Merge pull request #3000 from big-dream/6.1-issues-2996

修正 $key 未编码导致的异常页面 XSS 漏洞(ThinkPHP 6.1)
top-think · Apr 16, 2024 · 57d1950 · 57d1950
2 parents 2d833b2 + 289eb43
commit 57d1950
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/tpl/think_exception.tpl b/src/tpl/think_exception.tpl
@@ -68,7 +68,7 @@ if (!function_exists('parse_args')) {
                     break;
             }
 
-            $result[] = is_int($key) ? $value : "'{$key}' => {$value}";
+            $result[] = is_int($key) ? $value : sprintf('\'%s\' => %s', htmlentities($key), $value);
         }
 
         return implode(', ', $result);