nexusphp

mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-03 14:10:57 +08:00

Author	SHA1	Message	Date
tonghoil	44e88a7404	新增候选提醒到管理组 1. 新增候选提醒到管理组消息 2. 修改发送私信的实现为message::add()	2025-09-16 20:14:51 +08:00
xiaomlove	2265a162ef	cancel include lang/_target	2025-04-21 11:57:24 +07:00
xiaomlove	d990723ebc	add lang: nl + deprecate lang/_target	2025-04-21 02:53:56 +07:00
xiaomlove	b79762686a	Refactoring user permissions	2022-08-20 19:11:28 +08:00
xiaomlove	eccc182e33	remove ad id & fix claim pager params	2022-05-07 22:11:24 +08:00
CZ	ce05680219	修复3个安全漏洞 (#15 ) * 修复趣味盒未授权访问漏洞趣味盒页面未做鉴权游客可以任意查看或发送内容 * 修复sql注入漏洞 * 修复sql注入详见描述代码第19行 if (!is_valid_id($class) && $class != 0) 如果class 为"sleep(5)" 虽然过不了is_valid_id校验但是由于php 弱类型非数字开头的字符串最终会判断为 $class = 0 绕过了校验另外建议is_valid_id 改为更直接的intval 将用户输入的的数据强制转换成int 防止sql注入	2021-05-19 13:49:41 +08:00
xiaomlove	4e7fb39d90	fix common undefined constant error	2021-03-31 03:17:33 +08:00
xiaomlove	0541f2a6c0	add composer	2021-01-13 19:32:26 +08:00