From 9ad742915f48184b738b0a0edca580f34a75d3bf Mon Sep 17 00:00:00 2001 From: gongfuxiang Date: Tue, 5 Jul 2022 17:37:00 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=87=E4=BB=B6=E4=B8=8A=E4=BC=A0=E7=BB=84?= =?UTF-8?q?=E4=BB=B6=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- extend/base/FileUpload.php | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/extend/base/FileUpload.php b/extend/base/FileUpload.php index fb1384830..7c497276a 100755 --- a/extend/base/FileUpload.php +++ b/extend/base/FileUpload.php @@ -45,12 +45,13 @@ class FileUpload * @version 1.0.0 * @date 2018-06-29 * @desc description - * @param [string] $file [表单name] - * @param [string] $name [文件名称] - * @param [int] $index[多文件索引] - * @return [mixed] [array | 错误信息] + * @param [string] $file [表单name] + * @param [string] $name [文件名称] + * @param [int] $index [多文件索引] + * @param [array] $params [输入参数] + * @return [mixed] [array | 错误信息] */ - function Save($file, $name = '', $index = false) + function Save($file, $name = '', $index = false, $params = []) { // 基础校验 $error = FileUploadError($file, $index); @@ -77,6 +78,23 @@ class FileUpload $type = $_FILES[$file]['type'][$index]; } + $info = getimagesize($temp_file); + if(stripos($original_name, '.') === false) + { + $original_name .= str_replace('/', '.', $info['mime']); + } + + // 图片文件 + if(isset($params['data_type']) && $params['data_type'] == 'images') + { + // 验证一句话木马(如果是加密的无法判断) + $content = @file_get_contents($temp_file); + if(false == $content || preg_match('#<\?php#i', $content) || $info['mime'] == 'text/x-php') + { + return DataReturn('非法文件', -1); + } + } + // 后缀名称 $ext_all = explode('.', $original_name); $ext = $ext_all[count($ext_all)-1];