织梦dedecms注入漏洞pm.php修复方法

else?if($dopost=='read') { ?$sql?=?"SELECT?*?FROM?`dede_member_friends`?WHERE?mid='{$cfg_ml->M_ID}'?AND?ftype!='-1'?ORDER?BY?addtime?DESC?LIMIT?20"; ?$friends?=?array(); ?$dsql->SetQuery($sql); ?$dsql->Execute(); ?while?($row?=?$dsql->GetArray()) ?{ ?$friends[]?=?$row; ?} ?//$id注入 ?$row?=?$dsql->GetOne("SELECT?*?FROM?`dede_member_pms`?WHERE?id='$id'?AND?(fromid='{$cfg_ml->M_ID}'?OR?toid='{$cfg_ml->M_ID}')");//ID没过滤 ?if(!is_array($row)) ?{ ?ShowMsg('对不起，你指定的消息不存在或你没权限查看！','-1'); ?exit(); ?} ?//$id注入 ?$dsql->ExecuteNoneQuery("UPDATE?`dede_member_pms`?SET?hasview=1?WHERE?id='$id'?AND?folder='inbox'?AND?toid='{$cfg_ml->M_ID}'"); ?$dsql->ExecuteNoneQuery("UPDATE?`dede_member_pms`?SET?hasview=1?WHERE?folder='outbox'?AND?toid='{$cfg_ml->M_ID}'"); ?include_once(dirname(__FILE__).'/templets/pm-read.htm'); ?exit(); }

else?if($dopost=='read') { ????$sql?=?"Select?*?From?`dede_member_friends`?where??mid='{$cfg_ml->M_ID}'?And?ftype!='-1'??order?by?addtime?desc?limit?20"; ????$friends?=?array(); ????$dsql->SetQuery($sql); ????$dsql->Execute(); ????while?($row?=?$dsql->GetArray()) ????{ ????????$friends[]?=?$row; ????} ????/*?$id过滤?*/ ????$id?=?intval($id); ????/*?*/ ????$row?=?$dsql->GetOne("Select?*?From?`dede_member_pms`?where?id='$id'?And?(fromid='{$cfg_ml->M_ID}'?Or?toid='{$cfg_ml->M_ID}')"); ????if(!is_array($row)) ????{ ????????ShowMsg('对不起，你指定的消息不存在或你没权限查看！','-1'); ????????exit(); ????} ????$dsql->ExecuteNoneQuery("Update?`dede_member_pms`?set?hasview=1?where?id='$id'?And?folder='inbox'?And?toid='{$cfg_ml->M_ID}'"); ????$dsql->ExecuteNoneQuery("Update?`dede_member_pms`?set?hasview=1?where?folder='outbox'?And?toid='{$cfg_ml->M_ID}'"); ????include_once(dirname(__FILE__).'/templets/pm-read.htm'); ????exit(); }