ThinkSNS 2.8 arbitrary file upload vulnerability and fix-vulnerability warning-the black bar safety net

Microblogging upload pictures only in the front end for validation, the server side does not perform the security filtering. \api\StatusesApi.class.php function uploadpic if $FILES'pic' //Perform the upload operation $develop this program specifically = $this-getSaveTempPath; $filename = md5...