Browse Source

0.9.34

pull/180/head
xiaoz 10 months ago
parent
commit
cfc01ae62a
  1. 14
      class/Api.php

14
class/Api.php

@ -1,7 +1,7 @@
<?php <?php
/** /**
* name:API核心类 * name:API核心类
* update:2020/12 * update:2024/01
* author:xiaoz<xiaoz93@outlook.com> * author:xiaoz<xiaoz93@outlook.com>
* blog:xiaoz.me * blog:xiaoz.me
*/ */
@ -339,6 +339,18 @@ class Api {
//过滤$filename //过滤$filename
$filename = str_replace('../','',$filename); $filename = str_replace('../','',$filename);
$filename = str_replace('./','',$filename); $filename = str_replace('./','',$filename);
// 获取文件名称的后缀
$suffix = explode('.',$filename);
// 如果没有后缀,则不合法,通过数组长度判断后缀
if( count($suffix) < 2 ) {
$this->err_msg(-2000,'文件不合法!');
}
// 获取文件后缀
$suffix = strtolower(end($suffix));
if( ( $suffix != 'html' ) && ( $suffix != 'htm' ) ) {
$this->err_msg(-2000,'文件不合法!');
}
$this->auth($token); $this->auth($token);
//检查文件是否存在 //检查文件是否存在
if ( !file_exists($filename) ) { if ( !file_exists($filename) ) {

Loading…
Cancel
Save