4.2.4

Author: cym1102

README.md

@@ -111,9 +111,9 @@ Path : JDK安装目录\bin
 
 ```
 Linux: mkdir /home/nginxWebUI/ 
-       wget -O /home/nginxWebUI/nginxWebUI.jar https://gitee.com/cym1102/nginxWebUI/releases/download/4.2.2/nginxWebUI-4.2.2.jar
+       wget -O /home/nginxWebUI/nginxWebUI.jar https://gitee.com/cym1102/nginxWebUI/releases/download/4.2.4/nginxWebUI-4.2.4.jar
 
-Windows: 直接使用浏览器下载 https://gitee.com/cym1102/nginxWebUI/releases/download/4.2.2/nginxWebUI-4.2.2.jar 到 D:/home/nginxWebUI/nginxWebUI.jar
+Windows: 直接使用浏览器下载 https://gitee.com/cym1102/nginxWebUI/releases/download/4.2.4/nginxWebUI-4.2.4.jar 到 D:/home/nginxWebUI/nginxWebUI.jar
 ```
 
 有新版本只需要修改路径中的版本即可

README_EN.md

@@ -107,9 +107,9 @@ reboot
 
 ```
 Linux: mkdir /home/nginxWebUI/   
-       wget -O /home/nginxWebUI/nginxWebUI.jar https://gitee.com/cym1102/nginxWebUI/releases/download/4.2.2/nginxWebUI-4.2.2.jar
+       wget -O /home/nginxWebUI/nginxWebUI.jar https://gitee.com/cym1102/nginxWebUI/releases/download/4.2.4/nginxWebUI-4.2.4.jar
 
-Windows: Download directly from your browser https://gitee.com/cym1102/nginxWebUI/releases/download/4.2.2/nginxWebUI-4.2.2.jar into D:/home/nginxWebUI/
+Windows: Download directly from your browser https://gitee.com/cym1102/nginxWebUI/releases/download/4.2.4/nginxWebUI-4.2.4.jar into D:/home/nginxWebUI/
 ```
 
 With a new version, you just need to change the version in the path

pom.xml

@@ -1,4 +1,6 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 
 	<parent>
 		<groupId>org.noear</groupId>
@@ -9,7 +11,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.cym</groupId>
 	<artifactId>nginxWebUI</artifactId>
-	<version>4.2.2</version>
+	<version>4.2.4</version>
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -27,7 +29,7 @@
 		<easy-captcha.version>1.6.2</easy-captcha.version>
 		<jackson-annotations.version>2.13.1</jackson-annotations.version>
 		<maven-model.version>3.0</maven-model.version>
-		<expiringmap.version>0.5.10</expiringmap.version>
+		<expiringmap.version>0.5.11</expiringmap.version>
 	</properties>
 
 	<dependencies>
@@ -67,7 +69,7 @@
 			<artifactId>h2</artifactId>
 			<version>${h2.version}</version>
 		</dependency>
-		
+
 		<dependency>
 			<groupId>org.xerial</groupId>
 			<artifactId>sqlite-jdbc</artifactId>

src/main/java/com/cym/controller/adminPage/ConfController.java

@@ -1,8 +1,9 @@
 package com.cym.controller.adminPage;
 
 import java.io.File;
-import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -31,11 +32,10 @@
 
 import cn.hutool.core.codec.Base64;
 import cn.hutool.core.io.FileUtil;
-import cn.hutool.core.io.resource.ClassPathResource;
+import cn.hutool.core.io.file.PathUtil;
 import cn.hutool.core.util.CharsetUtil;
 import cn.hutool.core.util.RuntimeUtil;
 import cn.hutool.core.util.StrUtil;
-import cn.hutool.core.util.ZipUtil;
 import cn.hutool.json.JSONArray;
 import cn.hutool.json.JSONObject;
 import cn.hutool.json.JSONUtil;
@@ -269,22 +269,61 @@ public JsonResult check(String nginxPath, String nginxExe, String nginxDir, Stri
 	@Mapping(value = "saveCmd")
 	public JsonResult saveCmd(String nginxPath, String nginxExe, String nginxDir) {
 		nginxPath = ToolUtils.handlePath(nginxPath);
-		settingService.set("nginxPath", nginxPath);
-
 		nginxExe = ToolUtils.handlePath(nginxExe);
-		settingService.set("nginxExe", nginxExe);
-
 		nginxDir = ToolUtils.handlePath(nginxDir);
-		settingService.set("nginxDir", nginxDir);
+
+		if (StrUtil.isNotEmpty(nginxPath) && !isFile(nginxPath)) {
+			nginxPath = null;
+		}
+		if (StrUtil.isNotEmpty(nginxDir) && !isFile(nginxDir)) {
+			nginxDir = null;
+		}
+		if (StrUtil.isNotEmpty(nginxExe) && !isFile(nginxExe) && !isSafeCmd(nginxExe)) {
+			nginxExe = null;
+		}
+		if (StrUtil.isNotEmpty(nginxExe) && isFile(nginxExe) && !isSafeEnd(nginxExe)) {
+			nginxExe = null;
+		}
+
+		if (nginxPath != null) {
+			settingService.set("nginxPath", nginxPath);
+			System.out.println("nginxPath -> " + nginxPath);
+		}
+		if (nginxExe != null) {
+			settingService.set("nginxExe", nginxExe);
+			System.out.println("nginxExe -> " + nginxExe);
+		}
+		if (nginxDir != null) {
+			settingService.set("nginxDir", nginxDir);
+			System.out.println("nginxDir -> " + nginxDir);
+		}
 
 		Map<String, String> map = new HashMap<>();
 		map.put("nginxPath", nginxPath);
 		map.put("nginxExe", nginxExe);
 		map.put("nginxDir", nginxDir);
-
+		System.out.println("");
 		return renderSuccess(map);
 	}
 
+	private boolean isSafeEnd(String nginxExe) {
+		return nginxExe.endsWith("nginx") //
+				|| nginxExe.endsWith("openresty") //
+				|| nginxExe.endsWith("nginx.exe") //
+				|| nginxExe.endsWith("openrestys.exe");
+	}
+
+	private boolean isSafeCmd(String nginxExe) {
+		return nginxExe.equals("nginx") //
+				|| nginxExe.equals("openresty") //
+				|| nginxExe.equals("nginx.exe") //
+				|| nginxExe.equals("openrestys.exe");
+	}
+
+	private boolean isFile(String path) {
+		return FileUtil.isDirectory(path) || FileUtil.isFile(path);
+	}
+
 	@Mapping(value = "reload")
 	public synchronized JsonResult reload(String nginxPath, String nginxExe, String nginxDir) {
 		if (nginxPath == null) {
@@ -308,7 +347,7 @@ public synchronized JsonResult reload(String nginxPath, String nginxExe, String
 			String rs = RuntimeUtil.execForStr(cmd);
 
 			cmd = "<span class='blue'>" + cmd + "</span>";
-			if (!rs.contains("[error]")) {
+			if (!rs.contains("[error]") && !rs.contains("[emerg]")) {
 				return renderSuccess(cmd + "<br>" + m.get("confStr.reloadSuccess") + "<br>" + rs.replace("\n", "<br>"));
 			} else {
 				if (rs.contains("The system cannot find the file specified") || rs.contains("nginx.pid") || rs.contains("PID")) {
@@ -331,7 +370,8 @@ public JsonResult runCmd(String cmd, String type) {
 		}
 
 		// 仅执行nginx相关的命令，而不是其他的恶意命令
-		if (!isAvailableCmd(cmd)) {
+		cmd = buildRealCmd(cmd);
+		if (StrUtil.isEmpty(cmd)) {
 			return renderSuccess(m.get("confStr.notAvailableCmd"));
 		}
 
@@ -359,17 +399,12 @@ public JsonResult runCmd(String cmd, String type) {
 		}
 	}
 
-	// 仅执行nginx相关的命令，而不是其他的恶意命令
-	private boolean isAvailableCmd(String cmd) {
-		// 过滤数据库中的路径
-		String nginxPath = ToolUtils.handleConf(settingService.get("nginxPath"));
-		settingService.set("nginxPath", nginxPath);
-		String nginxExe = ToolUtils.handleConf(settingService.get("nginxExe"));
-		settingService.set("nginxExe", nginxExe);
-		String nginxDir = ToolUtils.handleConf(settingService.get("nginxDir"));
-		settingService.set("nginxDir", nginxDir);
+	private String buildRealCmd(String cmd) {
+		String dir = "";
+		if (StrUtil.isNotEmpty(settingService.get("nginxDir"))) {
+			dir = " -p " + settingService.get("nginxDir");
+		}
 
-		// 检查命令格式
 		switch (cmd) {
 		case "net start nginx":
 		case "service nginx start":
@@ -379,27 +414,58 @@ private boolean isAvailableCmd(String cmd) {
 		case "systemctl stop nginx":
 		case "taskkill /f /im nginx.exe":
 		case "pkill nginx":
-			return true;
-		default:
-			break;
-		}
-
-		String dir = "";
-		if (StrUtil.isNotEmpty(settingService.get("nginxDir"))) {
-			dir = " -p " + settingService.get("nginxDir");
-		}
+			return cmd;
 
-		if (cmd.equals(settingService.get("nginxExe") + " -s stop" + dir)) {
-			return true;
+		case "stopNormal":
+			return settingService.get("nginxExe") + " -s stop" + dir;
+		case "startNormal":
+			return settingService.get("nginxExe") + " -c " + settingService.get("nginxPath") + dir;
 		}
 
-		if (cmd.equals(settingService.get("nginxExe") + " -c " + settingService.get("nginxPath") + dir)) {
-			return true;
-		}
-
-		return false;
+		return null;
 	}
 
+//	// 仅执行nginx相关的命令，而不是其他的恶意命令
+//	private boolean isAvailableCmd(String cmd) {
+//		// 过滤数据库中的路径
+//		String nginxPath = ToolUtils.handleConf(settingService.get("nginxPath"));
+//		settingService.set("nginxPath", nginxPath);
+//		String nginxExe = ToolUtils.handleConf(settingService.get("nginxExe"));
+//		settingService.set("nginxExe", nginxExe);
+//		String nginxDir = ToolUtils.handleConf(settingService.get("nginxDir"));
+//		settingService.set("nginxDir", nginxDir);
+//
+//		// 检查命令格式
+//		switch (cmd) {
+//		case "net start nginx":
+//		case "service nginx start":
+//		case "systemctl start nginx":
+//		case "net stop nginx":
+//		case "service nginx stop":
+//		case "systemctl stop nginx":
+//		case "taskkill /f /im nginx.exe":
+//		case "pkill nginx":
+//			return true;
+//		default:
+//			break;
+//		}
+//
+//		String dir = "";
+//		if (StrUtil.isNotEmpty(settingService.get("nginxDir"))) {
+//			dir = " -p " + settingService.get("nginxDir");
+//		}
+//
+//		if (cmd.equals(settingService.get("nginxExe") + " -s stop" + dir)) {
+//			return true;
+//		}
+//
+//		if (cmd.equals(settingService.get("nginxExe") + " -c " + settingService.get("nginxPath") + dir)) {
+//			return true;
+//		}
+//
+//		return false;
+//	}
+
 	@Mapping(value = "getLastCmd")
 	public JsonResult getLastCmd(String type) {
 		return renderSuccess(settingService.get(type));

src/main/java/com/cym/controller/adminPage/WwwController.java

@@ -1,8 +1,15 @@
 package com.cym.controller.adminPage;
 
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
 import java.net.URL;
 import java.nio.charset.Charset;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipFile;
+import java.util.zip.ZipInputStream;
 
+import cn.hutool.core.util.CharsetUtil;
 import cn.hutool.core.util.StrUtil;
 import org.noear.solon.annotation.Controller;
 import org.noear.solon.annotation.Inject;
@@ -43,12 +50,19 @@ public JsonResult addOver(Www www, String dirTemp) {
 		}
 
 		try {
-//			FileUtil.clean(www.getDir());  //太危险不要删了文件夹了 
+			try {
+				if (!checkZipSafe(dirTemp, www.getDir(), CharsetUtil.defaultCharset())) {
+					return renderError(m.get("wwwStr.zipNotSafe"));
+				}
+			} catch (IllegalArgumentException e) {
+				if (!checkZipSafe(dirTemp, www.getDir(), Charset.forName("GBK"))) {
+					return renderError(m.get("wwwStr.zipNotSafe"));
+				}
+			}
 
 			try {
 				ZipUtil.unzip(dirTemp, www.getDir());
-			} catch (Exception e) {
-				// 默认UTF-8下不能解压中文字符, 尝试使用gbk
+			} catch (IllegalArgumentException e) {
 				ZipUtil.unzip(dirTemp, www.getDir(), Charset.forName("GBK"));
 			}
 
@@ -63,20 +77,69 @@ public JsonResult addOver(Www www, String dirTemp) {
 
 		return renderError(m.get("wwwStr.zipError"));
 	}
-	
+
+	/**
+	 * 检查zip是否包含../目录
+	 * 
+	 * @param dirTemp
+	 * @param dir
+	 * @param charset
+	 * @return
+	 */
+	private boolean checkZipSafe(String dirTemp, String dir, Charset charset) {
+		File zipFile = new File(dirTemp);
+		File outputFolder = new File(dir);
+		ZipInputStream zis = null;
+
+		try {
+			zis = new ZipInputStream(new FileInputStream(zipFile), charset);
+			ZipEntry entry = null;
+			while ((entry = zis.getNextEntry()) != null) {
+				String name = entry.getName();
+				// 检查并阻止任何尝试跳转到父目录的尝试
+				if (name.contains("..") || name.startsWith("/") || name.startsWith("\\")) {
+					return false;
+				}
+
+				// 通常还需要检查解压后文件的完整路径，以确保它仍然位于输出文件夹内
+				File file = new File(outputFolder, name);
+				if (!file.getCanonicalPath().startsWith(outputFolder.getCanonicalPath())) {
+					return false;
+				}
+			}
+		} catch (IllegalArgumentException e) {
+			logger.error(e.getMessage(), e);
+			throw e;
+		} catch (IOException e) {
+			logger.error(e.getMessage(), e);
+			return false;
+		} finally {
+			try {
+				if (zis != null) {
+					zis.close();
+				}
+			} catch (IOException e) {
+				logger.error(e.getMessage(), e);
+			}
+		}
+
+		return true;
+
+	}
+
 	@Mapping("clean")
 	public JsonResult clean(String id) {
 		Www www = sqlHelper.findById(id, Www.class);
-		
+
 		FileUtil.clean(www.getDir());
-		
+
 		return renderSuccess();
 	}
 
 	@Mapping("del")
 	public JsonResult del(String id) {
 		String[] ids = id.split(",");
-		
+
 		sqlHelper.deleteByIds(ids, Www.class);
 
 		return renderSuccess();

src/main/java/com/cym/service/ConfService.java

@@ -325,15 +325,15 @@ public void buildDenyAllow(NgxBlock ngxBlock, String type, String id, ConfExt co
 		List<String> strs = new ArrayList<>();
 		if (denyAllowValue == 1) {
 			// 黑名单
-			strs.add("allow all;");
-
 			DenyAllow denyAllow = sqlHelper.findById(denyId, DenyAllow.class);
 			if (denyAllow != null) {
 				String[] ips = denyAllow.getIp().split("\n");
 				for (String ip : ips) {
 					strs.add("deny " + ip.trim() + ";");
 				}
 			}
+			
+			strs.add("allow all;");
 		}
 		if (denyAllowValue == 2) {
 			// 白名单