From b13b93a29ff47203e6d8830e63e1477a652cb9c3 Mon Sep 17 00:00:00 2001
From: tianya <yanghuxiao@vip.qq.com>
Date: Mon, 20 Feb 2023 22:25:17 +0800
Subject: [PATCH] fix

---
 src/apps/notify.php | 2 +-
 src/apps/return.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/apps/notify.php b/src/apps/notify.php
index 3c455443..f0c5716f 100644
--- a/src/apps/notify.php
+++ b/src/apps/notify.php
@@ -11,7 +11,7 @@
 require_once(dirname(__FILE__)."/../system/common.inc.php");
 
 $dopost = isset($dopost)? $dopost : '';
-$buyid = isset($out_trade_no)? $out_trade_no : '';
+$buyid = isset($out_trade_no)? HtmlReplace($out_trade_no, 1) : '';
 
 if ($dopost === 'alipay') {
     $moRow = $dsql->GetOne("SELECT * FROM `#@__member_operation` WHERE buyid='$buyid'");
diff --git a/src/apps/return.php b/src/apps/return.php
index 1787f00f..de521df0 100644
--- a/src/apps/return.php
+++ b/src/apps/return.php
@@ -11,7 +11,7 @@
 require_once(dirname(__FILE__)."/../system/common.inc.php");
 
 $dopost = isset($dopost)? $dopost : '';
-$buyid = isset($out_trade_no)? $out_trade_no : '';
+$buyid = isset($out_trade_no)? HtmlReplace($out_trade_no, 1) : '';
 
 if ($dopost === 'alipay') {
     $moRow = $dsql->GetOne("SELECT * FROM `#@__member_operation` WHERE buyid='$buyid'");