fix massmail

This commit is contained in:
xiaomlove
2022-02-14 18:36:22 +08:00
parent 10a3f959db
commit a33f3308d4
+4 -4
View File
@@ -7,13 +7,13 @@ stderr("Error", "Permission denied.");
$class = intval($_POST["class"] ?? 0); $class = intval($_POST["class"] ?? 0);
if ($class) if ($class)
int_check($class,true); int_check($class,true);
$or = $_POST["or"] ?? '';
if (!in_array($or, ["<", ">", "=", "<=", ">="], true)) {
stderr("Error", "Invalid symbol!");
}
if ($_SERVER["REQUEST_METHOD"] == "POST") if ($_SERVER["REQUEST_METHOD"] == "POST")
{ {
$or = $_POST["or"] ?? '';
if (!in_array($or, ["<", ">", "=", "<=", ">="], true)) {
stderr("Error", "Invalid symbol!");
}
$res = sql_query("SELECT id, username, email FROM users WHERE class $or ".mysql_real_escape_string($class)) or sqlerr(__FILE__, __LINE__); $res = sql_query("SELECT id, username, email FROM users WHERE class $or ".mysql_real_escape_string($class)) or sqlerr(__FILE__, __LINE__);
$subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80); $subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80);