Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
5 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
b797d72
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
b797d72
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
开源软件的尴尬就在这里,自己发现了漏洞,却在发布后被攻击者利用了
b797d72
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
5.0.7按这个添加代码后, 报404了
b797d72
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
5.0.7按这个添加代码后, 报404了
b797d72
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
5.0.按这个添加代码后, 报404了
b797d72
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
同样404
b797d72
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
一定要多多关注安全更新。
不开源的漏洞更加无法想象。
b797d72
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
多级控制器 这个正则表达式是不对的,改一下正则表达式
if (!preg_match('/^[A-Za-z][\w\.]*$/', $controller)) { throw new HttpException(404, 'controller not exists:' . $controller); }
b797d72
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
最新的代码提交 修正过多级控制器的问题
b797d72
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个正则表达式, 确实存在问题.
(\w)这个捕获分组是没有意义的
这里应该采用占用优先匹配, 来提高效率. 避免回溯.
下面这种方式, 会更好一些.
b797d72
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
被这个漏洞给投诉了
b797d72
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ThinkPHP 修复后你没有更新吗?
多多关注开源社区。
b797d72
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这两天公司网站服务器被埋了挖矿脚本,我们追溯发现很可能就是这个漏洞被利用了。