SRCMS V2.3

[修复] 后台处理订单提示“非法请求”
[修复] 用户前台无法调整商品兑换数量
[修复] 一处第三方组件造成的SSRF

Application/User/Controller/GiftController.class.php

@@ -56,6 +56,7 @@ class GiftController extends BaseController{
             $this->display();
         }
         if (IS_POST) {
+            $id = session('userId');
             $model = M("order");
 			$record = M('record');
 			$user = M('member')->where('id='.$id)->find();
@@ -64,7 +65,12 @@ class GiftController extends BaseController{
 				$this->error("安全币余额不足!", U('gift/index'));
 				exit();
 			}
-			$data = I();
+            $data = I();
+            if($data['num']<0){
+                $this->error("兑换数量非法！", U('gift/index'));
+				exit();
+            }
+            $price = $gift['price'] * $data['num'];
 			$data['gid'] = $gift['title']; 
 			$data['price'] = $gift['price']; 
 			$data['username'] = session('username');
@@ -74,7 +80,8 @@ class GiftController extends BaseController{
 			//记录兑换安全币变动日志
 			$rdata['type'] = 1;
 			$rdata['name'] = '兑换'.$gift['title'];
-			$rdata['content'] = '-安全币:'.$gift['price'];
+            $rdata['num'] = '数量:'.$gift['num'];
+			$rdata['content'] = '-安全币:'.$price;
 			$rdata['time'] = time();
 			$rdata['user'] = session('username');
 			$rdata['userid'] = session('userId');
@@ -85,10 +92,15 @@ class GiftController extends BaseController{
 			if($token != $user['token']){
 				$this->error("非法请求");
 			}
-
-			
-			$result = M('member')->where('id='.$id)->setDec('jinbi',$gift['price']);
-            if ($model->field('userid,username,gid,tel,alipay,realname,address,zipcode,price,update_time')->add($data)) {
+		    if($user['jinbi']<$price){
+				$this->error("安全币余额不足!", U('gift/index'));
+				exit();
+			}
+			$result = M('member')->where('id='.$id)->setDec('jinbi',$price);
+            if (!$result){
+               $this->error("兑换失败", U('gift/index'));
+			}
+            if ($model->field('userid,username,gid,tel,alipay,realname,address,zipcode,price,update_time,num')->add($data)) {
 				if($result){
                     $this->success("兑换成功", U('gift/order'));
 					}

Application/User/Controller/PostController.class.php

@@ -68,7 +68,39 @@ class PostController extends BaseController
             }
         }
     }
-	
+    
+	public function edit()
+    {
+        //默认显示添加表单
+        if (!IS_POST) {
+			$tmodel= M('setting');
+		    $title = $tmodel->where('id=1')->select();
+		    $this->assign('title', $title);
+        	$this->assign("category",getSortedCategory(M('category')->select()));
+            $this->display();
+        }
+        if (IS_POST) {
+            //如果用户提交数据
+            $model = D("Post");
+            $model->create_time = time();
+			$data = I();
+            if (!$model->field('title,user_id,cate_id,content')->create()) {
+                // 如果创建失败 表示验证没有通过 输出错误提示信息
+                $this->error($model->getError());
+                exit();
+            } else {
+                if ($model->add()) {
+					require "./././././ThinkPHP/Library/Org/Net/Mail.class.php";
+					$time = date("Y-m-d h:i:sa");
+					$con='您好,安全应急响应中心新增一份漏洞报告《 '.$data['title'].'》。请您及时登陆后台查看。';  
+					SendMail('1009465756@qq.com','新增漏洞报告提示',$con,'安全应急响应中心');
+                    $this->success("报告成功", U('post/index'));
+                } else {
+                    $this->error("报告失败");
+                }
+            }
+        }
+    }
 	public function view(){
 	    $rid = I('get.rid',0,'intval');
 		$model = M("Post");