织梦dedecms二维码XSS跨站脚本漏洞

dedecms v5.7 qrcode二维码XSS跨站脚本漏洞修复:

打开 /plus/qrcode.php 找到,大概在第8行

$type = isset($type)? $type : '';

修改为:

$type = isset($type)? RemoveXSS(HtmlReplace($type,3)) : '';

 

THE END