lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-05 07:20:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,874 Commits 1 Branch 0 Tags
db4982f8f7cb23025b68ca747b95a13d2bbd632e
Commit Graph

7 Commits

Author SHA1 Message Date
SPC
a80f53d4f4 fix: Change Refresh into Location 
If use Refresh, it will not work on some browser and
some protocols (e.g. HTTP/2). So, change Refresh
into Location.

Signed-off-by: SPC <github@spcsky.com>
 2025-02-19 20:04:54 +08:00
xiaomlove
dd36d6a654 add role filter to bulk message 2022-09-20 18:47:33 +08:00
xiaomlove
4652b3395b fix stassmess 2022-08-11 23:41:11 +08:00
xiaomlove
e9b141fc00 modal show global 2022-08-10 17:38:05 +08:00
CZ
ce05680219 修复3个安全漏洞 (#15) 
* 修复趣味盒未授权访问漏洞

趣味盒页面未做鉴权游客可以任意查看或发送内容

* 修复sql注入漏洞

* 修复sql注入 详见描述

代码第19行		if (!is_valid_id($class) && $class != 0)
如果class 为"sleep(5)" 虽然过不了is_valid_id校验 但是由于php 弱类型 非数字开头的字符串 最终会判断为 $class = 0 绕过了校验
另外建议is_valid_id 改为更直接的intval 将用户输入的的数据强制转换成int 防止sql注入
 2021-05-19 13:49:41 +08:00
xiaomlove
4e7fb39d90 fix common undefined constant error 2021-03-31 03:17:33 +08:00
xiaomlove
0541f2a6c0 add composer 2021-01-13 19:32:26 +08:00