Commit cd4a95778a56639a297b6019f0c83285c670cd80
1 parent
f63223bd
Exists in
master
Reformulação do código do sistema de administração para aprmoramento da segurança
Showing
8 changed files
with
38 additions
and
16 deletions
Show diff stats
ferramentas/aplicarsld/upload.php
@@ -14,7 +14,7 @@ require_once (dirname(__FILE__)."/../../ms_configura.php"); | @@ -14,7 +14,7 @@ require_once (dirname(__FILE__)."/../../ms_configura.php"); | ||
14 | $tema = $_GET["tema"]; | 14 | $tema = $_GET["tema"]; |
15 | 15 | ||
16 | if(isset($logExec) && $logExec["upload"] == true){ | 16 | if(isset($logExec) && $logExec["upload"] == true){ |
17 | - i3GeoLog("aplicarsld tema: $tema filename:" . $_FILES['i3GEOaplicarsld']['name'],$dir_tmp); | 17 | + i3GeoLog("prog: aplicarsld tema: $tema filename:" . $_FILES['i3GEOaplicarsld']['name'],$dir_tmp); |
18 | } | 18 | } |
19 | ?> | 19 | ?> |
20 | <html> | 20 | <html> |
@@ -41,7 +41,10 @@ if (isset($_FILES['i3GEOaplicarsld']['name']) && strlen(basename($_FILES['i3GEOa | @@ -41,7 +41,10 @@ if (isset($_FILES['i3GEOaplicarsld']['name']) && strlen(basename($_FILES['i3GEOa | ||
41 | 41 | ||
42 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); | 42 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
43 | 43 | ||
44 | - $ArquivoDest = str_replace(".sld","",$ArquivoDest).".sld"; | 44 | + $ArquivoDest = str_replace(".sld","",$ArquivoDest); |
45 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".sld"; | ||
46 | + | ||
47 | + | ||
45 | verificaNome($ArquivoDest); | 48 | verificaNome($ArquivoDest); |
46 | 49 | ||
47 | //sobe arquivo | 50 | //sobe arquivo |
ferramentas/carregamapa/upload.php
@@ -13,7 +13,7 @@ $postgis_mapa = $_SESSION["postgis_mapa"]; | @@ -13,7 +13,7 @@ $postgis_mapa = $_SESSION["postgis_mapa"]; | ||
13 | require_once (dirname(__FILE__)."/../../ms_configura.php"); | 13 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
14 | 14 | ||
15 | if(isset($logExec) && $logExec["upload"] == true){ | 15 | if(isset($logExec) && $logExec["upload"] == true){ |
16 | - i3GeoLog("carregamapa filename:" . $_FILES['i3GEOcarregamapafilemap']['name'],$dir_tmp); | 16 | + i3GeoLog("prog: carregamapa filename:" . $_FILES['i3GEOcarregamapafilemap']['name'],$dir_tmp); |
17 | } | 17 | } |
18 | ?> | 18 | ?> |
19 | <html> | 19 | <html> |
ferramentas/importarwmc/upload.php
@@ -24,7 +24,7 @@ $dirmap = dirname($map_file); | @@ -24,7 +24,7 @@ $dirmap = dirname($map_file); | ||
24 | $arquivo = ""; | 24 | $arquivo = ""; |
25 | 25 | ||
26 | if(isset($logExec) && $logExec["upload"] == true){ | 26 | if(isset($logExec) && $logExec["upload"] == true){ |
27 | - i3GeoLog("importarwmc filename:" . $_FILES['i3GEOimportarwmc']['name'],$dir_tmp); | 27 | + i3GeoLog("prog: importarwmc filename:" . $_FILES['i3GEOimportarwmc']['name'],$dir_tmp); |
28 | } | 28 | } |
29 | 29 | ||
30 | if(isset($_FILES['i3GEOimportarwmc']['name']) && !($_POST["i3GEOimportarwmcurl"]) && strlen(basename($_FILES['i3GEOimportarwmc']['name'])) < 200) | 30 | if(isset($_FILES['i3GEOimportarwmc']['name']) && !($_POST["i3GEOimportarwmcurl"]) && strlen(basename($_FILES['i3GEOimportarwmc']['name'])) < 200) |
@@ -33,7 +33,9 @@ if(isset($_FILES['i3GEOimportarwmc']['name']) && !($_POST["i3GEOimportarwmcurl"] | @@ -33,7 +33,9 @@ if(isset($_FILES['i3GEOimportarwmc']['name']) && !($_POST["i3GEOimportarwmcurl"] | ||
33 | //verifica nomes | 33 | //verifica nomes |
34 | $ArquivoDest = $_FILES['i3GEOimportarwmc']['name']; | 34 | $ArquivoDest = $_FILES['i3GEOimportarwmc']['name']; |
35 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); | 35 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
36 | - $ArquivoDest = str_replace(".xml","",$ArquivoDest).".xml"; | 36 | + |
37 | + $ArquivoDest = str_replace(".xml","",$ArquivoDest); | ||
38 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".xml"; | ||
37 | 39 | ||
38 | $ArquivoDest = strip_tags($ArquivoDest); | 40 | $ArquivoDest = strip_tags($ArquivoDest); |
39 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); | 41 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); |
ferramentas/upload/upload.php
@@ -35,7 +35,7 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) | @@ -35,7 +35,7 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) | ||
35 | require_once (dirname(__FILE__)."/../../ms_configura.php"); | 35 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
36 | 36 | ||
37 | if(isset($logExec) && $logExec["upload"] == true){ | 37 | if(isset($logExec) && $logExec["upload"] == true){ |
38 | - i3GeoLog("upload filename:" . $_FILES['i3GEOuploadshp']['name'],$dir_tmp); | 38 | + i3GeoLog("prog: upload filename:" . $_FILES['i3GEOuploadshp']['name'],$dir_tmp); |
39 | } | 39 | } |
40 | 40 | ||
41 | echo "<p class='paragrafo' >Carregando o arquivo...</p>"; | 41 | echo "<p class='paragrafo' >Carregando o arquivo...</p>"; |
@@ -67,9 +67,9 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) | @@ -67,9 +67,9 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) | ||
67 | //remove acentos | 67 | //remove acentos |
68 | $nomePrefixo = str_replace(" ","_",removeAcentos(str_replace(".shp","",$_FILES['i3GEOuploadshp']['name']))); | 68 | $nomePrefixo = str_replace(" ","_",removeAcentos(str_replace(".shp","",$_FILES['i3GEOuploadshp']['name']))); |
69 | 69 | ||
70 | + $nomePrefixo = str_replace(".","",$nomePrefixo); | ||
70 | $nomePrefixo = strip_tags($nomePrefixo); | 71 | $nomePrefixo = strip_tags($nomePrefixo); |
71 | $nomePrefixo = htmlspecialchars($nomePrefixo, ENT_QUOTES); | 72 | $nomePrefixo = htmlspecialchars($nomePrefixo, ENT_QUOTES); |
72 | - | ||
73 | $nomePrefixo = $nomePrefixo . md5(uniqid(rand(), true)); | 73 | $nomePrefixo = $nomePrefixo . md5(uniqid(rand(), true)); |
74 | 74 | ||
75 | //sobe arquivo | 75 | //sobe arquivo |
@@ -104,14 +104,26 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) | @@ -104,14 +104,26 @@ if (isset($_FILES['i3GEOuploadshp']['name'])) | ||
104 | 104 | ||
105 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".prj","<?"); | 105 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".prj","<?"); |
106 | if($checkphp == true){ | 106 | if($checkphp == true){ |
107 | + unlink($dirmap."/".$nomePrefixo.".shp"); | ||
108 | + unlink($dirmap."/".$nomePrefixo.".dbf"); | ||
109 | + unlink($dirmap."/".$nomePrefixo.".shx"); | ||
110 | + unlink($dirmap."/".$nomePrefixo.".prj"); | ||
107 | exit; | 111 | exit; |
108 | } | 112 | } |
109 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".shx","<?"); | 113 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".shx","<?"); |
110 | if($checkphp == true){ | 114 | if($checkphp == true){ |
115 | + unlink($dirmap."/".$nomePrefixo.".shp"); | ||
116 | + unlink($dirmap."/".$nomePrefixo.".dbf"); | ||
117 | + unlink($dirmap."/".$nomePrefixo.".shx"); | ||
118 | + unlink($dirmap."/".$nomePrefixo.".prj"); | ||
111 | exit; | 119 | exit; |
112 | } | 120 | } |
113 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".dbf","<?"); | 121 | $checkphp = fileContemString($dirmap."/".$nomePrefixo.".dbf","<?"); |
114 | if($checkphp == true){ | 122 | if($checkphp == true){ |
123 | + unlink($dirmap."/".$nomePrefixo.".shp"); | ||
124 | + unlink($dirmap."/".$nomePrefixo.".dbf"); | ||
125 | + unlink($dirmap."/".$nomePrefixo.".shx"); | ||
126 | + unlink($dirmap."/".$nomePrefixo.".prj"); | ||
115 | exit; | 127 | exit; |
116 | } | 128 | } |
117 | 129 |
ferramentas/uploaddbf/upload.php
@@ -35,7 +35,7 @@ if (isset($_FILES['i3GEOuploaddbffile']['name']) && strlen(basename($_FILES['i3G | @@ -35,7 +35,7 @@ if (isset($_FILES['i3GEOuploaddbffile']['name']) && strlen(basename($_FILES['i3G | ||
35 | require_once (dirname(__FILE__)."/../../ms_configura.php"); | 35 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
36 | 36 | ||
37 | if(isset($logExec) && $logExec["upload"] == true){ | 37 | if(isset($logExec) && $logExec["upload"] == true){ |
38 | - i3GeoLog("uploaddbf filename:" . $_FILES['i3GEOuploaddbffile']['name'],$dir_tmp); | 38 | + i3GeoLog("prog: uploaddbf filename:" . $_FILES['i3GEOuploaddbffile']['name'],$dir_tmp); |
39 | } | 39 | } |
40 | 40 | ||
41 | $mapa = ms_newMapObj($map_file); | 41 | $mapa = ms_newMapObj($map_file); |
@@ -50,10 +50,12 @@ if (isset($_FILES['i3GEOuploaddbffile']['name']) && strlen(basename($_FILES['i3G | @@ -50,10 +50,12 @@ if (isset($_FILES['i3GEOuploaddbffile']['name']) && strlen(basename($_FILES['i3G | ||
50 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); | 50 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
51 | 51 | ||
52 | if($_GET["i3GEOuploaddbftipoarquivo"] != "dbf"){ | 52 | if($_GET["i3GEOuploaddbftipoarquivo"] != "dbf"){ |
53 | - $ArquivoDest = str_replace(".csv","",$ArquivoDest).".csv"; | 53 | + $ArquivoDest = str_replace(".csv","",$ArquivoDest); |
54 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".csv"; | ||
54 | } | 55 | } |
55 | else{ | 56 | else{ |
56 | - $ArquivoDest = str_replace(".dbf","",$ArquivoDest).".dbf"; | 57 | + $ArquivoDest = str_replace(".dbf","",$ArquivoDest); |
58 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".dbf"; | ||
57 | } | 59 | } |
58 | 60 | ||
59 | $ArquivoDest = strip_tags($ArquivoDest); | 61 | $ArquivoDest = strip_tags($ArquivoDest); |
ferramentas/uploadgpx/upload.php
@@ -32,7 +32,7 @@ if (isset($_FILES['i3GEOuploadgpx']['name']) && strlen(basename($_FILES['i3GEOup | @@ -32,7 +32,7 @@ if (isset($_FILES['i3GEOuploadgpx']['name']) && strlen(basename($_FILES['i3GEOup | ||
32 | require_once (dirname(__FILE__)."/../../ms_configura.php"); | 32 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
33 | 33 | ||
34 | if(isset($logExec) && $logExec["upload"] == true){ | 34 | if(isset($logExec) && $logExec["upload"] == true){ |
35 | - i3GeoLog("uploadgpx filename:" . $_FILES['i3GEOuploadgpx']['name'],$dir_tmp); | 35 | + i3GeoLog("prog: uploadgpx filename:" . $_FILES['i3GEOuploadgpx']['name'],$dir_tmp); |
36 | } | 36 | } |
37 | 37 | ||
38 | $mapa = ms_newMapObj($map_file); | 38 | $mapa = ms_newMapObj($map_file); |
@@ -44,7 +44,8 @@ if (isset($_FILES['i3GEOuploadgpx']['name']) && strlen(basename($_FILES['i3GEOup | @@ -44,7 +44,8 @@ if (isset($_FILES['i3GEOuploadgpx']['name']) && strlen(basename($_FILES['i3GEOup | ||
44 | //verifica nomes | 44 | //verifica nomes |
45 | $ArquivoDest = $_FILES['i3GEOuploadgpx']['name']; | 45 | $ArquivoDest = $_FILES['i3GEOuploadgpx']['name']; |
46 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); | 46 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
47 | - $ArquivoDest = str_replace(".gpx","",$ArquivoDest).".gpx"; | 47 | + $ArquivoDest = str_replace(".gpx","",$ArquivoDest); |
48 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".gpx"; | ||
48 | 49 | ||
49 | $ArquivoDest = strip_tags($ArquivoDest); | 50 | $ArquivoDest = strip_tags($ArquivoDest); |
50 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); | 51 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); |
ferramentas/uploadkml/upload.php
@@ -33,7 +33,7 @@ if (isset($_FILES['i3GEOuploadkml']['name']) && strlen(basename($_FILES['i3GEOup | @@ -33,7 +33,7 @@ if (isset($_FILES['i3GEOuploadkml']['name']) && strlen(basename($_FILES['i3GEOup | ||
33 | require_once (dirname(__FILE__)."/../../ms_configura.php"); | 33 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
34 | 34 | ||
35 | if(isset($logExec) && $logExec["upload"] == true){ | 35 | if(isset($logExec) && $logExec["upload"] == true){ |
36 | - i3GeoLog("uploadkml filename:" . $_FILES['i3GEOuploadkml']['name'],$dir_tmp); | 36 | + i3GeoLog("prog: uploadkml filename:" . $_FILES['i3GEOuploadkml']['name'],$dir_tmp); |
37 | } | 37 | } |
38 | 38 | ||
39 | $mapa = ms_newMapObj($map_file); | 39 | $mapa = ms_newMapObj($map_file); |
@@ -45,7 +45,8 @@ if (isset($_FILES['i3GEOuploadkml']['name']) && strlen(basename($_FILES['i3GEOup | @@ -45,7 +45,8 @@ if (isset($_FILES['i3GEOuploadkml']['name']) && strlen(basename($_FILES['i3GEOup | ||
45 | //verifica nomes | 45 | //verifica nomes |
46 | $ArquivoDest = $_FILES['i3GEOuploadkml']['name']; | 46 | $ArquivoDest = $_FILES['i3GEOuploadkml']['name']; |
47 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); | 47 | $ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true)); |
48 | - $ArquivoDest = str_replace(".kml","",$ArquivoDest).".kml"; | 48 | + $ArquivoDest = str_replace(".kml","",$ArquivoDest); |
49 | + $ArquivoDest = str_replace(".","",$ArquivoDest).".kml"; | ||
49 | 50 | ||
50 | $ArquivoDest = strip_tags($ArquivoDest); | 51 | $ArquivoDest = strip_tags($ArquivoDest); |
51 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); | 52 | $ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES); |
ferramentas/uploadsimbolo/upload.php
@@ -28,7 +28,7 @@ if (isset($_FILES['i3GEOuploadsimboloarq']['name']) && strlen(basename($_FILES[' | @@ -28,7 +28,7 @@ if (isset($_FILES['i3GEOuploadsimboloarq']['name']) && strlen(basename($_FILES[' | ||
28 | require_once (dirname(__FILE__)."/../../ms_configura.php"); | 28 | require_once (dirname(__FILE__)."/../../ms_configura.php"); |
29 | 29 | ||
30 | if(isset($logExec) && $logExec["upload"] == true){ | 30 | if(isset($logExec) && $logExec["upload"] == true){ |
31 | - i3GeoLog("uploadsimbolo filename:" . $_FILES['i3GEOuploadsimboloarq']['name'],$dir_tmp); | 31 | + i3GeoLog("prog: uploadsimbolo filename:" . $_FILES['i3GEOuploadsimboloarq']['name'],$dir_tmp); |
32 | } | 32 | } |
33 | 33 | ||
34 | echo "<p class='paragrafo' >Carregando o arquivo...</p>"; | 34 | echo "<p class='paragrafo' >Carregando o arquivo...</p>"; |
@@ -52,7 +52,8 @@ if (isset($_FILES['i3GEOuploadsimboloarq']['name']) && strlen(basename($_FILES[' | @@ -52,7 +52,8 @@ if (isset($_FILES['i3GEOuploadsimboloarq']['name']) && strlen(basename($_FILES[' | ||
52 | 52 | ||
53 | $nome = basename($_FILES['i3GEOuploadsimboloarq']['name']); | 53 | $nome = basename($_FILES['i3GEOuploadsimboloarq']['name']); |
54 | 54 | ||
55 | - $nome = str_replace(".png","",$nome).".png"; | 55 | + $nome = str_replace(".png","",$nome); |
56 | + $nome = str_replace(".","",$nome).".png"; | ||
56 | 57 | ||
57 | $nome = strip_tags($nome); | 58 | $nome = strip_tags($nome); |
58 | $nome = htmlspecialchars($nome, ENT_QUOTES); | 59 | $nome = htmlspecialchars($nome, ENT_QUOTES); |