ecshop任意跳转链接漏洞修复
根目录affiche.php增加一个判断:/* 修复任意URI跳转, added by 空山*/
if($db->getOne($sql) > 0) {
$db->query('UPDATE ' . $ecs->table('ad') . " SET click_count = click_count + 1 WHERE ad_id = '$ad_id'");
$sql = "SELECT count(*) FROM " . $ecs->table('adsense') . " WHERE from_ad = '" . $ad_id . "' AND referer = '" . $site_name . "'";
if($db->getOne($sql) > 0)
{
$sql = "UPDATE " . $ecs->table('adsense') . " SET clicks = clicks + 1 WHERE from_ad = '" . $ad_id . "' AND referer = '" . $site_name . "'";
}
else
{
$sql = "INSERT INTO " . $ecs->table('adsense') . "(from_ad, referer, clicks) VALUES ('" . $ad_id . "', '" . $site_name . "', '1')";
}
$db->query($sql);
/* 跳转到广告的链接页面 */
if (!empty($_GET['uri']))
{
$uri = (strpos($_GET['uri'], 'http://') === false && strpos($_GET['uri'], 'https://') === false) ? $ecs->http() . urldecode($_GET['uri']) : urldecode($_GET['uri']);
}
else
{
$uri = $ecs->url();
}
ecs_header("Location: $uri\n");
exit;
} else {
ecs_header("Location: index.php\n");
exit;
}
页:
[1]