针对phpsso模块添加过滤代码,最好的方式应该是将转义和过滤放在数据库操作的前一步,这样可以极有效缓解SQL注入带来的问题
打开:phpcmsmodulesmemberindex.php 大概673行左右
$username = isset($_POST@['username']) && is_username($_POST@['username']) ? trim($_POST@['username']) : showmessage(L('username_empty'), HTTP_REFERER);
//$password = isset($_POST@['password']) && trim($_POST@['password']) ? trim($_POST@['password']) : showmessage(L('password_empty'), HTTP_REFERER);
/* 过滤、转义 */
$password = isset($_POST@['password']) && trim($_POST@['password']) ? addslashes(urldecode(trim($_POST@['password']))) : showmessage(L('password_empty'), HTTP_REFERER);
/**/
