修复 短信漏洞

upload/uc_client/model/pm.php

@@ -225,7 +225,8 @@ class pmmodel {
 		} else {
 			$subject = dhtmlspecialchars($subject);
 		}
-		$lastsummary = $this->removecode(trim(stripslashes($message)), 150);
+		$lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150));
+		$subject = addslashes($subject);
 
 		if(!$type) {
 			$query = $this->db->query("SELECT plid, min_max FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max IN (".$this->base->implode($relationship).")");
@@ -326,7 +327,7 @@ class pmmodel {
 		if($_CACHE['badwords']['findpattern']) {
 			$message = @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $message);
 		}
-		$lastsummary = $this->removecode(trim(stripslashes($message)), 150);
+		$lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150));
 
 		$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')");
 		$pmid = $this->db->insert_id();

upload/uc_server/model/pm.php

@@ -225,7 +225,8 @@ class pmmodel {
 		} else {
 			$subject = dhtmlspecialchars($subject);
 		}
-		$lastsummary = $this->removecode(trim(stripslashes($message)), 150);
+		$lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150));
+		$subject = addslashes($subject);
 
 		if(!$type) {
 			$query = $this->db->query("SELECT plid, min_max FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max IN (".$this->base->implode($relationship).")");
@@ -326,7 +327,7 @@ class pmmodel {
 		if($_CACHE['badwords']['findpattern']) {
 			$message = @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $message);
 		}
-		$lastsummary = $this->removecode(trim(stripslashes($message)), 150);
+		$lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150));
 
 		$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')");
 		$pmid = $this->db->insert_id();