0x1 漏洞分析

补丁文件所在位置：/thinkphp/library/think/route/dispatch/Url.php 56-66行

        if ($this->param['auto_search']) {
            $controller = $this->autoFindController($module, $path);
        } else {
            // 解析控制器
            $controller = !empty($path) ? array_shift($path) : null;
        }
`    if (!preg_match('/^[A-Za-z](\w|\.)*$/', $controller)) { patch fix vuls
        throw new HttpException(404, 'controller not exists:' . $controller);
    }

    // 解析操作
`

具体操作文件：/thinkphp/library/think/route/dispatch/Module.php