From 1bdf8ce755e4333d6afb75cddb13ef5e7de758df Mon Sep 17 00:00:00 2001 From: dao Date: Mon, 23 Sep 2024 16:07:02 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=AE=89=E5=85=A8=E6=BC=8F?= =?UTF-8?q?=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Controllers/EmpInfoEnternalController.cs | 2 + .../Controllers/TSSchemeController.cs | 4 ++ .../Controllers/UserCenterController.cs | 42 ++++++++++++++++--- .../Extensions/StrHelper.cs | 23 ++++++++++ .../Learun.Application.Web.csproj | 1 + .../Modules/SunshineEducationApi.cs | 1 + 6 files changed, 67 insertions(+), 6 deletions(-) create mode 100644 Learun.Framework.Ultimate V7/Learun.Application.Web/Extensions/StrHelper.cs diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoEnternalController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoEnternalController.cs index c331232ee..60f91e244 100644 --- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoEnternalController.cs +++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoEnternalController.cs @@ -7,6 +7,7 @@ using System.Linq; using System.Web; using System.Web.Mvc; using Learun.Application.Organization; +using Learun.Application.Web.Extensions; namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers { @@ -36,6 +37,7 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers [AjaxOnly] public ActionResult GetMap(string code, string ver, string where) { + where=StrHelper.DelErrChar(where); var data = dataSourceIBLL.GetDataTable(code, where); string md5 = Md5Helper.Encrypt(data.ToJson(), 32); diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_TaskScheduling/Controllers/TSSchemeController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_TaskScheduling/Controllers/TSSchemeController.cs index 6c17039bb..d185aa33a 100644 --- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_TaskScheduling/Controllers/TSSchemeController.cs +++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_TaskScheduling/Controllers/TSSchemeController.cs @@ -1,5 +1,6 @@ using Learun.Application.Extention.TaskScheduling; using Learun.Util; +using System.Text.RegularExpressions; using System.Web.Mvc; namespace Learun.Application.Web.Areas.LR_TaskScheduling.Controllers @@ -123,6 +124,9 @@ namespace Learun.Application.Web.Areas.LR_TaskScheduling.Controllers [AjaxOnly] public ActionResult SaveForm(string keyValue,string strSchemeInfo,string strScheme) { + //var rex = new Regex("exec", RegexOptions.IgnoreCase); + //strScheme = rex.Replace(strScheme, ""); + if (strScheme.ToLower().Contains("exec")) return Fail("不可执行EXEC命令"); TSSchemeInfoEntity tSSchemeInfoEntity = strSchemeInfo.ToObject(); TSSchemeEntity tSSchemeEntity = new TSSchemeEntity() { F_Scheme = strScheme, diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/UserCenterController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/UserCenterController.cs index 2356688f9..f27929cf1 100644 --- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/UserCenterController.cs +++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/UserCenterController.cs @@ -273,6 +273,7 @@ namespace Learun.Application.Web.Controllers UserInfo userInfo = LoginUserInfo.Get(); string FileEextension = Path.GetExtension(files[0].FileName); + if (FileEextension.ToLower() != ".png" && FileEextension.ToLower() != ".jpg") return Fail("只可上传JPG、PNG格式的图片"); string filePath = Config.GetValue("AnnexesFile"); string uploadDate = DateTime.Now.ToString("yyyyMMdd"); string fileGuid = Guid.NewGuid().ToString(); @@ -285,12 +286,41 @@ namespace Learun.Application.Web.Controllers Directory.CreateDirectory(path); files[0].SaveAs(fullFileName); - UserEntity userEntity = new UserEntity(); - userEntity.F_UserId = userInfo.userId; - userEntity.F_Account = userInfo.account; - userEntity.F_HeadIcon = saveFileName; - userIBLL.SaveEntity(userEntity.F_UserId, userEntity); - return Success("上传成功。"); + var fs = new System.IO.FileStream(fullFileName, System.IO.FileMode.Open, System.IO.FileAccess.Read); + var r = new System.IO.BinaryReader(fs); + string fileclass = ""; + byte buffer; + try + { + buffer = r.ReadByte(); + fileclass = buffer.ToString(); + buffer = r.ReadByte(); + fileclass += buffer.ToString(); + + } + catch + { + + } + r.Close(); + fs.Close(); + if (fileclass == "255216" || fileclass == "13780")//说明255216是jpg;7173是gif;6677是BMP,13780是PNG;7790是exe,8297是rar + { + UserEntity userEntity = new UserEntity(); + userEntity.F_UserId = userInfo.userId; + userEntity.F_Account = userInfo.account; + userEntity.F_HeadIcon = saveFileName; + userIBLL.SaveEntity(userEntity.F_UserId, userEntity); + return Success("上传成功。"); + } + else + { + System.IO.File.Delete(fullFileName); + return Fail("只可上传JPG、PNG格式的图片"); + } + + + } /// /// 验证旧密码 diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Extensions/StrHelper.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Extensions/StrHelper.cs new file mode 100644 index 000000000..607186b86 --- /dev/null +++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Extensions/StrHelper.cs @@ -0,0 +1,23 @@ +namespace Learun.Application.Web.Extensions +{ + public class StrHelper + { + + public static string DelErrChar(string str) + { + str = str.Trim().ToLower(); + if (string.IsNullOrEmpty(str)) + return string.Empty; + + string[] ErrStr = new string[] { "select", "update", "insert", "delete", "'", ";", ":", "@", "or", "and", "drop", "alter", "create", "exec" }; + for (int i = 0; i < ErrStr.Length; i++) + { + if (str.Contains(ErrStr[i])) + { + str = str.Replace(ErrStr[i], string.Empty); + } + } + return str; + } + } +} diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj b/Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj index d242cd1b7..54c4dd530 100644 --- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj +++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj @@ -584,6 +584,7 @@ + Global.asax diff --git a/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/SunshineEducationApi.cs b/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/SunshineEducationApi.cs index 32c40a2f4..e6ddaeb98 100644 --- a/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/SunshineEducationApi.cs +++ b/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/SunshineEducationApi.cs @@ -74,6 +74,7 @@ namespace Learun.Application.WebApi if (result.Result.code == "0") { redisCache.Write("sunshinesmscode_"+mobileVerify.pagecode +"_"+ mobileVerify.mobile, raRndNum, new TimeSpan(0, 5, 0)); + redisCache.Remove("sunshineimgvcode_" + mobileVerify.pagecode); //日志 logEntity = new LogEntity(); logEntity.F_CategoryId = 3;