close

修正1)
---------------------------------------
WF-Downloads 2.0.5a 正體中文版
的 "熱門檔案" 與 " 評比排行 " 選項會產生以下錯誤訊息,可將30行與31行的 $this 都改成 $thisselected 就可解決!!
Fatal error: Cannot re-assign $this in C:\Program Files\xampp\htdocs\xoops223\modules\wfdownloads\topten.php on line 30
原來
$this = $action_array[$sort];
$sortDB = $list_array[$this];
改正後
$thisselected = $action_array[$sort];
$sortDB = $list_array[$thisselected];
------------------------------------------------
修正2)--wfdownloads\viewcat.php--針對WF-Downloads 2.0.5 SQL injection 漏洞
-------------------------------------------------
WF-Downloads 2.0.5 SQL injection 漏洞修補法:
(20051115 by ols3@root.tw)
修改 viewcat.php
大約在 116 列
尋找:
if (isset($_GET['selectdate']))
{
$sql .= "WHERE TO_DAYS(FROM_UNIXTIME(published)) = TO_DAYS(FROM_UNIXTIME(" . $_GET['selectdate'] . "))
}
加入:
if (strlen(addslashes($_GET['selectdate']))>11) $_GET['selectdate']="1132019325";
變成:
if (isset($_GET['selectdate']))
{
if (strlen(addslashes($_GET['selectdate']))>11) $_GET['selectdate']="1132019325";
$sql .= "WHERE TO_DAYS(FROM_UNIXTIME(published)) = TO_DAYS(FROM_UNIXTIME(" . $_GET['selectdate'] . "))
}
===================================================
大約在 123 列
尋找:
} elseif (isset($_GET['list']))
{
$sql .= "WHERE title LIKE '" . $_GET['list'] . "%' AND published > 0 AND
加入:
if (strlen(addslashes($_GET['list']))!=1) { $_GET['list']=0; }
變成:
} elseif (isset($_GET['list']))
{
if (strlen(addslashes($_GET['list']))!=1) { $_GET['list']=0; }
$sql .= "WHERE title LIKE '" . $_GET['list'] . "%' AND published > 0 AND
----------------------------------------------------------------

引用自: ::軟硬體資料庫:: (http://p5.no-ip.org/xoops2013/modules/news/index.php?storytopic=1)

arrow
arrow
    全站熱搜
    創作者介紹
    創作者 harry0725 的頭像
    harry0725

    Harry

    harry0725 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄