修复 回帖指定的逻辑漏洞

This commit is contained in:
Comsenz 2017-07-27 11:05:39 +08:00
parent 16f973fd23
commit 4bcb130e24
1 changed files with 5 additions and 1 deletions

View File

@ -23,7 +23,7 @@ if(empty($topiclist)) {
showmessage('admin_nopermission', NULL); showmessage('admin_nopermission', NULL);
} }
$sticktopiclist = $posts = array(); $sticktopiclist = $posts = array();
foreach($topiclist as $pid) { foreach($topiclist as $pid) {
$post = C::t('forum_post')->fetch('tid:'.$_G['tid'], $pid, false); $post = C::t('forum_post')->fetch('tid:'.$_G['tid'], $pid, false);
$sticktopiclist[$pid] = $post['position']; $sticktopiclist[$pid] = $post['position'];
} }
@ -41,6 +41,10 @@ if(!submitcheck('modsubmit')) {
if($_GET['stickreply']) { if($_GET['stickreply']) {
foreach($sticktopiclist as $pid => $postnum) { foreach($sticktopiclist as $pid => $postnum) {
$post = C::t('forum_post')->fetch_all_by_pid('tid:'.$_G['tid'], $pid, false);
if($post[$pid]['tid'] != $_G['tid']) {
continue;
}
C::t('forum_poststick')->insert(array( C::t('forum_poststick')->insert(array(
'tid' => $_G['tid'], 'tid' => $_G['tid'],
'pid' => $pid, 'pid' => $pid,