修复 UC安全

2017-07-28 20:19:39 +08:00 · 2017-07-28 20:19:39 +08:00 · 732c58e8ff
parent c699f6025e
commit 732c58e8ff
2 changed files with 4 additions and 1 deletions
--- a/upload/uc_server/model/base.php
+++ b/upload/uc_server/model/base.php
@ -357,6 +357,9 @@ class base {
 	}

 	function input($k) {
+		if($k == 'uid' && !preg_match("/^[0-9]+$/", $this->input[$k])){
+			return NULL;
+		}
 		return isset($this->input[$k]) ? (is_array($this->input[$k]) ? $this->input[$k] : trim($this->input[$k])) : NULL;
 	}

--- a/upload/uc_server/model/pm.php
+++ b/upload/uc_server/model/pm.php
@ -120,7 +120,7 @@ class pmmodel {
 		}
 		if($touids) {
 			foreach($touids as $key => $value) {
-				if($uid == $value || !$value) {
+				if($uid == $value || !$value || !preg_match("/^[0-9]+$/", $value)) {
 					return false;
 				}
 				$relastionship[] = $this->relationship($uid, $value);