漏洞概述 该漏洞涉及 文件中的多个函数,主要问题在于对用户输入的处理不当,可能导致信息泄露或未经授权的访问。 影响范围 受影响文件: 受影响函数: - - - - - - - - - - - - - - - - 修复方案 1. 输入验证: 对所有用户输入进行严格的验证,确保输入符合预期格式。 2. 权限检查: 在执行敏感操作前,进行权限检查,确保只有授权用户才能访问相关资源。 3. 错误处理: 改进错误处理机制,避免泄露敏感信息。 4. 代码审查: 对代码进行全面审查,确保没有类似的安全问题。 POC代码 以下是部分函数的POC代码示例: ```php public function scheduling_summary_for_bundle() { if ( ! filter_var( $this->params[ 'order_item_id' ], FILTER_VALIDATE_INT ) ) { exit(); } $order_item = new OrderItemModel( $this->params[ 'order_item_id' ] ); $order = new OrderModel( $order_item->order_id ); if ( $order->is_new_record() $this->send_json( array( 'status' => LATEPOINT_STATUS_ERROR, 'message' => __( 'Not Allowed', 'latepoint' ), ) ); } $bundle = $order_item->build_original_object_from_item_data(); $this->vars[ 'order_item' ] = $order_item; $this->vars[ 'bundle' ] = $bundle; $this->format_render( '_FUNCTION_' ); } public function view_order_summary_in_lightbox() { if ( ! filter_var( $this->params[ 'order_id' ], FILTER_VALIDATE_INT ) ) { exit(); } $order = new OrderModel( $this->params[ 'order_id' ] ); if ( $order->is_new_record() $this->send_json( array( 'status' => LATEPOINT_STATUS_ERROR, 'message' => __( 'Not Allowed', 'latepoint' ), ) ); } $this->vars[ 'order' ] = $order; $this->vars[ 'price_breakdown_rows' ] = $order->aggregate_price_breakdown_rows(); $this->format_render( '_FUNCTION_' ); } public function view_booking_summary_in_lightbox() { if ( ! filter_var( $this->params[ 'booking_id' ], FILTER_VALIDATE_INT ) ) { exit(); } $booking = new BookingModel( $this->params[ 'booking_id' ] ); $order_item = new OrderItemModel( $booking->order_item_id ); $order = new OrderModel( $order_item->order_id ); if ( $order->is_new_record() $this->send_json( array( 'status' => LATEPOINT_STATUS_ERROR, 'message' => __( 'Not Allowed', 'latepoint' ), ) ); } $this->vars[ 'booking' ] = $booking; $this->vars[ 'order_item' ] = $order_item; $this->vars[ 'order' ] = $order; $this->format_render( '_FUNCTION_' ); } function print_order_info() { if ( ! filter_var( $this->params[ 'latepoint_order_id' ], FILTER_VALIDATE_INT ) ) { exit(); } $order_id = $this->params[ 'latepoint_order_id' ]; if ( empty( $order_id ) ) { return; } $order = new OrderModel( $order_id ); if ( $order->is_new_record() $customer = OAuthHelper::get_logged_in_customer_id(); $this->vars[ 'name' ] = $order->customer; $this->vars[ 'customer' ] = $customer; $this->set_layout( 'print' ); $content = $this->format_render_return( '_FUNCTION_', [], [], true ); echo $content; } } function print_booking_info() { if ( ! filter_var( $this->params[ 'latepoint_booking_id' ], FILTER_VALIDATE_INT ) ) { exit(); } $booking_id = $this->params[ 'latepoint_booking_id' ]; if ( empty( $booking_id ) ) { return; } $booking = new BookingModel( $booking_id ); if ( $booking->is_new_record() $customer = OAuthHelper::get_logged_in_customer_id(); $this->vars[ 'booking' ] = $booking; $this->vars[ 'customer' ] = $customer; $this->set_layout( 'print' ); $content = $this->format_render_return( '_FUNCTION_', [], [], true ); echo $content; } } function local_download() { if ( ! filter_var( $this->params[ 'latepoint_booking_id' ], FILTER_VALIDATE_INT ) ) { exit(); } $booking_id = $this->params[ 'latepoint_booking_id' ]; if ( empty( $booking_id ) ) { return; } $booking = new BookingModel( $booking_id ); if ( $booking->is_new_record() $customer_id = OAuthHelper::get_logged_in_customer_id(); header( 'Content-Type: text/calendar; charset=utf-8' ); header( 'Content-Disposition: attachment; filename=downloading_' . $booking->id . '.ics' ); echo OAuthHelper::generate_ical_event_string( $booking ); } } function process_reschedule_request() { if ( ! filter_var( $this->params[ 'booking_id' ], FILTER_VALIDATE_INT ) ) { exit(); } $booking = new BookingModel( $this->params[ 'booking_id' ] ); if ( empty( $booking->id ) return; } if ( ! OAuthHelper::get_logged_in_customer_id() $booking = clone $booking; $booking->start_date = $this->params[ 'start_date' ]; $booking->start_time = $this->params[ 'start_time' ]; $booking->convert_start_datetime_to_server_timezone( $booking->get_customer_timezone_name() ); if ( $booking->is_new_start_date_and_time_set() ) { $booking->calculate_end_date_and_time(); $booking->update_if_not_deleted(); } // check if booking time is still available if ( ! OAuthHelper::booking_request_available( LatePointUtil\BookingRequest::create_from_booking_model( $booking ), [ 'exclude' => $booking->id ] ) ) { $response_html = __( 'Unfortunately the selected time slot is not available anymore, please select another timeslot.', 'latepoint' ); $status = LATEPOINT_STATUS_ERROR; } else { if ( ! SettingsHelper::get( 'change_status_on_customer_reschedule' ) ) { $killed_status = BookingHelper::get_statuses_list(); } if ( ! empty( $killed_status ) ) { $status = SettingsHelper::get_settings_value( 'status_to_set_after_customer_reschedule' ); } $status = SettingsHelper::get_settings_value( 'status_to_set_after_customer_reschedule' ); } if ( $booking->was_set() ) { / Booking i