織夢dedecms漏洞修復記
阿新 • • 發佈:2019-02-06
elseif ($dopost == 'save') { if(isset($mtypeidarr) && is_array($mtypeidarr)) { $delids = '0'; $mtypeidarr = array_filter($mtypeidarr, 'is_numeric'); foreach($mtypeidarr as $delid) { $delids .= ','.$delid; unset($mtypename[$delid]); } $query = "delete from `dede_mtypes` where mtypeid in ($delids) and mid='$cfg_ml->M_ID';"; $dsql->ExecNoneQuery($query); } //通過$mtypename進行key注入 foreach ($mtypename as $id => $name) { $name = HtmlReplace($name); /* 對$id進行規範化處理 */ $id = intval($id); /* */ $query = "update `dede_mtypes` set mtypename='$name' where mtypeid='$id' and mid='$cfg_ml->M_ID'"; die(var_dump($query)); $dsql->ExecuteNoneQuery($query); } ShowMsg('分類修改完成','mtypes.php'); }
12,/member/inc/inc_archives_functions.phpdedecms cookies洩漏導致SQL漏洞