Jelajahi Sumber

xxs漏洞修复

caiaolin 7 tahun lalu
induk
melakukan
156e1ff5fb

+ 3 - 3
protected/controller/AdminController.php

@@ -78,7 +78,7 @@ class AdminController extends DooController {
 		$client = new client ( ZHSSO );
 		
 		$is_login = $client->zhsso_member_login ( $data ['name'], $data ['password'] );
-		
+
 		$is_login = explode ( "\r", $is_login );
 		
 		if (is_numeric ( $is_login [0] )) {
@@ -95,9 +95,9 @@ class AdminController extends DooController {
 			elseif ($is_login [0] == - 3) //USER_NOACTION
 				$this->Messager ( "用户未激活", "http://sso.smartcost.com.cn/" );
 		} elseif (! empty ( $is_login [0] )) {
-			
+
 			$group = $this->userlogic->get_group_by_id ( $user ['groupid'] );
-			
+
 			if ($group ['grouptype'] != 1) {
 				
 				setcookie ( "auth_main", "", time () + 3600 * 24, "/", COOKIE_WEB_SITE );

+ 10 - 6
protected/controller/UserController.php

@@ -173,7 +173,7 @@ class UserController extends DooController {
 		$is_login = explode ( "\r", $is_login );
 
 
-		
+
 		if (is_numeric ( $is_login [0] )) {
 			if ($is_login [0] == USERNAME_ONFINE) {
 				
@@ -433,7 +433,9 @@ class UserController extends DooController {
 			$this->Messager ( "请先付款", "/question/add_vip" );
 		
 		$title = $this->get_args ( 'title' );
-		
+        // xxs过滤
+        $title = htmlspecialchars($title);
+
 		$description = stripcslashes ( $this->get_args ( 'description' ) );
 		
 		if (empty ( $title ) || empty ( $description ))
@@ -480,7 +482,7 @@ class UserController extends DooController {
 		$data ['qq'] = $this->userinfo ['qq'];
 		
 		$data ['phone'] = $this->userinfo ['phone'];
-		
+
 		if (! empty ( $rs )) { //防止重复提交
 			$data ['qid'] = $rs ['id'];
 			
@@ -509,7 +511,7 @@ class UserController extends DooController {
 		$data ['authorid'] = $this->userinfo ['uid'];
 		
 		$id = $this->userlogic->add_vip_question ( $data );
-		
+
 		if ($id == 0)
 			$this->Messager ( "操作失败-请重新操作", "/question/postenter" );
 		
@@ -563,7 +565,7 @@ class UserController extends DooController {
 		       $this->Messager("请检查验证是否正确", "/question/add");
 		    }
 		}
-		
+
 //		die;
 		
 //		if(!isset($_POST['vc']) || ($_SESSION['vc']!=$_POST['vc'])){
@@ -582,6 +584,8 @@ class UserController extends DooController {
 			$this->Messager ( "每" . $auth ['TIME_INTERVAL']/60 . "分钟内只可以发布" . $auth ['TIME_TOTALS'] . "条", "/" );
 		
 		$data ['title'] = $this->get_args ( 'title' );
+		// 防止xxs攻击
+        $data['title'] = htmlspecialchars($data['title']);
 		
 		$data ['category_id'] = $this->get_args ( 'category_id' );
 		
@@ -605,7 +609,7 @@ class UserController extends DooController {
 		//|| empty ( $data ['description'] )
 		if (empty ( $data ['title'] ) || (! is_numeric ( $data ['category_id'] )))
 			$this->Messager ( "问题发起不成功,请重新填写", "/question/add" );
-		
+
 		$id = $this->userlogic->add_question ( $data );
 		$_SESSION['vc']='NULL';
 		if ($id) {

+ 1 - 1
protected/logic/BaseLogic.php

@@ -302,7 +302,7 @@ abstract class BaseLogic {
 		$is_succes = explode ( "\r", $is_succes );
 
 		$ts = json_decode ( $is_succes ['0'], true );
-		
+
 		return $ts;
 	}
 	

+ 6 - 7
protected/logic/UserLogic.php

@@ -61,7 +61,7 @@ class UserLogic extends BaseLogic {
 	 */
 	function update_vip_question($id = 0, $title = "", $description = "", $uid = 0, $phone = "", $qq = "") {
 		$this->vipquestiondao->id = $id;
-		
+
 		$this->vipquestiondao->title = $title;
 		
 		$this->vipquestiondao->description = $description;
@@ -138,8 +138,7 @@ class UserLogic extends BaseLogic {
 		if ($data ['price'] > 0) {
 			//扣除通行证的钱	//用户表和记录表
 			$is = $this->set_credit3 ( - $data ['price'], $data ['authorid'], RICH_ACTION_OFFER, SSO_UID );
-			
-			if ($is === false)
+			if (!$is)
 				return 0;
 		}
 		
@@ -1089,18 +1088,18 @@ class UserLogic extends BaseLogic {
 	function set_credit3($price = 0, $uid = 0, $action_type = "", $sso_uid = 0) {
 		if ($sso_uid == 0)
 			return 0;
-		
+
 		$sso_price = abs ( $price );
-		
+
 		//扣除或者增加通行证金额
 		if ($price < 0)
 			$is = $this->offer_price_by_sso ( $sso_price, $sso_uid );
 		else
 			$is = $this->add_price_by_sso ( $sso_price, $sso_uid );
-		
+
 		if ($is <= 0)
 			return 0;
-		
+
 		$this->userdao->add_credit3 ( $price, $uid, $action_type );
 		
 		return $is;