ZeroDream/SakuraPanel
2
0
Fork 0
mirror of https://github.com/ZeroDream-CN/SakuraPanel.git synced 2025-01-12 09:52:52 +08:00
Code Issues Projects Releases Wiki Activity

Fix: Query string escape bug

Browse Source
This commit is contained in:
Akkariin Meiko 2020-01-21 13:51:14 +08:00 committed by GitHub
parent 7170f89920
commit a7a937e180
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api/index.php
View File

@ -110,12 +110,12 @@ if((isset($_GET['apitoken']) && $_GET['apitoken'] == API_TOKEN) || (isset($_GET[
// 目前只验证域名和子域名 // 目前只验证域名和子域名
$domain = $_GET['domain'] ?? "null"; $domain = $_GET['domain'] ?? "null";
$subdomain = $_GET['subdomain'] ?? "null"; $subdomain = $_GET['subdomain'] ?? "null";
$username = Database::escape($rs['username']); $username = $rs['username'];
$domain = Database::escape($domain); $domain = $domain;
$subdomain = Database::escape($subdomain); $subdomain = $subdomain;
$domainSQL = (isset($_GET['domain']) && !empty($_GET['domain'])) ? ["domain" => $domain] : ["subdomain" => $subdomain]; $domainSQL = (isset($_GET['domain']) && !empty($_GET['domain'])) ? ["domain" => $domain] : ["subdomain" => $subdomain];
$querySQL = [ $querySQL = [
"username" => $username, "username" => $username,
"proxy_type" => $proxyType "proxy_type" => $proxyType
]; ];
$querySQL = Array_merge($querySQL, $domainSQL); $querySQL = Array_merge($querySQL, $domainSQL);