远程thinkphp代码:
更新漏洞后代码:
// 获取控制器名 $controller = strip_tags($result[1] ?: $config['default_controller']); if (!preg_match('/^[A-Za-z](w)*$/', $controller)) { throw new HttpException(404, 'controller not exists:' . $controller); } $controller = $convert ? strtolower($controller) : $controller;
