iSharkFly-Open
/
DiscuzX
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复 短信漏洞

This commit is contained in:
Comsenz 2018-10-22 08:31:27 +08:00
parent 52a1d1c41a
commit 55b1f9f0a9
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
upload/uc_client/model/pm.php
View File

@ -225,7 +225,8 @@ class pmmodel {
} else { } else {
$subject = dhtmlspecialchars($subject); $subject = dhtmlspecialchars($subject);
} }
$lastsummary = $this->removecode(trim(stripslashes($message)), 150); $lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150));
$subject = addslashes($subject);
if(!$type) { if(!$type) {
$query = $this->db->query("SELECT plid, min_max FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max IN (".$this->base->implode($relationship).")"); $query = $this->db->query("SELECT plid, min_max FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max IN (".$this->base->implode($relationship).")");
@ -326,7 +327,7 @@ class pmmodel {
if($_CACHE['badwords']['findpattern']) { if($_CACHE['badwords']['findpattern']) {
$message = @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $message); $message = @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $message);
} }
$lastsummary = $this->removecode(trim(stripslashes($message)), 150); $lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150));
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')"); $this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')");
$pmid = $this->db->insert_id(); $pmid = $this->db->insert_id();

5
upload/uc_server/model/pm.php
View File

@ -225,7 +225,8 @@ class pmmodel {
} else { } else {
$subject = dhtmlspecialchars($subject); $subject = dhtmlspecialchars($subject);
} }
$lastsummary = $this->removecode(trim(stripslashes($message)), 150); $lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150));
$subject = addslashes($subject);
if(!$type) { if(!$type) {
$query = $this->db->query("SELECT plid, min_max FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max IN (".$this->base->implode($relationship).")"); $query = $this->db->query("SELECT plid, min_max FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max IN (".$this->base->implode($relationship).")");
@ -326,7 +327,7 @@ class pmmodel {
if($_CACHE['badwords']['findpattern']) { if($_CACHE['badwords']['findpattern']) {
$message = @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $message); $message = @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $message);
} }
$lastsummary = $this->removecode(trim(stripslashes($message)), 150); $lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150));
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')"); $this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')");
$pmid = $this->db->insert_id(); $pmid = $this->db->insert_id();