From 36b93185710159709aeb6d9c2996fd61607ab059 Mon Sep 17 00:00:00 2001
From: tianya <tianya@benshar.com>
Date: Sun, 17 Apr 2022 09:48:11 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/install/index.php      | 1 -
 src/system/common.func.php | 5 ++++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/install/index.php b/src/install/index.php
index 7b35402e..678a4a88 100644
--- a/src/install/index.php
+++ b/src/install/index.php
@@ -20,7 +20,6 @@ $errmsg = '';
 if (version_compare(PHP_VERSION, '8.0.0', '>=')) {
     mysqli_report(MYSQLI_REPORT_OFF);
 }
-$moduleCacheFile = dirname(__FILE__).'/modules.tmp.inc';
 define('DEDEINC',dirname(__FILE__).'/../system');
 define('DEDEDATA',dirname(__FILE__).'/../data');
 define('DEDEROOT',preg_replace("#[\\\\\/]install#", '', dirname(__FILE__)));
diff --git a/src/system/common.func.php b/src/system/common.func.php
index 0035e896..1bca4b3e 100755
--- a/src/system/common.func.php
+++ b/src/system/common.func.php
@@ -329,12 +329,15 @@ function AddFilter($channelid, $type=1, $fieldsnamef="", $defaulttid=0, $loadtyp
 {
     global $tid,$dsql,$id;
     $tid = $defaulttid ? $defaulttid : $tid;
+    $id = intval($id);
+    $tid = intval($tid);
+    $channelid = intval($channelid);
     if ($id!="")
     {
         $tidsq = $dsql->GetOne("SELECT typeid FROM `#@__archives` WHERE id='$id' ");
         $tid = $tidsq["typeid"];
     }
-    $nofilter = (isset($_REQUEST['TotalResult']) ? "&TotalResult=".$_REQUEST['TotalResult'] : '').(isset($_REQUEST['PageNo']) ? "&PageNo=".$_REQUEST['PageNo'] : '');
+    $nofilter = (isset($_REQUEST['TotalResult']) ? "&TotalResult=".(int)$_REQUEST['TotalResult'] : '').(isset($_REQUEST['PageNo']) ? "&PageNo=".(int)$_REQUEST['PageNo'] : '');
     $filterarr = string_filter(stripos($_SERVER['REQUEST_URI'], "list.php?tid=") ? str_replace($nofilter, '', $_SERVER['REQUEST_URI']) : $GLOBALS['cfg_cmsurl']."/apps/list.php?tid=".$tid);
     $cInfos = $dsql->GetOne("SELECT * FROM  `#@__channeltype` WHERE id='$channelid' ");
     $fieldset=stripslashes($cInfos['fieldset']);