Commit cd4a95778a56639a297b6019f0c83285c670cd80
1 parent
f63223bd
Exists in
master
Reformulação do código do sistema de administração para aprmoramento da segurança
Showing
8 changed files
with
38 additions
and
16 deletions
Show diff stats
ferramentas/aplicarsld/upload.php
| ... | ... | @@ -14,7 +14,7 @@ require_once (dirname(__FILE__)."/../../ms_configura.php"); |
| 14 | 14 | $tema = $_GET["tema"]; |
| 15 | 15 | |
| 16 | 16 | if(isset($logExec) && $logExec["upload"] == true){ |
| 17 | - i3GeoLog("aplicarsld tema: $tema filename:" . $_FILES['i3GEOaplicarsld']['name'],$dir_tmp); | |
| 17 | + i3GeoLog("prog: aplicarsld tema: $tema filename:" . $_FILES['i3GEOaplicarsld']['name'],$dir_tmp); | |
| 18 | 18 | } |
| 19 | 19 | ?> |
| 20 | 20 | <html> |
| ... | ... | @@ -41,7 +41,10 @@ if (isset($_FILES['i3GEOaplicarsld']['name']) && strlen(basename($_FILES['i3GEOa |
| 41 | 41 | |
| 42 | 42 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
| 43 | 43 | |
| 44 | - $ArquivoDest = str_replace(".sld","",$ArquivoDest).".sld"; | |
| 44 | + $ArquivoDest = str_replace(".sld","",$ArquivoDest); | |
| 45 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".sld"; | |
| 46 | + | |
| 47 | + | |
| 45 | 48 | verificaNome($ArquivoDest); |
| 46 | 49 | |
| 47 | 50 | //sobe arquivo | ... | ... |
ferramentas/carregamapa/upload.php
| ... | ... | @@ -13,7 +13,7 @@ $postgis_mapa = $_SESSION["postgis_mapa"]; |
| 13 | 13 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
| 14 | 14 | |
| 15 | 15 | if(isset($logExec) && $logExec["upload"] == true){ |
| 16 | - i3GeoLog("carregamapa filename:" . $_FILES['i3GEOcarregamapafilemap']['name'],$dir_tmp); | |
| 16 | + i3GeoLog("prog: carregamapa filename:" . $_FILES['i3GEOcarregamapafilemap']['name'],$dir_tmp); | |
| 17 | 17 | } |
| 18 | 18 | ?> |
| 19 | 19 | <html> | ... | ... |
ferramentas/importarwmc/upload.php
| ... | ... | @@ -24,7 +24,7 @@ $dirmap = dirname($map_file); |
| 24 | 24 | $arquivo = ""; |
| 25 | 25 | |
| 26 | 26 | if(isset($logExec) && $logExec["upload"] == true){ |
| 27 | - i3GeoLog("importarwmc filename:" . $_FILES['i3GEOimportarwmc']['name'],$dir_tmp); | |
| 27 | + i3GeoLog("prog: importarwmc filename:" . $_FILES['i3GEOimportarwmc']['name'],$dir_tmp); | |
| 28 | 28 | } |
| 29 | 29 | |
| 30 | 30 | if(isset($_FILES['i3GEOimportarwmc']['name']) && !($_POST["i3GEOimportarwmcurl"]) && strlen(basename($_FILES['i3GEOimportarwmc']['name'])) < 200) |
| ... | ... | @@ -33,7 +33,9 @@ if(isset($_FILES['i3GEOimportarwmc']['name']) && !($_POST["i3GEOimportarwmcurl"] |
| 33 | 33 | //verifica nomes |
| 34 | 34 | $ArquivoDest = $_FILES['i3GEOimportarwmc']['name']; |
| 35 | 35 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
| 36 | - $ArquivoDest = str_replace(".xml","",$ArquivoDest).".xml"; | |
| 36 | + | |
| 37 | + $ArquivoDest = str_replace(".xml","",$ArquivoDest); | |
| 38 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".xml"; | |
| 37 | 39 | |
| 38 | 40 | $ArquivoDest = strip_tags($ArquivoDest); |
| 39 | 41 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); | ... | ... |
ferramentas/upload/upload.php
| ... | ... | @@ -35,7 +35,7 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) |
| 35 | 35 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
| 36 | 36 | |
| 37 | 37 | if(isset($logExec) && $logExec["upload"] == true){ |
| 38 | - i3GeoLog("upload filename:" . $_FILES['i3GEOuploadshp']['name'],$dir_tmp); | |
| 38 | + i3GeoLog("prog: upload filename:" . $_FILES['i3GEOuploadshp']['name'],$dir_tmp); | |
| 39 | 39 | } |
| 40 | 40 | |
| 41 | 41 | echo "<p class='paragrafo' >Carregando o arquivo...</p>"; |
| ... | ... | @@ -67,9 +67,9 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) |
| 67 | 67 | //remove acentos |
| 68 | 68 | $nomePrefixo = str_replace(" ","_",removeAcentos(str_replace(".shp","",$_FILES['i3GEOuploadshp']['name']))); |
| 69 | 69 | |
| 70 | + $nomePrefixo = str_replace(".","",$nomePrefixo); | |
| 70 | 71 | $nomePrefixo = strip_tags($nomePrefixo); |
| 71 | 72 | $nomePrefixo = htmlspecialchars($nomePrefixo, ENT_QUOTES); |
| 72 | - | |
| 73 | 73 | $nomePrefixo = $nomePrefixo . md5(uniqid(rand(), true)); |
| 74 | 74 | |
| 75 | 75 | //sobe arquivo |
| ... | ... | @@ -104,14 +104,26 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) |
| 104 | 104 | |
| 105 | 105 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".prj","<?"); |
| 106 | 106 | if($checkphp == true){ |
| 107 | + unlink($dirmap."/".$nomePrefixo.".shp"); | |
| 108 | + unlink($dirmap."/".$nomePrefixo.".dbf"); | |
| 109 | + unlink($dirmap."/".$nomePrefixo.".shx"); | |
| 110 | + unlink($dirmap."/".$nomePrefixo.".prj"); | |
| 107 | 111 | exit; |
| 108 | 112 | } |
| 109 | 113 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".shx","<?"); |
| 110 | 114 | if($checkphp == true){ |
| 115 | + unlink($dirmap."/".$nomePrefixo.".shp"); | |
| 116 | + unlink($dirmap."/".$nomePrefixo.".dbf"); | |
| 117 | + unlink($dirmap."/".$nomePrefixo.".shx"); | |
| 118 | + unlink($dirmap."/".$nomePrefixo.".prj"); | |
| 111 | 119 | exit; |
| 112 | 120 | } |
| 113 | 121 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".dbf","<?"); |
| 114 | 122 | if($checkphp == true){ |
| 123 | + unlink($dirmap."/".$nomePrefixo.".shp"); | |
| 124 | + unlink($dirmap."/".$nomePrefixo.".dbf"); | |
| 125 | + unlink($dirmap."/".$nomePrefixo.".shx"); | |
| 126 | + unlink($dirmap."/".$nomePrefixo.".prj"); | |
| 115 | 127 | exit; |
| 116 | 128 | } |
| 117 | 129 | ... | ... |
ferramentas/uploaddbf/upload.php
| ... | ... | @@ -35,7 +35,7 @@ if (isset($_FILES['i3GEOuploaddbffile']['name']) && strlen(basename($_FILES['i3G |
| 35 | 35 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
| 36 | 36 | |
| 37 | 37 | if(isset($logExec) && $logExec["upload"] == true){ |
| 38 | - i3GeoLog("uploaddbf filename:" . $_FILES['i3GEOuploaddbffile']['name'],$dir_tmp); | |
| 38 | + i3GeoLog("prog: uploaddbf filename:" . $_FILES['i3GEOuploaddbffile']['name'],$dir_tmp); | |
| 39 | 39 | } |
| 40 | 40 | |
| 41 | 41 | $mapa = ms_newMapObj($map_file); |
| ... | ... | @@ -50,10 +50,12 @@ if (isset($_FILES['i3GEOuploaddbffile']['name']) && strlen(basename($_FILES['i3G |
| 50 | 50 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
| 51 | 51 | |
| 52 | 52 | if($_GET["i3GEOuploaddbftipoarquivo"] != "dbf"){ |
| 53 | - $ArquivoDest = str_replace(".csv","",$ArquivoDest).".csv"; | |
| 53 | + $ArquivoDest = str_replace(".csv","",$ArquivoDest); | |
| 54 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".csv"; | |
| 54 | 55 | } |
| 55 | 56 | else{ |
| 56 | - $ArquivoDest = str_replace(".dbf","",$ArquivoDest).".dbf"; | |
| 57 | + $ArquivoDest = str_replace(".dbf","",$ArquivoDest); | |
| 58 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".dbf"; | |
| 57 | 59 | } |
| 58 | 60 | |
| 59 | 61 | $ArquivoDest = strip_tags($ArquivoDest); | ... | ... |
ferramentas/uploadgpx/upload.php
| ... | ... | @@ -32,7 +32,7 @@ if (isset($_FILES['i3GEOuploadgpx']['name']) && strlen(basename($_FILES['i3GEOup |
| 32 | 32 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
| 33 | 33 | |
| 34 | 34 | if(isset($logExec) && $logExec["upload"] == true){ |
| 35 | - i3GeoLog("uploadgpx filename:" . $_FILES['i3GEOuploadgpx']['name'],$dir_tmp); | |
| 35 | + i3GeoLog("prog: uploadgpx filename:" . $_FILES['i3GEOuploadgpx']['name'],$dir_tmp); | |
| 36 | 36 | } |
| 37 | 37 | |
| 38 | 38 | $mapa = ms_newMapObj($map_file); |
| ... | ... | @@ -44,7 +44,8 @@ if (isset($_FILES['i3GEOuploadgpx']['name']) && strlen(basename($_FILES['i3GEOup |
| 44 | 44 | //verifica nomes |
| 45 | 45 | $ArquivoDest = $_FILES['i3GEOuploadgpx']['name']; |
| 46 | 46 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
| 47 | - $ArquivoDest = str_replace(".gpx","",$ArquivoDest).".gpx"; | |
| 47 | + $ArquivoDest = str_replace(".gpx","",$ArquivoDest); | |
| 48 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".gpx"; | |
| 48 | 49 | |
| 49 | 50 | $ArquivoDest = strip_tags($ArquivoDest); |
| 50 | 51 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); | ... | ... |
ferramentas/uploadkml/upload.php
| ... | ... | @@ -33,7 +33,7 @@ if (isset($_FILES['i3GEOuploadkml']['name']) && strlen(basename($_FILES['i3GEOup |
| 33 | 33 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
| 34 | 34 | |
| 35 | 35 | if(isset($logExec) && $logExec["upload"] == true){ |
| 36 | - i3GeoLog("uploadkml filename:" . $_FILES['i3GEOuploadkml']['name'],$dir_tmp); | |
| 36 | + i3GeoLog("prog: uploadkml filename:" . $_FILES['i3GEOuploadkml']['name'],$dir_tmp); | |
| 37 | 37 | } |
| 38 | 38 | |
| 39 | 39 | $mapa = ms_newMapObj($map_file); |
| ... | ... | @@ -45,7 +45,8 @@ if (isset($_FILES['i3GEOuploadkml']['name']) && strlen(basename($_FILES['i3GEOup |
| 45 | 45 | //verifica nomes |
| 46 | 46 | $ArquivoDest = $_FILES['i3GEOuploadkml']['name']; |
| 47 | 47 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
| 48 | - $ArquivoDest = str_replace(".kml","",$ArquivoDest).".kml"; | |
| 48 | + $ArquivoDest = str_replace(".kml","",$ArquivoDest); | |
| 49 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".kml"; | |
| 49 | 50 | |
| 50 | 51 | $ArquivoDest = strip_tags($ArquivoDest); |
| 51 | 52 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); | ... | ... |
ferramentas/uploadsimbolo/upload.php
| ... | ... | @@ -28,7 +28,7 @@ if (isset($_FILES['i3GEOuploadsimboloarq']['name']) && strlen(basename($_FILES[' |
| 28 | 28 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
| 29 | 29 | |
| 30 | 30 | if(isset($logExec) && $logExec["upload"] == true){ |
| 31 | - i3GeoLog("uploadsimbolo filename:" . $_FILES['i3GEOuploadsimboloarq']['name'],$dir_tmp); | |
| 31 | + i3GeoLog("prog: uploadsimbolo filename:" . $_FILES['i3GEOuploadsimboloarq']['name'],$dir_tmp); | |
| 32 | 32 | } |
| 33 | 33 | |
| 34 | 34 | echo "<p class='paragrafo' >Carregando o arquivo...</p>"; |
| ... | ... | @@ -52,7 +52,8 @@ if (isset($_FILES['i3GEOuploadsimboloarq']['name']) && strlen(basename($_FILES[' |
| 52 | 52 | |
| 53 | 53 | $nome = basename($_FILES['i3GEOuploadsimboloarq']['name']); |
| 54 | 54 | |
| 55 | - $nome = str_replace(".png","",$nome).".png"; | |
| 55 | + $nome = str_replace(".png","",$nome); | |
| 56 | + $nome = str_replace(".","",$nome).".png"; | |
| 56 | 57 | |
| 57 | 58 | $nome = strip_tags($nome); |
| 58 | 59 | $nome = htmlspecialchars($nome, ENT_QUOTES); | ... | ... |