From 2f85c5180defccb6439a0e0011687308eb8fdcb8 Mon Sep 17 00:00:00 2001 From: gongfuxiang Date: Tue, 25 Jan 2022 15:54:57 +0800 Subject: [PATCH] =?UTF-8?q?=E5=88=86=E9=A1=B5=E7=BB=84=E4=BB=B6xss?= =?UTF-8?q?=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- extend/base/Page.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/extend/base/Page.php b/extend/base/Page.php index ec0990177..9d22607cc 100755 --- a/extend/base/Page.php +++ b/extend/base/Page.php @@ -75,8 +75,13 @@ class Page { if(!in_array($k, $this->not_fields) && !is_array($v)) { - if($k == 'page') continue; - + if($k == 'page') + { + continue; + } + $k = htmlspecialchars($k); + $v = htmlspecialchars($v); + if($tmp) { $this->url .= ($state === false) ? '?' : '&';