suk-ws.sync/ph-Bookshelf
1
0
Fork 0
mirror of https://github.com/suk-ws/ph-Bookshelf.git synced 2025-02-07 16:29:52 +08:00
Code Issues Releases Activity

refix file safety problem by php open_basedir

Browse Source
This commit is contained in:
A.C.Sukazyo Eyre 2023-05-19 18:05:07 +08:00
parent b445eeb2d5
commit b17dd3cfeb
Signed by: Eyre_S
GPG Key ID: C17CE40291207874
5 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config.php Normal file
View File

@ -0,0 +1,7 @@
<?php
ini_set(
'open_basedir',
!($open_basedir = ini_get('open_basedir')) ? "" : "$open_basedir:" .
__DIR__
);

2
constant.php
View File

@ -2,6 +2,6 @@
const APP_NAME = "ph-Bookshelf"; const APP_NAME = "ph-Bookshelf";
const VERSION = "0.5.0-alpha6"; const VERSION = "0.5.0-alpha7";
const CHANNEL = "suk-ws"; const CHANNEL = "suk-ws";
const BRANCH = "config-v2.0"; const BRANCH = "config-v2.0";

1
index.php
View File

@ -1,5 +1,6 @@
<?php <?php
require "./config.php";
require "./constant.php"; require "./constant.php";
require "./vendor/autoload.php"; require "./vendor/autoload.php";

3
src/Resource/Resource.php
View File

@ -7,8 +7,5 @@ class Resource {
public static function getRealRootPath (): string { public static function getRealRootPath (): string {
return realpath("./"); return realpath("./");
} }
public static function checkSafety (string $checked): bool {
return str_starts_with(realpath($checked), self::getRealRootPath());
}
} }

2
src/Utils/PageParse.php
View File

@ -22,7 +22,7 @@ class PageParse {
// 将utf8编码转换成gbk编码否则中文名称的文件无法打开 // 将utf8编码转换成gbk编码否则中文名称的文件无法打开
// $filePath = iconv('UTF-8', 'gbk', $filePath); // $filePath = iconv('UTF-8', 'gbk', $filePath);
// 检查文件是否可读 // 检查文件是否可读
if (!is_file($filePath) || !is_readable($filePath) || !Resource::checkSafety($filePath)) { if (!is_file($filePath) || !is_readable($filePath)) {
exit("File Can't Read!"); exit("File Can't Read!");
} }
// 判定文件类型 // 判定文件类型