From 301b2d31f5bbc2e409070d1acfb1c8aa5bce6536 Mon Sep 17 00:00:00 2001 From: 8966092 <8966092@163.com> Date: Thu, 29 Aug 2024 17:51:19 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E5=96=84=E6=97=A5=E5=BF=97=E5=87=BD?= =?UTF-8?q?=E6=95=B0=E5=88=A4=E6=96=AD=EF=BC=8C=E5=A2=9E=E5=8A=A0=E5=AE=89?= =?UTF-8?q?=E5=85=A8=E6=80=A7=EF=BC=8C=E6=96=B0=E5=A2=9E=E5=87=BD=E6=95=B0?= =?UTF-8?q?=E9=BB=91=E5=90=8D=E5=8D=95=E3=80=81=E7=99=BD=E5=90=8D=E5=8D=95?= =?UTF-8?q?=E6=A8=A1=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/common.php | 26 +++++++++---- config/system.php | 87 +++++++++++++++++++++++++++++++++++++++--- 2 files changed, 100 insertions(+), 13 deletions(-) diff --git a/application/common.php b/application/common.php index eb048bf..b57eb7f 100644 --- a/application/common.php +++ b/application/common.php @@ -1083,7 +1083,7 @@ function action_log($action = null, $model = null, $record_id = '', $user_id = n foreach ($match[1] as $value){ $param = explode('|', $value); if(isset($param[1]) && $param[1] != ''){ - if (is_disable_func($param[1])) { + if (!check_log_func($param[1])) { continue; } $replace[] = call_user_func($param[1], $log[$param[0]]); @@ -1483,24 +1483,34 @@ function dp_send_message($type = '', $content = '', $uids = '') { } } -if (!function_exists('is_disable_func')) { +if (!function_exists('check_log_func')) { /** - * 是否是禁用函数 + * 检查日志函数是否合法 * @param string $func * @return bool * @author 蔡伟明 <314013107@qq.com> */ - function is_disable_func($func = '') { + function check_log_func($func = '') { + $func = ltrim($func, '\\'); + $func = strtolower($func); + if (!is_string($func) || $func == '') { return false; } - $disable_functions = config('system.disable_functions'); - if (!$disable_functions) { - return false; + // 获取函数过滤模式 + $function_filter = strtolower(config('system.function_filter')); + + // 黑名单模式 + if ($function_filter === 'black_list') { + $disable_functions = config('system.function_black_list') ?: []; + return !in_array($func, $disable_functions); } - return in_array(strtolower($func), $disable_functions); + // 白名单模式 + $enable_functions = config('system.function_white_list') ?: []; + // 检查白名单是否为空,并判断函数是否在白名单中 + return !empty($enable_functions) && in_array(strtolower($func), $enable_functions); } } diff --git a/config/system.php b/config/system.php index 7afd851..21357b2 100644 --- a/config/system.php +++ b/config/system.php @@ -12,8 +12,10 @@ 'deny_ie' => false, // 模块管理中,不读取模块信息的目录 'except_module' => ['common', 'admin', 'index', 'extra', 'user', 'install'], - // 禁用函数 - 'disable_functions' => [ + // 函数过滤方式,black_list:黑名单,white_list:白名单 + 'function_filter' => 'white_list', + // 函数黑名单,在黑名单内的函数将不会被执行 + 'function_black_list' => [ 'eval', 'passthru', 'exec', @@ -30,6 +32,81 @@ 'symlink', 'popepassthru', 'phpinfo', - 'shell_exec' - ] -]; \ No newline at end of file + 'shell_exec', + 'fopen', + 'fclose', + 'fread', + 'fwrite', + 'file_get_contents', + 'file_put_contents', + 'unlink', + 'rename', + 'copy', + 'file', + 'file_exists', + 'mkdir', + 'rmdir', + 'opendir', + 'readdir', + 'scandir', + 'chdir', + 'chroot', + 'dir', + 'closedir', + 'getenv', + 'putenv', + 'get_current_user', + 'get_cfg_var', + 'getmyuid', + 'getmypid', + 'getmyinode', + 'getlastmod', + 'fsockopen', + 'pfsockopen', + 'socket_create', + 'socket_bind', + 'socket_listen', + 'socket_accept', + 'socket_connect', + 'socket_strerror', + 'stream_socket_server', + 'proc_open', + 'proc_close', + 'proc_terminate', + 'proc_get_status', + 'proc_nice', + 'assert', + 'php_uname', + 'getrusage', + 'get_include_path', + 'set_include_path', + 'ini_set', + 'pcntl_exec', + 'posix_kill', + 'posix_mkfifo', + 'posix_setpgid', + 'posix_setsid', + 'posix_setuid', + 'posix_seteuid', + 'posix_setegid', + 'posix_setgid', + 'posix_uname', + 'fileatime', + 'filectime', + 'fileinode', + 'is_dir', + 'is_executable', + 'is_writable', + 'filegroup', + 'fileowner', + 'is_file', + 'is_writeable', + 'stat', + 'fileperms', + 'is_link', + 'parse_ini_file', + 'readfile' + ], + // 函数白名单,在白名单内的函数才会被执行,空则所有函数都不执行 + 'function_white_list' => [] +];