/**
* @param $shell
* @return bool
* 验证文件内容是否包含webshell代码
*/
public function checkShell($tmp_name)
{
$flag = true;
$shell = config('app.upload_img_rule.shell');
!$shell && $shell = ['eval','exec','$_POST','base64_decode','fputs','fopen','file_get_contents','file_put_contents','escapeshellcmd','gzuncompress','system'];
if(is_string($shell))
{
$shell = explode(',',$shell);
}
$content = file_get_contents($tmp_name);
foreach($shell as $v)
{
if(strpos($content,$v)!==FALSE)
{
\think\facade\Log::write('从百度编辑器上传文件包含'.$v.' 上传者ip:'.request()->ip(),'error');
$flag = false;
break;
}
}
return $flag;
}
相关文章