github/CRMEB
1
0
Fork 0
mirror of https://github.com/crmeb/CRMEB.git synced 2025-12-10 17:42:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

增加过滤参数,防止sql注入

Browse Source
This commit is contained in:
liaofei 2020-01-06 15:05:34 +08:00
parent d8c86a5d5f
commit 18b3f227e8
4 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crmeb/app/admin/controller/system/SystemDatabackup.php
View File

@ -32,6 +32,7 @@ class SystemDatabackup extends AuthController
'level' => 5,
);
$this->DB = new Backup($config);
$this->request->filter(['htmlspecialchars', 'strip_tags', 'addslashes', 'trim']);
}
/**

1
crmeb/app/admin/view/agent/agent_manage/index.php
View File

@ -351,6 +351,7 @@
},
mounted:function () {
this.getBadge();
var that = this;
layList.laydate.render({
elem:this.$refs.date_time,
trigger:'click',

2
crmeb/app/http/middleware/AllowOriginMiddleware.php
View File

@ -52,7 +52,7 @@ class AllowOriginMiddleware implements MiddlewareInterface
} else {
$response = $next($request)->header($header);
}
$request->filter(['htmlspecialchars', 'strip_tags', 'addslashes', 'trim']);
return $response;
}
}

2
crmeb/crmeb/services/UploadService.php
View File

@ -417,7 +417,7 @@ class UploadService
};
$fileName = Filesystem::putFile($this->uploadPath, $file);
if (!$fileName) return self::setError('图片上传失败!');
return self::successful(str_replace('\\', '/', $fileName));
return self::successful(str_replace('\\', '/', ($this->uploadPath ? $this->uploadPath . '/' : '') . $fileName));
}
/**