修复安全漏洞

Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoEnternalController.cs

@@ -7,6 +7,7 @@ using System.Linq;
 using System.Web;
 using System.Web.Mvc;
 using Learun.Application.Organization;
+using Learun.Application.Web.Extensions;
 
 namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers
 {
@@ -36,6 +37,7 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers
         [AjaxOnly]
         public ActionResult GetMap(string code, string ver, string where)
         {
+            where=StrHelper.DelErrChar(where);
             var data = dataSourceIBLL.GetDataTable(code, where);
 
             string md5 = Md5Helper.Encrypt(data.ToJson(), 32);

Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_TaskScheduling/Controllers/TSSchemeController.cs

@@ -1,5 +1,6 @@
 using Learun.Application.Extention.TaskScheduling;
 using Learun.Util;
+using System.Text.RegularExpressions;
 using System.Web.Mvc;
 
 namespace Learun.Application.Web.Areas.LR_TaskScheduling.Controllers
@@ -123,6 +124,9 @@ namespace Learun.Application.Web.Areas.LR_TaskScheduling.Controllers
         [AjaxOnly]
         public ActionResult SaveForm(string keyValue,string strSchemeInfo,string strScheme)
         {
+            //var rex = new Regex("exec", RegexOptions.IgnoreCase);
+            //strScheme = rex.Replace(strScheme, "");
+            if (strScheme.ToLower().Contains("exec")) return Fail("不可执行EXEC命令");
             TSSchemeInfoEntity tSSchemeInfoEntity = strSchemeInfo.ToObject<TSSchemeInfoEntity>();
             TSSchemeEntity tSSchemeEntity = new TSSchemeEntity() {
                 F_Scheme = strScheme,

Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/UserCenterController.cs

@@ -273,6 +273,7 @@ namespace Learun.Application.Web.Controllers
             UserInfo userInfo = LoginUserInfo.Get();
 
             string FileEextension = Path.GetExtension(files[0].FileName);
+            if (FileEextension.ToLower() != ".png" && FileEextension.ToLower() != ".jpg") return Fail("只可上传JPG、PNG格式的图片");
             string filePath = Config.GetValue("AnnexesFile");
             string uploadDate = DateTime.Now.ToString("yyyyMMdd");
             string fileGuid = Guid.NewGuid().ToString();
@@ -285,12 +286,41 @@ namespace Learun.Application.Web.Controllers
             Directory.CreateDirectory(path);
             files[0].SaveAs(fullFileName);
 
-            UserEntity userEntity = new UserEntity();
-            userEntity.F_UserId = userInfo.userId;
-            userEntity.F_Account = userInfo.account;
-            userEntity.F_HeadIcon = saveFileName;
-            userIBLL.SaveEntity(userEntity.F_UserId, userEntity);
-            return Success("上传成功。");
+            var fs = new System.IO.FileStream(fullFileName, System.IO.FileMode.Open, System.IO.FileAccess.Read);
+            var r = new System.IO.BinaryReader(fs);
+            string fileclass = "";
+            byte buffer;
+            try
+            {
+                buffer = r.ReadByte();
+                fileclass = buffer.ToString();
+                buffer = r.ReadByte();
+                fileclass += buffer.ToString();
+
+            }
+            catch
+            {
+
+            }
+            r.Close();
+            fs.Close();
+            if (fileclass == "255216" || fileclass == "13780")//说明255216是jpg;7173是gif;6677是BMP,13780是PNG;7790是exe,8297是rar
+            {
+                UserEntity userEntity = new UserEntity();
+                userEntity.F_UserId = userInfo.userId;
+                userEntity.F_Account = userInfo.account;
+                userEntity.F_HeadIcon = saveFileName;
+                userIBLL.SaveEntity(userEntity.F_UserId, userEntity);
+                return Success("上传成功。");
+            }
+            else
+            {
+                System.IO.File.Delete(fullFileName);
+                return Fail("只可上传JPG、PNG格式的图片");
+            }
+
+
+            
         }
         /// <summary>
         /// 验证旧密码

Learun.Framework.Ultimate V7/Learun.Application.Web/Extensions/StrHelper.cs

@@ -0,0 +1,23 @@
+namespace Learun.Application.Web.Extensions
+{
+    public class StrHelper
+    {
+
+        public static string DelErrChar(string str)
+        {
+            str = str.Trim().ToLower();
+            if (string.IsNullOrEmpty(str))
+                return string.Empty;
+
+            string[] ErrStr = new string[] { "select", "update", "insert", "delete", "'", ";", ":", "@", "or", "and", "drop", "alter", "create", "exec" };
+            for (int i = 0; i < ErrStr.Length; i++)
+            {
+                if (str.Contains(ErrStr[i]))
+                {
+                    str = str.Replace(ErrStr[i], string.Empty);
+                }
+            }
+            return str;
+        }
+    }
+}

Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj

@@ -584,6 +584,7 @@
     <Compile Include="Controllers\UserCenterController.cs" />
     <Compile Include="Controllers\UtilityController.cs" />
     <Compile Include="Extensions\HtmlHelperExtensions.cs" />
+    <Compile Include="Extensions\StrHelper.cs" />
     <Compile Include="Global.asax.cs">
       <DependentUpon>Global.asax</DependentUpon>
     </Compile>

Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/SunshineEducationApi.cs

@@ -74,6 +74,7 @@ namespace Learun.Application.WebApi
                     if (result.Result.code == "0")
                     {
                         redisCache.Write<string>("sunshinesmscode_"+mobileVerify.pagecode +"_"+ mobileVerify.mobile, raRndNum, new TimeSpan(0, 5, 0));
+                        redisCache.Remove("sunshineimgvcode_" + mobileVerify.pagecode);
                         //日志
                         logEntity = new LogEntity();
                         logEntity.F_CategoryId = 3;