he/DzzOffice
1
0
Fork 0
mirror of https://github.com/DzzXH/DzzOffice.git synced 2026-03-01 12:22:43 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

同步官方补丁:修复安全问题

Browse Source
This commit is contained in:
小胡
2024-01-25 17:52:11 +08:00
Unverified
parent 06d0631c57
commit 267edf2912
1 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
admin/system/database.php
View File

@@ -50,7 +50,10 @@ if ($operation == 'export') {
$submit = true;
DB::query('SET SQL_QUOTE_SHOW_CREATE=0', 'SILENT');
if (!$_GET['filename'] || preg_match("/(\.)(exe|jsp|asp|aspx|cgi|fcgi|pl)(\.|$)/i", $_GET['filename'])) {
cpmsg('database_export_filename_invalid', '', 'error');
showmessage('database_export_filename_invalid');
}
if(!preg_match("/^[a-zA-Z0-9_]+$/i",$_GET['filename'])){
showmessage('database_export_filename_invalid');
}
$time = dgmdate(TIMESTAMP);
@@ -58,12 +61,18 @@ if ($operation == 'export') {
$tables = arraykeys2(fetchtablelist($tablepre), 'Name');
} elseif ($_GET['type'] == 'custom') {
$tables = array();
$alltables= arraykeys2(fetchtablelist($tablepre), 'Name');
if (empty($_GET['setup'])) {
$tables = C::t('setting') -> fetch('custombackup', true);
} else {
C::t('setting') -> update('custombackup', empty($_GET['customtables']) ? '' : $_GET['customtables']);
$tables = &$_GET['customtables'];
}
//验证表名是否正确
foreach($tables as $key => $table){
if(!in_array($table,$alltabls)) unset($tables[$key]);
}
if (!is_array($tables) || empty($tables)) {
showmessage('database_export_custom_invalid');
}
@@ -76,7 +85,7 @@ if ($operation == 'export') {
}
$volume = intval($_GET['volume']) + 1;
$idstring = '# Identify: ' . base64_encode("$_G[timestamp]," . $_G['setting']['version'] . ",{$_GET['type']},{$_GET['method']},{$volume},{$tablepre},{$dbcharset}") . "\n";
$idstring = '# Identify: ' . base64_encode($_G['timestamp']."," . $_G['setting']['version'] . "," .$_GET['type']."," .$_GET['method']."," .$volume."," .$tablepre."," .$dbcharset) . "\n";
$dumpcharset = $_GET['sqlcharset'] ? $_GET['sqlcharset'] : str_replace('-', '', $_G['charset']);
$setnames = ($_GET['sqlcharset'] && $db -> version() > '4.1' && (!$_GET['sqlcompat'] || $_GET['sqlcompat'] == 'MYSQL41')) ? "SET NAMES '$dumpcharset';\n\n" : '';
@@ -490,7 +499,7 @@ function sqldumptablestruct($table) {
}
$tablestatus = DB::fetch_first("SHOW TABLE STATUS LIKE '$table'");
$tabledump .= ($tablestatus['Auto_increment'] ? " AUTO_INCREMENT=$tablestatus[Auto_increment]" : ''). ";\n\n";
$tabledump .= ($tablestatus['Auto_increment'] ? " AUTO_INCREMENT=$tablestatus['Auto_increment']" : ''). ";\n\n";
if ($_GET['sqlcompat'] == 'MYSQL40' && $db -> version() >= '4.1' && $db -> version() < '5.1') {
if ($tablestatus['Auto_increment'] <> '') {
$temppos = strpos($tabledump, ',');
@@ -531,7 +540,7 @@ function sqldumptable($table, $startfrom = 0, $currsize = 0) {
if ($_GET['extendins'] == '0') {
while ($currsize + strlen($tabledump) + 500 < $_GET['sizelimit'] * 1000 && $numrows == $offset) {
if ($firstfield['Extra'] == 'auto_increment') {
$selectsql = "SELECT * FROM $table WHERE $firstfield[Field] > $startfrom ORDER BY $firstfield[Field] LIMIT $offset";
$selectsql = "SELECT * FROM $table WHERE$firstfield['Field']> $startfrom ORDER BY$firstfield['Field']LIMIT $offset";
} else {
$selectsql = "SELECT * FROM $table LIMIT $startfrom, $offset";
}
@@ -562,7 +571,7 @@ function sqldumptable($table, $startfrom = 0, $currsize = 0) {
} else {
while ($currsize + strlen($tabledump) + 500 < $_GET['sizelimit'] * 1000 && $numrows == $offset) {
if ($firstfield['Extra'] == 'auto_increment') {
$selectsql = "SELECT * FROM $table WHERE $firstfield[Field] > $startfrom LIMIT $offset";
$selectsql = "SELECT * FROM $table WHERE$firstfield['Field']> $startfrom LIMIT $offset";
} else {
$selectsql = "SELECT * FROM $table LIMIT $startfrom, $offset";
}