mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-07 18:51:41 +09:00
acd89ccd9a
git-svn-id: http://xe-core.googlecode.com/svn/branches/maserati@13182 201d5d3c-b55e-5fd7-737f-ddc643e51545
40 lines
1.4 KiB
PHP
40 lines
1.4 KiB
PHP
<?php
|
|
|
|
class UploadFileFilter
|
|
{
|
|
private static $_block_list = array('exec', 'system', 'passthru', 'show_source', 'phpinfo', 'fopen', 'file_get_contents', 'file_put_contents', 'fwrite', 'proc_open', 'popen');
|
|
|
|
public function check($file)
|
|
{
|
|
if (!$file || !file_exists($file)) return TRUE;
|
|
return self::_check($file);
|
|
}
|
|
|
|
private function _check($file)
|
|
{
|
|
if (!($fp = fopen($file, 'r'))) return FALSE;
|
|
$has_php_tag = FALSE;
|
|
while (!feof($fp))
|
|
{
|
|
$content = fread($fp, 8192);
|
|
if (FALSE === $has_php_tag) $has_php_tag = strpos($content, '<?');
|
|
foreach (self::$_block_list as $v)
|
|
{
|
|
if (FALSE !== $has_php_tag && FALSE !== strpos($content, $v))
|
|
{
|
|
fclose($fp);
|
|
debugPrint('unvalid file');
|
|
return FALSE;
|
|
}
|
|
}
|
|
}
|
|
|
|
fclose($fp);
|
|
|
|
debugPrint('valid file');
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
/* End of file : UploadFileFilter.class.php */
|
|
/* Location: ./classes/security/UploadFileFilter.class.php */
|