漏洞名稱:phpcmsv9寬字節注入
文件路徑:/phpcms/modules/pay/respond.php
修復方法來源于阿里云(安騎士)
源代碼:
/**
* return_url get形式響應
*/
public function respond_get() {
if ($_GET['code']){
$payment = $this->get_by_code($_GET['code']);
if(!$payment) showmessage(L('payment_failed'));
$cfg = unserialize_config($payment['config']);
補丁代碼:
/*** return_url get形式響應
*/
public function respond_get() {
if ($_GET['code']){
$payment = $this->get_by_code(mysql_real_escape_string($_GET['code']));; //補丁
if(!$payment) showmessage(L('payment_failed'));
$cfg = unserialize_config($payment['config']);