Browse Source

Merge pull request #45 from helloxz/dev

漏洞修复
pull/90/head 0.9.15
xiaoz 3 years ago committed by GitHub
parent
commit
1800cfe84e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 3
      data/update.log
  2. 13
      index.php
  3. 2
      version.txt

3
data/update.log

@ -35,3 +35,6 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
20220221 20220221
1. 修复默认主题字体图标不显示 1. 修复默认主题字体图标不显示
20220225
1. 修复一处安全漏洞

13
index.php

@ -2,7 +2,6 @@
/** /**
* name:入口文件 * name:入口文件
*/ */
error_reporting(E_ALL^E_NOTICE^E_WARNING^E_DEPRECATED); error_reporting(E_ALL^E_NOTICE^E_WARNING^E_DEPRECATED);
//获取控制器 //获取控制器
$c = @$_GET['c']; $c = @$_GET['c'];
@ -43,5 +42,15 @@ if((!isset($c)) || ($c == '')){
} }
else{ else{
include_once("./controller/".$c.'.php'); //对请求参数进行过滤,同时检查文件是否存在
$c = str_replace('../','',$c);
$c = str_replace('./','',$c);
//控制器文件
$controller_file = "./controller/".$c.'.php';
if( file_exists($controller_file) ) {
include_once($controller_file);
} else{
exit('Controller not exist!');
}
} }

2
version.txt

@ -1 +1 @@
v0.9.14-20220221 v0.9.15-20220225
Loading…
Cancel
Save