近期phpwind在一些安全檢測中會(huì)出現(xiàn)一個(gè)xss的漏洞，這個(gè)漏洞缺缺的說是“富文本存儲(chǔ)型XSS漏洞”。 漏洞描述： XSS是一種經(jīng)常出現(xiàn)在web應(yīng)用中的計(jì)算機(jī)安全漏洞，它允許惡意web用戶將代碼植入到提供給其它用戶使用的頁面中。比如這些代碼包括HTML代碼和客戶端腳本。攻擊者利用XSS漏洞旁路掉訪問控制 目前該漏洞還沒有什么危害 解決辦法： /src/library/ubb/PwUbbCode.php, 最底部的escapeUrl函數(shù)替換為： public static function escapeUrl($path) { if(!(strpos($path, 'http://')===0 || strpos($path, 'https://')===0)) { return ''; } //fixed bug ,http://www.網(wǎng)址.org/bugs/wooyun-2014-063613 $path = str_replace(array("<",">","&apos;","&#39;","&#34;","&quot;","'","\"",";"," "), array("%3c","%3e","%27","%27","%22","%22","%27","%22","%3b","%20"),$path); return $path; }       parseFlash函數(shù)替換為： public static function parseFlash($message, $convertStatus = 1) { if ($convertStatus) { return preg_replace("/\[flash(=(\d+?)\,(\d+?)(\,(0|1))?)?\]([^\[\<\(\r\n\"';]+?)\[\/flash\]/eis", "self::createPlayer('\\6','\\2','\\3','\\5','video')", $message, self::$_cvtimes); } return preg_replace("/\[flash(=(\d+?)\,(\d+?)(\,(0|1))?)?\]([^\[\<\(\r\n\"';]+?)\[\/flash\]/eis", "self::createFlashLink('\\6')", $message, self::$_cvtimes); }       res/js/dev/windeditor/plugins/insertVideo/plugin.js （如果存在） 和 res/js/build/windeditor/plugins/insertVideo/plugin.js，編輯器JS文件修復(fù)，查找：     function wysiwyg() { //var reg = /\[flash\s*(?:=\s*(\d+)\s*,\s*(\d+)\s*)?\]\s*(((?!")[\s\S])+?)(?:"[\s\S]*?)?\s*\[\/flash\]/ig; var reg = /\[flash=(\d+)\s*,(\d+)\s*,(\d+)\s*\]([\s\S]*?)\[\/flash\]/ig;   var html = $(editorDoc.body).html(); if(!reg.test(html)) { return; } html = html.replace(reg,function(all, $1, $2,$3,$4) { var width = $1, height = $2, auto_play = $3, url = $4; return '<p><img class="j_editor_video_content" style="border:1px dashed #ccc;background:#fffeee url('+ img_path +'video_48.png) center center no-repeat;" width="'+ width +'px" height="'+ height +'px" src="'+ img_path +'blank.gif" data-url="'+ url +'" data-width="'+ width +'" data-height="'+ height +'" data-auto="'+ auto_play +'"></p>'; }); $(editorDoc.body).html(html); }     將整個(gè)函數(shù)替換為：   function wysiwyg() { //var reg = /\[flash\s*(?:=\s*(\d+)\s*,\s*(\d+)\s*)?\]\s*(((?!")[\s\S])+?)(?:"[\s\S]*?)?\s*\[\/flash\]/ig; //var reg = /\[flash=(\d+)\s*,(\d+)\s*,(\d+)\s*\]([\s\S]*?)\[\/flash\]/ig; var reg = /\[flash=(\d+)\s*,(\d+)\s*,(\d+)\s*\]([^\[\<\(\r\n\"';]+?)\[\/flash\]/ig;   var html = $(editorDoc.body).html(); if(!reg.test(html)) { return; } html = html.replace(reg,function(all, $1, $2,$3,$4) { var width = $1, height = $2, auto_play = $3, url = $4; return '<p><img class="j_editor_video_content" style="border:1px dashed #ccc;background:#fffeee url('+ img_path +'video_48.png) center center no-repeat;" width="'+ width +'px" height="'+ height +'px" src="'+ img_path +'blank.gif" data-url="'+ url +'" data-width="'+ width +'" data-height="'+ height +'" data-auto="'+ auto_play +'"></p>'; }); $(editorDoc.body).html(html); } 無憂主機(jī)相關(guān)文章推薦閱讀： PHPWIND9.0出現(xiàn)支付寶驗(yàn)證簽名出錯(cuò) 如何將PHPWIND8.7程序網(wǎng)站升級(jí)9.0方法 PHPWIND9.0版塊列表顯示簡介和縮略圖方法 PHPWIND升級(jí)創(chuàng)始人頁面帳號(hào)登不上去的解決方法  

本文地址：http://www.gle-technology.com/phpwind/15046.html