diff --git a/shop/itemqaformupdate.php b/shop/itemqaformupdate.php index a92edc176..73e6a8ef1 100644 --- a/shop/itemqaformupdate.php +++ b/shop/itemqaformupdate.php @@ -90,14 +90,13 @@ else if ($w == "d") else $data_path = $p['path']; - if( end(explode('.', $data_path)) === 'php' ){ - continue; + if( preg_match('/(gif|jpe?g|bmp|png)$/i', strtolower(end(explode('.', $data_path))) ) ){ + + $destfile = ( ! preg_match('/\w+\/\.\.\//', $data_path) ) ? G5_PATH.$data_path : ''; + + if($destfile && preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile)) + @unlink($destfile); } - - $destfile = G5_PATH.$data_path; - - if(preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile)) - @unlink($destfile); } $imgs = get_editor_image($row['iq_answer'], $get_editor_img_mode); @@ -109,14 +108,13 @@ else if ($w == "d") else $data_path = $p['path']; - if( end(explode('.', $data_path)) === 'php' ){ - continue; + if( preg_match('/(gif|jpe?g|bmp|png)$/i', strtolower(end(explode('.', $data_path))) ) ){ + + $destfile = ( ! preg_match('/\w+\/\.\.\//', $data_path) ) ? G5_PATH.$data_path : ''; + + if($destfile && preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile)) + @unlink($destfile); } - - $destfile = G5_PATH.$data_path; - - if(preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile)) - @unlink($destfile); } $sql = " delete from {$g5['g5_shop_item_qa_table']} where iq_id = '$iq_id' and md5(concat(iq_id,iq_time,iq_ip)) = '{$hash}' "; diff --git a/shop/itemuseformupdate.php b/shop/itemuseformupdate.php index 868d2d895..b4701659d 100644 --- a/shop/itemuseformupdate.php +++ b/shop/itemuseformupdate.php @@ -103,14 +103,14 @@ else if ($w == "d") else $data_path = $p['path']; - if( end(explode('.', $data_path)) === 'php' ){ - continue; + + if( preg_match('/(gif|jpe?g|bmp|png)$/i', strtolower(end(explode('.', $data_path))) ) ){ + + $destfile = ( ! preg_match('/\w+\/\.\.\//', $data_path) ) ? G5_PATH.$data_path : ''; + + if($destfile && preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile)) + @unlink($destfile); } - - $destfile = G5_PATH.$data_path; - - if(preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile)) - @unlink($destfile); } $sql = " delete from {$g5['g5_shop_item_use_table']} where is_id = '$is_id' and md5(concat(is_id,is_time,is_ip)) = '{$hash}' ";