修复加强远程附件下载的判断（此功能因安全原因建议仅开放给管理人员）

2017-10-21 13:45:43 +08:00 · 2017-10-21 13:45:43 +08:00 · 76a3c77c97
parent 0acd457b52
commit 76a3c77c97
1 changed files with 3 additions and 0 deletions
--- a/upload/source/module/forum/forum_ajax.php
+++ b/upload/source/module/forum/forum_ajax.php
@ -356,6 +356,9 @@ if($_GET['action'] == 'checkusername') {

 	}
 } elseif($_GET['action'] == 'downremoteimg') {
+	if(!$_G['group']['allowdownremoteimg']) {
+		dexit();
+	}
 	$_GET['message'] = str_replace(array("\r", "\n"), array($_GET['wysiwyg'] ? '<br />' : '', "\\n"), $_GET['message']);
 	preg_match_all("/\[img\]\s*([^\[\<\r\n]+?)\s*\[\/img\]|\[img=\d{1,4}[x|\,]\d{1,4}\]\s*([^\[\<\r\n]+?)\s*\[\/img\]/is", $_GET['message'], $image1, PREG_SET_ORDER);
 	preg_match_all("/\<img.+src=('|\"|)?(.*)(\\1)([\s].*)?\>/ismUe", $_GET['message'], $image2, PREG_SET_ORDER);