fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 18:51:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

#53 파일업로드 취약점 방어 기능 disable

Browse source
This commit is contained in:
khongchi 2013-11-15 13:59:03 +09:00
parent 203f2e683a
commit 29a2a99ac6
1 changed files with 36 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

66
classes/security/UploadFileFilter.class.php
View file

@ -3,36 +3,42 @@
class UploadFileFilter
{
private static $_block_list = array('exec', 'system', 'passthru', 'show_source', 'phpinfo', 'fopen', 'file_get_contents', 'file_put_contents', 'fwrite', 'proc_open', 'popen');
public function check($file)
{
if (!$file || !file_exists($file)) return TRUE;
return self::_check($file);
}
private function _check($file)
{
if (!($fp = fopen($file, 'r'))) return FALSE;
$has_php_tag = FALSE;
while (!feof($fp))
{
$content = fread($fp, 8192);
if (FALSE === $has_php_tag) $has_php_tag = strpos($content, '<?');
foreach (self::$_block_list as $v)
{
if (FALSE !== $has_php_tag && FALSE !== strpos($content, $v))
{
fclose($fp);
return FALSE;
}
}
}
fclose($fp);
return TRUE;
}
private static $_block_list = array ('exec', 'system', 'passthru', 'show_source', 'phpinfo', 'fopen', 'file_get_contents', 'file_put_contents', 'fwrite', 'proc_open', 'popen');
public function check($file)
{
// TODO: 기능개선후 enable
return TRUE; // disable
if (! $file || ! file_exists ( $file )) return TRUE;
return self::_check ( $file );
}
private function _check($file)
{
if (! ($fp = fopen ( $file, 'r' ))) return FALSE;
$has_php_tag = FALSE;
while ( ! feof ( $fp ) )
{
$content = fread ( $fp, 8192 );
if (FALSE === $has_php_tag) $has_php_tag = strpos ( $content, '<?' );
foreach ( self::$_block_list as $v )
{
if (FALSE !== $has_php_tag && FALSE !== strpos ( $content, $v ))
{
fclose ( $fp );
return FALSE;
}
}
}
fclose ( $fp );
return TRUE;
}
}
/* End of file : UploadFileFilter.class.php */