Generally, when operating and maintaining a website, we use a third-party online monitoring tool to check whether the website has certain risks. We can also directly monitor risk vulnerabilities, if any security risks of the website are discovered, the website will be sent to us by email or other means for repair. Today, a friend received an email from the 360 website security guard about the "HTTP response splitting vulnerability" vulnerability on his website and provided a solution.
The solution is very simple, because it is a WORDPRESS program, so we go to the FUNCTIONS. Php file of the current topic and find:
The code is as follows: |
Copy code |
Function redirect_comment_link (){
$ Redirect = $ _ GET ['R'];
|
Then add the following:
The code is as follows: |
Copy code |
$ Redirect = trim ($ redirect );
$ Redirect = strip_tags ($ redirect, ""); // clear HTML and other code
$ Redirect = ereg_replace ("\ t", "", $ redirect); // remove the tabulation symbol
$ Redirect = ereg_replace ("\ r \ n", "", $ redirect); // remove the carriage return line break symbol
$ Redirect = ereg_replace ("\ r", "", $ redirect); // remove the carriage return
$ Redirect = ereg_replace ("\ n", "", $ redirect); // remove the line feed.
$ Redirect = ereg_replace ("", "", $ redirect); // remove spaces
$ Redirect = ereg_replace ("'", "", $ redirect); // remove single quotes
|
After the vulnerability is saved, the system generates a cache if it has a cache, and then detects the vulnerability.