新闻中心

phpwind9.0安全监测出现xss漏洞解决方法

作者 / 时间 2014-07-24 17:59:05

近期phpwind在一些安全检测中会出现一个xss的漏洞,这个漏洞缺缺的说是“富文本存储型XSS漏洞”。 漏洞描述: XSS是一种经常出现在web应用中的计算机安全漏洞,它允许恶意web用户将代码植入到提供给其它用户使用的页面中。比如这些代码包括HTML代码和客户端脚本。攻击者利用XSS漏洞旁路掉访问控制 目前该漏洞还没有什么危害 解决办法: /src/library/ubb/PwUbbCode.php, 最底部的escapeUrl函数替换为: public static function escapeUrl($path) { if(!(strpos($path, 'http://')===0 || strpos($path, 'https://')===0)) { return ''; } //fixed bug ,http://www.网址.org/bugs/wooyun-2014-063613 $path = str_replace(array("<",">","&apos;","&#39;","&#34;","&quot;","'","\"",";"," "), array("%3c","%3e","%27","%27","%22","%22","%27","%22","%3b","%20"),$path); return $path; }       parseFlash函数替换为: public static function parseFlash($message, $convertStatus = 1) { if ($convertStatus) { return preg_replace("/\[flash(=(\d+?)\,(\d+?)(\,(0|1))?)?\]([^\[\<\(\r\n\"';]+?)\[\/flash\]/eis", "self::createPlayer('\\6','\\2','\\3','\\5','video')", $message, self::$_cvtimes); } return preg_replace("/\[flash(=(\d+?)\,(\d+?)(\,(0|1))?)?\]([^\[\<\(\r\n\"';]+?)\[\/flash\]/eis", "self::createFlashLink('\\6')", $message, self::$_cvtimes); }       res/js/dev/windeditor/plugins/insertVideo/plugin.js (如果存在) 和 res/js/build/windeditor/plugins/insertVideo/plugin.js,编辑器JS文件修复,查找:     function wysiwyg() { //var reg = /\[flash\s*(?:=\s*(\d+)\s*,\s*(\d+)\s*)?\]\s*(((?!")[\s\S])+?)(?:"[\s\S]*?)?\s*\[\/flash\]/ig; var reg = /\[flash=(\d+)\s*,(\d+)\s*,(\d+)\s*\]([\s\S]*?)\[\/flash\]/ig;   var html = $(editorDoc.body).html(); if(!reg.test(html)) { return; } html = html.replace(reg,function(all, $1, $2,$3,$4) { var width = $1, height = $2, auto_play = $3, url = $4; return '<p><img class="j_editor_video_content" style="border:1px dashed #ccc;background:#fffeee url('+ img_path +'video_48.png) center center no-repeat;" width="'+ width +'px" height="'+ height +'px" src="'+ img_path +'blank.gif" data-url="'+ url +'" data-width="'+ width +'" data-height="'+ height +'" data-auto="'+ auto_play +'"></p>'; }); $(editorDoc.body).html(html); }     将整个函数替换为:   function wysiwyg() { //var reg = /\[flash\s*(?:=\s*(\d+)\s*,\s*(\d+)\s*)?\]\s*(((?!")[\s\S])+?)(?:"[\s\S]*?)?\s*\[\/flash\]/ig; //var reg = /\[flash=(\d+)\s*,(\d+)\s*,(\d+)\s*\]([\s\S]*?)\[\/flash\]/ig; var reg = /\[flash=(\d+)\s*,(\d+)\s*,(\d+)\s*\]([^\[\<\(\r\n\"';]+?)\[\/flash\]/ig;   var html = $(editorDoc.body).html(); if(!reg.test(html)) { return; } html = html.replace(reg,function(all, $1, $2,$3,$4) { var width = $1, height = $2, auto_play = $3, url = $4; return '<p><img class="j_editor_video_content" style="border:1px dashed #ccc;background:#fffeee url('+ img_path +'video_48.png) center center no-repeat;" width="'+ width +'px" height="'+ height +'px" src="'+ img_path +'blank.gif" data-url="'+ url +'" data-width="'+ width +'" data-height="'+ height +'" data-auto="'+ auto_play +'"></p>'; }); $(editorDoc.body).html(html); } 无忧主机相关文章推荐阅读: PHPWIND9.0出现支付宝验证签名出错 如何将PHPWIND8.7程序网站升级9.0方法 PHPWIND9.0版块列表显示简介和缩略图方法 PHPWIND升级创始人页面帐号登不上去的解决方法  

本文地址:https://www.51php.com/phpwind/15046.html

1
1
1
1
1
1
1