,12 +114,6 @@ class Ajax extends Backend // $splInfo = $file->validate(['size' => $size])->move(ROOT_PATH . '/public' . $uploadDir, $fileName); if ($splInfo) { - $imagewidth = $imageheight = 0; - if (in_array($suffix, ['gif', 'jpg', 'jpeg', 'bmp', 'png', 'swf'])) { - $imgInfo = getimagesize($splInfo->getPathname()); - $imagewidth = isset($imgInfo[0]) ? $imgInfo[0] : $imagewidth; - $imageheight = isset($imgInfo[1]) ? $imgInfo[1] : $imageheight; - } $params = array( 'admin_id' => (int)$this->auth->id, 'user_id' => 0, diff --git a/application/admin/lang/zh-cn/ajax.php b/application/admin/lang/zh-cn/ajax.php index fb78e7c1..ba01561a 100644 --- a/application/admin/lang/zh-cn/ajax.php +++ b/application/admin/lang/zh-cn/ajax.php @@ -3,5 +3,6 @@ return [ 'No file upload or server upload limit exceeded' => '未上传文件或超出服务器上传限制', 'Uploaded file format is limited' => '上传文件格式受限制', + 'Uploaded file is not a valid image' => '上传文件不是有效的图片文件', 'Upload successful' => '上传成功', ]; diff --git a/application/api/controller/Common.php b/application/api/controller/Common.php index d8624cfb..c5a7d101 100644 --- a/application/api/controller/Common.php +++ b/application/api/controller/Common.php @@ -63,11 +63,15 @@ class Common extends Api $size = (int)$upload['maxsize'] * pow(1024, isset($typeDict[$type]) ? $typeDict[$type] : 0); $fileInfo = $file->getInfo(); $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION)); - $suffix = $suffix ? $suffix : 'file'; + $suffix = $suffix && preg_match("/^[a-zA-Z0-9]+$/", $suffix) ? $suffix : 'file'; $mimetypeArr = explode(',', strtolower($upload['mimetype'])); $typeArr = explode('/', $fileInfo['type']); + //禁止上传PHP和HTML文件 + if (in_array($fileInfo['type'], ['text/x-php', 'text/html']) || in_array($suffix, ['php', 'html', 'htm'])) { + $this->error(__('Uploaded file format is limited')); + } //验证文件后缀 if ($upload['mimetype'] !== '*' && ( @@ -77,6 +81,16 @@ class Common extends Api ) { $this->error(__('Uploaded file format is limited')); } + //验证是否为图片文件 + $imagewidth = $imageheight = 0; + if (in_array($fileInfo['type'], ['image/gif', 'image/jpg', 'image/jpeg', 'image/bmp', 'image/png', 'image/webp']) || in_array($suffix, ['gif', 'jpg', 'jpeg', 'bmp', 'png', 'webp'])) { + $imgInfo = getimagesize($fileInfo['tmp_name']); + if (!$imgInfo || !isset($imgInfo[0]) || !isset($imgInfo[1])) { + $this->error(__('Uploaded file is not a valid image')); + } + $imagewidth = isset($imgInfo[0]) ? $imgInfo[0] : $imagewidth; + $imageheight = isset($imgInfo[1]) ? $imgInfo[1] : $imageheight; + } $replaceArr = [ '{year}' => date("Y"), '{mon}' => date("m"), @@ -99,12 +113,6 @@ class Common extends Api // $splInfo = $file->validate(['size' => $size])->move(ROOT_PATH . '/public' . $uploadDir, $fileName); if ($splInfo) { - $imagewidth = $imageheight = 0; - if (in_array($suffix, ['gif', 'jpg', 'jpeg', 'bmp', 'png', 'swf'])) { - $imgInfo = getimagesize($splInfo->getPathname()); - $imagewidth = isset($imgInfo[0]) ? $imgInfo[0] : $imagewidth; - $imageheight = isset($imgInfo[1]) ? $imgInfo[1] : $imageheight; - } $params = array( 'admin_id' => 0, 'user_id' => (int)$this->auth->id, diff --git a/application/api/lang/zh-cn/common.php b/application/api/lang/zh-cn/common.php index fb78e7c1..ba01561a 100644 --- a/application/api/lang/zh-cn/common.php +++ b/application/api/lang/zh-cn/common.php @@ -3,5 +3,6 @@ return [ 'No file upload or server upload limit exceeded' => '未上传文件或超出服务器上传限制', 'Uploaded file format is limited' => '上传文件格式受限制', + 'Uploaded file is not a valid image' => '上传文件不是有效的图片文件', 'Upload successful' => '上传成功', ]; diff --git a/application/common/controller/Backend.php b/application/common/controller/Backend.php index 0ed0b081..6423a129 100644 --- a/application/common/controller/Backend.php +++ b/application/common/controller/Backend.php @@ -254,7 +254,7 @@ class Backend extends Controller $search = $this->request->get("search", ''); $filter = $this->request->get("filter", ''); $op = $this->request->get("op", '', 'trim'); - $sort = $this->request->get("sort", !empty($this->model) && $this->model->getPk() ?: 'id'); + $sort = $this->request->get("sort", !empty($this->model) && $this->model->getPk() ? $this->model->getPk() : 'id'); $order = $this->request->get("order", "DESC"); $offset = $this->request->get("offset", 0); $limit = $this->request->get("limit", 0); diff --git a/application/extra/upload.php b/application/extra/upload.php index 5bfa25d0..e04fd0ca 100644 --- a/application/extra/upload.php +++ b/application/extra/upload.php @@ -21,7 +21,7 @@ return [ /** * 可上传的文件类型 */ - 'mimetype' => 'jpg,png,bmp,jpeg,gif,zip,rar,xls,xlsx', + 'mimetype' => '*', /** * 是否支持批量上传 */ diff --git a/application/index/lang/zh-cn/ajax.php b/application/index/lang/zh-cn/ajax.php index fb78e7c1..ba01561a 100644 --- a/application/index/lang/zh-cn/ajax.php +++ b/application/index/lang/zh-cn/ajax.php @@ -3,5 +3,6 @@ return [ 'No file upload or server upload limit exceeded' => '未上传文件或超出服务器上传限制', 'Uploaded file format is limited' => '上传文件格式受限制', + 'Uploaded file is not a valid image' => '上传文件不是有效的图片文件', 'Upload successful' => '上传成功', ]; diff --git a/public/uploads/.htaccess b/public/uploads/.htaccess new file mode 100755 index 00000000..bac6edc5 --- /dev/null +++ b/public/uploads/.htaccess @@ -0,0 +1,4 @@ + + Order allow,deny + Deny from all + \ No newline at end of file