Skip to content

Commit

Permalink
修复存在的安全问题及数据错误问题
Browse files Browse the repository at this point in the history
  • Loading branch information
@Cherry-toto
Cherry-toto committed Aug 10, 2022
1 parent f7add10 commit 969b031
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 4 deletions.
9 changes: 7 additions & 2 deletions app/home/c/CommonController.php
View file
Expand Up @@ -374,7 +374,12 @@ function get_fields(){
}
$id = $this->frparam('id');
if($id){
$data = M($molds)->find(array('id'=>$id));
if($molds=='member'){
$data = M($molds)->find(array('id'=>$this->member['id']));
}else{
$data = M($molds)->find(array('id'=>$id));
}

}else{
$data = array();
}
Expand Down Expand Up @@ -458,7 +463,7 @@ function get_fields(){
url: "'.U('common/uploads').'",//处理图片的文件路径
type: "POST",//传输方式
data: data,
dataType:"json",   //返回格式为json
dataType:"json",//返回格式为json
processData: false, // 告诉jQuery不要去处理发送的数据
contentType: false, // 告诉jQuery不要去设置Content-Type请求头
success: function(response){
Expand Down
5 changes: 3 additions & 2 deletions app/home/c/UserController.php
View file
Expand Up @@ -1218,7 +1218,7 @@ function release(){

if($this->frparam('id')){
$w['id'] = $this->frparam('id',1);
$a = M($w['molds'])->update(['id'=>$this->frparam('id')],$w);
$a = M($w['molds'])->update(['id'=>$this->frparam('id'),'member_id'=>$this->member['id']],$w);
if(!$a){
if($this->frparam('ajax')){
JsonReturn(['code'=>1,'msg'=>JZLANG('未修改内容,不能提交!')]);
Expand Down Expand Up @@ -1770,7 +1770,8 @@ function active(){
break;
case 5:
$model = new Page('shouchang');
$data = $model->where(['userid'=>$this->member['id']])->orderby('addtime desc')->limit($this->frparam('limit',0,15))->page($this->frparam('page',0,1))->go();
$member_id = $this->user['id'];
$data = $model->where(['userid'=>$member_id])->orderby('addtime desc')->limit($this->frparam('limit',0,15))->page($this->frparam('page',0,1))->go();
$model->file_ext = '';
$pages = $model->pageList(5,'?page=');
$this->pages = $pages;
Expand Down

0 comments on commit 969b031

Please sign in to comment.