小程序包删除，防止路径回溯

bb8713b6 · devil_gong · 6707ddce · bb8713b6 · bb8713b6
隐藏空白更改
内联并排

Showing with 16 addition and 4 deletion

application/service/AppMiniService.php application/service/AppMiniService.php +14 -2

application/service/ThemeService.php application/service/ThemeService.php +2 -2

未找到文件。
--- a/application/service/AppMiniService.php
+++ b/application/service/AppMiniService.php
@@ -187,9 +187,21 @@ class AppMiniService
        // 初始化
        self::Init($params);

+        // 目录处理
+        $suffix = '';
+        if(substr($params['id'], -4) === '.zip')
+        {
+            $name = substr($params['id'], 0, strlen($params['id'])-4);
+            $suffix = '.zip';
+        } else {
+            $name = $params['id'];
+        }
+
+        // 防止路径回溯
+        $path = self::$new_path.DS.htmlentities(str_replace(array('.', '/', '\\'), '', strip_tags($name))).$suffix;
+
        // 删除压缩包
-        $path = self::$new_path.DS.$params['id'];
-        if(substr($path, -4) == '.zip')
+        if($suffix == '.zip')
        {
            $status = \base\FileUtil::UnlinkFile($path);
        } else {

--- a/application/service/ThemeService.php
+++ b/application/service/ThemeService.php
@@ -174,8 +174,8 @@ class ThemeService
        {
            return DataReturn('模板id有误', -1);
        }
-        // 主题
-        $id = str_replace(array('.', '/', '\\'), '', strip_tags($params['id']));
+        // 防止路径回溯
+        $id = htmlentities(str_replace(array('.', '/', '\\'), '', strip_tags($params['id'])));
        if(empty($id))
        {
            return DataReturn('主题名称有误', -1);