Browse Source

Merge pull request #45 from helloxz/dev

漏洞修复
pull/90/head 0.9.15
xiaoz 3 years ago committed by GitHub
parent
commit
1800cfe84e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 5
      data/update.log
  2. 13
      index.php
  3. 2
      version.txt

5
data/update.log

@ -34,4 +34,7 @@ CREATE INDEX on_options_key_IDX ON on_options ("key"); @@ -34,4 +34,7 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
1. 修复一处登录漏洞
20220221
1. 修复默认主题字体图标不显示
1. 修复默认主题字体图标不显示
20220225
1. 修复一处安全漏洞

13
index.php

@ -2,7 +2,6 @@ @@ -2,7 +2,6 @@
/**
* name:入口文件
*/
error_reporting(E_ALL^E_NOTICE^E_WARNING^E_DEPRECATED);
//获取控制器
$c = @$_GET['c'];
@ -43,5 +42,15 @@ if((!isset($c)) || ($c == '')){ @@ -43,5 +42,15 @@ if((!isset($c)) || ($c == '')){
}
else{
include_once("./controller/".$c.'.php');
//对请求参数进行过滤,同时检查文件是否存在
$c = str_replace('../','',$c);
$c = str_replace('./','',$c);
//控制器文件
$controller_file = "./controller/".$c.'.php';
if( file_exists($controller_file) ) {
include_once($controller_file);
} else{
exit('Controller not exist!');
}
}

2
version.txt

@ -1 +1 @@ @@ -1 +1 @@
v0.9.14-20220221
v0.9.15-20220225
Loading…
Cancel
Save