Shulou(Shulou.com)06/02 Report--

What is the solution to the injection vulnerability caused by the variable coverage vulnerability in dedecms? This problem may be often seen in our daily study or work. I hope you can gain a lot from this question. The following is the reference content that the editor brings to you, let's take a look at it!

What if a variable override vulnerability in dedecms leads to an injection vulnerability?

Dedecms's variable override vulnerability leads to injection vulnerability

Recommended study: dream weaving cms

The file is: include/filter.inc.php

Defense method

/ include/filter.inc.php

/ * * filter irrelevant content * * @ access public * @ param string $fk filter key * @ param string $svar filter value * @ return string * / $magic_quotes_gpc = ini_get ('magic_quotes_gpc'); function _ FilterAll ($fk, & $svar) {global $cfg_notallowstr,$cfg_replacestr If (is_array ($svar)) {foreach ($svar as $_ k = > $_ v) {$svar [$_ k] = _ FilterAll ($fk,$_v) } else {if ($cfgnotallowstricken rooms) & & preg_match ("#". $cfg_notallowstr. "# I", $svar) {ShowMsg ("$fk has notallow words!",'- 1'); exit () } if ($cfgache replacestringkeeper thanks thanks') {$svar = preg_replace ('/'. $cfg_replacestr.'/i', "*", $svar);} if (! $magic_quotes_gpc) {$svar = addslashes ($svar);} return addslashes ($svar); / / return $svar;} Thank you for reading! After reading the above, do you have a general idea of how to solve the injection vulnerability caused by the variable coverage vulnerability in dedecms? I hope the content of the article will be helpful to all of you. If you want to know more about the relevant articles, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.