fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-10 12:32:14 +09:00
Code Issues Projects Releases Packages Wiki Activity

#53 파일업로드 취약점 방어 기능 disable

Browse source
This commit is contained in:
khongchi 2013-11-15 13:59:03 +09:00
parent 203f2e683a
commit 29a2a99ac6
1 changed files with 36 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

6
classes/security/UploadFileFilter.class.php
View file

@ -3,10 +3,14 @@
class UploadFileFilter class UploadFileFilter
{ {
private static $_block_list = array ('exec', 'system', 'passthru', 'show_source', 'phpinfo', 'fopen', 'file_get_contents', 'file_put_contents', 'fwrite', 'proc_open', 'popen'); private static $_block_list = array ('exec', 'system', 'passthru', 'show_source', 'phpinfo', 'fopen', 'file_get_contents', 'file_put_contents', 'fwrite', 'proc_open', 'popen');
public function check($file) public function check($file)
{ {
// TODO: 기능개선후 enable
return TRUE; // disable
if (! $file || ! file_exists ( $file )) return TRUE; if (! $file || ! file_exists ( $file )) return TRUE;
return self::_check ( $file ); return self::_check ( $file );
} }
@ -14,7 +18,9 @@ class UploadFileFilter
private function _check($file) private function _check($file)
{ {
if (! ($fp = fopen ( $file, 'r' ))) return FALSE; if (! ($fp = fopen ( $file, 'r' ))) return FALSE;
$has_php_tag = FALSE; $has_php_tag = FALSE;
while ( ! feof ( $fp ) ) while ( ! feof ( $fp ) )
{ {
$content = fread ( $fp, 8192 ); $content = fread ( $fp, 8192 );