Commit cd4a95778a56639a297b6019f0c83285c670cd80
1 parent
f63223bd
Exists in
master
Reformulação do código do sistema de administração para aprmoramento da segurança
Showing
8 changed files
with
38 additions
and
16 deletions
Show diff stats
ferramentas/aplicarsld/upload.php
| @@ -14,7 +14,7 @@ require_once (dirname(__FILE__)."/../../ms_configura.php"); | @@ -14,7 +14,7 @@ require_once (dirname(__FILE__)."/../../ms_configura.php"); | ||
| 14 | $tema = $_GET["tema"]; | 14 | $tema = $_GET["tema"]; |
| 15 | 15 | ||
| 16 | if(isset($logExec) && $logExec["upload"] == true){ | 16 | if(isset($logExec) && $logExec["upload"] == true){ |
| 17 | - i3GeoLog("aplicarsld tema: $tema filename:" . $_FILES['i3GEOaplicarsld']['name'],$dir_tmp); | 17 | + i3GeoLog("prog: aplicarsld tema: $tema filename:" . $_FILES['i3GEOaplicarsld']['name'],$dir_tmp); |
| 18 | } | 18 | } |
| 19 | ?> | 19 | ?> |
| 20 | <html> | 20 | <html> |
| @@ -41,7 +41,10 @@ if (isset($_FILES['i3GEOaplicarsld']['name']) && strlen(basename($_FILES['i3GEOa | @@ -41,7 +41,10 @@ if (isset($_FILES['i3GEOaplicarsld']['name']) && strlen(basename($_FILES['i3GEOa | ||
| 41 | 41 | ||
| 42 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); | 42 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
| 43 | 43 | ||
| 44 | - $ArquivoDest = str_replace(".sld","",$ArquivoDest).".sld"; | 44 | + $ArquivoDest = str_replace(".sld","",$ArquivoDest); |
| 45 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".sld"; | ||
| 46 | + | ||
| 47 | + | ||
| 45 | verificaNome($ArquivoDest); | 48 | verificaNome($ArquivoDest); |
| 46 | 49 | ||
| 47 | //sobe arquivo | 50 | //sobe arquivo |
ferramentas/carregamapa/upload.php
| @@ -13,7 +13,7 @@ $postgis_mapa = $_SESSION["postgis_mapa"]; | @@ -13,7 +13,7 @@ $postgis_mapa = $_SESSION["postgis_mapa"]; | ||
| 13 | require_once (dirname(__FILE__)."/../../ms_configura.php"); | 13 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
| 14 | 14 | ||
| 15 | if(isset($logExec) && $logExec["upload"] == true){ | 15 | if(isset($logExec) && $logExec["upload"] == true){ |
| 16 | - i3GeoLog("carregamapa filename:" . $_FILES['i3GEOcarregamapafilemap']['name'],$dir_tmp); | 16 | + i3GeoLog("prog: carregamapa filename:" . $_FILES['i3GEOcarregamapafilemap']['name'],$dir_tmp); |
| 17 | } | 17 | } |
| 18 | ?> | 18 | ?> |
| 19 | <html> | 19 | <html> |
ferramentas/importarwmc/upload.php
| @@ -24,7 +24,7 @@ $dirmap = dirname($map_file); | @@ -24,7 +24,7 @@ $dirmap = dirname($map_file); | ||
| 24 | $arquivo = ""; | 24 | $arquivo = ""; |
| 25 | 25 | ||
| 26 | if(isset($logExec) && $logExec["upload"] == true){ | 26 | if(isset($logExec) && $logExec["upload"] == true){ |
| 27 | - i3GeoLog("importarwmc filename:" . $_FILES['i3GEOimportarwmc']['name'],$dir_tmp); | 27 | + i3GeoLog("prog: importarwmc filename:" . $_FILES['i3GEOimportarwmc']['name'],$dir_tmp); |
| 28 | } | 28 | } |
| 29 | 29 | ||
| 30 | if(isset($_FILES['i3GEOimportarwmc']['name']) && !($_POST["i3GEOimportarwmcurl"]) && strlen(basename($_FILES['i3GEOimportarwmc']['name'])) < 200) | 30 | if(isset($_FILES['i3GEOimportarwmc']['name']) && !($_POST["i3GEOimportarwmcurl"]) && strlen(basename($_FILES['i3GEOimportarwmc']['name'])) < 200) |
| @@ -33,7 +33,9 @@ if(isset($_FILES['i3GEOimportarwmc']['name']) && !($_POST["i3GEOimportarwmcurl"] | @@ -33,7 +33,9 @@ if(isset($_FILES['i3GEOimportarwmc']['name']) && !($_POST["i3GEOimportarwmcurl"] | ||
| 33 | //verifica nomes | 33 | //verifica nomes |
| 34 | $ArquivoDest = $_FILES['i3GEOimportarwmc']['name']; | 34 | $ArquivoDest = $_FILES['i3GEOimportarwmc']['name']; |
| 35 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); | 35 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
| 36 | - $ArquivoDest = str_replace(".xml","",$ArquivoDest).".xml"; | 36 | + |
| 37 | + $ArquivoDest = str_replace(".xml","",$ArquivoDest); | ||
| 38 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".xml"; | ||
| 37 | 39 | ||
| 38 | $ArquivoDest = strip_tags($ArquivoDest); | 40 | $ArquivoDest = strip_tags($ArquivoDest); |
| 39 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); | 41 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); |
ferramentas/upload/upload.php
| @@ -35,7 +35,7 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) | @@ -35,7 +35,7 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) | ||
| 35 | require_once (dirname(__FILE__)."/../../ms_configura.php"); | 35 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
| 36 | 36 | ||
| 37 | if(isset($logExec) && $logExec["upload"] == true){ | 37 | if(isset($logExec) && $logExec["upload"] == true){ |
| 38 | - i3GeoLog("upload filename:" . $_FILES['i3GEOuploadshp']['name'],$dir_tmp); | 38 | + i3GeoLog("prog: upload filename:" . $_FILES['i3GEOuploadshp']['name'],$dir_tmp); |
| 39 | } | 39 | } |
| 40 | 40 | ||
| 41 | echo "<p class='paragrafo' >Carregando o arquivo...</p>"; | 41 | echo "<p class='paragrafo' >Carregando o arquivo...</p>"; |
| @@ -67,9 +67,9 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) | @@ -67,9 +67,9 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) | ||
| 67 | //remove acentos | 67 | //remove acentos |
| 68 | $nomePrefixo = str_replace(" ","_",removeAcentos(str_replace(".shp","",$_FILES['i3GEOuploadshp']['name']))); | 68 | $nomePrefixo = str_replace(" ","_",removeAcentos(str_replace(".shp","",$_FILES['i3GEOuploadshp']['name']))); |
| 69 | 69 | ||
| 70 | + $nomePrefixo = str_replace(".","",$nomePrefixo); | ||
| 70 | $nomePrefixo = strip_tags($nomePrefixo); | 71 | $nomePrefixo = strip_tags($nomePrefixo); |
| 71 | $nomePrefixo = htmlspecialchars($nomePrefixo, ENT_QUOTES); | 72 | $nomePrefixo = htmlspecialchars($nomePrefixo, ENT_QUOTES); |
| 72 | - | ||
| 73 | $nomePrefixo = $nomePrefixo . md5(uniqid(rand(), true)); | 73 | $nomePrefixo = $nomePrefixo . md5(uniqid(rand(), true)); |
| 74 | 74 | ||
| 75 | //sobe arquivo | 75 | //sobe arquivo |
| @@ -104,14 +104,26 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) | @@ -104,14 +104,26 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) | ||
| 104 | 104 | ||
| 105 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".prj","<?"); | 105 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".prj","<?"); |
| 106 | if($checkphp == true){ | 106 | if($checkphp == true){ |
| 107 | + unlink($dirmap."/".$nomePrefixo.".shp"); | ||
| 108 | + unlink($dirmap."/".$nomePrefixo.".dbf"); | ||
| 109 | + unlink($dirmap."/".$nomePrefixo.".shx"); | ||
| 110 | + unlink($dirmap."/".$nomePrefixo.".prj"); | ||
| 107 | exit; | 111 | exit; |
| 108 | } | 112 | } |
| 109 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".shx","<?"); | 113 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".shx","<?"); |
| 110 | if($checkphp == true){ | 114 | if($checkphp == true){ |
| 115 | + unlink($dirmap."/".$nomePrefixo.".shp"); | ||
| 116 | + unlink($dirmap."/".$nomePrefixo.".dbf"); | ||
| 117 | + unlink($dirmap."/".$nomePrefixo.".shx"); | ||
| 118 | + unlink($dirmap."/".$nomePrefixo.".prj"); | ||
| 111 | exit; | 119 | exit; |
| 112 | } | 120 | } |
| 113 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".dbf","<?"); | 121 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".dbf","<?"); |
| 114 | if($checkphp == true){ | 122 | if($checkphp == true){ |
| 123 | + unlink($dirmap."/".$nomePrefixo.".shp"); | ||
| 124 | + unlink($dirmap."/".$nomePrefixo.".dbf"); | ||
| 125 | + unlink($dirmap."/".$nomePrefixo.".shx"); | ||
| 126 | + unlink($dirmap."/".$nomePrefixo.".prj"); | ||
| 115 | exit; | 127 | exit; |
| 116 | } | 128 | } |
| 117 | 129 |
ferramentas/uploaddbf/upload.php
| @@ -35,7 +35,7 @@ if (isset($_FILES['i3GEOuploaddbffile']['name']) && strlen(basename($_FILES['i3G | @@ -35,7 +35,7 @@ if (isset($_FILES['i3GEOuploaddbffile']['name']) && strlen(basename($_FILES['i3G | ||
| 35 | require_once (dirname(__FILE__)."/../../ms_configura.php"); | 35 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
| 36 | 36 | ||
| 37 | if(isset($logExec) && $logExec["upload"] == true){ | 37 | if(isset($logExec) && $logExec["upload"] == true){ |
| 38 | - i3GeoLog("uploaddbf filename:" . $_FILES['i3GEOuploaddbffile']['name'],$dir_tmp); | 38 | + i3GeoLog("prog: uploaddbf filename:" . $_FILES['i3GEOuploaddbffile']['name'],$dir_tmp); |
| 39 | } | 39 | } |
| 40 | 40 | ||
| 41 | $mapa = ms_newMapObj($map_file); | 41 | $mapa = ms_newMapObj($map_file); |
| @@ -50,10 +50,12 @@ if (isset($_FILES['i3GEOuploaddbffile']['name']) && strlen(basename($_FILES['i3G | @@ -50,10 +50,12 @@ if (isset($_FILES['i3GEOuploaddbffile']['name']) && strlen(basename($_FILES['i3G | ||
| 50 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); | 50 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
| 51 | 51 | ||
| 52 | if($_GET["i3GEOuploaddbftipoarquivo"] != "dbf"){ | 52 | if($_GET["i3GEOuploaddbftipoarquivo"] != "dbf"){ |
| 53 | - $ArquivoDest = str_replace(".csv","",$ArquivoDest).".csv"; | 53 | + $ArquivoDest = str_replace(".csv","",$ArquivoDest); |
| 54 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".csv"; | ||
| 54 | } | 55 | } |
| 55 | else{ | 56 | else{ |
| 56 | - $ArquivoDest = str_replace(".dbf","",$ArquivoDest).".dbf"; | 57 | + $ArquivoDest = str_replace(".dbf","",$ArquivoDest); |
| 58 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".dbf"; | ||
| 57 | } | 59 | } |
| 58 | 60 | ||
| 59 | $ArquivoDest = strip_tags($ArquivoDest); | 61 | $ArquivoDest = strip_tags($ArquivoDest); |
ferramentas/uploadgpx/upload.php
| @@ -32,7 +32,7 @@ if (isset($_FILES['i3GEOuploadgpx']['name']) && strlen(basename($_FILES['i3GEOup | @@ -32,7 +32,7 @@ if (isset($_FILES['i3GEOuploadgpx']['name']) && strlen(basename($_FILES['i3GEOup | ||
| 32 | require_once (dirname(__FILE__)."/../../ms_configura.php"); | 32 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
| 33 | 33 | ||
| 34 | if(isset($logExec) && $logExec["upload"] == true){ | 34 | if(isset($logExec) && $logExec["upload"] == true){ |
| 35 | - i3GeoLog("uploadgpx filename:" . $_FILES['i3GEOuploadgpx']['name'],$dir_tmp); | 35 | + i3GeoLog("prog: uploadgpx filename:" . $_FILES['i3GEOuploadgpx']['name'],$dir_tmp); |
| 36 | } | 36 | } |
| 37 | 37 | ||
| 38 | $mapa = ms_newMapObj($map_file); | 38 | $mapa = ms_newMapObj($map_file); |
| @@ -44,7 +44,8 @@ if (isset($_FILES['i3GEOuploadgpx']['name']) && strlen(basename($_FILES['i3GEOup | @@ -44,7 +44,8 @@ if (isset($_FILES['i3GEOuploadgpx']['name']) && strlen(basename($_FILES['i3GEOup | ||
| 44 | //verifica nomes | 44 | //verifica nomes |
| 45 | $ArquivoDest = $_FILES['i3GEOuploadgpx']['name']; | 45 | $ArquivoDest = $_FILES['i3GEOuploadgpx']['name']; |
| 46 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); | 46 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
| 47 | - $ArquivoDest = str_replace(".gpx","",$ArquivoDest).".gpx"; | 47 | + $ArquivoDest = str_replace(".gpx","",$ArquivoDest); |
| 48 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".gpx"; | ||
| 48 | 49 | ||
| 49 | $ArquivoDest = strip_tags($ArquivoDest); | 50 | $ArquivoDest = strip_tags($ArquivoDest); |
| 50 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); | 51 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); |
ferramentas/uploadkml/upload.php
| @@ -33,7 +33,7 @@ if (isset($_FILES['i3GEOuploadkml']['name']) && strlen(basename($_FILES['i3GEOup | @@ -33,7 +33,7 @@ if (isset($_FILES['i3GEOuploadkml']['name']) && strlen(basename($_FILES['i3GEOup | ||
| 33 | require_once (dirname(__FILE__)."/../../ms_configura.php"); | 33 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
| 34 | 34 | ||
| 35 | if(isset($logExec) && $logExec["upload"] == true){ | 35 | if(isset($logExec) && $logExec["upload"] == true){ |
| 36 | - i3GeoLog("uploadkml filename:" . $_FILES['i3GEOuploadkml']['name'],$dir_tmp); | 36 | + i3GeoLog("prog: uploadkml filename:" . $_FILES['i3GEOuploadkml']['name'],$dir_tmp); |
| 37 | } | 37 | } |
| 38 | 38 | ||
| 39 | $mapa = ms_newMapObj($map_file); | 39 | $mapa = ms_newMapObj($map_file); |
| @@ -45,7 +45,8 @@ if (isset($_FILES['i3GEOuploadkml']['name']) && strlen(basename($_FILES['i3GEOup | @@ -45,7 +45,8 @@ if (isset($_FILES['i3GEOuploadkml']['name']) && strlen(basename($_FILES['i3GEOup | ||
| 45 | //verifica nomes | 45 | //verifica nomes |
| 46 | $ArquivoDest = $_FILES['i3GEOuploadkml']['name']; | 46 | $ArquivoDest = $_FILES['i3GEOuploadkml']['name']; |
| 47 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); | 47 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
| 48 | - $ArquivoDest = str_replace(".kml","",$ArquivoDest).".kml"; | 48 | + $ArquivoDest = str_replace(".kml","",$ArquivoDest); |
| 49 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".kml"; | ||
| 49 | 50 | ||
| 50 | $ArquivoDest = strip_tags($ArquivoDest); | 51 | $ArquivoDest = strip_tags($ArquivoDest); |
| 51 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); | 52 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); |
ferramentas/uploadsimbolo/upload.php
| @@ -28,7 +28,7 @@ if (isset($_FILES['i3GEOuploadsimboloarq']['name']) && strlen(basename($_FILES[' | @@ -28,7 +28,7 @@ if (isset($_FILES['i3GEOuploadsimboloarq']['name']) && strlen(basename($_FILES[' | ||
| 28 | require_once (dirname(__FILE__)."/../../ms_configura.php"); | 28 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
| 29 | 29 | ||
| 30 | if(isset($logExec) && $logExec["upload"] == true){ | 30 | if(isset($logExec) && $logExec["upload"] == true){ |
| 31 | - i3GeoLog("uploadsimbolo filename:" . $_FILES['i3GEOuploadsimboloarq']['name'],$dir_tmp); | 31 | + i3GeoLog("prog: uploadsimbolo filename:" . $_FILES['i3GEOuploadsimboloarq']['name'],$dir_tmp); |
| 32 | } | 32 | } |
| 33 | 33 | ||
| 34 | echo "<p class='paragrafo' >Carregando o arquivo...</p>"; | 34 | echo "<p class='paragrafo' >Carregando o arquivo...</p>"; |
| @@ -52,7 +52,8 @@ if (isset($_FILES['i3GEOuploadsimboloarq']['name']) && strlen(basename($_FILES[' | @@ -52,7 +52,8 @@ if (isset($_FILES['i3GEOuploadsimboloarq']['name']) && strlen(basename($_FILES[' | ||
| 52 | 52 | ||
| 53 | $nome = basename($_FILES['i3GEOuploadsimboloarq']['name']); | 53 | $nome = basename($_FILES['i3GEOuploadsimboloarq']['name']); |
| 54 | 54 | ||
| 55 | - $nome = str_replace(".png","",$nome).".png"; | 55 | + $nome = str_replace(".png","",$nome); |
| 56 | + $nome = str_replace(".","",$nome).".png"; | ||
| 56 | 57 | ||
| 57 | $nome = strip_tags($nome); | 58 | $nome = strip_tags($nome); |
| 58 | $nome = htmlspecialchars($nome, ENT_QUOTES); | 59 | $nome = htmlspecialchars($nome, ENT_QUOTES); |