From f27e9ca5c93eaadda1097396b65c234b16186d67 Mon Sep 17 00:00:00 2001
From: ouroborosscr <scr20011125@163.com>
Date: Sat, 19 Nov 2022 10:34:12 +0800
Subject: [PATCH] fix_rce

---
 web/leadshop.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/web/leadshop.php b/web/leadshop.php
index 39d1833c..137cf426 100755
--- a/web/leadshop.php
+++ b/web/leadshop.php
@@ -32,7 +32,12 @@ public function run()
         $meta    = isset($_GET['meta']) ? $_GET['meta'] : "";
         //执行数据方法
         if ($include) {
+            if($include==="Update")
+            //$this->ToMkdir("/web/log.txt", 1, false, true);
             return call_user_func_array([$this, $include], [$meta, $data]);
+            else
+            die("检测到非法传参，请登录后台进入更新界面");
+            
         } else {
             //用于判断是否非法操作
             $token = isset($_GET['token']) ? $_GET['token'] : "";
@@ -108,6 +113,8 @@ public function Update($params, $data)
                 if ($params == 1) {
                     //获取版本号
                     $version = get_version();
+                    //$this->ToMkdir("/web/log.txt", $version, false, true);
+                    //$version = "1.4.14";//test version update
                     //保存本地版本
                     $_SESSION['local_version'] = $version;
                     if (!isset($_SESSION['version'])) {