diff --git a/addons/hwobs/.addonrc b/addons/hwobs/.addonrc index 41cb282..6fce9a5 100644 --- a/addons/hwobs/.addonrc +++ b/addons/hwobs/.addonrc @@ -1 +1 @@ -{"files":["public\\assets\\addons\\hwobs\\js\\spark.js"],"license":"regular","licenseto":"34485","licensekey":"kaCpXL6B57yO89Rv h7EIXhuMw6+sCcUldTSJoQ==","domains":["localhost"],"licensecodes":[],"validations":["757319b447175b6ca1882635b132a594"]} \ No newline at end of file +{"files":["public\\assets\\addons\\hwobs\\js\\spark.js"],"license":"regular","licenseto":"34485","licensekey":"fE1oqlUNvPsVy07I LHfdNbd7Yb6AD1LjzKfdIA==","domains":[],"licensecodes":[],"validations":[]} \ No newline at end of file diff --git a/addons/hwobs/config.php b/addons/hwobs/config.php index 6b6fa57..57733da 100644 --- a/addons/hwobs/config.php +++ b/addons/hwobs/config.php @@ -2,244 +2,244 @@ return [ [ - 'name' => 'accessKey', - 'title' => 'Access Key', - 'type' => 'string', + 'name' => 'accessKey', + 'title' => 'Access Key', + 'type' => 'string', 'content' => [], - 'value' => '', - 'rule' => 'required', - 'msg' => '', - 'tip' => '请前往华为云控制台->我的凭证->访问密钥中生成', - 'ok' => '', - 'extend' => '', + 'value' => '', + 'rule' => 'required', + 'msg' => '', + 'tip' => '请前往华为云控制台->我的凭证->访问密钥中生成', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'secretKey', - 'title' => 'Secret Key', - 'type' => 'string', + 'name' => 'secretKey', + 'title' => 'Secret Key', + 'type' => 'string', 'content' => [], - 'value' => '', - 'rule' => 'required', - 'msg' => '', - 'tip' => '请前往华为云控制台->我的凭证->访问密钥中生成', - 'ok' => '', - 'extend' => '', + 'value' => '', + 'rule' => 'required', + 'msg' => '', + 'tip' => '请前往华为云控制台->我的凭证->访问密钥中生成', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'bucket', - 'title' => '存储桶名称', - 'type' => 'string', + 'name' => 'bucket', + 'title' => '存储桶名称', + 'type' => 'string', 'content' => [], - 'value' => 'yourbucket', - 'rule' => 'required', - 'msg' => '', - 'tip' => '存储桶名称', - 'ok' => '', - 'extend' => '', + 'value' => 'yourbucket', + 'rule' => 'required', + 'msg' => '', + 'tip' => '存储桶名称', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'endpoint', - 'title' => 'Endpoint', - 'type' => 'string', + 'name' => 'endpoint', + 'title' => 'Endpoint', + 'type' => 'string', 'content' => [], - 'value' => 'obs.cn-south-1.myhuaweicloud.com', - 'rule' => 'required;endpoint', - 'msg' => '', - 'tip' => '请输入你的Endpoint', - 'ok' => '', - 'extend' => 'data-rule-endpoint="[/^(?!http(s)?:\/\/).*$/, \'不能以http(s)://开头\']"', + 'value' => 'obs.cn-south-1.myhuaweicloud.com', + 'rule' => 'required;endpoint', + 'msg' => '', + 'tip' => '请输入你的Endpoint', + 'ok' => '', + 'extend' => 'data-rule-endpoint="[/^(?!http(s)?:\\/\\/).*$/, \'不能以http(s)://开头\']"', ], [ - 'name' => 'uploadurl', - 'title' => '上传接口地址', - 'type' => 'string', + 'name' => 'uploadurl', + 'title' => '上传接口地址', + 'type' => 'string', 'content' => [], - 'value' => 'https://yourbucket.obs.cn-south-1.myhuaweicloud.com', - 'rule' => 'required;uploadurl', - 'msg' => '', - 'tip' => '请使用存储桶->基本信息->访问域名的值,并在前面加上http://或https://', - 'ok' => '', - 'extend' => 'data-rule-uploadurl="[/^http(s)?:\/\/.*$/, \'必需以http(s)://开头\']"', + 'value' => 'https://yourbucket.obs.cn-south-1.myhuaweicloud.com', + 'rule' => 'required;uploadurl', + 'msg' => '', + 'tip' => '请使用存储桶->基本信息->访问域名的值,并在前面加上http://或https://', + 'ok' => '', + 'extend' => 'data-rule-uploadurl="[/^http(s)?:\\/\\/.*$/, \'必需以http(s)://开头\']"', ], [ - 'name' => 'cdnurl', - 'title' => 'CDN地址', - 'type' => 'string', + 'name' => 'cdnurl', + 'title' => 'CDN地址', + 'type' => 'string', 'content' => [], - 'value' => 'https://yourbucket.obs.cn-south-1.myhuaweicloud.com', - 'rule' => 'required;cdnurl', - 'msg' => '', - 'tip' => '如果你的云存储有绑定自定义域名,请输入自定义域名', - 'ok' => '', - 'extend' => 'data-rule-cdnurl="[/^http(s)?:\/\/.*$/, \'必需以http(s)://开头\']"', + 'value' => 'https://yourbucket.obs.cn-south-1.myhuaweicloud.com', + 'rule' => 'required;cdnurl', + 'msg' => '', + 'tip' => '如果你的云存储有绑定自定义域名,请输入自定义域名', + 'ok' => '', + 'extend' => 'data-rule-cdnurl="[/^http(s)?:\\/\\/.*$/, \'必需以http(s)://开头\']"', ], [ - 'name' => 'uploadmode', - 'title' => '上传模式', - 'type' => 'select', + 'name' => 'uploadmode', + 'title' => '上传模式', + 'type' => 'select', 'content' => [ 'client' => '客户端直传(速度快,无备份)', 'server' => '服务器中转(占用服务器带宽,有备份)', ], - 'value' => 'server', - 'rule' => '', - 'msg' => '', - 'tip' => '', - 'ok' => '', - 'extend' => '', + 'value' => 'server', + 'rule' => '', + 'msg' => '', + 'tip' => '', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'serverbackup', - 'title' => '服务器中转模式备份', - 'type' => 'radio', + 'name' => 'serverbackup', + 'title' => '服务器中转模式备份', + 'type' => 'radio', 'content' => [ 1 => '备份(附件管理将产生2条记录)', 0 => '不备份', ], - 'value' => '1', - 'rule' => '', - 'msg' => '', - 'tip' => '服务器中转模式下是否备份文件', - 'ok' => '', - 'extend' => '', + 'value' => '1', + 'rule' => '', + 'msg' => '', + 'tip' => '服务器中转模式下是否备份文件', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'savekey', - 'title' => '保存文件名', - 'type' => 'string', + 'name' => 'savekey', + 'title' => '保存文件名', + 'type' => 'string', 'content' => [], - 'value' => '/uploads/{year}{mon}{day}/{filemd5}{.suffix}', - 'rule' => 'required', - 'msg' => '', - 'tip' => '', - 'ok' => '', - 'extend' => '', + 'value' => '/uploads/{year}{mon}{day}/{filemd5}{.suffix}', + 'rule' => 'required', + 'msg' => '', + 'tip' => '', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'expire', - 'title' => '上传有效时长', - 'type' => 'string', + 'name' => 'expire', + 'title' => '上传有效时长', + 'type' => 'string', 'content' => [], - 'value' => '600', - 'rule' => 'required', - 'msg' => '', - 'tip' => '用户停留页面上传有效时长,单位秒', - 'ok' => '', - 'extend' => '', + 'value' => '600', + 'rule' => 'required', + 'msg' => '', + 'tip' => '用户停留页面上传有效时长,单位秒', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'maxsize', - 'title' => '最大可上传', - 'type' => 'string', + 'name' => 'maxsize', + 'title' => '最大可上传', + 'type' => 'string', 'content' => [], - 'value' => '10M', - 'rule' => 'required', - 'msg' => '', - 'tip' => '', - 'ok' => '', - 'extend' => '', + 'value' => '10M', + 'rule' => 'required', + 'msg' => '', + 'tip' => '', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'mimetype', - 'title' => '可上传后缀格式', - 'type' => 'string', + 'name' => 'mimetype', + 'title' => '可上传后缀格式', + 'type' => 'string', 'content' => [], - 'value' => 'jpg,png,bmp,jpeg,gif,zip,rar,xls,xlsx', - 'rule' => 'required', - 'msg' => '', - 'tip' => '', - 'ok' => '', - 'extend' => '', + 'value' => 'jpg,png,bmp,jpeg,gif,zip,rar,xls,xlsx', + 'rule' => 'required', + 'msg' => '', + 'tip' => '', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'multiple', - 'title' => '多文件上传', - 'type' => 'bool', + 'name' => 'multiple', + 'title' => '多文件上传', + 'type' => 'bool', 'content' => [], - 'value' => '0', - 'rule' => 'required', - 'msg' => '', - 'tip' => '', - 'ok' => '', - 'extend' => '', + 'value' => '0', + 'rule' => 'required', + 'msg' => '', + 'tip' => '', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'thumbstyle', - 'title' => '缩略图样式', - 'type' => 'string', + 'name' => 'thumbstyle', + 'title' => '缩略图样式', + 'type' => 'string', 'content' => [], - 'value' => '', - 'rule' => '', - 'msg' => '', - 'tip' => '用于后台列表缩略图样式,可使用:?x-image-process=image/resize,m_fixed,h_90,w_120或?x-image-process=style/样式名称', - 'ok' => '', - 'extend' => '', + 'value' => '', + 'rule' => '', + 'msg' => '', + 'tip' => '用于后台列表缩略图样式,可使用:?x-image-process=image/resize,m_fixed,h_90,w_120或?x-image-process=style/样式名称', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'chunking', - 'title' => '分片上传', - 'type' => 'radio', + 'name' => 'chunking', + 'title' => '分片上传', + 'type' => 'radio', 'content' => [ 1 => '开启', 0 => '关闭', ], - 'value' => '0', - 'rule' => 'required', - 'msg' => '', - 'tip' => '', - 'ok' => '', - 'extend' => '', + 'value' => '0', + 'rule' => 'required', + 'msg' => '', + 'tip' => '', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'chunksize', - 'title' => '分片大小', - 'type' => 'number', + 'name' => 'chunksize', + 'title' => '分片大小', + 'type' => 'number', 'content' => [], - 'value' => '4194304', - 'rule' => 'required', - 'msg' => '', - 'tip' => '', - 'ok' => '', - 'extend' => '', + 'value' => '4194304', + 'rule' => 'required', + 'msg' => '', + 'tip' => '', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'syncdelete', - 'title' => '附件删除时是否同步删除云存储文件', - 'type' => 'bool', + 'name' => 'syncdelete', + 'title' => '附件删除时是否同步删除云存储文件', + 'type' => 'bool', 'content' => [], - 'value' => '0', - 'rule' => 'required', - 'msg' => '', - 'tip' => '', - 'ok' => '', - 'extend' => '', + 'value' => '0', + 'rule' => 'required', + 'msg' => '', + 'tip' => '', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'apiupload', - 'title' => 'API接口使用云存储', - 'type' => 'bool', + 'name' => 'apiupload', + 'title' => 'API接口使用云存储', + 'type' => 'bool', 'content' => [], - 'value' => '0', - 'rule' => 'required', - 'msg' => '', - 'tip' => '', - 'ok' => '', - 'extend' => '', + 'value' => '0', + 'rule' => 'required', + 'msg' => '', + 'tip' => '', + 'ok' => '', + 'extend' => '', ], [ - 'name' => 'noneedlogin', - 'title' => '免登录上传', - 'type' => 'checkbox', + 'name' => 'noneedlogin', + 'title' => '免登录上传', + 'type' => 'checkbox', 'content' => [ - 'api' => 'API', + 'api' => 'API', 'index' => '前台', 'admin' => '后台', ], - 'value' => '', - 'rule' => '', - 'msg' => '', - 'tip' => '', - 'ok' => '', - 'extend' => '', + 'value' => '', + 'rule' => '', + 'msg' => '', + 'tip' => '', + 'ok' => '', + 'extend' => '', ], ]; diff --git a/addons/hwobs/controller/Index.php b/addons/hwobs/controller/Index.php index fb73c7a..e630c82 100644 --- a/addons/hwobs/controller/Index.php +++ b/addons/hwobs/controller/Index.php @@ -39,6 +39,14 @@ class Index extends Controller $name = $this->request->post('name'); $md5 = $this->request->post('md5'); $chunk = $this->request->post('chunk'); + $name = xss_clean($name); + + // 检查文件后缀 + $extension = strtolower(pathinfo($name, PATHINFO_EXTENSION)); + $allowedExtensions = explode(',', strtolower($config['mimetype'])); + if (!in_array($extension, $allowedExtensions) || in_array($extension, ['php', 'html', 'htm', 'phar', 'phtml']) || preg_match("/^php(.*)/i", $extension)) { + $this->error('不允许的文件类型'); + } $key = (new Upload())->getSavekey($config['savekey'], $name, $md5); $key = ltrim($key, "/"); @@ -86,7 +94,6 @@ class Index extends Controller $params['headers'] = $headers; $params['date'] = $date; $this->success('', null, $params); - return; } /** diff --git a/addons/hwobs/info.ini b/addons/hwobs/info.ini index 83467de..29b1e7e 100644 --- a/addons/hwobs/info.ini +++ b/addons/hwobs/info.ini @@ -3,7 +3,7 @@ title = 华为OBS云储存 intro = 使用华为OBS作为默认云储存 author = FastAdmin website = https://www.fastadmin.net -version = 1.2.9 +version = 1.2.10 state = 1 url = /addons/hwobs license = regular