我一直在尝试找出为什么当我使用 ProFTPd 1.3.5b 上传全新的 wordpress 安装时文件会被注入不属于文件的额外字符。
据/wp-includes/functions.php
我所见
这些是我迄今为止注射的药物
第 569 行:
foreach ( $pung as $link_test ) {
if ( ! in_array( $link_test, $post_links_temp ) ) { // link no longer in post
$mids = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE %s", $post_ID, $wpdb->esc_like( $link_test ) . '%') );
t // <--- this "t" is added
foreach ( $mids as $mid )
delete_metadata_by_mid( 'post', $mid );
}
}
行 ~1780
function win_is_writable( $path ) {
if ( $path[strlen( $path ) - 1] == '/' ) { // if it looks like a directory, check a random file within the directory
return win_is_writable( $path . uniqid( mt_rand() ) . '.tmp');
} elseif ( is_dir( $path ) ) { // If it's a directory (and not a file) check a random file within the directory
return win_is_writable( $path . '/' . uniqid( mt_rand() ) . '.tmp' );
}
// check tmp file for read/write capabilities
$should_delete_tmp_file = !file_exists( $path );
$f = @fopen( $path, 'a' );
if ( $f === false )
return false;
fclose( $f );
if ( $should_delete_tmp_file )
unlink( $path );
return true;
}
e // <-- this "e" is added
行 ~2677
.button:active {
background: #eee;
border-color: #999;
-webkit-box-shadow: inset 0 2px 5px -3px rgba( 0, 0, 0, 0.5 );
box-shadow: inset 0 2px 5px -3px rgba( 0, 0, 0, 0.5 );
-webkit-transform: translateY(1px);
-ms-transform: translateY(1px);
transform: translateY(1px);
}
o /* <-- this "o" is added */
<?php
if ( 'rtl' == $text_direction ) {
echo 'body { font-family: Tahoma, Arial; }';
}
行 ~3332
function wp_list_filter( $list, $args = array(), $operator = 'AND' ) {
if ( ! is_array( $list ) )
return array();
if ( empty( $args ) )
return $list;
$operator = strtoupper( $operator );
$count = count( $args );
o // <-- this "o" is added
$filtered = array();
foreach ( $list as $key => $obj ) {
$to_match = (array) $obj;
$matched = 0;
foreach ( $args as $m_key => $m_value ) {
if ( array_key_exists( $m_key, $to_match ) && $m_value == $to_match[ $m_key ] )
$matched++;
}
if ( ( 'AND' == $operator && $matched == $count )
|| ( 'OR' == $operator && $matched > 0 )
|| ( 'NOT' == $operator && 0 == $matched ) ) {
$filtered[$key] = $obj;
}
}
return $filtered;
}
行 ~3719
function _deprecated_argument( $function, $version, $message = null ) {
i // <-- this "i" is added
/**
* Fires when a deprecated argument is called.
*
* @since 3.0.0
*
* @param string $function The function that was called.
* @param string $message A message regarding the change.
* @param string $version The version of WordPress that deprecated the argument used.
*/
do_action( 'deprecated_argument_run', $function, $message, $version );
/**
* Filter whether to trigger an error for deprecated arguments.
*
* @since 3.0.0
*
* @param bool $trigger Whether to trigger the error for deprecated arguments. Default true.
*/
if ( WP_DEBUG && apply_filters( 'deprecated_argument_trigger_error', true ) ) {
if ( function_exists( '__' ) ) {
if ( ! is_null( $message ) )
trigger_error( sprintf( __('%1$s was called with an argument that is <strong>deprecated</strong> since version %2$s! %3$s'), $function, $version, $message ) );
else
trigger_error( sprintf( __('%1$s was called with an argument that is <strong>deprecated</strong> since version %2$s with no alternative available.'), $function, $version ) );
} else {
if ( ! is_null( $message ) )
trigger_error( sprintf( '%1$s was called with an argument that is <strong>deprecated</strong> since version %2$s! %3$s', $function, $version, $message ) );
else
trigger_error( sprintf( '%1$s was called with an argument that is <strong>deprecated</strong> since version %2$s with no alternative available.', $function, $version ) );
}
}
}
我通过端口 21 连接,常规 ftp(不是 sftp 或 tls)。也没有使用被动模式。
答案1
对于遇到此行为的其他人来说,这是由于ProFTPD 错误#4237,并且已经修复。
希望这可以帮助!