修复排序字段错误BUG

优化上传文件图片检测,禁止上传PHP和HTML

application/admin/controller/Ajax.php

@@ -64,11 +64,15 @@ class Ajax extends Backend
         $size = (int)$upload['maxsize'] * pow(1024, isset($typeDict[$type]) ? $typeDict[$type] : 0);
         $fileInfo = $file->getInfo();
         $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION));
-        $suffix = $suffix ? $suffix : 'file';
+        $suffix = $suffix && preg_match("/^[a-zA-Z0-9]+$/", $suffix) ? $suffix : 'file';
 
         $mimetypeArr = explode(',', strtolower($upload['mimetype']));
         $typeArr = explode('/', $fileInfo['type']);
 
+        //禁止上传PHP和HTML文件
+        if (in_array($fileInfo['type'], ['text/x-php', 'text/html']) || in_array($suffix, ['php', 'html', 'htm'])) {
+            $this->error(__('Uploaded file format is limited'));
+        }
         //验证文件后缀
         if ($upload['mimetype'] !== '*' &&
             (
@@ -78,6 +82,16 @@ class Ajax extends Backend
         ) {
             $this->error(__('Uploaded file format is limited'));
         }
+        //验证是否为图片文件
+        $imagewidth = $imageheight = 0;
+        if (in_array($fileInfo['type'], ['image/gif', 'image/jpg', 'image/jpeg', 'image/bmp', 'image/png', 'image/webp']) || in_array($suffix, ['gif', 'jpg', 'jpeg', 'bmp', 'png', 'webp'])) {
+            $imgInfo = getimagesize($fileInfo['tmp_name']);
+            if (!$imgInfo || !isset($imgInfo[0]) || !isset($imgInfo[1])) {
+                $this->error(__('Uploaded file is not a valid image'));
+            }
+            $imagewidth = isset($imgInfo[0]) ? $imgInfo[0] : $imagewidth;
+            $imageheight = isset($imgInfo[1]) ? $imgInfo[1] : $imageheight;
+        }
         $replaceArr = [
             '{year}'     => date("Y"),
             '{mon}'      => date("m"),
@@ -100,12 +114,6 @@ class Ajax extends Backend
         //
         $splInfo = $file->validate(['size' => $size])->move(ROOT_PATH . '/public' . $uploadDir, $fileName);
         if ($splInfo) {
-            $imagewidth = $imageheight = 0;
-            if (in_array($suffix, ['gif', 'jpg', 'jpeg', 'bmp', 'png', 'swf'])) {
-                $imgInfo = getimagesize($splInfo->getPathname());
-                $imagewidth = isset($imgInfo[0]) ? $imgInfo[0] : $imagewidth;
-                $imageheight = isset($imgInfo[1]) ? $imgInfo[1] : $imageheight;
-            }
             $params = array(
                 'admin_id'    => (int)$this->auth->id,
                 'user_id'     => 0,

application/admin/lang/zh-cn/ajax.php

@@ -3,5 +3,6 @@
 return [
     'No file upload or server upload limit exceeded' => '未上传文件或超出服务器上传限制',
     'Uploaded file format is limited'                => '上传文件格式受限制',
+    'Uploaded file is not a valid image'             => '上传文件不是有效的图片文件',
     'Upload successful'                              => '上传成功',
 ];

application/api/controller/Common.php

@@ -63,11 +63,15 @@ class Common extends Api
         $size = (int)$upload['maxsize'] * pow(1024, isset($typeDict[$type]) ? $typeDict[$type] : 0);
         $fileInfo = $file->getInfo();
         $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION));
-        $suffix = $suffix ? $suffix : 'file';
+        $suffix = $suffix && preg_match("/^[a-zA-Z0-9]+$/", $suffix) ? $suffix : 'file';
 
         $mimetypeArr = explode(',', strtolower($upload['mimetype']));
         $typeArr = explode('/', $fileInfo['type']);
 
+        //禁止上传PHP和HTML文件
+        if (in_array($fileInfo['type'], ['text/x-php', 'text/html']) || in_array($suffix, ['php', 'html', 'htm'])) {
+            $this->error(__('Uploaded file format is limited'));
+        }
         //验证文件后缀
         if ($upload['mimetype'] !== '*' &&
             (
@@ -77,6 +81,16 @@ class Common extends Api
         ) {
             $this->error(__('Uploaded file format is limited'));
         }
+        //验证是否为图片文件
+        $imagewidth = $imageheight = 0;
+        if (in_array($fileInfo['type'], ['image/gif', 'image/jpg', 'image/jpeg', 'image/bmp', 'image/png', 'image/webp']) || in_array($suffix, ['gif', 'jpg', 'jpeg', 'bmp', 'png', 'webp'])) {
+            $imgInfo = getimagesize($fileInfo['tmp_name']);
+            if (!$imgInfo || !isset($imgInfo[0]) || !isset($imgInfo[1])) {
+                $this->error(__('Uploaded file is not a valid image'));
+            }
+            $imagewidth = isset($imgInfo[0]) ? $imgInfo[0] : $imagewidth;
+            $imageheight = isset($imgInfo[1]) ? $imgInfo[1] : $imageheight;
+        }
         $replaceArr = [
             '{year}'     => date("Y"),
             '{mon}'      => date("m"),
@@ -99,12 +113,6 @@ class Common extends Api
         //
         $splInfo = $file->validate(['size' => $size])->move(ROOT_PATH . '/public' . $uploadDir, $fileName);
         if ($splInfo) {
-            $imagewidth = $imageheight = 0;
-            if (in_array($suffix, ['gif', 'jpg', 'jpeg', 'bmp', 'png', 'swf'])) {
-                $imgInfo = getimagesize($splInfo->getPathname());
-                $imagewidth = isset($imgInfo[0]) ? $imgInfo[0] : $imagewidth;
-                $imageheight = isset($imgInfo[1]) ? $imgInfo[1] : $imageheight;
-            }
             $params = array(
                 'admin_id'    => 0,
                 'user_id'     => (int)$this->auth->id,

application/api/lang/zh-cn/common.php

@@ -3,5 +3,6 @@
 return [
     'No file upload or server upload limit exceeded' => '未上传文件或超出服务器上传限制',
     'Uploaded file format is limited'                => '上传文件格式受限制',
+    'Uploaded file is not a valid image'             => '上传文件不是有效的图片文件',
     'Upload successful'                              => '上传成功',
 ];

application/common/controller/Backend.php

@@ -254,7 +254,7 @@ class Backend extends Controller
         $search = $this->request->get("search", '');
         $filter = $this->request->get("filter", '');
         $op = $this->request->get("op", '', 'trim');
-        $sort = $this->request->get("sort", !empty($this->model) && $this->model->getPk() ?: 'id');
+        $sort = $this->request->get("sort", !empty($this->model) && $this->model->getPk() ? $this->model->getPk() : 'id');
         $order = $this->request->get("order", "DESC");
         $offset = $this->request->get("offset", 0);
         $limit = $this->request->get("limit", 0);

application/extra/upload.php

@@ -21,7 +21,7 @@ return [
     /**
      * 可上传的文件类型
      */
-    'mimetype'  => 'jpg,png,bmp,jpeg,gif,zip,rar,xls,xlsx',
+    'mimetype'  => '*',
     /**
      * 是否支持批量上传
      */

application/index/lang/zh-cn/ajax.php

@@ -3,5 +3,6 @@
 return [
     'No file upload or server upload limit exceeded' => '未上传文件或超出服务器上传限制',
     'Uploaded file format is limited'                => '上传文件格式受限制',
+    'Uploaded file is not a valid image'             => '上传文件不是有效的图片文件',
     'Upload successful'                              => '上传成功',
 ];

public/uploads/.htaccess

@@ -0,0 +1,4 @@
+<FilesMatch \.(?i:html|php)$>
+  Order allow,deny
+  Deny from all
+</FilesMatch>