lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 20:17:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix massmail

Browse Source
This commit is contained in:
xiaomlove
2022-02-14 18:36:22 +08:00
parent 10a3f959db
commit a33f3308d4
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/massmail.php
+5 -5
View File
@@ -7,13 +7,13 @@ stderr("Error", "Permission denied.");
$class = intval($_POST["class"] ?? 0); $class = intval($_POST["class"] ?? 0);
if ($class) if ($class)
int_check($class,true); int_check($class,true);
$or = $_POST["or"] ?? '';
if (!in_array($or, ["<", ">", "=", "<=", ">="], true)) {
stderr("Error", "Invalid symbol!");
}
if ($_SERVER["REQUEST_METHOD"] == "POST") if ($_SERVER["REQUEST_METHOD"] == "POST")
{ {
$or = $_POST["or"] ?? '';
if (!in_array($or, ["<", ">", "=", "<=", ">="], true)) {
stderr("Error", "Invalid symbol!");
}
$res = sql_query("SELECT id, username, email FROM users WHERE class $or ".mysql_real_escape_string($class)) or sqlerr(__FILE__, __LINE__); $res = sql_query("SELECT id, username, email FROM users WHERE class $or ".mysql_real_escape_string($class)) or sqlerr(__FILE__, __LINE__);
$subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80); $subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80);
@@ -33,7 +33,7 @@ $message = "Message received from ".$SITENAME." on " . date("Y-m-d H:i:s") . ".\
$message1 . "\n\n" . $message1 . "\n\n" .
"---------------------------------------------------------------------\n$SITENAME\n"; "---------------------------------------------------------------------\n$SITENAME\n";
$success = sent_mail($to,$SITENAME,$SITEEMAIL,$subject,$message,"Mass Mail",false); $success = sent_mail($to,$SITENAME,$SITEEMAIL,$subject,$message,"Mass Mail",false);
} }