4.52 release

Author: kalcaddle

Diff for: ChangeLog.md

@@ -1,3 +1,6 @@
+### ver4.52 `2023/12/15`
+- 安全问题修复
+
 ### ver4.51 `2023/4/6`
 - 兼容性调整
 

Diff for: app/controller/api.class.php

@@ -35,8 +35,8 @@ private function setIdentify(){
 	public function checkAccessToken(){
 		$model  = $this->loadModel('Plugin');
 		$config = $model->getConfig('fileView');
-		if(!$config['apiKey']){
-			return;
+		if(!$config || !$config['apiKey']){
+			show_tips('fileView not open ,or apiKey is empty!');
 		}
 		$timeTo = isset($this->in['timeTo'])?intval($this->in['timeTo']):'';
 		$token = md5($config['apiKey'].$this->in['path'].$timeTo);

Diff for: app/controller/utils.php

@@ -51,6 +51,7 @@ function iconv_system($str){
 	return $result;
 }
 function iconv_to($str,$from,$to){
+	if(!$from || !$to) return $str;
 	if (strtolower($from) == strtolower($to)){
 		return $str;
 	}
@@ -249,14 +250,9 @@ function get_path_father($path){
 function get_path_ext($path){
 	$name = get_path_this($path);
 	$ext = '';
-	if(strstr($name,'.')){
-		$ext = substr($name,strrpos($name,'.')+1);
-		$ext = strtolower($ext);
-	}
-	if (strlen($ext)>3 && preg_match("/([\x81-\xfe][\x40-\xfe])/", $ext, $match)) {
-		$ext = '';
-	}
-	return htmlspecialchars($ext);
+	if(strstr($name,'.')){$ext = substr($name,strrpos($name,'.')+1);}
+	$isMatch = preg_match("/[0-9a-zA-Z_]+/",$ext,$match);// 只允许数字字母和下划线
+	return ($isMatch && $match[0]) ? strtolower($match[0]):'';
 }
 
 
@@ -1011,7 +1007,7 @@ function file_put_out($file,$download=-1,$downFilename=false){
 		header('Content-Disposition: attachment;filename='.$headerName);
 	}else{
 		header('Content-Type: '.$mime);
-		header('Content-Disposition: inline;filename='.$headerName);
+		//header('Content-Disposition: inline;filename='.$headerName);
 		if(strstr($mime,'text/')){
 			//$charset = get_charset(file_get_contents($file));
 			header('Content-Type: '.$mime.'; charset=');//避免自动追加utf8导致gbk网页乱码

Diff for: app/function/file.function.php

@@ -456,21 +456,12 @@ function hash_path($path,$addExt=false){
 		$password = $GLOBALS['config']['settingSystem']['systemPassword'];
 	}
 
-	$pre = substr(md5($path.$password),0,8);
-	$result = $pre.md5($path);
-	if(file_exists($path)){
-		$result = $pre.md5($path.filemtime($path));
-		if(filesize($path) < 50*1024*1024){
-			$fileMd5 = @md5_file($path);
-			if($fileMd5){
-				$result = $fileMd5;
-			}
-		}
-	}
-	if($addExt){
-		$result = $result.'.'.get_path_ext($path);
-	}
-	return $result;
+	$pre = substr(md5('kod-system'.$password),0,8);
+	$result = md5($path);
+	if(file_exists($path)){$result = file_hash_simple($path);}
+	if($addExt){$result = $result.'.'.get_path_ext($path);}
+	
+	return $pre.$result;
 }
 
 

Diff for: app/function/helper.function.php

@@ -90,9 +90,7 @@ function distortion($toFile, $toW, $toH){
 	} 
 	// 生成按比例缩放的缩图
 	function prorate($toFile, $toW, $toH){
-		if(!$this->im){
-			return false;
-		}
+		if(!$this->im){return false;}
 		$toWH = $toW / $toH;
 		$srcWH = $this->srcW / $this->srcH;
 		if ($toWH<=$srcWH) {
@@ -112,6 +110,7 @@ function prorate($toFile, $toW, $toH){
 	} 
 	// 生成最小裁剪后的缩图
 	function cut($toFile, $toW, $toH){
+		if(!$this->im){return false;}
 		$toWH = $toW / $toH;
 		$srcWH = $this->srcW / $this->srcH;
 		if ($toWH<=$srcWH) {

Diff for: app/kod/ImageThumb.class.php

@@ -714,7 +714,7 @@ protected function compileProp($prop, $block, $out) {
 					if ($suffix !== null &&
 						$subProp[0] == "assign" &&
 						is_string($subProp[1]) &&
-						$subProp[1]{0} != $this->vPrefix)
+						$subProp[1][0] != $this->vPrefix)
 					{
 						$subProp[2] = array(
 							'list', ' ',
@@ -1765,7 +1765,7 @@ protected function injectVariables($args) {
 		$this->pushEnv();
 		$parser = new lessc_parser($this, __METHOD__);
 		foreach ($args as $name => $strValue) {
-			if ($name{0} != '@') $name = '@'.$name;
+			if ($name[0] != '@') $name = '@'.$name;
 			$parser->count = 0;
 			$parser->buffer = (string)$strValue;
 			if (!$parser->propertyValue($value)) {
@@ -2421,7 +2421,7 @@ protected function parseChunk() {
 				$hidden = true;
 				if (!isset($block->args)) {
 					foreach ($block->tags as $tag) {
-						if (!is_string($tag) || $tag{0} != $this->lessc->mPrefix) {
+						if (!is_string($tag) || $tag[0] != $this->lessc->mPrefix) {
 							$hidden = false;
 							break;
 						}
@@ -2475,7 +2475,7 @@ protected function isDirective($dirname, $directives) {
 	protected function fixTags($tags) {
 		// move @ tags out of variable namespace
 		foreach ($tags as &$tag) {
-			if ($tag{0} == $this->lessc->vPrefix)
+			if ($tag[0] == $this->lessc->vPrefix)
 				$tag[0] = $this->lessc->mPrefix;
 		}
 		return $tags;

Diff for: app/sdks/lessc.class.php

@@ -1,3 +1,3 @@
 <?php
-define('KOD_VERSION','4.51');
-define('KOD_VERSION_BUILD','02');//time(),20230330
+define('KOD_VERSION','4.52');
+define('KOD_VERSION_BUILD','01');//time(),20231212