else if($dopost=='read') { $sql = "SELECT * FROM `dede_member_friends` WHERE mid='{$cfg_ml->M_ID}' AND ftype!='-1' ORDER BY addtime DESC LIMIT 20"; $friends = array(); $dsql->SetQuery($sql); $dsql->Execute(); while ($row = $dsql->GetArray()) { $friends[] = $row; } //$id注入 $row = $dsql->GetOne("SELECT * FROM `dede_member_pms` WHERE id='$id' AND (fromid='{$cfg_ml->M_ID}' OR toid='{$cfg_ml->M_ID}')");//ID沒過濾 if(!is_array($row)) { ShowMsg('對不起,你指定的消息不存在或你沒權(quán)限查看!','-1'); exit(); } //$id注入 $dsql->ExecuteNoneQuery("UPDATE `dede_member_pms` SET hasview=1 WHERE id='$id' AND folder='inbox' AND toid='{$cfg_ml->M_ID}'"); $dsql->ExecuteNoneQuery("UPDATE `dede_member_pms` SET hasview=1 WHERE folder='outbox' AND toid='{$cfg_ml->M_ID}'"); include_once(dirname(__FILE__).'/templets/pm-read.htm'); exit(); }
else if($dopost=='read') { $sql = "Select * From `dede_member_friends` where mid='{$cfg_ml->M_ID}' And ftype!='-1' order by addtime desc limit 20"; $friends = array(); $dsql->SetQuery($sql); $dsql->Execute(); while ($row = $dsql->GetArray()) { $friends[] = $row; } /* $id過濾 */ $id = intval($id); /* */ $row = $dsql->GetOne("Select * From `dede_member_pms` where id='$id' And (fromid='{$cfg_ml->M_ID}' Or toid='{$cfg_ml->M_ID}')"); if(!is_array($row)) { ShowMsg('對不起,你指定的消息不存在或你沒權(quán)限查看!','-1'); exit(); } $dsql->ExecuteNoneQuery("Update `dede_member_pms` set hasview=1 where id='$id' And folder='inbox' And toid='{$cfg_ml->M_ID}'"); $dsql->ExecuteNoneQuery("Update `dede_member_pms` set hasview=1 where folder='outbox' And toid='{$cfg_ml->M_ID}'"); include_once(dirname(__FILE__).'/templets/pm-read.htm'); exit(); }
版權(quán)聲明: 本站資源均來自互聯(lián)網(wǎng)或會員發(fā)布,如果侵犯了您的權(quán)益請與我們聯(lián)系,我們將在24小時內(nèi)刪除!謝謝!
轉(zhuǎn)載請注明: 織夢dedecms注入漏洞pm.php修復(fù)方法