From 164598c83fc57c427f68b98fe8aad44d99db1974 Mon Sep 17 00:00:00 2001 From: filesite Date: Mon, 14 Mar 2022 16:16:16 +0800 Subject: [PATCH] add Nginx secure link md5 pattern valid check function --- lib/DirScanner.php | 26 ++++++++++++++++++++++++++ test/DirScannerTest.php | 5 ++++- 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/lib/DirScanner.php b/lib/DirScanner.php index 9d99209..b0edec3 100644 --- a/lib/DirScanner.php +++ b/lib/DirScanner.php @@ -81,6 +81,26 @@ Class DirScanner { return !empty($realpath) ? md5($realpath) : ''; } + //判断Nginx防盗链MD5加密方式字符串是否合格 + private function isNginxSecureLinkMd5PatternValid($pattern) { + $valid = true; + + $fieldsNeeded = [ + '{secure_link_expires}', + '{uri}', + '{remote_addr}', + '{secret}', + ]; + foreach($fieldsNeeded as $needle) { + if (strstr($pattern, $needle) === false) { + $valid = false; + break; + } + } + + return $valid; + } + //根据文件生成防盗链网址 //参考:https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link @@ -159,6 +179,9 @@ Class DirScanner { } if (!empty($pattern) && is_string($pattern)) { + if ($this->isNginxSecureLinkMd5PatternValid($pattern) == false) { + throw new Exception("Invalid Nginx secure link md5 pattern: {$pattern}", 500); + } $this->nginxSecureLinkMd5Pattern = $pattern; } @@ -204,6 +227,9 @@ Class DirScanner { */ public function setNginxSecureLinkMd5Pattern($pattern) { if (!empty($pattern) && is_string($pattern)) { + if ($this->isNginxSecureLinkMd5PatternValid($pattern) == false) { + throw new Exception("Invalid Nginx secure link md5 pattern: {$pattern}", 500); + } $this->nginxSecureLinkMd5Pattern = $pattern; } } diff --git a/test/DirScannerTest.php b/test/DirScannerTest.php index 3fb08c6..d895511 100644 --- a/test/DirScannerTest.php +++ b/test/DirScannerTest.php @@ -53,7 +53,10 @@ class DirScannerTest extends DirScanner { //--调用测试方法-- $scanner = new DirScannerTest(); -$scanner->secureLinkTest('/default/', 'foo=bar', '127.0.0.1'); +//$scanner->secureLinkTest('/default/', 'foo=bar', '127.0.0.1', '{test}hello'); +//$scanner->secureLinkTest('/default/', 'foo=bar', '127.0.0.1', ''); +//$scanner->secureLinkTest('/default/', 'foo=bar', '127.0.0.1', '{secret} {secure_link_expires}{uri}{remote_addr}'); + $scanner->getFilePathTest('/content/小说/金庸/', '书剑恩仇录', 'md'); $scanner->getFilePathTest('/content/小说/金庸/', '封面图', 'jpg'); $scanner->getFilePathTest('/content/视频/游戏/', 'demo', 'm3u8');