<progress id="ow31b"></progress>
    <div id="ow31b"><tr id="ow31b"></tr></div>
    <em id="ow31b"><ol id="ow31b"><mark id="ow31b"></mark></ol></em><dl id="ow31b"></dl>
      <em id="ow31b"></em><em id="ow31b"><ol id="ow31b"></ol></em>
      <progress id="ow31b"><tr id="ow31b"><ruby id="ow31b"></ruby></tr></progress>
      <dl id="ow31b"></dl>
      <progress id="ow31b"></progress>
      <div id="ow31b"></div>

      <dl id="ow31b"><ins id="ow31b"></ins></dl>

          <dl id="ow31b"><ins id="ow31b"></ins></dl>
          <dl id="ow31b"><ins id="ow31b"></ins></dl>

          <div id="ow31b"></div>

          <sup id="ow31b"></sup>
          <em id="ow31b"><ins id="ow31b"></ins></em>
            <dl id="ow31b"></dl>

            <progress id="ow31b"></progress><div id="ow31b"></div>

            <em id="ow31b"><ins id="ow31b"></ins></em>

              <div id="ow31b"><tr id="ow31b"></tr></div><dl id="ow31b"><ins id="ow31b"><object id="ow31b"></object></ins></dl>

              <dl id="ow31b"><ins id="ow31b"></ins></dl>
              <progress id="ow31b"><tr id="ow31b"></tr></progress>

              <dl id="ow31b"></dl>

              <em id="ow31b"><ins id="ow31b"><thead id="ow31b"></thead></ins></em>

              <div id="ow31b"></div>

              阿里云提示織夢DedeCMS uploadsafe.inc.php上傳漏洞的解決辦法

              很多將織夢dedecms安裝在阿里云的ecs的站長每次都會看到阿里云盾就會通知有一個上傳漏洞,引起的文件是/include/uploadsafe.inc.php文件,

              原因是dedecms原生提供一個"本地變量注冊"的模擬實現,原則上允許黑客覆蓋任意變量,就會導致被攻擊,下面告訴大家解決的辦法:

              我們找到并打開/include/uploadsafe.inc.php文件,在里面找到如下代碼:

               
              1 if(empty(${$_key.'_size'}))
              2     {
              3         ${$_key.'_size'} = @filesize($$_key);
              4     }

              在其下面添加如下代碼:

               
              1 $imtypes = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/xpng", "image/wbmp", "image/bmp");
              2     if(in_array(strtolower(trim(${$_key.'_type'})), $imtypes)){
              3         $image_dd = @getimagesize($$_key); if($image_dd == false){
              4             continue;
              5         }
              6         if (!is_array($image_dd)) {
              7             exit('Upload filetype not allow !');
              8         }
              9     }

              然后繼續在下面一點的位置找到如下代碼:

               
              1 $image_dd = @getimagesize($$_key);

              在其下面添加如下代碼:

               
              1 if($image_dd == false){ continue; }

              添加完成后保存并替換原來的文件即可,操作完成后就可以去阿里云后臺驗證這個漏洞了。

              山西11选5开奖结果