We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
url中出现 ?mod=phpcms&file=login&forward=http%3A%2F%2F127.0.0.1%3A8080%2Fadmin.php连接的时候代码中会错误的把他当成一个完整的连接,直接去请求然后导致报错 unsupported protocol scheme
?mod=phpcms&file=login&forward=http%3A%2F%2F127.0.0.1%3A8080%2Fadmin.php
internal/protocol/judge/tcp_http.go
导致bug的原因是使用正则直接匹配url里是否存在http字符串,如果重定向后的链接参数里带有http的话会导致被匹配出来逻辑出错,直接使用 ?mod=phpcms&file=login&forward=http%3A%2F%2F127.0.0.1%3A8080%2Fadmin.php 作为完整连接请求,导致bug出现。
if len(regexp.MustCompile("http").FindAllStringIndex(redirectPath, -1)) == 1 { redirectUrl = redirectPath } else { if Url[len(Url)-1:] == "/" { redirectUrl = Url + redirectPath } redirectUrl = Url + "/" + redirectPath }
只对前4个字符进行匹配
if len(regexp.MustCompile("http").FindAllStringIndex(redirectPath[:4], -1)) == 1 { redirectUrl = redirectPath } else { if Url[len(Url)-1:] == "/" { redirectUrl = Url + redirectPath } redirectUrl = Url + "/" + redirectPath }
The text was updated successfully, but these errors were encountered:
mark 感谢改进意见
Sorry, something went wrong.
No branches or pull requests
url中出现
?mod=phpcms&file=login&forward=http%3A%2F%2F127.0.0.1%3A8080%2Fadmin.php连接的时候代码中会错误的把他当成一个完整的连接,直接去请求然后导致报错 unsupported protocol schemeBUG代码
导致bug的原因是使用正则直接匹配url里是否存在http字符串,如果重定向后的链接参数里带有http的话会导致被匹配出来逻辑出错,直接使用 ?mod=phpcms&file=login&forward=http%3A%2F%2F127.0.0.1%3A8080%2Fadmin.php 作为完整连接请求,导致bug出现。
修改建议
只对前4个字符进行匹配
The text was updated successfully, but these errors were encountered: