网站监测了一下说是存在Phpems文件上传漏洞,于是根据提示查看了一下相关的源码,可是不知该从何着手啊,求高手指教。
监测的结果看截图吧:
QQ截图20150327135149.jpg (44.42 KB, 下载次数: 5)
2015-3-28 10:54 上传
下面是源码,大神给点修改意见。
public function upload()
{
$fn = $this->ev->get('CKEditorFuncNum');
$path = 'files/attach/images/content/'.date('Ymd').'/';
$fileurl = $this->files->uploadFile($this->ev->getFile('upload'),$path);
$message = '上传成功!';
$str = '';
echo $str;
}
public function uploadfile()
{
$fn = $this->ev->get('CKEditorFuncNum');
$path = 'files/attach/files/content/'.date('Ymd').'/';
$fileurl = $this->files->uploadFile($this->ev->getFile('upload'),$path);
$message = '上传成功!';
$str = '';
echo $str;
}
public function swfupload()
{
$path = 'files/attach/images/content/'.date('Ymd').'/';
$fileurl = $this->files->uploadFile($this->ev->getFile('Filedata'),$path);
if($this->ev->get('imgwidth') || $this->ev->get('imgheight'))
{
if($this->files->thumb($fileurl,$fileurl.'.png',$this->ev->get('imgwidth'),$this->ev->get('imgheight')))
$thumb = $fileurl.'.png';
else
$thumb = $fileurl;
}
else
$thumb = $fileurl;
exit(json_encode(array('thumb' => $thumb)));
}
public function swfuploadvideo()
{
$path = 'files/attach/images/content/'.date('Ymd').'/';
$fileurl = $this->files->uploadFile($this->ev->getFile('Filedata'),$path);
echo $fileurl;
}
public function logout()
{
header("location:".'index.php?'.$this->G->app.'-app');
}