diff --git a/upload/config/config_global_default.php b/upload/config/config_global_default.php index c999197..b3dc8ab 100644 --- a/upload/config/config_global_default.php +++ b/upload/config/config_global_default.php @@ -163,6 +163,8 @@ $_config['security']['querysafe']['afullnote'] = 0; $_config['security']['creditsafe']['second'] = 0; // 开启用户积分信息安全,可防止并发刷分,满足 times(次数)/second(秒) 的操作无法提交 $_config['security']['creditsafe']['times'] = 10; +$_config['security']['fsockopensafe']['port'] = array(80); //fsockopen 有效的端口 + $_config['admincp']['founder'] = '1'; // 站点创始人:拥有站点管理后台的最高权限,每个站点可以设置 1名或多名创始人 // 可以使用uid,也可以使用用户名;多个创始人之间请使用逗号“,”分开; $_config['admincp']['forcesecques'] = 0; // 管理人员必须设置安全提问才能进入系统设置 0=否, 1=是[安全] diff --git a/upload/source/function/function_filesock.php b/upload/source/function/function_filesock.php index c45251d..c06ac5d 100644 --- a/upload/source/function/function_filesock.php +++ b/upload/source/function/function_filesock.php @@ -12,28 +12,66 @@ if(!defined('IN_DISCUZ')) { } function _isLocalip($ip) { - $iplong = ip2long($ip); + $iplong = ip2long($ip); return ($iplong >= 167772160 && $iplong <= 184549375) || ($iplong >= 2886729728 && $iplong <= 2887778303) || ($iplong >= 1681915904 && $iplong <= 1686110207) || - ($iplong >= 3232235520 && $iplong <= 3232301055) || + ($iplong >= 3232235520 && $iplong <= 3232301055) || ($iplong >= 150994944 && $iplong <= 167772159); } -function _isip($host) { - if(function_exists('filter_var')) { - return filter_var($host, FILTER_VALIDATE_IP) !== false; +function _parse_url($url) { + global $_G; + $tmp = parse_url($url); + if(!$tmp || empty($tmp['host'])) return false; + if(isset($tmp['user']) || isset($tmp['pass'])) return false; + if(strpbrk($tmp['host'], ':#?[]' ) !== false) return false; + if(!in_array(strtolower($tmp['scheme']), array('http', 'https'))) { + return false; + } + $config = $_G['config']['security']['fsockopensafe']; + + $ip = gethostbyname($tmp['host']); + if($ip == $tmp['host']) { + return false; + } + if(filter_var($tmp['host'], FILTER_VALIDATE_IP) && _isLocalip($tmp['host'])) { + return false; + } + + if(!empty($config['port']) && isset($tmp['port'])) { + if(isset($_SERVER['SERVER_PORT']) && !in_array($_SERVER['SERVER_PORT'], $config['port'])) { + $config['port'][] = $_SERVER['SERVER_PORT']; + } + if(!in_array($tmp['port'], $config['port'])) { + return false; + } + } + + if(!isset($tmp['port'])) { + $tmp['port'] = strtolower($tmp['scheme']) == 'https' ? 443 : 80; + } + + if($ip) { + if(!_isLocalip($ip)) { + $tmp['ip'] = $ip; + return $tmp; + } } else { - return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $host); + return $tmp; } } function _dfsockopen($url, $limit = 0, $post = '', $cookie = '', $bysocket = FALSE, $ip = '', $timeout = 15, $block = TRUE, $encodetype = 'URLENCODE', $allowcurl = TRUE, $position = 0, $files = array()) { $return = ''; - $matches = parse_url($url); + $matches = _parse_url($url); + if(!$matches) { + return ''; + } + $ip = isset($matches['ip']) ? $matches['ip'] : $ip; $scheme = $matches['scheme']; $host = $matches['host']; - if(_isip($host) && _isLocalip($host) || $ip && _isLocalip($ip)) { + if($ip && _isLocalip($ip)) { return ''; } $path = $matches['path'] ? $matches['path'].($matches['query'] ? '?'.$matches['query'] : '') : '/'; @@ -60,7 +98,6 @@ function _dfsockopen($url, $limit = 0, $post = '', $cookie = '', $bysocket = FAL curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_HEADER, 1); if($post) { curl_setopt($ch, CURLOPT_POST, 1);