dedecms的变量覆盖漏洞导致注入漏洞怎么办

dedecms的变量覆盖漏洞导致注入漏洞怎么办？

dedecms的变量覆盖漏洞导致注入漏洞

推荐学习：织梦cms

文件是：include/filter.inc.php

防御方法

/include/filter.inc.php

$magic_quotes_gpc=ini_get('magic_quotes_gpc');function_FilterAll($fk,&$svar){global$cfg_notallowstr,$cfg_replacestr;if(is_array($svar)){foreach($svaras$_k=>$_v){$svar[$_k]=_FilterAll($fk,$_v);}}else{if($cfg_notallowstr!=''&&preg_match("#".$cfg_notallowstr."#i",$svar)){ShowMsg("$fkhasnotallowwords!",'-1');exit();}if($cfg_replacestr!=''){$svar=preg_replace('/'.$cfg_replacestr.'/i',"***",$svar);}}if(!$magic_quotes_gpc){$svar=addslashes($svar);}returnaddslashes($svar);//return$svar;}