lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 20:17:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix massmail

Browse Source
This commit is contained in:
xiaomlove
2022-02-14 18:36:22 +08:00
parent 10a3f959db
commit a33f3308d4
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/massmail.php
+4 -4
View File
@@ -7,13 +7,13 @@ stderr("Error", "Permission denied.");
$class = intval($_POST["class"] ?? 0); $class = intval($_POST["class"] ?? 0);
if ($class) if ($class)
int_check($class,true); int_check($class,true);
$or = $_POST["or"] ?? '';
if (!in_array($or, ["<", ">", "=", "<=", ">="], true)) {
stderr("Error", "Invalid symbol!");
}
if ($_SERVER["REQUEST_METHOD"] == "POST") if ($_SERVER["REQUEST_METHOD"] == "POST")
{ {
$or = $_POST["or"] ?? '';
if (!in_array($or, ["<", ">", "=", "<=", ">="], true)) {
stderr("Error", "Invalid symbol!");
}
$res = sql_query("SELECT id, username, email FROM users WHERE class $or ".mysql_real_escape_string($class)) or sqlerr(__FILE__, __LINE__); $res = sql_query("SELECT id, username, email FROM users WHERE class $or ".mysql_real_escape_string($class)) or sqlerr(__FILE__, __LINE__);
$subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80); $subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80);