文件下载安全优化

38867224 · Devil · 507d511c · 38867224 · 38867224
隐藏空白更改
内联并排

Showing with 14 addition and 5 deletion

application/index/controller/Qrcode.php application/index/controller/Qrcode.php +3 -4

extend/base/Qrcode.php extend/base/Qrcode.php +11 -1

未找到文件。
--- a/application/index/controller/Qrcode.php
+++ b/application/index/controller/Qrcode.php
@@ -56,13 +56,12 @@ class QrCode extends Common
    public function Download()
    {
        $params = input();
-        if(empty($params['url']))
+        $ret = (new \base\Qrcode())->Download($params);
+        if(!empty($ret) && isset($ret['code']) && $ret['code'] != 0)
        {
-            $this->assign('msg', 'url参数为空');
+            $this->assign('msg', $ret['msg']);
            return $this->fetch('public/tips_error');
        }
-
-        (new \base\Qrcode())->Download($params);
    }
 }
 ?>
\ No newline at end of file
--- a/extend/base/Qrcode.php
+++ b/extend/base/Qrcode.php
@@ -180,7 +180,17 @@ class Qrcode
    public function Download($params = [])
    {
        // 图片地址
-        $url = base64_decode(urldecode($params['url']));
+        $url = empty($params['url']) ? '' : base64_decode(urldecode($params['url']));
+        if(empty($url))
+        {
+            return DataReturn('url地址有误', -1);
+        }
+
+        // 域名验证、仅支持下载当前域名下的文件
+        if(GetUrlHost(__MY_HOST__) != GetUrlHost($url))
+        {
+            return DataReturn('url地址非法', -1);
+        }

        // 随机文件名
        $filename = empty($params['filename']) ? date('YmdHis').GetNumberCode().'.png' : $params['filename'].'.png';