THINKPHP安全漏洞

ec87e7f1 · LiuJunYi · 26d04e02 · ec87e7f1 · ec87e7f1
Commit ec87e7f1 authored Dec 14, 2018 by LiuJunYi
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletions

application/admin/view/region/index.html
+1 -1

thinkphp/library/think/App.php
+3 -0

No files found.
--- a/application/admin/view/region/index.html
+++ b/application/admin/view/region/index.html
@@ -5,7 +5,7 @@
 <link rel="stylesheet" href="https://cdn.bootcss.com/jquery-treegrid/0.2.0/css/jquery.treegrid.min.css">
 <section class="wrapper">
-    <h3><i class="fa fa-angle-right"></i> 城市管理</h3>
+    <h3><i class="fa fa-angle-right"></i> 区域管理</h3>
    <!-- 分割线 -->
    <hr>

--- a/thinkphp/library/think/App.php
+++ b/thinkphp/library/think/App.php
@@ -552,6 +552,9 @@ class App
        // 获取控制器名
        $controller = strip_tags($result[1] ?: $config['default_controller']);
        $controller = $convert ? strtolower($controller) : $controller;
+        if (!preg_match('/^[A-Za-z](\w|\.)*$/', $controller)) {
+            throw new HttpException(404, 'controller not exists:' . $controller);
+        }
        // 获取操作名
        $actionName = strip_tags($result[2] ?: $config['default_action']);