第1处漏洞,api/uc.php (237行)
if(is_array($post)) {
foreach($post as $k => $v) {
$data[‘findpattern’][$k] = $v[‘findpattern’];
$data[‘replace’][$k] = $v[‘replacement’];
foreach内容替换为:
if(substr($v[‘findpattern’], 0, 1) != ‘/’ || substr($v[‘findpattern’], -3) != ‘/is’) {
$v[‘findpattern’] = ‘/’ . preg_quote($v[‘findpattern’], ‘/’) . ‘/is’;
$data[‘findpattern’][$k] = $v[‘findpattern’];
$data[‘replace’][$k] = $v[‘replacement’];
}
第2处漏洞,/api/uc.php(278行)
$UC_API = $post[‘UC_API’];
替换为
$UC_API = ”;
if($post[‘UC_API’]) {
$UC_API = str_replace(array(‘\”, ‘”‘, ‘\\’, “\0”, “\n”, “\r”), ”, $post[‘UC_API’]);
unset($post[‘UC_API’]);
}
第3处漏洞,/api/uc.php (215行)
$configfile = preg_replace
替换为下面的内容
$configfile = preg_replace(“/define\(‘UC_API’,\s*’.*?’\);/i”, “define(‘UC_API’, ‘”.addslashes($UC_API).”‘);”, $configfile);
