From bb8713b6f88b0c7764fcb84d53fce6a9532b01e6 Mon Sep 17 00:00:00 2001 From: devil_gong Date: Fri, 4 Jan 2019 18:16:20 +0800 Subject: [PATCH] =?UTF-8?q?=E5=B0=8F=E7=A8=8B=E5=BA=8F=E5=8C=85=E5=88=A0?= =?UTF-8?q?=E9=99=A4=EF=BC=8C=E9=98=B2=E6=AD=A2=E8=B7=AF=E5=BE=84=E5=9B=9E?= =?UTF-8?q?=E6=BA=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/service/AppMiniService.php | 16 ++++++++++++++-- application/service/ThemeService.php | 4 ++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/application/service/AppMiniService.php b/application/service/AppMiniService.php index fd3e110fe..69b670d50 100755 --- a/application/service/AppMiniService.php +++ b/application/service/AppMiniService.php @@ -187,9 +187,21 @@ class AppMiniService // 初始化 self::Init($params); + // 目录处理 + $suffix = ''; + if(substr($params['id'], -4) === '.zip') + { + $name = substr($params['id'], 0, strlen($params['id'])-4); + $suffix = '.zip'; + } else { + $name = $params['id']; + } + + // 防止路径回溯 + $path = self::$new_path.DS.htmlentities(str_replace(array('.', '/', '\\'), '', strip_tags($name))).$suffix; + // 删除压缩包 - $path = self::$new_path.DS.$params['id']; - if(substr($path, -4) == '.zip') + if($suffix == '.zip') { $status = \base\FileUtil::UnlinkFile($path); } else { diff --git a/application/service/ThemeService.php b/application/service/ThemeService.php index c66d1f87f..6f6bf8cff 100755 --- a/application/service/ThemeService.php +++ b/application/service/ThemeService.php @@ -174,8 +174,8 @@ class ThemeService { return DataReturn('模板id有误', -1); } - // 主题 - $id = str_replace(array('.', '/', '\\'), '', strip_tags($params['id'])); + // 防止路径回溯 + $id = htmlentities(str_replace(array('.', '/', '\\'), '', strip_tags($params['id']))); if(empty($id)) { return DataReturn('主题名称有误', -1);