Skip to content

Commit d3904e5

Browse files
authored
Merge pull request #3001 from big-dream/6.0-issues-2996
修正 $key 未编码导致的异常页面 XSS 漏洞(ThinkPHP 6.0)
2 parents 242fe18 + d1cf821 commit d3904e5

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

src/tpl/think_exception.tpl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ if (!function_exists('parse_args')) {
6868
break;
6969
}
7070

71-
$result[] = is_int($key) ? $value : "'{$key}' => {$value}";
71+
$result[] = is_int($key) ? $value : sprintf('\'%s\' => %s', htmlentities($key), $value);
7272
}
7373

7474
return implode(', ', $result);

0 commit comments

Comments
 (0)