lywsvip/codefever
1
0
Fork 0
mirror of https://github.com/PGYER/codefever.git synced 2026-05-06 21:50:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(Command): filter "`" for comamnd (shell inject)

Browse Source
This commit is contained in:
cubic
2023-03-27 12:07:44 +08:00
parent ab2b675247
commit dd1d1f2a8a
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
application/libraries/service/Utility/Command.php
View File

@@ -42,8 +42,8 @@ class Command
// return '"' . $argument . '"';
$pattern = [
'/(^|[^\\\\])((\\\\\\\\)*[\s\'\"\$\|])/',
'/(^|[^\\\\])((\\\\\\\\)*\\\\([^\s\'\"\|\$\\\\]|$))/'
'/(^|[^\\\\])((\\\\\\\\)*[\s\`\'\"\$\|])/',
'/(^|[^\\\\])((\\\\\\\\)*\\\\([^\s\`\'\"\|\$\\\\]|$))/'
];
$replacement = [
'$1\\\\$2',