< 文章详情

PHPCMS v9.6.3存在文件包含漏洞的修复方法

2019/8/2 429次
修复方法:

phpcms\libs\classes\param.class.php
phpsso_server\phpcms\libs\classes\param.class.php

源代码:
public static function get_cookie($var, $default = '') {
$var = pc_base::load_config('system','cookie_pre').$var;
$value = isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'DECODE', md5(PC_PATH.'cookie'.$var).pc_base::load_config('system','auth_key')) : $default;
if(in_array($var,array('_userid','userid','siteid','_groupid','_roleid'))) {
$value = intval($value);
} elseif(in_array($var,array('_username','username','_nickname','admin_username','sys_lang'))) { // site_model auth
$value = safe_replace($value);
}
return $value;
}

修改后的代码:
public static function get_cookie($var, $default = '') {
$var_base = $var;
$var = pc_base::load_config('system','cookie_pre').$var;
$value = isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'DECODE', md5(PC_PATH.'cookie'.$var).pc_base::load_config('system','auth_key')) : $default;
if(in_array($var_base,array('_userid','userid','siteid','_groupid','_roleid'))) {
$value = intval($value);
} elseif(in_array($var_base,array('_username','username','_nickname','admin_username','sys_lang'))) { // site_model auth
$value = safe_replace($value);
}
return $value;
}