切换导航条
此项目
正在载入...
登录
何书鹏
/
recruit
·
提交
转到一个项目
GitLab
转到仪表盘
项目
活动
文件
提交
管道
0
构建
0
图表
里程碑
问题
0
合并请求
0
成员
标记
维基
派生
网络
创建新的问题
下载为
邮件补丁
差异文件
浏览文件
作者
Karson
6 years ago
提交
fbb1370005661189f3818d9521f4a38ceb1c75a0
1 个父辈
cb4a9861
修复排序字段错误BUG
优化上传文件图片检测,禁止上传PHP和HTML
隐藏空白字符变更
内嵌
并排对比
正在显示
8 个修改的文件
包含
39 行增加
和
16 行删除
application/admin/controller/Ajax.php
application/admin/lang/zh-cn/ajax.php
application/api/controller/Common.php
application/api/lang/zh-cn/common.php
application/common/controller/Backend.php
application/extra/upload.php
application/index/lang/zh-cn/ajax.php
public/uploads/.htaccess
application/admin/controller/Ajax.php
查看文件 @
fbb1370
...
...
@@ -64,11 +64,15 @@ class Ajax extends Backend
$size
=
(
int
)
$upload
[
'maxsize'
]
*
pow
(
1024
,
isset
(
$typeDict
[
$type
])
?
$typeDict
[
$type
]
:
0
);
$fileInfo
=
$file
->
getInfo
();
$suffix
=
strtolower
(
pathinfo
(
$fileInfo
[
'name'
],
PATHINFO_EXTENSION
));
$suffix
=
$suffix
?
$suffix
:
'file'
;
$suffix
=
$suffix
&&
preg_match
(
"/^[a-zA-Z0-9]+$/"
,
$suffix
)
?
$suffix
:
'file'
;
$mimetypeArr
=
explode
(
','
,
strtolower
(
$upload
[
'mimetype'
]));
$typeArr
=
explode
(
'/'
,
$fileInfo
[
'type'
]);
//禁止上传PHP和HTML文件
if
(
in_array
(
$fileInfo
[
'type'
],
[
'text/x-php'
,
'text/html'
])
||
in_array
(
$suffix
,
[
'php'
,
'html'
,
'htm'
]))
{
$this
->
error
(
__
(
'Uploaded file format is limited'
));
}
//验证文件后缀
if
(
$upload
[
'mimetype'
]
!==
'*'
&&
(
...
...
@@ -78,6 +82,16 @@ class Ajax extends Backend
)
{
$this
->
error
(
__
(
'Uploaded file format is limited'
));
}
//验证是否为图片文件
$imagewidth
=
$imageheight
=
0
;
if
(
in_array
(
$fileInfo
[
'type'
],
[
'image/gif'
,
'image/jpg'
,
'image/jpeg'
,
'image/bmp'
,
'image/png'
,
'image/webp'
])
||
in_array
(
$suffix
,
[
'gif'
,
'jpg'
,
'jpeg'
,
'bmp'
,
'png'
,
'webp'
]))
{
$imgInfo
=
getimagesize
(
$fileInfo
[
'tmp_name'
]);
if
(
!
$imgInfo
||
!
isset
(
$imgInfo
[
0
])
||
!
isset
(
$imgInfo
[
1
]))
{
$this
->
error
(
__
(
'Uploaded file is not a valid image'
));
}
$imagewidth
=
isset
(
$imgInfo
[
0
])
?
$imgInfo
[
0
]
:
$imagewidth
;
$imageheight
=
isset
(
$imgInfo
[
1
])
?
$imgInfo
[
1
]
:
$imageheight
;
}
$replaceArr
=
[
'{year}'
=>
date
(
"Y"
),
'{mon}'
=>
date
(
"m"
),
...
...
@@ -100,12 +114,6 @@ class Ajax extends Backend
//
$splInfo
=
$file
->
validate
([
'size'
=>
$size
])
->
move
(
ROOT_PATH
.
'/public'
.
$uploadDir
,
$fileName
);
if
(
$splInfo
)
{
$imagewidth
=
$imageheight
=
0
;
if
(
in_array
(
$suffix
,
[
'gif'
,
'jpg'
,
'jpeg'
,
'bmp'
,
'png'
,
'swf'
]))
{
$imgInfo
=
getimagesize
(
$splInfo
->
getPathname
());
$imagewidth
=
isset
(
$imgInfo
[
0
])
?
$imgInfo
[
0
]
:
$imagewidth
;
$imageheight
=
isset
(
$imgInfo
[
1
])
?
$imgInfo
[
1
]
:
$imageheight
;
}
$params
=
array
(
'admin_id'
=>
(
int
)
$this
->
auth
->
id
,
'user_id'
=>
0
,
...
...
application/admin/lang/zh-cn/ajax.php
查看文件 @
fbb1370
...
...
@@ -3,5 +3,6 @@
return
[
'No file upload or server upload limit exceeded'
=>
'未上传文件或超出服务器上传限制'
,
'Uploaded file format is limited'
=>
'上传文件格式受限制'
,
'Uploaded file is not a valid image'
=>
'上传文件不是有效的图片文件'
,
'Upload successful'
=>
'上传成功'
,
];
...
...
application/api/controller/Common.php
查看文件 @
fbb1370
...
...
@@ -63,11 +63,15 @@ class Common extends Api
$size
=
(
int
)
$upload
[
'maxsize'
]
*
pow
(
1024
,
isset
(
$typeDict
[
$type
])
?
$typeDict
[
$type
]
:
0
);
$fileInfo
=
$file
->
getInfo
();
$suffix
=
strtolower
(
pathinfo
(
$fileInfo
[
'name'
],
PATHINFO_EXTENSION
));
$suffix
=
$suffix
?
$suffix
:
'file'
;
$suffix
=
$suffix
&&
preg_match
(
"/^[a-zA-Z0-9]+$/"
,
$suffix
)
?
$suffix
:
'file'
;
$mimetypeArr
=
explode
(
','
,
strtolower
(
$upload
[
'mimetype'
]));
$typeArr
=
explode
(
'/'
,
$fileInfo
[
'type'
]);
//禁止上传PHP和HTML文件
if
(
in_array
(
$fileInfo
[
'type'
],
[
'text/x-php'
,
'text/html'
])
||
in_array
(
$suffix
,
[
'php'
,
'html'
,
'htm'
]))
{
$this
->
error
(
__
(
'Uploaded file format is limited'
));
}
//验证文件后缀
if
(
$upload
[
'mimetype'
]
!==
'*'
&&
(
...
...
@@ -77,6 +81,16 @@ class Common extends Api
)
{
$this
->
error
(
__
(
'Uploaded file format is limited'
));
}
//验证是否为图片文件
$imagewidth
=
$imageheight
=
0
;
if
(
in_array
(
$fileInfo
[
'type'
],
[
'image/gif'
,
'image/jpg'
,
'image/jpeg'
,
'image/bmp'
,
'image/png'
,
'image/webp'
])
||
in_array
(
$suffix
,
[
'gif'
,
'jpg'
,
'jpeg'
,
'bmp'
,
'png'
,
'webp'
]))
{
$imgInfo
=
getimagesize
(
$fileInfo
[
'tmp_name'
]);
if
(
!
$imgInfo
||
!
isset
(
$imgInfo
[
0
])
||
!
isset
(
$imgInfo
[
1
]))
{
$this
->
error
(
__
(
'Uploaded file is not a valid image'
));
}
$imagewidth
=
isset
(
$imgInfo
[
0
])
?
$imgInfo
[
0
]
:
$imagewidth
;
$imageheight
=
isset
(
$imgInfo
[
1
])
?
$imgInfo
[
1
]
:
$imageheight
;
}
$replaceArr
=
[
'{year}'
=>
date
(
"Y"
),
'{mon}'
=>
date
(
"m"
),
...
...
@@ -99,12 +113,6 @@ class Common extends Api
//
$splInfo
=
$file
->
validate
([
'size'
=>
$size
])
->
move
(
ROOT_PATH
.
'/public'
.
$uploadDir
,
$fileName
);
if
(
$splInfo
)
{
$imagewidth
=
$imageheight
=
0
;
if
(
in_array
(
$suffix
,
[
'gif'
,
'jpg'
,
'jpeg'
,
'bmp'
,
'png'
,
'swf'
]))
{
$imgInfo
=
getimagesize
(
$splInfo
->
getPathname
());
$imagewidth
=
isset
(
$imgInfo
[
0
])
?
$imgInfo
[
0
]
:
$imagewidth
;
$imageheight
=
isset
(
$imgInfo
[
1
])
?
$imgInfo
[
1
]
:
$imageheight
;
}
$params
=
array
(
'admin_id'
=>
0
,
'user_id'
=>
(
int
)
$this
->
auth
->
id
,
...
...
application/api/lang/zh-cn/common.php
查看文件 @
fbb1370
...
...
@@ -3,5 +3,6 @@
return
[
'No file upload or server upload limit exceeded'
=>
'未上传文件或超出服务器上传限制'
,
'Uploaded file format is limited'
=>
'上传文件格式受限制'
,
'Uploaded file is not a valid image'
=>
'上传文件不是有效的图片文件'
,
'Upload successful'
=>
'上传成功'
,
];
...
...
application/common/controller/Backend.php
查看文件 @
fbb1370
...
...
@@ -254,7 +254,7 @@ class Backend extends Controller
$search
=
$this
->
request
->
get
(
"search"
,
''
);
$filter
=
$this
->
request
->
get
(
"filter"
,
''
);
$op
=
$this
->
request
->
get
(
"op"
,
''
,
'trim'
);
$sort
=
$this
->
request
->
get
(
"sort"
,
!
empty
(
$this
->
model
)
&&
$this
->
model
->
getPk
()
?:
'id'
);
$sort
=
$this
->
request
->
get
(
"sort"
,
!
empty
(
$this
->
model
)
&&
$this
->
model
->
getPk
()
?
$this
->
model
->
getPk
()
:
'id'
);
$order
=
$this
->
request
->
get
(
"order"
,
"DESC"
);
$offset
=
$this
->
request
->
get
(
"offset"
,
0
);
$limit
=
$this
->
request
->
get
(
"limit"
,
0
);
...
...
application/extra/upload.php
查看文件 @
fbb1370
...
...
@@ -21,7 +21,7 @@ return [
/**
* 可上传的文件类型
*/
'mimetype'
=>
'
jpg,png,bmp,jpeg,gif,zip,rar,xls,xlsx
'
,
'mimetype'
=>
'
*
'
,
/**
* 是否支持批量上传
*/
...
...
application/index/lang/zh-cn/ajax.php
查看文件 @
fbb1370
...
...
@@ -3,5 +3,6 @@
return
[
'No file upload or server upload limit exceeded'
=>
'未上传文件或超出服务器上传限制'
,
'Uploaded file format is limited'
=>
'上传文件格式受限制'
,
'Uploaded file is not a valid image'
=>
'上传文件不是有效的图片文件'
,
'Upload successful'
=>
'上传成功'
,
];
...
...
public/uploads/.htaccess
0 → 100755
查看文件 @
fbb1370
<
FilesMatch
\.(?i:html|php)$
>
Order
allow,deny
Deny
from all
</
FilesMatch
>
\ No newline at end of file
...
...
请
注册
或
登录
后发表评论