From 24b4c9468eb3898f30f207d867c90d3476a78d58 Mon Sep 17 00:00:00 2001
From: qfdong-github <qfdong@yeah.net>
Date: Thu, 20 Aug 2020 08:30:03 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dbug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

修复bug
---
 src/plus/guestbook/edit.inc.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/plus/guestbook/edit.inc.php b/src/plus/guestbook/edit.inc.php
index 0e957d7..1be5341 100755
--- a/src/plus/guestbook/edit.inc.php
+++ b/src/plus/guestbook/edit.inc.php
@@ -2,7 +2,7 @@
 /**
  * @version        $Id: edit.inc.php 1 10:06 2010-11-10 tianya $
  * @package        DedeCMS.Site
- * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
+ * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
  * @license        http://help.dedecms.com/usersguide/license.html
  * @link           http://www.dedecms.com
  */
@@ -52,6 +52,10 @@ else if($job=='editok')
         }
     }
 	$msg = HtmlReplace($msg, -1);
+	/*
+	漏洞描述：dedecms留言板注入漏洞。
+	*/
+	$msg = addslashes($msg);
     $dsql->ExecuteNoneQuery("UPDATE `#@__guestbook` SET `msg`='$msg', `posttime`='".time()."' WHERE id='$id' ");
     ShowMsg("成功更改或回复一条留言！", $GUEST_BOOK_POS);
     exit();