fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 18:51:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

issue 3633, protect from file upload hacking

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/maserati@13182 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
khongchi 2013-11-08 03:44:04 +00:00
parent f010a2ce7f
commit acd89ccd9a
10 changed files with 111 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

40
classes/security/UploadFileFilter.class.php Normal file
View file

@ -0,0 +1,40 @@
<?php
class UploadFileFilter
{
private static $_block_list = array('exec', 'system', 'passthru', 'show_source', 'phpinfo', 'fopen', 'file_get_contents', 'file_put_contents', 'fwrite', 'proc_open', 'popen');
public function check($file)
{
if (!$file || !file_exists($file)) return TRUE;
return self::_check($file);
}
private function _check($file)
{
if (!($fp = fopen($file, 'r'))) return FALSE;
$has_php_tag = FALSE;
while (!feof($fp))
{
$content = fread($fp, 8192);
if (FALSE === $has_php_tag) $has_php_tag = strpos($content, '<?');
foreach (self::$_block_list as $v)
{
if (FALSE !== $has_php_tag && FALSE !== strpos($content, $v))
{
fclose($fp);
debugPrint('unvalid file');
return FALSE;
}
}
}
fclose($fp);
debugPrint('valid file');
return TRUE;
}
}
/* End of file : UploadFileFilter.class.php */
/* Location: ./classes/security/UploadFileFilter.class.php */