修復(fù)方法:
修復(fù)文件 application\wap\controller\Login
public function index($ref = '', $spread_uid = 0)
{
$isWechat = UtilService::isWechatBrowser();
$appid = SystemConfigService::get('wechat_appid');
if ($ref) {
$host_url = $_SERVER['HTTP_HOST'];
$ref = $this->getController($ref,$host_url);
}
$this->assign(['appid' => $appid, 'ref' => $ref, 'spread_uid' => $spread_uid, 'isWechat' => $isWechat, 'Auth_site_name' => SystemConfigService::get('site_name')]);
return $this->fetch();
}
/**
* 檢查控制器是否存在
* @param $ref
* @param $host_url
* @return string
*/
public function getController($ref, $host_url)
{
$site_url = SystemConfigService::get('site_url');
$ref = htmlspecialchars_decode(base64_decode($ref));
$url = parse_url($ref);
if (!in_array($url['scheme'] . '://' . $url['host'], [$host_url, $site_url])) $ref = '';
$path = explode('/',$url['path']);
if($path[1] != 'wap') $ref = '';
if($path[2] == '') $ref = '';
$name = strtolower($path[2]);
$nameAll = ['activity','alipay','article','callback','index','live','material','member','merchant','my','service','special','spread','store','topic'];
if (!in_array($name, $nameAll)) $ref = '';
if($path[3] == '') $ref = '';
return $ref;
}或者下載下面文件覆蓋
