• slider image 58
:::
ols3 - XOOPS 安全問題 | 2007-06-14 | 人氣:10378
phpmailer 是許多套件採用的 PHP 類別, 用來提供傳遞電子郵件的功能。

phpmailer 在 sendmail_send 函式的處理有 bug,可造成執行任意程式碼的漏洞。

修補方法: 利用 escapeshellcmd 和 escapeshellarg 做安全過濾。

方法一: 自行手動修改

XOOPS 2.0.x 的使用者,請編輯 class/mail/phpmailer/class.phpmailer.php

把:

function SendmailSend($header, $body) {
        if ($this->Sender != "")
            $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
        else    
            $sendmail = sprintf("%s -oi -t", $this->Sendmail);



function SendmailSend($header, $body) {
        if ($this->Sender != "")
            $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
        else    
            $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));



XOOPS 2.2.x 的使用者,請編輯 class/mail/phpmailer/class.phpmailer.php

把:

function sendmail_send($header, $body) {
        if ($this->Sender != "")
            $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
        else
            $sendmail = sprintf("%s -oi -t", $this->Sendmail);


改成:

function sendmail_send($header, $body) {
        if ($this->Sender != "")
            $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
        else
            $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));


====
方法二:

或者把以下的修正檔放入 class/mail/phpmailer 目錄中, 解壓覆蓋掉 class.phpmailer.php

XOOPS 2.0.x 的使用者,請下載:
http://xoops.tnc.edu.tw/uploads/xoops-2.0-phpmailer-class.zip

XOOPS 2.2.x 的使用者,請下載:
http://xoops.tnc.edu.tw/uploads/xoops-2.2-phpmailer-class.zip


消息來源:

http://h.root.tw/modules/news/article.php?storyid=40
03-13 TadNews 新聞+電子報模組 1.2...03-13 TadNews 新聞+電子報模組 1.2...
11-21 XOOPS 正體中文延伸計劃...11-21 XOOPS 正體中文延伸計劃...
網友個人意見,不代表本站立場,對於發言內容,由發表者自負責任。
發表者
樹狀展開
 

 Im happy I now registered

You actually make it seem so easy with your presentation but I find this topic to be really something which I think I would never understand. It seems too complicated and extremely broad for me. I'm looking forward for your next post, I will try to get the hang of it!

 

 Im glad I now registered

Hello there, I discovered your web site by the use of Google at the same time as looking for a comparable topic, your site got here up, it looks great. I've bookmarked it in my google bookmarks. Hi there, just turned into alert to your blog through Google, and located that it's really informative. I am gonna be careful for brussels. I'll be grateful if you continue this in future. Numerous other folks shall be benefited from your writing. Cheers!

 

 Just want to say Hi!

An outstanding share! I have just forwarded this onto a coworker who was doing a little research on this. And he actually ordered me dinner because I stumbled upon it for him... lol. So let me reword this.... Thank YOU for the meal!! But yeah, thanks for spending some time to talk about this matter here on your web site.

 

 Just want to say Hello!

Great beat ! I wish to apprentice while you amend your web site, how can i subscribe for a blog web site? The account aided me a acceptable deal. I had been a little bit acquainted of this your broadcast provided bright clear concept

 

 I am the new one

This excellent website really has all of the information I needed concerning this subject and didn't know who to ask.

 

 Im happy I now registered

Your style is very unique in comparison to other people I've read stuff from. Thank you for posting when you have the opportunity, Guess I'll just book mark this page.

 

 I am the new guy

Incredible! This blog looks just like my old one! It's on a entirely different topic but it has pretty much the same layout and design. Wonderful choice of colors!

 

 Just want to say Hello.

Incredible story there. What happened after? Thanks!

 

 I am the new one

I'm very happy to discover this web site. I wanted to thank you for your time just for this fantastic read!! I definitely appreciated every part of it and i also have you book marked to look at new stuff on your blog.

 

 I am the new one

This post presents clear idea for the new users of blogging, that really how to do blogging and site-building.

 

 Just wanted to say Hello.

Hey, I think your site might be having browser compatibility issues. When I look at your blog site in Ie, it looks fine but when opening in Internet Explorer, it has some overlapping. I just wanted to give you a quick heads up! Other then that, very good blog!

 

 I am the new guy

My coder is trying to persuade me to move to .net from PHP. I have always disliked the idea because of the expenses. But he's tryiong none the less. I've been using Movable-type on a variety of websites for about a year and am concerned about switching to another platform. I have heard fantastic things about blogengine.net. Is there a way I can import all my wordpress content into it? Any kind of help would be greatly appreciated!

 

 I am the new one

If you would like to obtain much from this article then you have to apply these methods to your won web site.

 

 Just wanted to say Hello!

It's not my first time to go to see this website, i am visiting this website dailly and take fastidious information from here everyday.

 

 Im happy I now registered

Howdy, i read your blog from time to time and i own a similar one and i was just wondering if you get a lot of spam feedback? If so how do you reduce it, any plugin or anything you can suggest? I get so much lately it's driving me insane so any support is very much appreciated.

 

 I am the new one

I don't know if it's just me or if everybody else experiencing issues with your website. It looks like some of the written text in your content are running off the screen. Can somebody else please comment and let me know if this is happening to them too? This might be a problem with my web browser because I've had this happen previously. Kudos

 

 Im glad I now signed up

Thanks for sharing such a good opinion, paragraph is fastidious, thats why i have read it fully

 

 I am the new guy

Hey there, You have done a great job. I will definitely digg it and personally suggest to my friends. I am confident they will be benefited from this web site.

 

 I am the new one

Pretty nice post. I just stumbled upon your weblog and wished to say that I have really enjoyed surfing around your blog posts. After all I will be subscribing to your rss feed and I hope you write again soon!

 

 I am the new girl

I know this web page provides quality dependent content and additional data, is there any other web page which provides these things in quality?

 

 I am the new one

Awesome article.

 

 I am the new guy

I think the admin of this website is in fact working hard in support of his web site, since here every information is quality based information.

 

 Im glad I finally registered

Incredible points. Great arguments. Keep up the amazing effort.

 

 Just wanted to say Hi!

you're in point of fact a excellent webmaster. The website loading pace is incredible. It kind of feels that you are doing any distinctive trick. Furthermore, The contents are masterpiece. you've done a fantastic task in this topic!

 

 Im glad I finally signed up

Wow that was odd. I just wrote an very long comment but after I clicked submit my comment didn't show up. Grrrr... well I'm not writing all that over again. Anyway, just wanted to say wonderful blog!

 

 I am the new guy

I do accept as true with all the ideas you've introduced on your post. They're really convincing and will definitely work. Nonetheless, the posts are too quick for beginners. Could you please prolong them a bit from next time? Thank you for the post.

 

 I am the new guy

I've read some good stuff here. Definitely price bookmarking for revisiting. I wonder how so much effort you set to create this sort of wonderful informative site.

 

 Im happy I now signed up

Hey there outstanding blog! Does running a blog like this take a great deal of work? I have virtually no expertise in coding however I was hoping to start my own blog in the near future. Anyways, if you have any suggestions or techniques for new blog owners please share. I understand this is off topic however I simply needed to ask. Thanks!

 

 I am the new guy

I love your blog.. very nice colors & theme. Did you design this website yourself or did you hire someone to do it for you? Plz respond as I'm looking to design my own blog and would like to find out where u got this from. thank you

 

 Just wanted to say Hello!

Does your blog have a contact page? I'm having problems locating it but, I'd like to send you an email. I've got some recommendations for your blog you might be interested in hearing. Either way, great website and I look forward to seeing it develop over time.

 

 Just want to say Hello.

This post is in fact a good one it helps new internet viewers, who are wishing in favor of blogging.

 

 I am the new guy

This piece of writing offers clear idea in favor of the new visitors of blogging, that genuinely how to do running a blog.

 

 I am the new girl

No matter if some one searches for his necessary thing, thus he/she wants to be available that in detail, therefore that thing is maintained over here.

 

 Im glad I finally registered

Great delivery. Sound arguments. Keep up the good work.

 

 I am the new girl

It's awesome to visit this site and reading the views of all mates concerning this piece of writing, while I am also eager of getting know-how.

 

 Just wanted to say Hi.

Hi there would you mind stating which blog platform you're working with? I'm going to start my own blog in the near future but I'm having a tough time selecting between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your design and style seems different then most blogs and I'm looking for something unique. P.S Apologies for getting off-topic but I had to ask!

 

 Just want to say Hi.

Hello to all, how is all, I think every one is getting more from this web page, and your views are good in favor of new viewers.

 

 Im glad I now registered

My brother suggested I might like this website. He was totally right. This post actually made my day. You cann't imagine simply how much time I had spent for this info! Thanks!

 

 Just want to say Hi!

Howdy I am so happy I found your website, I really found you by error, while I was browsing on Bing for something else, Anyways I am here now and would just like to say cheers for a marvelous post and a all round exciting blog (I also love the theme/design), I don’t have time to look over it all at the moment but I have book-marked it and also added your RSS feeds, so when I have time I will be back to read more, Please do keep up the fantastic work.

:::

即時留言簿


計數器

今天: 334334334
昨天: 510510510
總計: 2304182230418223041822304182230418223041822304182
http://www.xoopscube.jp/

XOOPS日本官方網站

http://www.xoopscube.jp/

[ more... ]