From d910f3e109478842657aa8eb9a0c7a2f7666b266 Mon Sep 17 00:00:00 2001 From: zyx0814 Date: Fri, 28 Sep 2018 12:39:29 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B7=AF=E7=94=B1=E5=86=85=E5=AE=9E=E7=8E=B0?= =?UTF-8?q?=E5=8F=82=E6=95=B0=E8=BF=87=E6=BB=A4=EF=BC=8C=E9=98=B2=E6=AD=A2?= =?UTF-8?q?xss?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/class/dzz/modroute.php | 23 ++++++++--------------- core/class/dzz/route.php | 10 +++++----- 2 files changed, 13 insertions(+), 20 deletions(-) diff --git a/core/class/dzz/modroute.php b/core/class/dzz/modroute.php index 57f0f03..c16985c 100644 --- a/core/class/dzz/modroute.php +++ b/core/class/dzz/modroute.php @@ -5,32 +5,25 @@ class Modroute{ public function run(&$params){ - global $_config; + global $_config,$action,$do; $return = false; - $action = !empty($params[$_config['action_name']]) ? $params[$_config['action_name']]:$_config['default_action']; - - $do = !empty($params[$_config['do_name']]) ? $params[$_config['do_name']]:''; - + $do = !empty($params[$_config['do_name']]) ? $params[$_config['do_name']]:''; if(!empty($action)){ - - if(!preg_match("/\w+/i",$action)) showmessage('undefined_action'); - - if(!preg_match("/\w+/i",$do) && $do !== '') showmessage('undefined_action'); + + if(!preg_match("/^\w+$/i",$action)) showmessage('undefined_action'); + if(!preg_match("/^\w+$/i",$do) && $do !== '') showmessage('undefined_action'); if(@!file_exists($file = DZZ_ROOT.CURSCRIPT.BS.CURMODULE.BS.OP_NAME.BS.$action.EXT) ){ - if(@!file_exists($file = DZZ_ROOT.CURSCRIPT.BS.CURMODULE.BS.OP.BS.$action.BS.$do.EXT)){ + if(@!file_exists($file = DZZ_ROOT.CURSCRIPT.BS.CURMODULE.BS.OP_NAME.BS.$action.BS.$do.EXT)){ - showmessage($file.lang('file_nonexistence',array('file'=>$file))); + showmessage($file.lang('file_nonexistence',array('file'=>htmlspecialchars($file)))); } } - - $return = include $file; + $params['route_file']=$file; } - if($return) return false; - else return true; } } \ No newline at end of file diff --git a/core/class/dzz/route.php b/core/class/dzz/route.php index f3c6fdd..5128be4 100644 --- a/core/class/dzz/route.php +++ b/core/class/dzz/route.php @@ -34,7 +34,7 @@ class Route{ foreach($patharr as $path){ - if(!preg_match("/\w+/i",$path)) showmessage(lang('undefined_action')); + if(!preg_match("/^\w+$/i",$path)) showmessage(lang('undefined_action')); } $modfile='./'.CURSCRIPT.'/'.str_replace(':','/',$mod).'/'.($op?$op:'index').EXT; @@ -44,22 +44,22 @@ class Route{ //兼容老版 if(@!file_exists($modfile='./'.CURSCRIPT.'/'.CURSCRIPT.'_'.str_replace(':','/',$mod).EXT)){ - showmessage($modfile.lang('file_nonexistence',array('modfile'=>$modfile))); + showmessage($modfile.lang('file_nonexistence',array('modfile'=>htmlspecialchars($modfile)))); } } }else{ - if(!preg_match("/\w+/i",$mod) && $mod !== '') showmessage('undefined_action'); + if(!preg_match("/^\w+$/i",$mod) && $mod !== '') showmessage('undefined_action'); - if(!preg_match("/\w+/i",$op)) showmessage('undefined_action'); + if(!preg_match("/^\w+$/i",$op)) showmessage('undefined_action'); if(@!file_exists(DZZ_ROOT.($modfile = './'.CURSCRIPT.'/'.$mod.'/'.$op.EXT)) && @!file_exists(DZZ_ROOT.($modfile = './'.CURSCRIPT.'/'.$mod.'/'.$mod.EXT))) { //兼容老版 if(@!file_exists($modfile='./'.CURSCRIPT.'/'.$mod.EXT)){ - showmessage(lang('file_nonexistence',array('modfile'=>$modfile))); + showmessage(lang('file_nonexistence',array('modfile'=>htmlspecialchars($modfile)))); } }