不更新TP框架的情况下防止getshell漏洞

<?php
\think\Hook::add('module_init',function(){
    if (!preg_match('/^[A-Za-z](\w|\.)*$/', \think\Request::instance()->controller())) {
        throw new \think\exception\HttpException(404, 'controller not exists:' . \think\Request::instance()->controller());
    }
});

// 获取控制器名
$controller = strip_tags($result[1] ?: $config['default_controller']);
$controller = $convert ? strtolower($controller) : $controller;

// 获取控制器的代码后面加上下面三行代码
if (!preg_match('/^[A-Za-z](\w|\.)*$/', $controller)) {
    throw new HttpException(404, 'controller not exists:' . $controller);
}

<?php
\think\facade\Hook::add('module_init', function () {
    if (!preg_match('/^[A-Za-z](\w|\.)*$/', \think\facade\Request::controller())) {
        throw new \think\exception\HttpException(404, 'controller not exists:' . \think\facade\Request::controller());
    }
});

<?php
\think\facade\Route::middleware(function (\think\Request $request, \Closure $next) {
    if (!preg_match('/^[A-Za-z](\w|\.)*$/', $request->controller())) {
        throw new \think\exception\HttpException(404, 'controller not exists:' . $request->controller());
    }
    return $next($request);
});

if ($this->param['auto_search']) {
    $controller = $this->autoFindController($module, $path);
} else {
    // 解析控制器
    $controller = !empty($path) ? array_shift($path) : null;
}

// 解析控制器的代码后面加上下面三行代码
if ($controller && !preg_match('/^[A-Za-z][\w|\.]*$/', $controller)) {
    throw new HttpException(404, 'controller not exists:' . $controller);
}