|
@@ -173,7 +173,7 @@ class UserController extends DooController {
|
|
|
$is_login = explode ( "\r", $is_login );
|
|
|
|
|
|
|
|
|
-
|
|
|
+
|
|
|
if (is_numeric ( $is_login [0] )) {
|
|
|
if ($is_login [0] == USERNAME_ONFINE) {
|
|
|
|
|
@@ -433,7 +433,9 @@ class UserController extends DooController {
|
|
|
$this->Messager ( "请先付款", "/question/add_vip" );
|
|
|
|
|
|
$title = $this->get_args ( 'title' );
|
|
|
-
|
|
|
+ // xxs过滤
|
|
|
+ $title = htmlspecialchars($title);
|
|
|
+
|
|
|
$description = stripcslashes ( $this->get_args ( 'description' ) );
|
|
|
|
|
|
if (empty ( $title ) || empty ( $description ))
|
|
@@ -480,7 +482,7 @@ class UserController extends DooController {
|
|
|
$data ['qq'] = $this->userinfo ['qq'];
|
|
|
|
|
|
$data ['phone'] = $this->userinfo ['phone'];
|
|
|
-
|
|
|
+
|
|
|
if (! empty ( $rs )) { //防止重复提交
|
|
|
$data ['qid'] = $rs ['id'];
|
|
|
|
|
@@ -509,7 +511,7 @@ class UserController extends DooController {
|
|
|
$data ['authorid'] = $this->userinfo ['uid'];
|
|
|
|
|
|
$id = $this->userlogic->add_vip_question ( $data );
|
|
|
-
|
|
|
+
|
|
|
if ($id == 0)
|
|
|
$this->Messager ( "操作失败-请重新操作", "/question/postenter" );
|
|
|
|
|
@@ -563,7 +565,7 @@ class UserController extends DooController {
|
|
|
$this->Messager("请检查验证是否正确", "/question/add");
|
|
|
}
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
// die;
|
|
|
|
|
|
// if(!isset($_POST['vc']) || ($_SESSION['vc']!=$_POST['vc'])){
|
|
@@ -582,6 +584,8 @@ class UserController extends DooController {
|
|
|
$this->Messager ( "每" . $auth ['TIME_INTERVAL']/60 . "分钟内只可以发布" . $auth ['TIME_TOTALS'] . "条", "/" );
|
|
|
|
|
|
$data ['title'] = $this->get_args ( 'title' );
|
|
|
+ // 防止xxs攻击
|
|
|
+ $data['title'] = htmlspecialchars($data['title']);
|
|
|
|
|
|
$data ['category_id'] = $this->get_args ( 'category_id' );
|
|
|
|
|
@@ -605,7 +609,7 @@ class UserController extends DooController {
|
|
|
//|| empty ( $data ['description'] )
|
|
|
if (empty ( $data ['title'] ) || (! is_numeric ( $data ['category_id'] )))
|
|
|
$this->Messager ( "问题发起不成功,请重新填写", "/question/add" );
|
|
|
-
|
|
|
+
|
|
|
$id = $this->userlogic->add_question ( $data );
|
|
|
$_SESSION['vc']='NULL';
|
|
|
if ($id) {
|