Skip to content

Commit

Permalink
update src/apps/mytag_js.php.
Browse files Browse the repository at this point in the history 
通过关键字符过滤,修复了mytag_js.php中存在的任意文件上传漏洞,避免了后续的命令执行漏洞

Signed-off-by: 再遇雌鹿 <[email protected]>
  • Loading branch information
@Northind @gitee-org
Northind authored and gitee-org committed Feb 20, 2023
1 parent fec34a6 commit ff225a5
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions src/apps/mytag_js.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
$myvalues = str_replace('"', '\"', $myvalues);
$myvalues = str_replace("\r", "\\r", $myvalues);
$myvalues = str_replace("\n", "\\n", $myvalues);
$myvalues = str_replace("<?", "", $myvalues);
$myvalues = "<!--\r\ndocument.write(\"{$myvalues}\");\r\n-->\r\n";
file_put_contents($cacheFile, $myvalues);
}
Expand Down

0 comments on commit ff225a5

Please sign in to comment.