From a0f5571595eb948bbb1bcb99ab13b6c8d915d1f6 Mon Sep 17 00:00:00 2001
From: Anyon <zoujingli@qq.com>
Date: Thu, 13 Jul 2017 18:28:33 +0800
Subject: [PATCH] =?UTF-8?q?[=E6=9B=B4=E6=96=B0]=E5=A2=9E=E5=8A=A0=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E6=9C=AC=E5=9C=B0=E4=B8=8A=E4=BC=A0token=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/admin/controller/Plugs.php   | 16 ++++++++--------
 application/admin/view/plugs.upfile.html |  4 ++--
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/application/admin/controller/Plugs.php b/application/admin/controller/Plugs.php
index 816072164..ce9aac247 100644
--- a/application/admin/controller/Plugs.php
+++ b/application/admin/controller/Plugs.php
@@ -62,17 +62,16 @@ class Plugs extends BasicAdmin
      */
     public function upload()
     {
-        if (!$this->request->isPost()) {
-            return json(['code' => 'ERROR', '文件上传失败']);
-        }
         $file = $this->request->file('file');
-        $ext = pathinfo($file->getInfo('name'), PATHINFO_EXTENSION);
-        if (in_array($ext, ['php', 'bat', 'cmd', 'sh', 'exe'])) {
-            return json(['code' => 'ERROR', 'msg' => "禁止上传{$ext}文件"]);
-        }
         $md5s = str_split($this->request->post('md5'), 16);
+        $ext = pathinfo($file->getInfo('name'), 4);
+        $filename = join('/', $md5s) . ".{$ext}";
+        // 文件上传Token验证
+        if ($this->request->post('token') !== md5($filename . session_id())) {
+            return json(['code' => 'ERROR', '文件上传验证失败']);
+        }
+        // 文件上传处理
         if (($info = $file->move('static' . DS . 'upload' . DS . $md5s[0], $md5s[1], true))) {
-            $filename = join('/', $md5s) . '.' . $info->getExtension();
             if (($site_url = FileService::getFileUrl($filename, 'local'))) {
                 return json(['data' => ['site_url' => $site_url], 'code' => 'SUCCESS', 'msg' => '文件上传成功']);
             }
@@ -100,6 +99,7 @@ class Plugs extends BasicAdmin
                 break;
             case 'local':
                 $config['server'] = FileService::getUploadLocalUrl();
+                $config['token'] = md5($filename . session_id());
                 break;
             case 'oss':
                 $time = time() + 3600;
diff --git a/application/admin/view/plugs.upfile.html b/application/admin/view/plugs.upfile.html
index b9d294775..9bd7f0281 100644
--- a/application/admin/view/plugs.upfile.html
+++ b/application/admin/view/plugs.upfile.html
@@ -144,10 +144,10 @@
                             window['expressinstallcallback'] = function (state) {
                                 switch (state) {
                                     case 'Download.Cancelled':
-                                        alert('您取消了更新！')
+                                        alert('您取消了更新！');
                                         break;
                                     case 'Download.Failed':
-                                        alert('安装失败')
+                                        alert('安装失败');
                                         break;
                                     default:
                                         alert('安装已成功，请刷新！');