修复短消息忽略细节优化并修复漏洞

2017-02-06 16:01:34 +08:00 · 2017-02-06 16:01:34 +08:00 · a7974f1519
parent dc4de03757
commit a7974f1519
2 changed files with 3 additions and 2 deletions
--- a/upload/source/include/spacecp/spacecp_pm.php
+++ b/upload/source/include/spacecp/spacecp_pm.php
@ -375,7 +375,8 @@ if($_GET['op'] == 'checknewpm') {
 		showmessage('operating_too_fast', '', array('waittime' => $waittime), array('return' => true));
 	}
 	$username = $_GET['username'];
-	if(!$username) {
+	
+	if(!$username || !uc_get_user($username)) {
 		showmessage('pm_ignore_error_nopm');
 	}

--- a/upload/template/default/home/spacecp_pm.htm
+++ b/upload/template/default/home/spacecp_pm.htm
@ -123,7 +123,7 @@
 			<!--{if $_G[inajax]}--><span><a href="javascript:;" onclick="hideWindow('$_GET[handlekey]');" class="flbc" title="{lang close}">{lang close}</a></span><!--{/if}-->
 		</h3>
 		<div id="$plid">
-			<form id="pmignoreform_{$plid}" name="pmignoreform_{$plid}" method="post" autocomplete="off" action="home.php?mod=spacecp&ac=pm&op=pm_ignore&plid=$plid&username=$username"  {if $_G[inajax]}onsubmit="ajaxpost(this.id, 'return_$_GET[handlekey]');"{/if}>
+			<form id="pmignoreform_{$plid}" name="pmignoreform_{$plid}" method="post" autocomplete="off" action="home.php?mod=spacecp&ac=pm&op=pm_ignore&plid=$plid&username={echo urlencode($username)}"  {if $_G[inajax]}onsubmit="ajaxpost(this.id, 'return_$_GET[handlekey]');"{/if}>
 				<!--{if $_G[inajax]}--><input type="hidden" name="handlekey" value="$_GET[handlekey]" /><!--{/if}-->
 				<input type="hidden" name="referer" value="{echo dreferer()}" />
 				<input type="hidden" name="pmignoresubmit" value="true" />