From 55b1f9f0a9b4424d0940d934d7995e25d1150eca Mon Sep 17 00:00:00 2001 From: Comsenz <10433182@qq.com> Date: Mon, 22 Oct 2018 08:31:27 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20=E7=9F=AD=E4=BF=A1?= =?UTF-8?q?=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- upload/uc_client/model/pm.php | 5 +++-- upload/uc_server/model/pm.php | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/upload/uc_client/model/pm.php b/upload/uc_client/model/pm.php index 96d4e09..8964ee3 100644 --- a/upload/uc_client/model/pm.php +++ b/upload/uc_client/model/pm.php @@ -225,7 +225,8 @@ class pmmodel { } else { $subject = dhtmlspecialchars($subject); } - $lastsummary = $this->removecode(trim(stripslashes($message)), 150); + $lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150)); + $subject = addslashes($subject); if(!$type) { $query = $this->db->query("SELECT plid, min_max FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max IN (".$this->base->implode($relationship).")"); @@ -326,7 +327,7 @@ class pmmodel { if($_CACHE['badwords']['findpattern']) { $message = @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $message); } - $lastsummary = $this->removecode(trim(stripslashes($message)), 150); + $lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150)); $this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')"); $pmid = $this->db->insert_id(); diff --git a/upload/uc_server/model/pm.php b/upload/uc_server/model/pm.php index e29c384..e2e94e2 100644 --- a/upload/uc_server/model/pm.php +++ b/upload/uc_server/model/pm.php @@ -225,7 +225,8 @@ class pmmodel { } else { $subject = dhtmlspecialchars($subject); } - $lastsummary = $this->removecode(trim(stripslashes($message)), 150); + $lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150)); + $subject = addslashes($subject); if(!$type) { $query = $this->db->query("SELECT plid, min_max FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max IN (".$this->base->implode($relationship).")"); @@ -326,7 +327,7 @@ class pmmodel { if($_CACHE['badwords']['findpattern']) { $message = @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $message); } - $lastsummary = $this->removecode(trim(stripslashes($message)), 150); + $lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150)); $this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')"); $pmid = $this->db->insert_id();