From 1e5474677496e9916aee042c67f6e1e5ed8ab071 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=8F=99=E8=BF=B0=E3=80=81=E5=88=AB=E7=A6=BB?=
<2449271624@qq.com>
Date: Wed, 24 Jan 2024 17:29:06 +0800
Subject: [PATCH] =?UTF-8?q?=E9=AA=8C=E8=AF=81=E8=B4=A6=E5=8F=B7=E5=AF=86?=
=?UTF-8?q?=E7=A0=81=E4=B8=8D=E5=8F=AF=E4=BB=A5=E4=B8=AD=E6=96=87?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
src/admin/sys_admin_user_add.php | 8 ++++++--
src/admin/sys_admin_user_edit.php | 8 ++++----
src/install/install.html | 4 ++--
src/user/reg_new.php | 6 +++++-
4 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/src/admin/sys_admin_user_add.php b/src/admin/sys_admin_user_add.php
index a7087181..4be80f23 100644
--- a/src/admin/sys_admin_user_add.php
+++ b/src/admin/sys_admin_user_add.php
@@ -14,8 +14,12 @@ require_once(DEDEINC."/typelink/typelink.class.php");
if (empty($dopost)) $dopost = '';
if ($dopost == 'add') {
CheckCSRF();
- if (preg_match("#[^0-9a-zA-Z_@!\.-]#", $pwd) || preg_match("#[^0-9a-zA-Z_@!\.-]#", $userid)) {
- ShowMsg('密码或账号不合法,请使用数字0-9小写a-z大写A-Z符号_@!.-', '-1');
+ if (preg_match("#[^0-9a-zA-Z_@!\.-]#", $userid)) {
+ ShowMsg('账号不合法,请使用数字0-9小写a-z大写A-Z符号_@!.-', '-1');
+ exit();
+ }
+ if ($pwd != '' && preg_match("#[^0-9a-zA-Z_@!\.-]#", $pwd)) {
+ ShowMsg('密码不合法,请使用数字0-9小写a-z大写A-Z符号_@!.-', '-1');
exit();
}
$safecodeok = substr(md5($cfg_cookie_encode.$randcode), 0, 24);
diff --git a/src/admin/sys_admin_user_edit.php b/src/admin/sys_admin_user_edit.php
index d3540cbf..bb4eca2b 100644
--- a/src/admin/sys_admin_user_edit.php
+++ b/src/admin/sys_admin_user_edit.php
@@ -16,14 +16,14 @@ $id = preg_replace("#[^0-9]#", '', $id);
if ($dopost == 'saveedit') {
CheckCSRF();
$pwd = trim($pwd);
- if ($pwd != '' && preg_match("#[^0-9a-zA-Z_@!\.-]#", $pwd)) {
- ShowMsg('密码不合法,请使用数字0-9小写a-z大写A-Z符号_@!.-', '-1');
- exit();
- }
if (preg_match("#[^0-9a-zA-Z_@!\.-]#", $userid)) {
ShowMsg('账号不合法,请使用数字0-9小写a-z大写A-Z符号_@!.-', '-1');
exit();
}
+ if ($pwd != '' && preg_match("#[^0-9a-zA-Z_@!\.-]#", $pwd)) {
+ ShowMsg('密码不合法,请使用数字0-9小写a-z大写A-Z符号_@!.-', '-1');
+ exit();
+ }
$safecodeok = substr(md5($cfg_cookie_encode.$randcode), 0, 24);
if ($safecodeok != $safecode) {
ShowMsg("请填写正确的验证安全码", "sys_admin_user_edit.php?id={$id}&dopost=edit");
diff --git a/src/install/install.html b/src/install/install.html
index ab7f51ab..a3c38c4b 100644
--- a/src/install/install.html
+++ b/src/install/install.html
@@ -84,12 +84,12 @@
diff --git a/src/user/reg_new.php b/src/user/reg_new.php
index 7e82f176..056daec5 100755
--- a/src/user/reg_new.php
+++ b/src/user/reg_new.php
@@ -51,8 +51,12 @@ if ($step == 1) {
ShowMsg('账号不合法,请使用数字0-9小写a-z大写A-Z符号_@!.-', '-1');
exit();
}
+ if ($userpwd != '' && preg_match("#[^0-9a-zA-Z_@!\.-]#", $userpwd)) {
+ ShowMsg('密码不合法,请使用数字0-9小写a-z大写A-Z符号_@!.-', '-1');
+ exit();
+ }
if ($pwdc != $pwd) {
- ShowMsg('您两次输入的密码不一致', '-1');
+ ShowMsg('您两次输入的密码不一致,请重新输入', '-1');
exit();
}
$uname = HtmlReplace($uname, 1);