From efc8f9c2dfba983b51d56b2bb210206d364871ea Mon Sep 17 00:00:00 2001 From: tk Date: Fri, 12 Jul 2024 18:04:30 +0800 Subject: [PATCH] =?UTF-8?q?=E3=80=90=E7=B1=BB=09=E5=9E=8B=E3=80=91?= =?UTF-8?q?=EF=BC=9Afactor=20=E3=80=90=E4=B8=BB=09=E9=A2=98=E3=80=91?= =?UTF-8?q?=EF=BC=9A=E9=87=8D=E6=9E=84=E6=93=8D=E4=BD=9C=E8=AE=A2=E5=8D=95?= =?UTF-8?q?=E6=8E=A5=E5=8F=A3=20=E3=80=90=E6=8F=8F=09=E8=BF=B0=E3=80=91?= =?UTF-8?q?=EF=BC=9A=20=09[=E5=8E=9F=E5=9B=A0]=EF=BC=9A=E9=85=8D=E5=90=88?= =?UTF-8?q?=E5=85=A8=E6=AE=B5=E9=87=8D=E5=86=99=E7=9A=84=20=E5=87=BD?= =?UTF-8?q?=E6=95=B0=EF=BC=88=E5=8F=82=E6=95=B0=E5=8F=AF=E4=BB=A5=E6=8E=A5?= =?UTF-8?q?=E5=8F=97=E6=95=B0=E7=BB=84=EF=BC=89=20=E6=A0=B9=E6=8D=AE?= =?UTF-8?q?=E6=95=B0=E7=BB=84=E6=9D=A5=E6=9B=B4=E6=94=B9=E6=95=B0=E7=BB=84?= =?UTF-8?q?=E5=BA=93=E5=A4=9A=E4=B8=AA=E5=AD=97=E6=AE=B5=20=09[=E8=BF=87?= =?UTF-8?q?=E7=A8=8B]=EF=BC=9A=20=09[=E5=BD=B1=E5=93=8D]=EF=BC=9A=20?= =?UTF-8?q?=E3=80=90=E7=BB=93=09=E6=9D=9F=E3=80=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit # 类型 包含: # feat:新功能(feature) # fix:修补bug # docs:文档(documentation) # style: 格式(不影响代码运行的变动) # refactor:重构(即不是新增功能,也不是修改bug的代码变动) # test:增加测试 # chore:构建过程或辅助工具的变动 --- .../Controller/PlaneController.class.php | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/FlyCube/MpApi/Controller/PlaneController.class.php b/FlyCube/MpApi/Controller/PlaneController.class.php index b8787f1..038c89d 100644 --- a/FlyCube/MpApi/Controller/PlaneController.class.php +++ b/FlyCube/MpApi/Controller/PlaneController.class.php @@ -582,8 +582,8 @@ class PlaneController extends PublicController $where['shop_id'] = $this->tokenShop_id; } //前端提交数据校验 - if ($_REQUEST['id'] && $_REQUEST['state'] && $_REQUEST['val']) { - $where['id'] = $_REQUEST['id']; + if ($_REQUEST['id']) { + $where['id'] = intval($_REQUEST['id']); $orderDb = D('order'); $field = array('main_status', 'openid'); $order = $orderDb->where($where)->field($field)->find(); @@ -596,13 +596,18 @@ class PlaneController extends PublicController echo json_encode(array('status' => 0, 'msg' => '参数有误')); exit(); } - //操作数据库 - if ($_REQUEST['state'] == 'main_status') { - $data['main_status'] = $_REQUEST['val']; - } elseif ($_REQUEST['state'] == 'shipment_status') { - $data['shipment_status'] = $_REQUEST['val']; - } elseif ($_REQUEST['state'] == 'refund_status') { - $data['refund_status'] = $_REQUEST['val']; + //操作数据库 只能操作 主状态 执行状态 退款状态 执行飞机 + if ($_REQUEST['main_status']) { + $data['main_status'] = htmlspecialchars($_REQUEST['main_status']); + } + if ($_REQUEST['shipment_status']) { + $data['shipment_status'] = htmlspecialchars($_REQUEST['shipment_status']); + } + if ($_REQUEST['refund_status']) { + $data['refund_status'] = htmlspecialchars($_REQUEST['refund_status']); + } + if ($_REQUEST['by_plane_id']) { + $data['by_plane_id'] = intval($_REQUEST['by_plane_id']); } if ($orderDb->where($where)->save($data)) { //修改数据 $topicPrefix = makeTopicPrefix($order['openid']); //小程序端用户订阅主题的前缀 ps:订单对应的用户的openid算出来的