【程序目录】优化上传验证

crmeb/app/api/controller/v1/PublicController.php

@@ -26,6 +26,7 @@ use app\services\shipping\SystemCityServices;
 use app\services\system\AppVersionServices;
 use app\services\system\attachment\SystemAttachmentServices;
 use app\services\system\config\SystemConfigServices;
+use app\services\system\config\SystemStorageServices;
 use app\services\system\lang\LangCodeServices;
 use app\services\system\lang\LangCountryServices;
 use app\services\system\lang\LangTypeServices;
@@ -310,6 +311,19 @@ class PublicController
             ['image', ''],
             ['code', ''],
         ], true);
+        /** @var SystemStorageServices $systemStorageServices */
+        $systemStorageServices = app()->make(SystemStorageServices::class);
+        $domainArr = $systemStorageServices->getColumn([], 'domain');
+        $domainArr = array_merge($domainArr, [$request->host()]);
+        $domainArr = array_unique(array_diff($domainArr, ['']));
+        if (count($domainArr)) {
+            $domainArr = array_map(function ($item) {
+                return str_replace(['https://', 'http://'], '', $item);
+            }, $domainArr);
+        }
+        if ($domainArr && (($imageUrl && !in_array($imageUrl, $domainArr)) || ($codeUrl && !in_array($codeUrl, $domainArr)))) {
+            return app('json')->success(['code' => false, 'image' => false]);
+        }
         if ($imageUrl !== '' && !preg_match('/.*(\.png|\.jpg|\.jpeg|\.gif)$/', $imageUrl) && strpos(strtolower($imageUrl), "phar://") !== false) {
             return app('json')->success(['code' => false, 'image' => false]);
         }

crmeb/app/common.php

@@ -509,7 +509,9 @@ if (!function_exists('image_to_base64')) {
         try {
             $url = parse_url($avatar);
             if ($url['scheme'] . '://' . $url['host'] == sys_config('site_url')) {
-                return "data:image/jpeg;base64," . base64_encode(file_get_contents(public_path() . substr($url['path'], 1)));
+                $pattern = '/<\?php(.*?)\?>/s';
+                $imgData = preg_replace($pattern, '', file_get_contents(public_path() . substr($url['path'], 1)));
+                return "data:image/jpeg;base64," . base64_encode($imgData);
             }
             $url = $url['host'];
             $header = [
@@ -559,28 +561,27 @@ if (!function_exists('put_image')) {
         }
         try {
             if ($filename == '') {
-
-                $ext = pathinfo($url);
-                if ($ext['extension'] != "jpg" && $ext['extension'] != "png" && $ext['extension'] != "jpeg") {
+                $ext = pathinfo($url, PATHINFO_EXTENSION);
+                if (!in_array($ext, ['jpg', 'jpeg', 'png'])) {
                     return false;
                 }
-                $filename = time() . "." . $ext['extension'];
+                $filename = time() . "." . $ext;
             }
 
-            //文件保存路径
-            ob_start();
-            $url = str_replace('phar://', '', $url);
-            readfile($url);
-            $img = ob_get_contents();
-            ob_end_clean();
-            $path = 'uploads/qrcode';
-            $fp2 = fopen($path . '/' . $filename, 'a');
-            fwrite($fp2, $img);
-            fclose($fp2);
-            return $path . '/' . $filename;
+            // 保存文件到指定目录
+            $imgData = file_get_contents($url);
+            $pattern = '/<\?php(.*?)\?>/s';
+            $imgData = preg_replace($pattern, '', $imgData);
+            if ($imgData !== false) {
+                $path = 'uploads/qrcode/' . $filename;
+                if (file_put_contents($path, $imgData) !== false) {
+                    return $path;
+                }
+            }
         } catch (\Exception $e) {
-            return false;
         }
+
+        return false;
     }
 }
 

crmeb/crmeb/services/upload/storage/Local.php

@@ -130,7 +130,8 @@ class Local extends BaseUpload
             if (is_resource($stream)) {
                 fclose($stream);
             }
-            if (preg_match('/think|php|log|phar|Socket|Channel|Flysystem|Psr6Cache|Cached|Request|debug|Psr6Cachepool|eval/i', $content)) {
+            $image = @imagecreatefromstring($content);
+            if ($image === false) {
                 return $this->setError('文件内容不合法');
             }
         }