漏洞概述 该漏洞涉及 文件中的多个函数,主要问题在于对用户输入的处理不当,可能导致信息泄露或未经授权的访问。 影响范围 受影响文件: 受影响函数: - - - - - - - - - - - - - - - - 修复方案 1. 输入验证: 对所有用户输入进行严格的验证,确保输入符合预期格式。 2. 权限检查: 在执行敏感操作前,进行权限检查,确保只有授权用户才能访问相关资源。 3. 错误处理: 改进错误处理机制,避免泄露敏感信息。 4. 代码审查: 对代码进行全面审查,确保没有类似的安全问题。 POC代码 以下是部分函数的POC代码示例: ```php public function scheduling_summary_for_bundle() { if ( ! filter_var( $this->params['order_item_id'], FILTER_VALIDATE_INT ) ) { exit(); } $order_item = new OrderItemModel( $this->params['order_item_id'] ); $order = new OrderModel( $order_item->order_id ); if ( $order->is_new_record() $this->send_json( array( 'status' => LATEPOINT_STATUS_ERROR, 'message' => __( 'Not Allowed', 'latepoint' ), ) ); } $bundle = $order_item->build_original_object_from_item_data(); $this->vars['order_item'] = $order_item; $this->vars['bundle'] = $bundle; $this->format_render( '_FUNCTION_' ); } public function view_order_summary_in_lightbox() { if ( ! filter_var( $this->params['order_id'], FILTER_VALIDATE_INT ) ) { exit(); } $order = new OrderModel( $this->params['order_id'] ); if ( $order->is_new_record() $this->send_json( array( 'status' => LATEPOINT_STATUS_ERROR, 'message' => __( 'Not Allowed', 'latepoint' ), ) ); } $this->vars['order'] = $order; $this->vars['price_breakdown_row'] = $order->generate_price_breakdown_row(); $this->format_render( '_FUNCTION_' ); } public function view_booking_summary_in_lightbox() { if ( ! filter_var( $this->params['booking_id'], FILTER_VALIDATE_INT ) ) { exit(); } $booking = new BookingModel( $this->params['booking_id'] ); $order_item = new OrderItemModel( $booking->order_item_id ); $order = new OrderModel( $order_item->order_id ); if ( $order->is_new_record() $this->send_json( array( 'status' => LATEPOINT_STATUS_ERROR, 'message' => __( 'Not Allowed', 'latepoint' ), ) ); } $this->vars['booking'] = $booking; $this->vars['order_item'] = $order_item; $this->vars['order'] = $order; $this->format_render( '_FUNCTION_' ); } function print_order_info() { if ( ! filter_var( $this->params['latepoint_order_id'], FILTER_VALIDATE_INT ) ) { exit(); } $order_id = $this->params['latepoint_order_id']; if ( empty( $order_id ) ) { return; } $order = new OrderModel( $order_id ); if ( $order->is_new && OAuthHelper::get_logged_in_customer_id() && $order->customer_id == OAuthHelper::get_logged_in_customer_id() ) { $customer = $order->customer; $this->vars['order'] = $order; $this->vars['customer'] = $customer; $this->set_layout( 'print' ); $content = $this->format_render_return( '_FUNCTION_', [], [], true ); echo $content; } } function print_booking_info() { if ( ! filter_var( $this->params['latepoint_booking_id'], FILTER_VALIDATE_INT ) ) { exit(); } $booking_id = $this->params['latepoint_booking_id']; if ( empty( $booking_id ) ) { return; } $booking = new BookingModel( $booking_id ); if ( $booking->is_new && OAuthHelper::get_logged_in_customer_id() && $booking->customer_id == OAuthHelper::get_logged_in_customer_id() ) { $customer = $booking->customer; $this->vars['booking'] = $booking; $this->vars['customer'] = $customer; $this->set_layout( 'print' ); $content = $this->format_render_return( '_FUNCTION_', [], [], true ); echo $content; } } function local_download() { if ( ! filter_var( $this->params['latepoint_booking_id'], FILTER_VALIDATE_INT ) ) { exit(); } $booking_id = $this->params['latepoint_booking_id']; if ( empty( $booking_id ) ) { return; } $booking = new BookingModel( $booking_id ); if ( $booking->is_new && OAuthHelper::get_logged_in_customer_id() && $booking->customer_id == OAuthHelper::get_logged_in_customer_id() ) { header( 'Content-Type: text/calendar; charset=utf-8' ); header( 'Content-Disposition: attachment; filename=booking-' . $booking->id . '.ics' ); echo OAuthHelper::generate_ical_event_string( $booking ); } } function process_reschedule_request() { if ( ! filter_var( $this->params['booking_id'], FILTER_VALIDATE_INT ) ) { exit(); } $booking = new BookingModel( $this->params['booking_id'] ); if ( empty( $booking->id ) return; } if ( OAuthHelper::get_logged_in_customer_id() != $booking->customer_id $old_booking = clone $booking; $booking->start_date = $this->params['start_date']; $booking->start_time = $this->params['start_time']; $booking->set_datetime_from_timezone( $booking->get_customer_timezone_name() ); if ( $booking->is_new_start_date_and_time_set() ) { $booking->calculate_end_date_and_time(); $booking->update_vat_info( $booking ); } // Check if booking time is still available if ( ! OAuthHelper::is_booking_time_available( LatePoint\Utils\BookingRequest::create_from_booking_model( $booking ), [ 'exclude' => $booking->id ] ) ) { $response_html = __( 'Unfortunately the selected time slot is not available anymore, please select another timeslot.', 'latepoint' ); $status = LATEPOINT_STATUS_ERROR; } else { if ( OAuthHelper::can_change_status_on_customer_reschedule() ) { $killed_status = OAuthHelper::get_statuses_list(); if ( ! in_array( $killed_status, OAuthHelper::get_settings_value( 'status_to_set_after_customer_reschedule