thinkphp5.0漏洞

PHP · 2022-11-15

查找 $controller = strip_tags($result[1] ?: $config['default_controller']); 后面新增代码如下:

if (!preg_match('/^[A-Za-z][\w\.]*$/', $controller)) { throw new HttpException(404, 'controller not exists:' . $controller); }

参考1
参考2

Theme Jasmine by Kent Liao