为了使dedeCMS更加强健,官方出了DedeCms(织梦)万能安全防护代码,针对上传作限制,全面解决挂马。有需要的手工在config_base.php里加上
打开config_base.php找到
//禁止用户提交某些特殊变量

$ckvs = Array('_GET','_POST','_COOKIE','_FILES');
foreach($ckvs as $ckv){
  if(is_array($$ckv)){
    foreach($$ckv AS $key => $value)
      if(eregi("^(cfg_|globals)",$key)) unset(${$ckv}[$key]);
  }
}

改为下面代码
//把get、post、cookie里的<? 替换成 <?
$ckvs = Array('_GET','_POST','_COOKIE');
foreach($ckvs as $ckv){
  if(is_array($$ckv)){
    foreach($$ckv AS $key => $value)
      if(!empty($value)){
        ${$ckv}[$key] = str_replace('<'.'?','&'.'lt;'.'?',$value);
        ${$ckv}[$key] = str_replace('?'.'>','?'.'&'.'gt;',${$ckv}[$key]);
      }
      if(eregi("^cfg_|globals",$key)) unset(${$ckv}[$key]);
  }
}

//检测上传的文件中是否有PHP代码,有直接退出处理
if (is_array($_FILES)) {
foreach($_FILES AS $name => $value){

${$name} = $value['tmp_name'];
$fp = @fopens(${$name},'r');