ThinkPHP <5.0.24 Request.php 远程代码执行漏洞
日期:2019-02-27
浏览:550次
打开\thinkphp\library\think\Request.php
源代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| <span class="hljs-keyword">public</span> <span class="hljs-function"><span class="hljs-keyword">function</span> <span class="hljs-title">method</span><span class="hljs-params">($method = false)</span>
</span>{
<span class="hljs-keyword">if</span> (<span class="hljs-keyword">true</span> === $method) {
<span class="hljs-comment">// 获取原始请求类型</span>
<span class="hljs-keyword">return</span> <span class="hljs-keyword">$this</span>->server(<span class="hljs-string">'REQUEST_METHOD'</span>) ?: <span class="hljs-string">'GET'</span>;
} <span class="hljs-keyword">elseif</span> (!<span class="hljs-keyword">$this</span>->method) {
<span class="hljs-keyword">if</span> (<span class="hljs-keyword">isset</span>($_POST[Config::get(<span class="hljs-string">'var_method'</span>)])) {
<span class="hljs-keyword">$this</span>->method = strtoupper($_POST[Config::get(<span class="hljs-string">'var_method'</span>)]);
<span class="hljs-keyword">$this</span>->{<span class="hljs-keyword">$this</span>->method}($_POST);
} <span class="hljs-keyword">elseif</span> (<span class="hljs-keyword">isset</span>($_SERVER[<span class="hljs-string">'HTTP_X_HTTP_METHOD_OVERRIDE'</span>])) {
<span class="hljs-keyword">$this</span>->method = strtoupper($_SERVER[<span class="hljs-string">'HTTP_X_HTTP_METHOD_OVERRIDE'</span>]);
} <span class="hljs-keyword">else</span> {
<span class="hljs-keyword">$this</span>->method = <span class="hljs-keyword">$this</span>->server(<span class="hljs-string">'REQUEST_METHOD'</span>) ?: <span class="hljs-string">'GET'</span>;
}
}
<span class="hljs-keyword">return</span> <span class="hljs-keyword">$this</span>->method;
} |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| <span class="hljs-keyword">public</span> <span class="hljs-function"><span class="hljs-keyword">function</span> <span class="hljs-title">method</span><span class="hljs-params">($method = false)</span>
</span>{
<span class="hljs-keyword">if</span> (<span class="hljs-keyword">true</span> === $method) {
<span class="hljs-comment" data-spm-anchor-id="a2c4e.11153940.blogcont686397.i2.46db10bf71pupu">// 获取原始请求类型</span>
<span class="hljs-keyword">return</span> <span class="hljs-keyword">$this</span>->server(<span class="hljs-string">'REQUEST_METHOD'</span>) ?: <span class="hljs-string">'GET'</span>;
} <span class="hljs-keyword">elseif</span> (!<span class="hljs-keyword">$this</span>->method) {
<span class="hljs-keyword">if</span> (<span class="hljs-keyword">isset</span>($_POST[Config::get(<span class="hljs-string">'var_method'</span>)])) {
$method = strtoupper($_POST[Config::get(<span class="hljs-string">'var_method'</span>)]);
<span class="hljs-keyword">if</span> (in_array($method, [<span class="hljs-string">'GET'</span>, <span class="hljs-string">'POST'</span>, <span class="hljs-string">'DELETE'</span>, <span class="hljs-string">'PUT'</span>, <span class="hljs-string">'PATCH'</span>])) {
<span class="hljs-keyword">$this</span>->method = $method;
<span class="hljs-keyword">$this</span>->{<span class="hljs-keyword">$this</span>->method}($_POST);
} <span class="hljs-keyword">else</span> {
<span class="hljs-keyword">$this</span>->method = <span class="hljs-string">'POST'</span>;
}
<span class="hljs-keyword">unset</span>($_POST[Config::get(<span class="hljs-string">'var_method'</span>)]);
} <span class="hljs-keyword">elseif</span> (<span class="hljs-keyword">isset</span>($_SERVER[<span class="hljs-string">'HTTP_X_HTTP_METHOD_OVERRIDE'</span>])) {
<span class="hljs-keyword">$this</span>->method = strtoupper($_SERVER[<span class="hljs-string">'HTTP_X_HTTP_METHOD_OVERRIDE'</span>]);
} <span class="hljs-keyword">else</span> {
<span class="hljs-keyword">$this</span>->method = <span class="hljs-keyword">$this</span>->server(<span class="hljs-string">'REQUEST_METHOD'</span>) ?: <span class="hljs-string">'GET'</span>;
}
}
<span class="hljs-keyword">return</span> <span class="hljs-keyword">$this</span>->method;
} |
没有评论