大商创 - 修复后台设置->商店设置->logo设置->上传图片报错:您传了一个非法的文件类型
鸿宇 发表了文章 • 2 个评论 • 3233 次浏览 • 2018-03-01 01:18
官方出品:鸿宇科技
官方论坛:bbs.hongyuvip.com
官方QQ群:90664526
解决方案:重写图片检测check_file_type函数即可解决
打开文件 includes/lib_base.php 约479行// 修复后台设置->商店设置->logo设置->上传图片报错:您传了一个非法的文件类型 Shadow 2018-3-1 01:09:20
function check_file_type($filename, $realname = '', $limit_ext_types = '')
{
if ($realname) {
$extname = strtolower(substr($realname, strrpos($realname, '.') + 1));
} else {
$extname = strtolower(substr($filename, strrpos($filename, '.') + 1));
}
if ($limit_ext_types && stristr($limit_ext_types, '|' . $extname . '|') === false) {
return '';
}
$str = $format = '';
$file = @fopen($filename, 'rb');
if ($file) {
$str = @fread($file, 0x400); // 读取前 1024 个字节
@fclose($file);
} else {
if (stristr($filename, ROOT_PATH) === false) {
if ($extname == 'jpg' || $extname == 'jpeg' || $extname == 'gif' || $extname == 'png' || $extname == 'doc' ||
$extname == 'xls' || $extname == 'txt' || $extname == 'zip' || $extname == 'rar' || $extname == 'ppt' ||
$extname == 'pdf' || $extname == 'rm' || $extname == 'mid' || $extname == 'wav' || $extname == 'bmp' ||
$extname == 'swf' || $extname == 'chm' || $extname == 'sql' || $extname == 'cert' || $extname == 'pptx' ||
$extname == 'xlsx' || $extname == 'docx') {
$format = $extname;
}
} else {
return '';
}
}
if ($format == '' && strlen($str) >= 2) {
if (substr($str, 0, 4) == 'MThd' && $extname != 'txt') {
$format = 'mid';
} elseif (substr($str, 0, 4) == 'RIFF' && $extname == 'wav') {
$format = 'wav';
} elseif (substr($str, 0, 3) == "\xFF\xD8\xFF") {
$format = 'jpg';
} elseif (substr($str, 0, 4) == 'GIF8' && $extname != 'txt') {
$format = 'gif';
} elseif (substr($str, 0, 8) == "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A") {
$format = 'png';
} elseif (substr($str, 0, 2) == 'BM' && $extname != 'txt') {
$format = 'bmp';
} elseif ((substr($str, 0, 3) == 'CWS' || substr($str, 0, 3) == 'FWS') && $extname != 'txt') {
$format = 'swf';
} elseif (substr($str, 0, 4) == "\xD0\xCF\x11\xE0") { // D0CF11E == DOCFILE == Microsoft Office Document
if (substr($str, 0x200, 4) == "\xEC\xA5\xC1\x00" || $extname == 'doc') {
$format = 'doc';
} elseif (substr($str, 0x200, 2) == "\x09\x08" || $extname == 'xls') {
$format = 'xls';
} elseif (substr($str, 0x200, 4) == "\xFD\xFF\xFF\xFF" || $extname == 'ppt') {
$format = 'ppt';
}
} elseif (substr($str, 0, 4) == "PK\x03\x04") {
if (substr($str, 0x200, 4) == "\xEC\xA5\xC1\x00" || $extname == 'docx') {
$format = 'docx';
} elseif (substr($str, 0x200, 2) == "\x09\x08" || $extname == 'xlsx') {
$format = 'xlsx';
} elseif (substr($str, 0x200, 4) == "\xFD\xFF\xFF\xFF" || $extname == 'pptx') {
$format = 'pptx';
} else {
$format = 'zip';
}
} elseif (substr($str, 0, 4) == 'Rar!' && $extname != 'txt') {
$format = 'rar';
} elseif (substr($str, 0, 4) == "\x25PDF") {
$format = 'pdf';
} elseif (substr($str, 0, 3) == "\x30\x82\x0A") {
$format = 'cert';
} elseif (substr($str, 0, 4) == 'ITSF' && $extname != 'txt') {
$format = 'chm';
} elseif (substr($str, 0, 4) == "\x2ERMF") {
$format = 'rm';
} elseif ($extname == 'sql') {
$format = 'sql';
} elseif ($extname == 'txt') {
$format = 'txt';
}
}
if ($limit_ext_types && stristr($limit_ext_types, '|' . $format . '|') === false) {
$format = '';
}
return $format;
} 查看全部
官方论坛:bbs.hongyuvip.com
官方QQ群:90664526
解决方案:重写图片检测check_file_type函数即可解决
打开文件 includes/lib_base.php 约479行// 修复后台设置->商店设置->logo设置->上传图片报错:您传了一个非法的文件类型 Shadow 2018-3-1 01:09:20
function check_file_type($filename, $realname = '', $limit_ext_types = '')
{
if ($realname) {
$extname = strtolower(substr($realname, strrpos($realname, '.') + 1));
} else {
$extname = strtolower(substr($filename, strrpos($filename, '.') + 1));
}
if ($limit_ext_types && stristr($limit_ext_types, '|' . $extname . '|') === false) {
return '';
}
$str = $format = '';
$file = @fopen($filename, 'rb');
if ($file) {
$str = @fread($file, 0x400); // 读取前 1024 个字节
@fclose($file);
} else {
if (stristr($filename, ROOT_PATH) === false) {
if ($extname == 'jpg' || $extname == 'jpeg' || $extname == 'gif' || $extname == 'png' || $extname == 'doc' ||
$extname == 'xls' || $extname == 'txt' || $extname == 'zip' || $extname == 'rar' || $extname == 'ppt' ||
$extname == 'pdf' || $extname == 'rm' || $extname == 'mid' || $extname == 'wav' || $extname == 'bmp' ||
$extname == 'swf' || $extname == 'chm' || $extname == 'sql' || $extname == 'cert' || $extname == 'pptx' ||
$extname == 'xlsx' || $extname == 'docx') {
$format = $extname;
}
} else {
return '';
}
}
if ($format == '' && strlen($str) >= 2) {
if (substr($str, 0, 4) == 'MThd' && $extname != 'txt') {
$format = 'mid';
} elseif (substr($str, 0, 4) == 'RIFF' && $extname == 'wav') {
$format = 'wav';
} elseif (substr($str, 0, 3) == "\xFF\xD8\xFF") {
$format = 'jpg';
} elseif (substr($str, 0, 4) == 'GIF8' && $extname != 'txt') {
$format = 'gif';
} elseif (substr($str, 0, 8) == "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A") {
$format = 'png';
} elseif (substr($str, 0, 2) == 'BM' && $extname != 'txt') {
$format = 'bmp';
} elseif ((substr($str, 0, 3) == 'CWS' || substr($str, 0, 3) == 'FWS') && $extname != 'txt') {
$format = 'swf';
} elseif (substr($str, 0, 4) == "\xD0\xCF\x11\xE0") { // D0CF11E == DOCFILE == Microsoft Office Document
if (substr($str, 0x200, 4) == "\xEC\xA5\xC1\x00" || $extname == 'doc') {
$format = 'doc';
} elseif (substr($str, 0x200, 2) == "\x09\x08" || $extname == 'xls') {
$format = 'xls';
} elseif (substr($str, 0x200, 4) == "\xFD\xFF\xFF\xFF" || $extname == 'ppt') {
$format = 'ppt';
}
} elseif (substr($str, 0, 4) == "PK\x03\x04") {
if (substr($str, 0x200, 4) == "\xEC\xA5\xC1\x00" || $extname == 'docx') {
$format = 'docx';
} elseif (substr($str, 0x200, 2) == "\x09\x08" || $extname == 'xlsx') {
$format = 'xlsx';
} elseif (substr($str, 0x200, 4) == "\xFD\xFF\xFF\xFF" || $extname == 'pptx') {
$format = 'pptx';
} else {
$format = 'zip';
}
} elseif (substr($str, 0, 4) == 'Rar!' && $extname != 'txt') {
$format = 'rar';
} elseif (substr($str, 0, 4) == "\x25PDF") {
$format = 'pdf';
} elseif (substr($str, 0, 3) == "\x30\x82\x0A") {
$format = 'cert';
} elseif (substr($str, 0, 4) == 'ITSF' && $extname != 'txt') {
$format = 'chm';
} elseif (substr($str, 0, 4) == "\x2ERMF") {
$format = 'rm';
} elseif ($extname == 'sql') {
$format = 'sql';
} elseif ($extname == 'txt') {
$format = 'txt';
}
}
if ($limit_ext_types && stristr($limit_ext_types, '|' . $format . '|') === false) {
$format = '';
}
return $format;
} 查看全部
官方出品:鸿宇科技
官方论坛:bbs.hongyuvip.com
官方QQ群:90664526
解决方案:重写图片检测check_file_type函数即可解决
打开文件 includes/lib_base.php 约479行
官方论坛:bbs.hongyuvip.com
官方QQ群:90664526
解决方案:重写图片检测check_file_type函数即可解决
打开文件 includes/lib_base.php 约479行
// 修复后台设置->商店设置->logo设置->上传图片报错:您传了一个非法的文件类型 Shadow 2018-3-1 01:09:20
function check_file_type($filename, $realname = '', $limit_ext_types = '')
{
if ($realname) {
$extname = strtolower(substr($realname, strrpos($realname, '.') + 1));
} else {
$extname = strtolower(substr($filename, strrpos($filename, '.') + 1));
}
if ($limit_ext_types && stristr($limit_ext_types, '|' . $extname . '|') === false) {
return '';
}
$str = $format = '';
$file = @fopen($filename, 'rb');
if ($file) {
$str = @fread($file, 0x400); // 读取前 1024 个字节
@fclose($file);
} else {
if (stristr($filename, ROOT_PATH) === false) {
if ($extname == 'jpg' || $extname == 'jpeg' || $extname == 'gif' || $extname == 'png' || $extname == 'doc' ||
$extname == 'xls' || $extname == 'txt' || $extname == 'zip' || $extname == 'rar' || $extname == 'ppt' ||
$extname == 'pdf' || $extname == 'rm' || $extname == 'mid' || $extname == 'wav' || $extname == 'bmp' ||
$extname == 'swf' || $extname == 'chm' || $extname == 'sql' || $extname == 'cert' || $extname == 'pptx' ||
$extname == 'xlsx' || $extname == 'docx') {
$format = $extname;
}
} else {
return '';
}
}
if ($format == '' && strlen($str) >= 2) {
if (substr($str, 0, 4) == 'MThd' && $extname != 'txt') {
$format = 'mid';
} elseif (substr($str, 0, 4) == 'RIFF' && $extname == 'wav') {
$format = 'wav';
} elseif (substr($str, 0, 3) == "\xFF\xD8\xFF") {
$format = 'jpg';
} elseif (substr($str, 0, 4) == 'GIF8' && $extname != 'txt') {
$format = 'gif';
} elseif (substr($str, 0, 8) == "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A") {
$format = 'png';
} elseif (substr($str, 0, 2) == 'BM' && $extname != 'txt') {
$format = 'bmp';
} elseif ((substr($str, 0, 3) == 'CWS' || substr($str, 0, 3) == 'FWS') && $extname != 'txt') {
$format = 'swf';
} elseif (substr($str, 0, 4) == "\xD0\xCF\x11\xE0") { // D0CF11E == DOCFILE == Microsoft Office Document
if (substr($str, 0x200, 4) == "\xEC\xA5\xC1\x00" || $extname == 'doc') {
$format = 'doc';
} elseif (substr($str, 0x200, 2) == "\x09\x08" || $extname == 'xls') {
$format = 'xls';
} elseif (substr($str, 0x200, 4) == "\xFD\xFF\xFF\xFF" || $extname == 'ppt') {
$format = 'ppt';
}
} elseif (substr($str, 0, 4) == "PK\x03\x04") {
if (substr($str, 0x200, 4) == "\xEC\xA5\xC1\x00" || $extname == 'docx') {
$format = 'docx';
} elseif (substr($str, 0x200, 2) == "\x09\x08" || $extname == 'xlsx') {
$format = 'xlsx';
} elseif (substr($str, 0x200, 4) == "\xFD\xFF\xFF\xFF" || $extname == 'pptx') {
$format = 'pptx';
} else {
$format = 'zip';
}
} elseif (substr($str, 0, 4) == 'Rar!' && $extname != 'txt') {
$format = 'rar';
} elseif (substr($str, 0, 4) == "\x25PDF") {
$format = 'pdf';
} elseif (substr($str, 0, 3) == "\x30\x82\x0A") {
$format = 'cert';
} elseif (substr($str, 0, 4) == 'ITSF' && $extname != 'txt') {
$format = 'chm';
} elseif (substr($str, 0, 4) == "\x2ERMF") {
$format = 'rm';
} elseif ($extname == 'sql') {
$format = 'sql';
} elseif ($extname == 'txt') {
$format = 'txt';
}
}
if ($limit_ext_types && stristr($limit_ext_types, '|' . $format . '|') === false) {
$format = '';
}
return $format;
}
大商创 - 开发修复优化更新日志(持续更新)
鸿宇 发表了文章 • 0 个评论 • 2592 次浏览 • 2018-01-21 13:47
官方出品:鸿宇科技
官方论坛:bbs.hongyuvip.com
官方QQ群:90664526
最新版本:HongYuDSC-V8.1.1 (发布日期:2018年03月08日)2018-03-16 [v8.1.3] 优化安装功能
2018-03-04 [V8.1.1] 一劳永逸解决找不到get_templates函数错误
2018-03-04 [V8.1.1] 修复商品分类->添加分类报错:找不到get_templates函数错误
2018-03-02 [V8.1.0] 修复地区&配送->快递列表德邦快递方式空白问题
2018-03-02 [V8.0.18] 已去除数据库后门和MIME base64编码后门
2018-03-02 [V8.0.18] 修复商品分类->编辑分类报错:找不到get_templates函数错误
2018-03-02 [V8.0.18] 修复手机端->我的显示空白问题
2018-03-02 [V8.0.18] 优化PC端首页秒杀活动不存在时,提示信息样式更美观
2018-03-01 [V8.0.18] 修复后台设置->商店设置->logo设置->上传图片报错:您传了一个非法的文件类型
2018-02-28 [V8.0.0] 增加安装功能
查看全部
官方论坛:bbs.hongyuvip.com
官方QQ群:90664526
最新版本:HongYuDSC-V8.1.1 (发布日期:2018年03月08日)2018-03-16 [v8.1.3] 优化安装功能
2018-03-04 [V8.1.1] 一劳永逸解决找不到get_templates函数错误
2018-03-04 [V8.1.1] 修复商品分类->添加分类报错:找不到get_templates函数错误
2018-03-02 [V8.1.0] 修复地区&配送->快递列表德邦快递方式空白问题
2018-03-02 [V8.0.18] 已去除数据库后门和MIME base64编码后门
2018-03-02 [V8.0.18] 修复商品分类->编辑分类报错:找不到get_templates函数错误
2018-03-02 [V8.0.18] 修复手机端->我的显示空白问题
2018-03-02 [V8.0.18] 优化PC端首页秒杀活动不存在时,提示信息样式更美观
2018-03-01 [V8.0.18] 修复后台设置->商店设置->logo设置->上传图片报错:您传了一个非法的文件类型
2018-02-28 [V8.0.0] 增加安装功能
查看全部
官方出品:鸿宇科技
官方论坛:bbs.hongyuvip.com
官方QQ群:90664526
最新版本:HongYuDSC-V8.1.1 (发布日期:2018年03月08日)
官方论坛:bbs.hongyuvip.com
官方QQ群:90664526
最新版本:HongYuDSC-V8.1.1 (发布日期:2018年03月08日)
2018-03-16 [v8.1.3] 优化安装功能
2018-03-04 [V8.1.1] 一劳永逸解决找不到get_templates函数错误
2018-03-04 [V8.1.1] 修复商品分类->添加分类报错:找不到get_templates函数错误
2018-03-02 [V8.1.0] 修复地区&配送->快递列表德邦快递方式空白问题
2018-03-02 [V8.0.18] 已去除数据库后门和MIME base64编码后门
2018-03-02 [V8.0.18] 修复商品分类->编辑分类报错:找不到get_templates函数错误
2018-03-02 [V8.0.18] 修复手机端->我的显示空白问题
2018-03-02 [V8.0.18] 优化PC端首页秒杀活动不存在时,提示信息样式更美观
2018-03-01 [V8.0.18] 修复后台设置->商店设置->logo设置->上传图片报错:您传了一个非法的文件类型
2018-02-28 [V8.0.0] 增加安装功能