/// <summary> /// 页面载入检查 /// </summary> public void PageLoadCheck() { if (ShopCache.GetDomainStatus() == "0") { if (!Shop.LebiAPI.Service.Instanse.Check("lebilicense")) { StringBuilder sb = new StringBuilder(); sb.Append("Powered by <a style=\"font-size:12px;color:#00497f\" href=\"http://www.lebi.cn\" target=\"_blank\" title=\"LebiShop多语言网店系统\">LebiShop</a> "); sb.Append("V" + SYS.Version + "." + SYS.Version_Son); Response.Write("<div style=\"height:100px;padding-top:10px;text-align:left;font-size:12;\">LebiShop发现异常,您可以访问<a style=\"font-size:12px;color:#00497f\" href=\"http://www.lebi.cn\" target=\"_blank\" title=\"LebiShop多语言网店系统\">www.lebi.cn</a>寻求帮助<br>"); Response.Write(sb.ToString() + "</div>"); } else { Response.Write(SYS.Wornings); } Response.End(); return; } if (SYS.VisitTimeFlag == "1") { //开启了禁止访问 Response.Write(SYS.Wornings); Response.End(); return; } if (SYS.IPLock != "") { string ip = RequestTool.GetClientIP(); string[] locks = SYS.IPLock.Split(','); string reg; foreach (string iplock in locks) { if (iplock == ip) { Response.Write(SYS.Wornings); Response.End(); return; } reg = iplock.Replace(".", @"\."); reg = iplock.Replace("*", @"\d+"); if (RegexTool.Check(ip, reg)) { Response.Write(SYS.Wornings); Response.End(); return; } } } }
/// <summary> /// C#检测上传图片是否安全函数 /// </summary> /// <param name="strPictureFilePath"></param> public static bool CheckPictureSafe(string strPictureFilePath) { bool strReturn = true; if (File.Exists(strPictureFilePath)) { if (!IsAllowedExtension(strPictureFilePath)) { File.Delete(strPictureFilePath); return(false); } StringBuilder str_Temp = new StringBuilder(); try { using (StreamReader sr = new StreamReader(strPictureFilePath)) //按文本文件方式读取图片内容 { String line; while ((line = sr.ReadLine()) != null) { str_Temp.Append(line); } //检测是否包含危险字符串 if (str_Temp == null) { strReturn = false; } else { string DangerString = "<script|iframe|.getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|.saveas|wscript.shell|script.encode|server.|.createobject|execute|activexobject|language=|include|filesystemobject|shell.application"; strReturn = RegexTool.Check(str_Temp.ToString(), DangerString); } sr.Close(); } if (strReturn) { File.Delete(strPictureFilePath); return(false); } } catch (Exception ex) { throw new Exception(ex.Message); } } return(true); }