SRCMS V2.3

[修复] 后台处理订单提示“非法请求”
[修复] 用户前台无法调整商品兑换数量
[修复] 一处第三方组件造成的SSRF

Application/Admin/Controller/OrderController.class.php

@@ -39,14 +39,13 @@ class OrderController extends BaseController
 	
     public function update()
     {
-	  $id = I('get.id',0,'intval');
-	  $user_id = I('get.username',0,'intval');
         if (!IS_POST) {
-            $model = M('order')->where(array('id='=>$id))->find();
+            $id = I('get.id',0,'intval');
+            //$user_id = I('get.userid',0,'intval');
+            $model = M('order')->where(array('id'=>$id))->find();
             $this->assign('model',$model);
-		    $model = M('member');
-	        $info = $model->where(array('id'=>$user_id))-> select();
-			$this->assign('userM', $info);
+	        //$info =  M('member')->where(array('id'=>$user_id))-> select();
+		    //$this->assign('userM', $info);
             $this->display();
         }
         if (IS_POST) {