From 267edf291244293386056512fa1ca4aa568ab051 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B0=8F=E8=83=A1?= <3203164629@qq.com> Date: Thu, 25 Jan 2024 17:52:11 +0800 Subject: [PATCH] =?UTF-8?q?=E5=90=8C=E6=AD=A5=E5=AE=98=E6=96=B9=E8=A1=A5?= =?UTF-8?q?=E4=B8=81=EF=BC=9A=E4=BF=AE=E5=A4=8D=E5=AE=89=E5=85=A8=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- admin/system/database.php | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/admin/system/database.php b/admin/system/database.php index 73f4f61..9241c14 100644 --- a/admin/system/database.php +++ b/admin/system/database.php @@ -50,7 +50,10 @@ if ($operation == 'export') { $submit = true; DB::query('SET SQL_QUOTE_SHOW_CREATE=0', 'SILENT'); if (!$_GET['filename'] || preg_match("/(\.)(exe|jsp|asp|aspx|cgi|fcgi|pl)(\.|$)/i", $_GET['filename'])) { - cpmsg('database_export_filename_invalid', '', 'error'); + showmessage('database_export_filename_invalid'); + } + if(!preg_match("/^[a-zA-Z0-9_]+$/i",$_GET['filename'])){ + showmessage('database_export_filename_invalid'); } $time = dgmdate(TIMESTAMP); @@ -58,12 +61,18 @@ if ($operation == 'export') { $tables = arraykeys2(fetchtablelist($tablepre), 'Name'); } elseif ($_GET['type'] == 'custom') { $tables = array(); + $alltables= arraykeys2(fetchtablelist($tablepre), 'Name'); if (empty($_GET['setup'])) { $tables = C::t('setting') -> fetch('custombackup', true); } else { C::t('setting') -> update('custombackup', empty($_GET['customtables']) ? '' : $_GET['customtables']); $tables = &$_GET['customtables']; } + + //验证表名是否正确 + foreach($tables as $key => $table){ + if(!in_array($table,$alltabls)) unset($tables[$key]); + } if (!is_array($tables) || empty($tables)) { showmessage('database_export_custom_invalid'); } @@ -76,7 +85,7 @@ if ($operation == 'export') { } $volume = intval($_GET['volume']) + 1; - $idstring = '# Identify: ' . base64_encode("$_G[timestamp]," . $_G['setting']['version'] . ",{$_GET['type']},{$_GET['method']},{$volume},{$tablepre},{$dbcharset}") . "\n"; + $idstring = '# Identify: ' . base64_encode($_G['timestamp']."," . $_G['setting']['version'] . "," .$_GET['type']."," .$_GET['method']."," .$volume."," .$tablepre."," .$dbcharset) . "\n"; $dumpcharset = $_GET['sqlcharset'] ? $_GET['sqlcharset'] : str_replace('-', '', $_G['charset']); $setnames = ($_GET['sqlcharset'] && $db -> version() > '4.1' && (!$_GET['sqlcompat'] || $_GET['sqlcompat'] == 'MYSQL41')) ? "SET NAMES '$dumpcharset';\n\n" : ''; @@ -490,7 +499,7 @@ function sqldumptablestruct($table) { } $tablestatus = DB::fetch_first("SHOW TABLE STATUS LIKE '$table'"); - $tabledump .= ($tablestatus['Auto_increment'] ? " AUTO_INCREMENT=$tablestatus[Auto_increment]" : ''). ";\n\n"; + $tabledump .= ($tablestatus['Auto_increment'] ? " AUTO_INCREMENT=$tablestatus['Auto_increment']" : ''). ";\n\n"; if ($_GET['sqlcompat'] == 'MYSQL40' && $db -> version() >= '4.1' && $db -> version() < '5.1') { if ($tablestatus['Auto_increment'] <> '') { $temppos = strpos($tabledump, ','); @@ -531,7 +540,7 @@ function sqldumptable($table, $startfrom = 0, $currsize = 0) { if ($_GET['extendins'] == '0') { while ($currsize + strlen($tabledump) + 500 < $_GET['sizelimit'] * 1000 && $numrows == $offset) { if ($firstfield['Extra'] == 'auto_increment') { - $selectsql = "SELECT * FROM $table WHERE $firstfield[Field] > $startfrom ORDER BY $firstfield[Field] LIMIT $offset"; + $selectsql = "SELECT * FROM $table WHERE$firstfield['Field']> $startfrom ORDER BY$firstfield['Field']LIMIT $offset"; } else { $selectsql = "SELECT * FROM $table LIMIT $startfrom, $offset"; } @@ -562,7 +571,7 @@ function sqldumptable($table, $startfrom = 0, $currsize = 0) { } else { while ($currsize + strlen($tabledump) + 500 < $_GET['sizelimit'] * 1000 && $numrows == $offset) { if ($firstfield['Extra'] == 'auto_increment') { - $selectsql = "SELECT * FROM $table WHERE $firstfield[Field] > $startfrom LIMIT $offset"; + $selectsql = "SELECT * FROM $table WHERE$firstfield['Field']> $startfrom LIMIT $offset"; } else { $selectsql = "SELECT * FROM $table LIMIT $startfrom, $offset"; }