修复一个sql 注入安全漏洞

star7th · Jan 5, 2017 · c07568b · c07568b
1 parent 4d1d503
commit c07568b
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/Application/Home/Controller/ItemController.class.php b/Application/Home/Controller/ItemController.class.php
@@ -134,6 +134,7 @@ public function show(){
         $current_page_id = I("page_id/d");
         //判断个性域名
         if ($item_domain) {
+            $item_domain = \SQLite3::escapeString($item_domain) ;
             $item = D("Item")->where("item_domain = '$item_domain' ")->find();
             if ($item['item_id']) {
                 $item_id = $item['item_id'] ;
@@ -170,6 +171,7 @@ private function _show_regular_item($item){
 
         //是否有搜索词
         if ($keyword) {
+            $keyword = \SQLite3::escapeString($keyword) ;
             $pages = D("Page")->where("item_id = '$item_id' and ( page_title like '%{$keyword}%' or page_content like '%{$keyword}%' ) ")->order(" `s_number` asc  ")->field("page_id,author_uid,cat_id,page_title,addtime")->select();
 
         }else{

diff --git a/composer.json b/composer.json
@@ -5,7 +5,7 @@
     "description": "ShowDoc is a tool greatly applicable for an IT team to share documents online",
     "keywords": ["showdoc","documents","Api"],
     "homepage": "https://github.com/star7th/showdoc",
-    "version":"v1.2.4",
+    "version":"v1.2.5",
     "license": "Apache-2.0",
     "authors": [
         {