bozhihouc/SRCMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3f830d2cee30f1335ba7b388f8c19376757852b9
SRCMS/Application/Home/Controller/PostController.class.php
Martin Zhou 3f830d2cee SRCMS·轻响应 V1.7正式版 
修复
1. 前台验证码刷新无效问题
2. 前台用户在后台管理界面密码修改逻辑缺陷
3. 前台用户上传附件越权查看漏洞
新增:
1. 用户密码存储加盐
2016-12-02 12:24:27 +08:00

50 lines
1.5 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
*/
namespace Home\Controller;
use Think\Controller;
class PostController extends Controller{
public function index($key="")
{
if($key == ""){
$model = M('post');
}else{
$where['title'] = array('like',"%$key%");
$where['name'] = array('like',"%$key%");
$where['_logic'] = 'or';
$model = M('post')->where($where);
}
$count = $model->where($where)->count();// 查询满足要求的总记录数
$Post = new \Extend\Page($count,15);// 实例化分页类 传入总记录数和每页显示的记录数(25)
$show = $Post->show();// 分页显示输出
$pages = $model->limit($Post->firstRow.','.$Post->listRows)->where($where)->where('visible=1')->order('id DESC')->select();
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
$this->assign('model', $pages);
$this->assign('page',$show);
$this->display();
}
public function view(){
$id = I('get.id',0,'intval'); //对传入数字参数做整数校验规避SQLinjection漏洞
$model = M('post')->where('id='.$id)->where('visible=1')->find();
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
$this->assign('model',$model);
$this->display();
}
}
Reference in New Issue View Git Blame Copy Permalink