An IMPORTANT security patch 重要安全补丁

xiaomlove / nexusphp

A private tracker application base on NexusPHP

https://nexusphp.org

GNU General Public License v2.0

845 stars 176 forks source link

Closed Rey50 closed 1 year ago

Rey50 commented 1 year ago

此patch为重要安全漏洞，已出现大范围利用攻击，请务必更新

English Version:

The user_can() function allows guests to bypass the authentication process (influenced version 1.7~1.8.1)
ajax.php arbitrary execution vulnerability

This patch is an important security patch, and there has been a large-scale exploit attack, please upgrade to newest release immediately

Rhilip commented 1 year ago

建议直接用match case，in_array反而增加了后期维护的难度

Rey50 commented 1 year ago

建议直接用match case，in_array反而增加了后期维护的难度

match 配闭包和箭头函数可读性也不太好，而且改的比较多我用类和ReflectionClass重构一下