dedecms的变量覆盖漏洞导致注入漏洞怎么办
dedecms的变量覆盖漏洞导致注入漏洞怎么办?
dedecms的变量覆盖漏洞导致注入漏洞
推荐学习:织梦cms
文件是:include/filter.inc.php
防御方法
/include/filter.inc.php/** *过滤不相关内容 * * @accesspublic * @paramstring$fk 过滤键 * @paramstring$svar 过滤值 * @returnstring */$magic_quotes_gpc = ini_get('magic_quotes_gpc');function _FilterAll($fk, &$svar){global $cfg_notallowstr,$cfg_replacestr;if( is_array($svar) ){foreach($svar as $_k => $_v){$svar[$_k] = _FilterAll($fk,$_v);}}else{if($cfg_notallowstr!='' && preg_match("#".$cfg_notallowstr."#i", $svar)){ShowMsg(" $fk has not allow words!",'-1');exit();}if($cfg_replacestr!=''){$svar = preg_replace('/'.$cfg_replacestr.'/i', "***", $svar);}}if (!$magic_quotes_gpc) {$svar = addslashes($svar);}return addslashes($svar);//return $svar;}以上就是dedecms的变量覆盖漏洞导致注入漏洞怎么办的详细内容,更多请关注小潘博客其它相关文章!
