dedecms安全漏洞之/include/common.inc.php漏洞解决办法
发表时间:2019-06-04 16:17 责任编辑:莫都晨晓 浏览:
次
在 /include/common.inc.php 中
查找:foreach(Array('_GET','_POST','_COOKIE') as $_request)
将如下代码
foreach(Array('_GET','_POST','_COOKIE') as $_request)
{
foreach($$_request as $_k => $_v) ${$_k} = _RunMagicQuotes($_v);
}
改为:
foreach(Array('_GET','_POST','_COOKIE') as $_request)
{
foreach($$_request as $_k => $_v) {
if( strlen($_k)>0 && eregi('^(cfg_|GLOBALS)',$_k) ){
exit('Request var not allow!');
}
${$_k} = _RunMagicQuotes($_v);
}
问题解决
查找:foreach(Array('_GET','_POST','_COOKIE') as $_request)
将如下代码
foreach(Array('_GET','_POST','_COOKIE') as $_request)
{
foreach($$_request as $_k => $_v) ${$_k} = _RunMagicQuotes($_v);
}
改为:
foreach(Array('_GET','_POST','_COOKIE') as $_request)
{
foreach($$_request as $_k => $_v) {
if( strlen($_k)>0 && eregi('^(cfg_|GLOBALS)',$_k) ){
exit('Request var not allow!');
}
${$_k} = _RunMagicQuotes($_v);
}
问题解决
技术支持
相关阅读
- 1将文本垂直居中08-06
- 2dede:arclist按照自定义字段的条件调05-07
- 3js把英文逗号换成中文逗号04-01
- 4dede编辑器添加MP4视频上传功能01-08
- 5ssl证书12-22
- 6dede简单把分页页码改成英文10-30
- 7IIS7 环境中http重定向到https的设置04-01
- 8dedecms安全漏洞之/include/common.inc06-04
- 9织梦DEDE include/dedesql.class.php变量覆06-04
- 10dede自定义表单发送邮件提醒(非05-17
- 11dede列表页异步加载,点击加载更04-30
- 12正则表达式应用——实例应用04-25
- 13dede自定义表单防止恶意提交,增04-11
- 14goole地图API代码生成制作01-24
- 15CSS:text-fill-color 给文字增加图片蒙01-22
