From 51a8c968969ff34aad9442459eb4f6c6c50e49f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E6=99=AF=E7=AB=8B?= Date: Sun, 20 Jun 2021 15:32:42 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=96=87=E4=BB=B6=E4=B8=8A?= =?UTF-8?q?=E4=BC=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/admin/controller/api/Upload.php | 69 +++++++++++++---------------- 1 file changed, 31 insertions(+), 38 deletions(-) diff --git a/app/admin/controller/api/Upload.php b/app/admin/controller/api/Upload.php index 6f002542c..38ceb6df4 100644 --- a/app/admin/controller/api/Upload.php +++ b/app/admin/controller/api/Upload.php @@ -35,18 +35,6 @@ use think\response\Json; class Upload extends Controller { - /** - * 文件上传方式 - * @var string - */ - private $type; - - /** - * 文件上传模式 - * @var boolean - */ - private $safe; - /** * 文件上传脚本 * @return Response @@ -75,27 +63,27 @@ class Upload extends Controller */ public function state() { - [$this->name, $this->safe] = [input('name', null), $this->getSafe()]; - $data = ['uptype' => $this->getType(), 'safe' => intval($this->safe), 'key' => input('key')]; - if ($info = Storage::instance($data['uptype'])->info($data['key'], $this->safe, $this->name)) { + [$name, $safe] = [input('name'), $this->getSafe()]; + $data = ['uptype' => $this->getType(), 'safe' => intval($safe), 'key' => input('key')]; + if ($info = Storage::instance($data['uptype'])->info($data['key'], $safe, $name)) { $data['url'] = $info['url']; $this->success('文件已经上传', $data, 200); } elseif ('local' === $data['uptype']) { - $data['url'] = LocalStorage::instance()->url($data['key'], $this->safe, $this->name); + $data['url'] = LocalStorage::instance()->url($data['key'], $safe, $name); $data['server'] = LocalStorage::instance()->upload(); } elseif ('qiniu' === $data['uptype']) { - $data['url'] = QiniuStorage::instance()->url($data['key'], $this->safe, $this->name); - $data['token'] = QiniuStorage::instance()->buildUploadToken($data['key'], 3600, $this->name); + $data['url'] = QiniuStorage::instance()->url($data['key'], $safe, $name); + $data['token'] = QiniuStorage::instance()->buildUploadToken($data['key'], 3600, $name); $data['server'] = QiniuStorage::instance()->upload(); } elseif ('alioss' === $data['uptype']) { - $token = AliossStorage::instance()->buildUploadToken($data['key'], 3600, $this->name); + $token = AliossStorage::instance()->buildUploadToken($data['key'], 3600, $name); $data['url'] = $token['siteurl']; $data['policy'] = $token['policy']; $data['signature'] = $token['signature']; $data['OSSAccessKeyId'] = $token['keyid']; $data['server'] = AliossStorage::instance()->upload(); } elseif ('txcos' === $data['uptype']) { - $token = TxcosStorage::instance()->buildUploadToken($data['key'], 3600, $this->name); + $token = TxcosStorage::instance()->buildUploadToken($data['key'], 3600, $name); $data['url'] = $token['siteurl']; $data['q-ak'] = $token['q-ak']; $data['policy'] = $token['policy']; @@ -119,37 +107,41 @@ class Upload extends Controller if (!($file = $this->getFile())->isValid()) { $this->error('文件上传异常,文件过大或未上传!'); } + $safeMode = $this->getSafe(); $extension = strtolower($file->getOriginalExtension()); - [$pathname, $original] = [$file->getPathname(), $file->getOriginalName()]; + $saveName = input('key') ?: Storage::name($file->getPathname(), $extension, '', 'md5_file'); + // 检查文件后缀是否被恶意修改 + if (ltrim(strtolower(strrchr($saveName, '.')), '.') !== $extension) { + $this->error('文件后缀异常,请重新上传文件!'); + } + // 屏蔽禁止上传指定后缀的文件 if (!in_array($extension, str2arr(sysconf('storage.allow_exts')))) { $this->error('文件类型受限,请在后台配置规则!'); } if (in_array($extension, ['sh', 'asp', 'bat', 'cmd', 'exe', 'php'])) { - $this->error('文件安全保护,可执行文件禁止上传!'); + $this->error('文件安全保护,禁止上传可执行文件!'); } - [$this->type, $this->safe] = [$this->getType(), $this->getSafe()]; - $this->name = input('key') ?: Storage::name($pathname, $extension, '', 'md5_file'); try { - if ($this->type === 'local') { + if ($this->getType() === 'local') { $local = LocalStorage::instance(); - $distname = $local->path($this->name, $this->safe); - $file->move(dirname($distname), basename($distname)); - $info = $local->info($this->name, $this->safe, $original); + $distName = $local->path($saveName, $safeMode); + $file->move(dirname($distName), basename($distName)); + $info = $local->info($saveName, $safeMode, $file->getOriginalName()); if (in_array($extension, ['jpg', 'gif', 'png', 'bmp', 'jpeg', 'wbmp'])) { - if ($this->imgNotSafe($distname) && $local->del($this->name)) { + if ($this->imgNotSafe($distName) && $local->del($saveName)) { $this->error('图片未通过安全检查!'); } - [$width, $height] = getimagesize($distname); - if (($width < 1 || $height < 1) && $local->del($this->name)) { + [$width, $height] = getimagesize($distName); + if (($width < 1 || $height < 1) && $local->del($saveName)) { $this->error('读取图片的尺寸失败!'); } } } else { - $bina = file_get_contents($pathname); - $info = Storage::instance($this->type)->set($this->name, $bina, $this->safe, $original); + $bina = file_get_contents($file->getPathname()); + $info = Storage::instance($this->getType())->set($saveName, $bina, $safeMode, $file->getOriginalName()); } if (isset($info['url'])) { - $this->success('文件上传成功!', ['url' => $this->safe ? $this->name : $info['url']]); + $this->success('文件上传成功!', ['url' => $safeMode ? $saveName : $info['url']]); } else { $this->error('文件处理失败,请稍候再试!'); } @@ -178,11 +170,12 @@ class Upload extends Controller */ private function getType(): string { - $this->type = strtolower(input('uptype', '')); - if (!in_array($this->type, ['local', 'qiniu', 'alioss', 'txcos'])) { - $this->type = strtolower(sysconf('storage.type')); + $type = strtolower(input('uptype', '')); + if (in_array($type, ['local', 'qiniu', 'alioss', 'txcos'])) { + return $type; + } else { + return strtolower(sysconf('storage.type')); } - return strtolower($this->type); } /**