add validate meta info for the backup file

2025-03-31 00:02:25 +02:00 · 2017-08-18 11:09:46 +08:00 · 2017-08-18 11:09:46 +08:00 · 13fc1b7169
commit 13fc1b7169
parent ac11ff4cc9
2 changed files with 30 additions and 13 deletions
--- a/var/Typecho/Common.php
+++ b/var/Typecho/Common.php
@ -1071,19 +1071,15 @@ EOF;
     * 从备份文件中解压
     *
     * @param $fp
-     * @param bool $end
+     * @param bool $offset
     * @return array|bool
     */
-    public static function extractBackupBuffer($fp, &$end)
+    public static function extractBackupBuffer($fp, &$offset)
    {
        $meta = fread($fp, 6);
+        $offset += 6;
        $metaLen = strlen($meta);

-        if (0 == $metaLen) {
-            $end = true;
-            return false;
-        }
-
        if (false === $meta || $metaLen != 6) {
            return false;
        }
@ -1091,18 +1087,21 @@ EOF;
        list ($type, $headerLen, $bodyLen) = array_values(unpack('v3', $meta));

        $header = @fread($fp, $headerLen);
+        $offset += $headerLen;

        if (false === $header || strlen($header) != $headerLen) {
            return false;
        }

        $body = @fread($fp, $bodyLen);
+        $offset += $bodyLen;

        if (false === $body || strlen($body) != $bodyLen) {
            return false;
        }

        $md5 = @fread($fp, 32);
+        $offset += 32;

        if (false === $md5 || $md5 != md5($meta . $header . $body)) {
            return false;
--- a/var/Widget/Backup.php
+++ b/var/Widget/Backup.php
@ -72,7 +72,16 @@ class Widget_Backup extends Widget_Abstract_Options implements Widget_Interface_
            $this->response->goBack();
        }

-        $fileHeader = @fread($fp, strlen(self::HEADER));
+        $fileSize = filesize($file);
+        $headerSize = strlen(self::HEADER);
+
+        if ($fileSize < $headerSize) {
+            @fclose($fp);
+            $this->widget('Widget_Notice')->set(_t('备份文件格式错误'), 'error');
+            $this->response->goBack();
+        }
+
+        $fileHeader = @fread($fp, $headerSize);

        if (!$fileHeader || $fileHeader != self::HEADER) {
            @fclose($fp);
@ -80,12 +89,20 @@ class Widget_Backup extends Widget_Abstract_Options implements Widget_Interface_
            $this->response->goBack();
        }

-        while (!feof($fp) && !$end) {
-            $data = Typecho_Common::extractBackupBuffer($fp, $end);
+        fseek($fp, $fileSize - $headerSize);
+        $fileFooter = @fread($fp, $headerSize);

-            if ($end) {
-                break;
-            }
+        if (!$fileFooter || $fileFooter != self::HEADER) {
+            @fclose($fp);
+            $this->widget('Widget_Notice')->set(_t('备份文件格式错误'), 'error');
+            $this->response->goBack();
+        }
+
+        fseek($fp, $headerSize);
+        $offset = $headerSize;
+
+        while (!feof($fp) && $offset + $headerSize < $fileSize) {
+            $data = Typecho_Common::extractBackupBuffer($fp, $offset);

            if (!$data) {
                @fclose($fp);
@ -214,6 +231,7 @@ class Widget_Backup extends Widget_Abstract_Options implements Widget_Interface_
        }

        Typecho_Plugin::factory(__CLASS__)->export();
+        echo self::HEADER;
        ob_end_flush();
    }