|
- UID
- 137
- 帖子
- 2927
- 豆豆
- 2318 个
- 豆腐
- 0 块
- 阅读权限
- 150
- 性别
- 男
- 在线时间
- 344 小时
- 注册时间
- 2006-10-14
- 最后登录
- 2010-9-2
  
|
楼主
发表于 2010-2-8 12:43
| 只看该作者
[重要更新通知]鉴于fckeditor编辑器的漏洞,SHL3.8在2010.02.08号更新内容
本帖最后由 ysuny 于 2010-2-8 13:49 编辑
通知更新内容如下:
如果您使用的是SHLCMS PHP版本而且是在2010.02.08月之前的版本(包括PHP双语测试版本),请尽快更新以下内容。
更新方法1:请下载下面附件edtor.rar文件,并解压覆盖您程序 "根目录\editor\editor\filemanager\upload"下所有内容。切记,不是程序 跟目录下的upload,看清楚路径 ,别覆盖错了
更新方法2:用dreamweaver或editplus工具打开 "根目录\editor\editor\filemanager\upload\php\config.php"打开,在最后一行 ?> 之前插入以下代码- $Config['AllowedExtensions']['Media'] = array('swf','fla','jpg','gif','jpeg','png','avi','mpg','mpeg','flv') ;
- $Config['DeniedExtensions']['Media'] = array() ;
更新方法3:将config.php文件整个更新为- <?php
- /*
- * FCKeditor - The text editor for Internet - http://www.fckeditor.net
- * Copyright (C) 2003-2007 Frederico Caldeira Knabben
- *
- * == BEGIN LICENSE ==
- *
- * Licensed under the terms of any of the following licenses at your
- * choice:
- *
- * - GNU General Public License Version 2 or later (the "GPL")
- * http://www.gnu.org/licenses/gpl.html
- *
- * - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
- * http://www.gnu.org/licenses/lgpl.html
- *
- * - Mozilla Public License Version 1.1 or later (the "MPL")
- * http://www.mozilla.org/MPL/MPL-1.1.html
- *
- * == END LICENSE ==
- *
- * File Name: config.php
- * Configuration file for the PHP File Uploader.
- *
- * File Authors:
- * Frederico Caldeira Knabben (www.fckeditor.net)
- */
- global $Config ;
- // SECURITY: You must explicitelly enable this "uploader".
- $Config['Enabled'] = true ;
- // Set if the file type must be considere in the target path.
- // Ex: /userfiles/image/ or /userfiles/file/
- $Config['UseFileType'] = true ;
- // Path to uploaded files relative to the document root.
- $Config['UserFilesPath'] = ROOTPATH.'/upload/' ;
- // Fill the following value it you prefer to specify the absolute path for the
- // user files directory. Usefull if you are using a virtual directory, symbolic
- // link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
- // Attention: The above 'UserFilesPath' must point to the same directory.
- $Config['UserFilesAbsolutePath'] = '' ;
- // Due to security issues with Apache modules, it is reccomended to leave the
- // following setting enabled.
- $Config['ForceSingleExtension'] = true ;
- $Config['AllowedExtensions']['File'] = array() ;
- $Config['DeniedExtensions']['File'] = array('html','htm','php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi','htaccess','asis') ;
- $Config['AllowedExtensions']['Image'] = array('jpg','gif','jpeg','png') ;
- $Config['DeniedExtensions']['Image'] = array() ;
- $Config['AllowedExtensions']['Flash'] = array('swf','fla') ;
- $Config['DeniedExtensions']['Flash'] = array() ;
- $Config['AllowedExtensions']['Media'] = array('swf','fla','jpg','gif','jpeg','png','avi','mpg','mpeg','flv') ;
- $Config['DeniedExtensions']['Media'] = array() ;
- ?>
|
-
-
upload.rar (17.13 KB)
哎!从一品官降到了二品!难到明天就是三品?究竟是升还是降哇
 |
|
发表于 2010-2-8 12:59
| 
