From 287f93b7b568fb2af62f67d4be842be150c935fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=80=81=E5=91=A8=E9=83=A8=E8=90=BD?=
 <laozhoubuluo@126.com>
Date: Sun, 30 Dec 2018 09:00:20 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dinstall.php=E4=B8=ADuchid?=
 =?UTF-8?q?den=E5=8F=82=E6=95=B0=E7=9A=84XSS=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 upload/install/include/install_function.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/upload/install/include/install_function.php b/upload/install/include/install_function.php
index 0739b729b..3ee27f9d0 100644
--- a/upload/install/include/install_function.php
+++ b/upload/install/include/install_function.php
@@ -348,6 +348,14 @@ function show_env_result(&$env_items, &$dirfile_items, &$func_items, &$filesock_
 
 function show_next_step($step, $error_code) {
 	global $uchidden;
+
+	if(!empty($uchidden)) {//Check $uchidden from user, fix xss.
+		$uc_info_transfer = unserialize(urldecode($uchidden));
+		if(!isset($uc_info_transfer['ucapi']) && !isset($uc_info_transfer['ucfounderpw'])){
+			$uchidden = '';
+		}
+	}
+
 	echo "<form action=\"index.php\" method=\"post\">\n";
 	echo "<input type=\"hidden\" name=\"step\" value=\"$step\" />";
 	if(isset($GLOBALS['hidden'])) {
-- 
Gitee


From d1d1df149432df9d01d3141b392f8a96f3e81d82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=80=81=E5=91=A8=E9=83=A8=E8=90=BD?=
 <laozhoubuluo@126.com>
Date: Wed, 8 Jan 2020 21:57:20 +0800
Subject: [PATCH 2/2] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dinstall.php=E4=B8=ADuchid?=
 =?UTF-8?q?den=E5=8F=82=E6=95=B0=E7=9A=84XSS=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 upload/install/include/install_function.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/upload/install/include/install_function.php b/upload/install/include/install_function.php
index 3ee27f9d0..156b63e8a 100644
--- a/upload/install/include/install_function.php
+++ b/upload/install/include/install_function.php
@@ -349,10 +349,12 @@ function show_env_result(&$env_items, &$dirfile_items, &$func_items, &$filesock_
 function show_next_step($step, $error_code) {
 	global $uchidden;
 
-	if(!empty($uchidden)) {//Check $uchidden from user, fix xss.
+	if(!empty($uchidden)) {
 		$uc_info_transfer = unserialize(urldecode($uchidden));
 		if(!isset($uc_info_transfer['ucapi']) && !isset($uc_info_transfer['ucfounderpw'])){
 			$uchidden = '';
+		} else {
+			$uchidden = dhtmlspecialchars($uchidden);
 		}
 	}
 
-- 
Gitee