Security issue. Thanks Azareal from ForumPromotion.
このコミットが含まれているのは:
コミット
00a2061e1a
|
@ -822,11 +822,11 @@ class BoardController extends Controller {
|
|||
->insertGetId([
|
||||
'for_id' => $request->for_id,
|
||||
'title' => $request->title,
|
||||
'started_by' => $request->user_id,
|
||||
'started_by' => $check,
|
||||
'replies' => 0,
|
||||
'views' => 0,
|
||||
'last_date' => time(),
|
||||
'last_uid' => $request->user_id,
|
||||
'last_uid' => $check,
|
||||
'sticky' => 0,
|
||||
'lock' => 0,
|
||||
'poll' => 0,
|
||||
|
@ -837,7 +837,7 @@ class BoardController extends Controller {
|
|||
DB::table('for_posts')
|
||||
->insert([
|
||||
'top_id' => $addTopic,
|
||||
'user_id' => $request->user_id,
|
||||
'user_id' => $check,
|
||||
'post_date' => time(),
|
||||
'message' => $request->message,
|
||||
'delete' => 0,
|
||||
|
@ -873,8 +873,8 @@ class BoardController extends Controller {
|
|||
$add = DB::table('for_posts')
|
||||
->insert([
|
||||
'top_id' => $request->top_id,
|
||||
'user_id' => $request->user_id,
|
||||
'post_date' => $request->post_date,
|
||||
'user_id' => $check,
|
||||
'post_date' => time(),
|
||||
'message' => $request->message,
|
||||
'delete' => 0,
|
||||
'lastedit' => 0,
|
||||
|
@ -909,7 +909,7 @@ class BoardController extends Controller {
|
|||
return DB::table('for_posts')
|
||||
->where('id', $request->id)
|
||||
->update([
|
||||
'lastedit' => $request->lastedit,
|
||||
'lastedit' => time(),
|
||||
'message' => $request->message,
|
||||
'nolayout' => $request->nolayout
|
||||
]);
|
||||
|
|
|
@ -395,11 +395,11 @@ class UserController extends Controller {
|
|||
return 'Err!';
|
||||
}
|
||||
else {
|
||||
$getPC = $this->getTotalPostCount($request->user_id);
|
||||
$getPC = $this->getTotalPostCount($check);
|
||||
$getPC++;
|
||||
|
||||
return DB::table('usr_details')
|
||||
->where('user_id', $request->user_id)
|
||||
->where('user_id', $check)
|
||||
->update([
|
||||
'total_posts' => $getPC
|
||||
]);
|
||||
|
|
新しいイシューから参照