Browse Source

sql注入漏洞问题修复

tags/6.3.0
tianya 1 year ago
parent
commit
8bb0381cb4
1 changed files with 6 additions and 5 deletions
  1. +6
    -5
      src/admin/content_batchup_action.php

+ 6
- 5
src/admin/content_batchup_action.php View File

@@ -14,11 +14,11 @@ require_once(DEDEINC."/typelink/typelink.class.php");
require_once(DEDEADMIN."/inc/inc_batchup.php");
@set_time_limit(0);
//获取id条件
if (empty($startid)) $startid = 0;
if (empty($endid)) $endid = 0;
if (empty($seltime)) $seltime = 0;
if (empty($typeid)) $typeid = 0;
if (empty($userid)) $userid = '';
$startid = empty($startid)? 0 : intval($startid);
$endid = empty($endid)? 0 : intval($endid);
$seltime = empty($seltime)? 0 : intval($seltime);
$typeid = empty($typeid)? 0 : intval($typeid);
$userid = empty($userid)? '' : HtmlReplace($userid);
//生成网页操作由其它页面处理
if ($action == "makehtml") {
$jumpurl = "makehtml_archives_action.php?endid=$endid&startid=$startid";
@@ -33,6 +33,7 @@ if ($endid > $startid) $gwhere .= " AND id<= $endid ";
$idsql = '';
if ($typeid != 0) {
$ids = GetSonIds($typeid);
$ids = preg_replace("#[^\d|,]#","",$ids);
$gwhere .= " AND typeid IN($ids) ";
}
if ($seltime == 1) {


Loading…
Cancel
Save