说最近网站底部多出了一个Power by DedeCms的超链接版权信息,但是该网友最近只是升级了0607更新补丁,其它的源代码并没有改动,而以前的文章页面并没有,看来是这次更新dedecms后才被加上去的。在了解问题缘由之后对更新补丁文件进行了研究。
查看了一下织梦官方的20130607常规安全补丁更新详细信息,主要更新文件是include/dedesql.class.php变量覆盖漏洞,将这个文件下载下来打开发现第588行至592行处有一段奇怪的代码,代码如下:
$arrs1 = array(0x63,0x66,0x67,0x5f,0x70,0x6f,0x77,0x65,0x72,0x62,0x79);
$arrs2 = array(0x20,0x3c,0x61,0x20,0x68,0x72,0x65,0x66,0x3d,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
0x77,0x77,0x77,0x2e,0x64,0x65,0x64,0x65,0x63,0x6d,0x73,0x2e,0x63,0x6f,0x6d,0x20,0x74,0x61,0x72,
0x67,0x65,0x74,0x3d,0x27,0x5f,0x62,0x6c,0x61,0x6e,0x6b,0x27,0x3e,0x50,0x6f,0x77,0x65,0x72,0x20,
0x62,0x79,0x20,0x44,0x65,0x64,0x65,0x43,0x6d,0x73,0x3c,0x2f,0x61,0x3e);
//特殊操作
if(isset($GLOBALS['arrs1']))
{
$v1 = $v2 = '';
for($i=0;isset($arrs1[$i]);$i++)
{
$v1 .= chr($arrs1[$i]);
}
for($i=0;isset($arrs2[$i]);$i++)
{
$v2 .= chr($arrs2[$i]);
}
$GLOBALS[$v1] .= $v2;
}
我们把上面这段代码注释后更新文章页面,页面底部多出的Power by DedeCms也被去除了,看来就是这段代码导致调用的cfg_powerby后面会自动添加版权链接。