What should I do if the variable coverage vulnerability in dedecms leads to an injection vulnerability?-DEDECMS-php.cn

Home

CMS Tutorial

DEDECMS

What should I do if the variable coverage vulnerability in dedecms leads to an injection vulnerability?

藏色散人

Jan 10, 2020 am 09:39 AM

dedecms

What should I do if the variable coverage vulnerability of dedecms leads to an injection vulnerability?

The variable coverage vulnerability of dedecms leads to injection vulnerability

Recommended study: Dream Weaver cms

The file is: include/filter.inc. php

Defense method

/include/filter.inc.php

/**
 *  过滤不相关内容
 *
 * @access    public
 * @param     string  $fk 过滤键
 * @param     string  $svar 过滤值
 * @return    string
 */
$magic_quotes_gpc = ini_get(&#39;magic_quotes_gpc&#39;);
function _FilterAll($fk, &$svar)
{
    global $cfg_notallowstr,$cfg_replacestr;
    if( is_array($svar) )
    {
        foreach($svar as $_k => $_v)
        {
            $svar[$_k] = _FilterAll($fk,$_v);
        }
    }
    else
    {
        if($cfg_notallowstr!=&#39;&#39; && preg_match("#".$cfg_notallowstr."#i", $svar))
        {
            ShowMsg(" $fk has not allow words!",&#39;-1&#39;);
            exit();
        }
        if($cfg_replacestr!=&#39;&#39;)
        {
            $svar = preg_replace(&#39;/&#39;.$cfg_replacestr.&#39;/i&#39;, "***", $svar);
        }
    }
    if (!$magic_quotes_gpc) {
        $svar = addslashes($svar);
    }
return addslashes($svar);
//    return $svar;
}

The above is the detailed content of What should I do if the variable coverage vulnerability in dedecms leads to an injection vulnerability?. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn