mirrors/EasyImages2.0
1
0
Fork 0
mirror of https://github.com/icret/EasyImages2.0.git synced 2025-12-13 11:43:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

- fix

Browse Source
This commit is contained in:
icret
2023-03-04 13:52:50 +08:00
parent 3434282bbb
commit 746412fc10
13 changed files with 190 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
api/index.php
View File

@@ -57,10 +57,11 @@ if ($handle->uploaded) {
if ($config['allowed'] === 1) {
$handle->allowed = array('image/*');
}
// svg格式过滤
// 检查svg是否存在script和a标签代码
if ($handle->file_src_name_ext === 'svg') {
$svg = file_get_contents($handle->file_src_pathname);
if (preg_match('/<script[\s\S]*?<\/script>/', $svg)) {
if (preg_match('/<script[\s\S]*?<\/script>/', $svg) || stripos($svg, 'href=')) {
exit(json_encode(
array(
"result" => "failed",
@@ -70,7 +71,7 @@ if ($handle->uploaded) {
));
}
}
// 文件命名
$handle->file_new_name_body = imgName($handle->file_src_name_body);
// 添加Token ID