1.common.inc.php
解决方法:
打开include/uploadsafe.inc.php文件
(1)找到第8行左右或者搜索 : $cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml";
改为
$cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml|htm|html";
(2)找到五十五行左右或搜索:$image_dd = @getimagesize($$_key);
下面增加一行代码if($image_dd == false){ continue; }
保存就ok了,记得备份原文件哦
2.uploadsafe.inc.php
临时解决方法:
打开 /include/common.inc.php 在101行左右找到注册变量的代码
foreach(Array('_GET','_POST','_COOKIE') as $_request)
{
foreach($$_request as $_k => $_v)
{
if($_k == 'nvarname') ${$_k} = $_v;
else ${$_k} = _RunMagicQuotes($_v);
}
}
修改为
foreach(Array('_GET','_POST','_COOKIE') as $_request)
{
foreach($$_request as $_k => $_v) {
if( strlen($_k)>0 && eregi('^(cfg_|GLOBALS)',$_k) ){
exit('Request var not allow!');
}
${$_k} = _RunMagicQuotes($_v);
}
}
3.alipay.php
解决方法
打开/include/payment/alipay.php 在137行左右找到代码
$order_sn = trim($_GET['out_trade_no']); 改为 $order_sn = trim(addslashes($_GET['out_trade_no']));
常见的三个阿里报错漏洞,可参考一下