thinkphp安全更新

thinkphp/library/think/route/dispatch/Module.php

@@ -67,7 +67,12 @@ class Module extends Dispatch
         // 是否自动转换控制器和操作名
         $convert = is_bool($this->convert) ? $this->convert : $this->rule->getConfig('url_convert');
         // 获取控制器名
-        $controller       = strip_tags($result[1] ?: $this->rule->getConfig('default_controller'));
+        $controller = strip_tags($result[1] ?: $this->rule->getConfig('default_controller'));
+
+        if (!preg_match('/^[A-Za-z](\w|\.)*$/', $controller)) {
+            throw new HttpException(404, 'controller not exists:' . $controller);
+        }
+
         $this->controller = $convert ? strtolower($controller) : $controller;
 
         // 获取操作名