mirror of
https://github.com/lkddi/nexusphp.git
synced 2026-04-03 14:10:57 +08:00
improve filter_src()
This commit is contained in:
xiaomlove
@@ -4,5 +4,5 @@ namespace App\Models;
|
||||
|
||||
class Attachment extends NexusModel
|
||||
{
|
||||
|
||||
const IMG_EXTENSIONS = ['jpeg', 'jpg', 'png', 'gif', 'webp', 'bmp', 'tif', 'tiff', 'heic'];
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.9.10');
|
||||
defined('RELEASE_DATE') || define('RELEASE_DATE', '2025-10-30');
|
||||
defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.9.11');
|
||||
defined('RELEASE_DATE') || define('RELEASE_DATE', '2025-10-31');
|
||||
defined('IN_TRACKER') || define('IN_TRACKER', false);
|
||||
defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
|
||||
defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");
|
||||
|
||||
@@ -1377,35 +1377,33 @@ function filter_src($src)
|
||||
if (empty($path)) {
|
||||
return $src;
|
||||
}
|
||||
$host = parse_url($src, PHP_URL_HOST);
|
||||
if (!empty($host) && $host != $_SERVER['HTTP_HOST']) {
|
||||
return $src;
|
||||
}
|
||||
$guessScriptFilename = sprintf("%s/%s", $_SERVER['DOCUMENT_ROOT'], trim($path, '/'));
|
||||
if (!file_exists($guessScriptFilename)) {
|
||||
return $src;
|
||||
}
|
||||
//only allow these
|
||||
$imgExtensions = implode("|", \App\Models\Attachment::IMG_EXTENSIONS);
|
||||
$allowSuffixPattern = "/\.($imgExtensions)/i";
|
||||
if (preg_match($allowSuffixPattern, $path)) {
|
||||
return $src;
|
||||
}
|
||||
$allowScriptPattern = "/(forums|details|offers)\.php/i";
|
||||
if (preg_match($allowScriptPattern, $path)) {
|
||||
return $src;
|
||||
}
|
||||
//log danger, deny directly
|
||||
if (is_danger_url($src)) {
|
||||
$msg = "[DANGER_URL]: $src";
|
||||
$dangerScriptsPattern = "/(logout|login|ajax|announce|scrape|adduser|modtask|docleanup|freeleech|take.*)\.php/i";
|
||||
if (preg_match($dangerScriptsPattern, $path)) {
|
||||
$msg = sprintf( "[DANGER_URL]: $src [%s]", nexus()->getRequestId());
|
||||
do_log($msg, "alert");
|
||||
write_log($msg, "mod");
|
||||
return "";
|
||||
}
|
||||
//only allow these
|
||||
$allowScriptPattern = "/(forums|details|offers)\.php/i";
|
||||
$match = preg_match($allowScriptPattern, $src);
|
||||
if ($match <= 0) {
|
||||
do_log("[NOT_ALLOW_SRC]: $src");
|
||||
return "";
|
||||
}
|
||||
return $src;
|
||||
}
|
||||
|
||||
function is_danger_url($url): bool
|
||||
{
|
||||
$dangerScriptsPattern = "/(logout|login|ajax|announce|scrape|adduser|modtask|docleanup|freeleech|take.*)\.php/i";
|
||||
$match = preg_match($dangerScriptsPattern, $url);
|
||||
if ($match > 0) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
do_log("[NOT_ALLOW_SRC]: $src with path: $path");
|
||||
return "";
|
||||
}
|
||||
|
||||
//here must retrieve the real time info, no cache!!!
|
||||
|
||||
@@ -35,7 +35,7 @@ if ($Attach->enable_attachment())
|
||||
$ext_l = strrpos($origfilename, ".");
|
||||
$ext = strtolower(substr($origfilename, $ext_l+1, strlen($origfilename)-($ext_l+1)));
|
||||
$banned_ext = array('exe', 'com', 'bat', 'msi');
|
||||
$img_ext = array('jpeg', 'jpg', 'png', 'gif', 'webp', 'bmp', 'tif', 'tiff', 'heic');
|
||||
$img_ext = \App\Models\Attachment::IMG_EXTENSIONS;
|
||||
|
||||
if (!$file || $filesize == 0 || $file["name"] == "") // nothing received
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user