!1 完善防护机制，修复了代码中存在的安全漏洞

Merge pull request !1 from 再遇雌鹿/master
DedeBIZ · Mar 6, 2023 · 0141bd7 · 0141bd7
2 parents 42c8703 + ff225a5
commit 0141bd7
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/src/admin/sys_data_done.php b/src/admin/sys_data_done.php
@@ -100,6 +100,7 @@
         $fs = array();
         $bakStr = '';
         //分析表里的字段信息
+        $nowtable = str_replace("`", "", $nowtable);
         $dsql->GetTableFields($nowtable);
         $intable = "INSERT INTO `$nowtable` VALUES(";
         while ($r = $dsql->GetFieldObject()) {

diff --git a/src/apps/mytag_js.php b/src/apps/mytag_js.php
@@ -36,6 +36,7 @@
         $myvalues = str_replace('"', '\"', $myvalues);
         $myvalues = str_replace("\r", "\\r", $myvalues);
         $myvalues = str_replace("\n", "\\n", $myvalues);
+        $myvalues = str_replace("<?", "", $myvalues);
         $myvalues =  "<!--\r\ndocument.write(\"{$myvalues}\");\r\n-->\r\n";
         file_put_contents($cacheFile, $myvalues);
     }