目标文件:
/web/source/founder/display.ctrl.php
漏洞修复方法:
找到大约14行代码:内容如下
$founders = explode(',', $_W['config']['setting']['founder']);
在后面追加以下内容即可
$identity = uni_permission($_W['uid']);if ($identity != ACCOUNT_MANAGE_NAME_FOUNDER && $identity != ACCOUNT_MANAGE_NAME_VICE_FOUNDER) {
itoast('???????', referer(), 'error');
}
