Skip to content

Commit

Permalink
[^] 升级 UEditor 到1.4.3.3(20160526版本)
Browse files Browse the repository at this point in the history
[#] 修复 XSS
[^] 内网采集可配置,默认不采集内网(防止 SSRF)
  • Loading branch information
xbzbing committed Jun 6, 2016
1 parent 13f44d5 commit 3e99f13
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
2 changes: 2 additions & 0 deletions UEditorController.php
Original file line number Diff line number Diff line change
Expand Up @@ -258,6 +258,8 @@ public function actionCatchImage()
}
foreach ($source as $imgUrl) {
$item = new Uploader($imgUrl, $config, 'remote');
if ($this->allowIntranet)
$item->setAllowIntranet(true);
$info = $item->getFileInfo();
$info['thumbnail'] = $this->imageHandle($info['url']);
$list[] = [
Expand Down
5 changes: 5 additions & 0 deletions Uploader.php
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,11 @@
*/
class Uploader
{
/**
* 是否允许采集内网 IP 图片
* 默认不允许
* @var bool
*/
private $allowIntranet = false;
private $fileField; //文件域名
private $file; //文件上传对象
Expand Down

0 comments on commit 3e99f13

Please sign in to comment.