From 8bb0381cb4ae35dc51159b9e4bd5dd5ed0c2fdb9 Mon Sep 17 00:00:00 2001
From: tianya <yanghuxiao@vip.qq.com>
Date: Sun, 31 Dec 2023 21:59:13 +0800
Subject: [PATCH] =?UTF-8?q?sql=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98=E4=BF=AE=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/admin/content_batchup_action.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/admin/content_batchup_action.php b/src/admin/content_batchup_action.php
index 04f4bc73..35c65c21 100644
--- a/src/admin/content_batchup_action.php
+++ b/src/admin/content_batchup_action.php
@@ -14,11 +14,11 @@ require_once(DEDEINC."/typelink/typelink.class.php");
 require_once(DEDEADMIN."/inc/inc_batchup.php");
 @set_time_limit(0);
 //获取id条件
-if (empty($startid)) $startid = 0;
-if (empty($endid)) $endid = 0;
-if (empty($seltime)) $seltime = 0;
-if (empty($typeid)) $typeid = 0;
-if (empty($userid)) $userid = '';
+$startid = empty($startid)? 0 : intval($startid);
+$endid = empty($endid)? 0 : intval($endid);
+$seltime = empty($seltime)? 0 : intval($seltime);
+$typeid = empty($typeid)? 0 : intval($typeid);
+$userid = empty($userid)? '' : HtmlReplace($userid);
 //生成网页操作由其它页面处理
 if ($action == "makehtml") {
     $jumpurl  = "makehtml_archives_action.php?endid=$endid&startid=$startid";
@@ -33,6 +33,7 @@ if ($endid > $startid) $gwhere .= " AND id<= $endid ";
 $idsql = '';
 if ($typeid != 0) {
     $ids = GetSonIds($typeid);
+    $ids = preg_replace("#[^\d|,]#","",$ids);
     $gwhere .= " AND typeid IN($ids) ";
 }
 if ($seltime == 1) {