github/CRMEB
1
0
Fork 0
mirror of https://github.com/crmeb/CRMEB.git synced 2025-12-12 11:09:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

增加过滤参数,防止sql注入

Browse Source
This commit is contained in:
liaofei 2020-01-06 15:05:34 +08:00
parent d8c86a5d5f
commit 18b3f227e8
4 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crmeb/app/admin/controller/system/SystemDatabackup.php
View File

@ -32,6 +32,7 @@ class SystemDatabackup extends AuthController
'level' => 5, 'level' => 5,
); );
$this->DB = new Backup($config); $this->DB = new Backup($config);
$this->request->filter(['htmlspecialchars', 'strip_tags', 'addslashes', 'trim']);
} }
/** /**

1
crmeb/app/admin/view/agent/agent_manage/index.php
View File

@ -351,6 +351,7 @@
}, },
mounted:function () { mounted:function () {
this.getBadge(); this.getBadge();
var that = this;
layList.laydate.render({ layList.laydate.render({
elem:this.$refs.date_time, elem:this.$refs.date_time,
trigger:'click', trigger:'click',

2
crmeb/app/http/middleware/AllowOriginMiddleware.php
View File

@ -52,7 +52,7 @@ class AllowOriginMiddleware implements MiddlewareInterface
} else { } else {
$response = $next($request)->header($header); $response = $next($request)->header($header);
} }
$request->filter(['htmlspecialchars', 'strip_tags', 'addslashes', 'trim']);
return $response; return $response;
} }
} }

2
crmeb/crmeb/services/UploadService.php
View File

@ -417,7 +417,7 @@ class UploadService
}; };
$fileName = Filesystem::putFile($this->uploadPath, $file); $fileName = Filesystem::putFile($this->uploadPath, $file);
if (!$fileName) return self::setError('图片上传失败!'); if (!$fileName) return self::setError('图片上传失败!');
return self::successful(str_replace('\\', '/', $fileName)); return self::successful(str_replace('\\', '/', ($this->uploadPath ? $this->uploadPath . '/' : '') . $fileName));
} }
/** /**