bluecms v1.0 ͼƬϴƹ©

:

BlueCMS(طϢŻרCMSϵͳ) 
include/upload.class.phpֻ֣Ǽļͷûм׺.
......
class upload {
	private $allow_image_type = array('image/jpg', 'image/gif', 'image/png', 'image/pjpeg');
......
    function img_upload($file, $dir = '', $imgname = ''){
    	if(empty($dir)){
    		$dir = BLUE_ROOT.DATA.UPLOAD.date("Ym")."/";
    	}else{
    		$dir = BLUE_ROOT.DATA.UPLOAD.$dir."/";
    	}
 
    	if(!file_exists($dir)){
    		if(!mkdir($dir)){
    			showmsg('ϴдĿ¼ʧ');
    		}
    	}
    	if(empty($imgname)){
    		$imgname = $this->create_tempname().$this->get_type($file['name']);
    	}
    	$imgname = $dir . $imgname;
    	if(!in_array($file['type'],$this->allow_image_type)){
             //ֻǼļͷţǾֱӹһSHELLͺ
    		showmsg('ͼƬ');
    	}
 
 
    }
<* ο
http://www.st0p.org/blog/archives/bluecms-0day.html
 *>