Food/food_server
3
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

【类 型】:refactor

Browse Source 
【原  因】:创建订单接口 添加 用户下单备注字段 的录入
【过  程】:添加用户备注字段的录入 并在此之前 进行提交数据的校验合法性防止恶意攻击
【影  响】:
This commit is contained in:
sszdot 2025-01-08 16:22:41 +08:00
parent b2ebd3c45b
commit da4e020ad4
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
FlyCube/Api/Controller/CheckController.class.php
View File

@ -117,6 +117,14 @@ class CheckController extends PublicController
exit(); //有问题跳出
}
// 校验备注字段
$remark = isset($_REQUEST['remark']) ? $_REQUEST['remark'] : '';
if (mb_strlen($remark, 'UTF-8') > 35) { // 限制最多 35 个字
echo json_encode(array('status' => 0, 'msg' => '备注内容不能超过35个字'));
exit(); // 备注超长,终止执行
}
$remark = htmlspecialchars($remark, ENT_QUOTES, 'UTF-8'); // 进一步防止注入处理非法字符XSS 防护)
// 创建订单
$data['shop_id'] = $_REQUEST['shop_id'];
$data['order_sn'] = date('y') . date('mdHi') . str_pad(mt_rand(1, 999), 3, '0', STR_PAD_LEFT);
@ -124,6 +132,7 @@ class CheckController extends PublicController
$data['total_price'] = $total_price;
$data['transport_price'] = $_REQUEST['transport_price'];
$data['pack_price'] = $_REQUEST['pack_price'];
$data['remark'] = $remark;
$data['total_num'] = $total_num;
$data['openid'] = $this->openid;