From 0b2d8f3a25aa14637223074186f5589bdd3484e6 Mon Sep 17 00:00:00 2001 From: Devil Date: Mon, 26 Jul 2021 23:29:35 +0800 Subject: [PATCH] =?UTF-8?q?=E5=9B=BE=E7=89=87=E4=B8=8B=E8=BD=BD=E5=AE=89?= =?UTF-8?q?=E5=85=A8=E5=A2=9E=E5=BC=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- extend/base/Qrcode.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/extend/base/Qrcode.php b/extend/base/Qrcode.php index 5d4d7d014..4ccdeeea0 100644 --- a/extend/base/Qrcode.php +++ b/extend/base/Qrcode.php @@ -197,6 +197,27 @@ class Qrcode return DataReturn('url地址非法', -1); } + // 是否存在问号、存在问号则将数据转为整数,希望下载静态文件 + $arr = explode('?', $url); + if(isset($arr[1])) + { + $url = $arr[0].'?'.intval($arr[1]); + } + + // 格式校验,希望仅下载图片文件 + $arr = explode('?', $url); + $ext_arr = MyConfig('ueditor.imageManagerAllowFiles'); + $len = strripos($arr[0], '.'); + if($len === false) + { + return DataReturn('url地址无效', -1); + } + $ext = mb_substr($arr[0], $len, null, 'utf-8'); + if(!in_array($ext, $ext_arr)) + { + return DataReturn('无效图片地址', -1); + } + // 随机文件名 $filename = empty($params['filename']) ? date('YmdHis').GetNumberCode().'.png' : $params['filename'].'.png';