通过敏感字符过滤，修复了sys_data_done.php中存在的SQL注入漏洞。 Signed-off-by: 再遇雌鹿 <1937635949@qq.com>

před 2 roky · fec34a6ecd
--- a/src/admin/sys_data_done.php
+++ b/src/admin/sys_data_done.php
@@ -100,6 +100,7 @@ if ($dopost == 'bak') {
        $fs = array();
        $bakStr = '';
        //分析表里的字段信息
        $nowtable = str_replace("`", "", $nowtable);
        $dsql->GetTableFields($nowtable);
        $intable = "INSERT INTO `$nowtable` VALUES(";
        while ($r = $dsql->GetFieldObject()) {