DedeCms 万能安全防护代码

参考:http://bbs.dedecms.com/read.php?tid=15538
添加到include/common.inc.php

//把get、post、cookie里的<? 替换成 <?
$ckvs=Array('_GET','_POST','_COOKIE');foreach($ckvs as $ckv){if(is_array($$ckv)){foreach($$ckv as $key=>$value)if(!empty($value)){${$ckv}[$key]=str_replace('<'.'?','&'.'lt;'.'?',$value);${$ckv}[$key]=str_replace('?'.'>','?'.'&'.'gt;',${$ckv}[$key]);}if(eregi("^cfg_|globals",$key))unset(${$ckv}[$key]);}}
//检测上传的文件中是否有PHP代码,有直接退出处理
if(is_array($_FILES)){foreach($_FILES as $name=>$value){${$name}=$value['tmp_name'];$fp=@fopen(${$name},'r');$fstr=@fread($fp,filesize(${$name}));@fclose($fp);if($fstr!=''&&ereg("<\?",$fstr)){echo "你上传的文件中含有危险内容,程序终止处理!";exit();}}}

update:2014年2月11日10:43:55
发现一个好工具:DedeCMS顽固木马后门专杀工具 V 2.0
http://bbs.anquan.org/forum.php?mod=viewthread&tid=11504

Related posts:

Leave a Reply

Your email address will not be published.