What should I do if the variable coverage vulnerability of dedecms leads to an injection vulnerability?
The variable coverage vulnerability of dedecms leads to injection vulnerability
Recommended study: Dream Weaver cms
The file is: include/filter.inc. php
Defense method
/include/filter.inc.php
/**
* 过滤不相关内容
*
* @access public
* @param string $fk 过滤键
* @param string $svar 过滤值
* @return string
*/
$magic_quotes_gpc = ini_get('magic_quotes_gpc');
function _FilterAll($fk, &$svar)
{
global $cfg_notallowstr,$cfg_replacestr;
if( is_array($svar) )
{
foreach($svar as $_k => $_v)
{
$svar[$_k] = _FilterAll($fk,$_v);
}
}
else
{
if($cfg_notallowstr!='' && preg_match("#".$cfg_notallowstr."#i", $svar))
{
ShowMsg(" $fk has not allow words!",'-1');
exit();
}
if($cfg_replacestr!='')
{
$svar = preg_replace('/'.$cfg_replacestr.'/i', "***", $svar);
}
}
if (!$magic_quotes_gpc) {
$svar = addslashes($svar);
}
return addslashes($svar);
// return $svar;
}The above is the detailed content of What should I do if the variable coverage vulnerability in dedecms leads to an injection vulnerability?. For more information, please follow other related articles on the PHP Chinese website!
common tags for dedecms
How to use mysql cursor
matlab colormap function usage
Will Sols inscription coins return to zero?
What should I do if English letters appear when I turn on the computer and the computer cannot be turned on?
How to get the address bar address
How to skip online activation in win11
word forced line break
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
