修正sessionid检查的一处隐患

top-think · Jan 10, 2020 · 1bbe750 · 1bbe750
1 parent a30ecc0
commit 1bbe750
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/think/session/Store.php b/src/think/session/Store.php
@@ -118,7 +118,7 @@ public function getName(): string
      */
     public function setId($id = null): void
     {
-        $this->id = is_string($id) && strlen($id) === 32 ? $id : md5(microtime(true) . session_create_id());
+        $this->id = is_string($id) && strlen($id) === 32 && ctype_alnum($id) ? $id : md5(microtime(true) . session_create_id());
     }
 
     /**