找到/include/filter.inc.php。搜索function_FilterAll($fk,&$svar),并修改为如下代码:
function _FilterAll($fk,&$svar) {
global $cfg_notallowstr,$cfg_replacestr;
if( is_array($svar) )
{
foreach($svar as $_k => $_v)
{
$svar[$_k] = _FilterAll($fk,$_v);
}
}
else
{
if($cfg_notallowstr!='' && eregi($cfg_notallowstr,$svar))
{
ShowMsg(" $fk has not allow words!",'-1');
exit();
}
if($cfg_replacestr!='')
{
$svar = eregi_replace($cfg_replacestr,"***",$svar);
}
}
//未对外部提交的数据进行有效转义,重新造成本地变量注入
return $svar;
}
foreach(Array('_GET','_POST','_COOKIE') as $_request)
{
foreach($$_request as $_k => $_v)
{
${$_k} = _FilterAll($_k,$_v);
}
}
保存收后上传。