EasyAdmin上傳檔案漏洞
/**
* 上傳檔案 \app\admin\controller\Ajax.php
*/
public function upload()
{
$data = [
'upload_type' => $this->request->post('upload_type'),
'file' => $this->request->file('file'),
];
$uploadConfig = sysconfig('upload');
empty($data['upload_type']) && $data['upload_type'] = $uploadConfig['upload_type'];
$rule = [
'upload_type|指定上傳型別有誤' => "in:{$uploadConfig['upload_allow_type']}",
// 'file|檔案' => "require|file|fileExt:{$uploadConfig['upload_allow_ext']}|fileSize:{$uploadConfig['upload_allow_size']}",
'file|檔案' => "require|file|fileExt:{$uploadConfig['upload_allow_ext']}|fileMime:{$uploadConfig['upload_allow_mime']}|fileSize:{$uploadConfig['upload_allow_size']}",
];
$this->validate($data, $rule);
try {
$upload = Uploadfile::instance()
->setUploadType($data['upload_type'])
->setUploadConfig($uploadConfig)
->setFile($data['file'])
->save();
} catch (\Exception $e) {
$this->error($e->getMessage());
}
if ($upload['save'] == true) {
$this->success($upload['msg'], ['url' => $upload['url']]);
} else {
$this->error($upload['msg']);
}
}
舊的上傳只是驗證檔案字尾,容易被hacker 利用上傳test.php.jpg 增加mime 頭判斷增強上傳 檔案的格式驗證;
注意:增加後需要在配置檔案中,配置相關的 mime檔案頭;
文章來源:劉俊濤的部落格 歡迎關注公眾號、留言、評論,一起學習。
__________________________________________________________________________________
若有幫助到您,歡迎點選推薦,您的支援是對我堅持最好的肯定(*^_^*)
耶和華是我的牧者,我必不至缺乏。