PHPCMS V9最新安全修复(2015-11-06)
----------------------------------------------------------------------------------------------------
补丁名称:投票注入漏洞修复
发布时间:2015-10-28:
修改文件:phpcms\modules\vote\index.php
修改方案:
153行找到:
$data_arr[$radio]='1';
修改为:
$radio = intval($radio);
$data_arr[$radio]='1';
----------------------------------------------------------------------------------------------------
补丁名称:下载文件漏洞修复
发布时间:2015-10-28:
修改文件:phpcms\modules\content\down.php
修改方案:
找到(两出74行和89行):
if(empty($_SERVER['HTTP_USER_AGENT'])){
$pc_auth_key = md5(pc_base::load_config('system','auth_key').'down');
}else{
$pc_auth_key = md5(pc_base::load_config('system','auth_key').$_SERVER['HTTP_USER_AGENT']);
}
都修改为:
$pc_auth_key = md5(pc_base::load_config('system','auth_key').$_SERVER['HTTP_USER_AGENT'].'down');
找到:
if($m) $fileurl = trim($s).trim($fileurl);
修改为:
if($m) $fileurl = trim($s).trim($fileurl);
if(preg_match('/(php|phtml|php3|php4|jsp|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\.|$)/i',$fileurl) ) showmessage(L('url_error'));
----------------------------------------------------------------------------------------------------
补丁名称:根据用户找回密码的漏洞修复
发布时间:2015-11-06
修改文件:phpcms\modules\member\index.php
修改方案:
找到(1709行):
$email_arr = explode('@',$r['email']);
include template('member', 'forget_password_username');
修改为:
$_SESSION['emc'] = "";
$_SESSION['emc_times']=0;
$email_arr = explode('@',$r['email']);
include template('member', 'forget_password_username');
