存储型 XSS
漏洞的原理及修复方法
1.常见的触发场景
2.漏洞原理
3.漏洞危害
4.一些tips
5.如何避免&修复漏洞
www-data@w:~/controller$ vim missionController.class.php
<?php
class missionController extends baseController{
public $var;
public function __construct(){
parent::__construct();
if($this->loged){
return;
}else{
header('Location: /index.php');
exit();
}
}
public function feedAction(){
$missionModel = new missionModel();
$feeds = $missionModel->get();
$url = '/index.php?c=mission&a=feed';
$username = $this->username;
require('tpl/feed.tpl');
}
public function feedApiAction(){
//permission check
$id = request('id');
$sid = request('sessionid');
$userModel = new userModel();
$userInfo = $userModel->getUserInfo($id,$sid);
$role = $userInfo['role'];
$feeds = array();
$callback = request('callback');
if($role == 1){
$missionModel = new missionModel();
$feeds = $missionModel->getMost($this->id);
$feeds = json_encode(array('email'=>$this->username,'count'=>$feeds[0]));
header