From 94e18f0abb07a4e63969cc7e3b24caf34bbcf721 Mon Sep 17 00:00:00 2001 From: tianya Date: Wed, 9 Mar 2022 22:24:29 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E5=91=BD=E4=BB=A4=E6=89=A7?= =?UTF-8?q?=E8=A1=8C=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/admin/sys_info_mark.php | 3 ++- src/user/inc/inc_pwd_functions.php | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/admin/sys_info_mark.php b/src/admin/sys_info_mark.php index 4f48836f..a9096964 100644 --- a/src/admin/sys_info_mark.php +++ b/src/admin/sys_info_mark.php @@ -26,7 +26,8 @@ if ($action == "save") { $vars = array('photo_markup', 'photo_markdown', 'photo_marktype', 'photo_wwidth', 'photo_wheight', 'photo_waterpos', 'photo_watertext', 'photo_fontsize', 'photo_fontcolor', 'photo_marktrans', 'photo_diaphaneity'); $configstr = $shortname = ""; foreach ($vars as $v) { - ${$v} = str_replace("'", "", ${'get_'.$v}); + $tmp = stripslashes(${'get_'.$v}); + ${$v} = addslashes(str_replace("'", "", $tmp)); $configstr .= "\${$v} = '".${$v}."';\r\n"; } if (is_uploaded_file($newimg)) { diff --git a/src/user/inc/inc_pwd_functions.php b/src/user/inc/inc_pwd_functions.php index 4239c5e0..fe8aadf2 100755 --- a/src/user/inc/inc_pwd_functions.php +++ b/src/user/inc/inc_pwd_functions.php @@ -100,10 +100,10 @@ function newmail($mid, $userid, $mailto, $type, $send) $key = md5($randval); $sql = "UPDATE `#@__pwd_tmp` SET `pwd` = '$key',mailtime = '$mailtime' WHERE `mid` ='$mid';"; if ($db->ExecuteNoneQuery($sql)) { - if ($send == 'Y') { + if ($send === 'Y') { sendmail($mailto, $mailtitle, $mailbody, $headers); ShowMsg('EMAIL修改验证码已经发送到原来的邮箱请查收', 'login.php'); - } elseif ($send == 'N') { + } elseif ($send === 'N') { return ShowMsg('稍后跳转到修改页', $cfg_basehost.$cfg_memberurl."/resetpassword.php?dopost=getpasswd&id=".$mid."&key=".$randval); } } else {