涉及檔案及其路徑
檔案:uploadsafe.inc.php
路徑:/include/uploadsafe.inc.php。
修複方法
修複這個漏洞有兩個地方需要修改,咱們一個一個來說。
1、第一處:找到下面這句:(第42行)
| 代碼如下 | 複製代碼 |
| ${$_key.’_size’} = @filesize($$_key); } |
|
替換成
| 代碼如下 | 複製代碼 |
| ${$_key.’_size’} = @filesize($$_key);} $imtypes = array(“image/pjpeg”, “image/jpeg”, “image/gif”, “image/png”, “image/xpng”, “image/wbmp”, “image/bmp”); if(in_array(strtolower(trim(${$_key.’_type’})), $imtypes)) { $image_dd = @getimagesize($$_key); if($image_dd == false){ continue; } if (!is_array($image_dd)) { exit(‘Upload filetype not allow !’); } } |
|
2、第二處:找到下面這句(替換第一處後處於第55行)
| 代碼如下 | 複製代碼 |
$image_dd = @getimagesize($$_key); $image_dd = @getimagesize($$_key); if($image_dd == false){ continue; } |
|
儲存在檢測就發現漏洞已經修複了。請大家注意備份檔案,在修改過的地方做好批註。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
