Support » 意见建议 » 路径泄露漏洞

  • 受影响文件

    wp-includes/registration-functions.php
    wp-admin/admin-functions.php
    wp-admin/upgrade-functions.php
    wp-includes/class-snoopy.php
    wp-includes/registration.php
    wp-includes/rss-functions.php
    wp-includes/rss.php
    wp-includes/theme-compat/comments-popup.php
    wp-includes/theme-compat/comments.php
    wp-includes/theme-compat/footer.php
    wp-includes/theme-compat/header.php
    wp-includes/theme-compat/sidebar.php

    修复方法:

    ini_set('display_errors', false);

    在php.ini中关闭报错模式:在php.ini中设置display_error=Off。
    在以上受影响文件开始处加入如下代码:

    if ( !defined( 'ABSPATH' ) )
    {
    header( 'HTTP/1.1 403 Forbidden', true, 403 );
    die ('Please do not load this page directly. Thanks!');
    }

    最好快点出补丁吧

查看 1 回复 - 1 至 1 (总计 1)
  • 这个是 针对 。3.71 版本 其他版本未测试

    还有

    wp-includes/shortcodes.php 这个文件也是

查看 1 回复 - 1 至 1 (总计 1)
  • The topic ‘路径泄露漏洞’ is closed to new replies.