bug

server/Application/Api/Controller/CatalogController.class.php

@@ -278,7 +278,7 @@ class CatalogController extends BaseController {
         if ($data_array) {
             foreach ($data_array as $key => $value) {
                 if ($value['cat_name']) {
-                    $ret = D("Catalog")->where(" cat_id = '$value[cat_id]' and item_id = '$item_id' ")->save(array(
+                    $ret = D("Catalog")->where(" cat_id = '%d' and item_id = '%d' ",array($value['cat_id'],$item_id) )->save(array(
                         "cat_name" => $value['cat_name'] ,
                         "parent_cat_id" => $value['parent_cat_id'] ,
                         "level" => $value['level'] ,
@@ -286,7 +286,7 @@ class CatalogController extends BaseController {
                         ));
                 }
                 if ($value['page_id'] > 0) {
-                    $ret = D("Page")->where(" page_id = '$value[page_id]' and item_id = '$item_id' ")->save(array(
+                    $ret = D("Page")->where(" page_id = '%d' and item_id = '%d' " ,array($value['page_id'],$item_id) )->save(array(
                         "cat_id" => $value['parent_cat_id'] ,
                         "s_number" => $value['s_number'] ,
                         ));

server/Application/Api/Controller/ItemGroupController.class.php

@@ -78,7 +78,7 @@ class ItemGroupController extends BaseController {
         $uid = $login_user['uid'] ;
         if($data_array){
             foreach ($data_array as $key => $value) {
-                $id = $value['id'] ;
+                $id = intval($value['id']);
                 $ret = D("ItemGroup")->where(" id = '$id' and uid = '{$uid}'")->save(array('s_number'=>$value['s_number']));
             }
         }

server/Application/Api/Controller/PageController.class.php

@@ -333,7 +333,7 @@ class PageController extends BaseController {
         $data_array = json_decode(htmlspecialchars_decode($pages) , true) ;
         if ($data_array) {
             foreach ($data_array as $key => $value) {
-                $ret = D("Page")->where(" page_id = '$key' and item_id = '$item_id' ")->save(array(
+                $ret = D("Page")->where(" page_id = '%d' and item_id = '%d' ",array($key ,$item_id ) )->save(array(
                     "s_number" => $value ,
                     ));
             }

server/Application/Api/Controller/TeamItemController.class.php

@@ -13,7 +13,7 @@ class TeamItemController extends BaseController {
 
         $item_id = I("item_id");
         $team_id = I("team_id/d");
-
+        $item_id =  \SQLite3::escapeString($item_id) ;
         $teamInfo = D("Team")->where(" id = '$team_id' and uid = '$login_user[uid]' ")->find();
         if (!$teamInfo) {
             $this->sendError(10209,"无此团队或者你无管理此团队的权限");

server/Application/Api/Model/AttachmentModel.class.php

@@ -36,7 +36,7 @@ class AttachmentModel extends BaseModel {
 	}
 
 	public function deleteFile($file_id){
-
+		$file_id = intval($file_id) ;
 		$file = D("UploadFile")->where("file_id = '$file_id' ")->find();
 		$real_url = $file['real_url'] ;
 		$array = explode("/Public/Uploads/", $real_url) ;

server/Application/Api/Model/CaptchaModel.class.php

@@ -9,6 +9,7 @@ class CaptchaModel extends BaseModel {
 
 	public function check($captcha_id , $captcha, $none =''){
 		$time = time() ;
+		$captcha_id = intval($captcha_id) ;
 		$captcha_array = $this->where(" captcha_id = '$captcha_id' and expire_time > $time ")->find();
 		if ($captcha_array['captcha'] && $captcha_array['captcha'] == $captcha) {
 			//检查完就设置该验证码过期

server/Application/Api/Model/CatalogModel.class.php

@@ -105,6 +105,7 @@ class CatalogModel extends BaseModel {
 		if (!$cat_id) {
 			return false;
 		}
+		$cat_id = intval($cat_id) ;
 		//如果有子目录的话，递归把子目录清了
 		$cats = $this->where(" parent_cat_id = '$cat_id' ")->select();
 		if ($cats) {
@@ -144,12 +145,12 @@ class CatalogModel extends BaseModel {
 		$item_id = $catData[0]['item_id'] ;
 		$cat_id = 0 ;
 		//首先看是否被添加为项目成员
-		$itemMember = D("ItemMember")->where("uid = '$uid' and item_id = '$item_id' ")->find() ;
+		$itemMember = D("ItemMember")->where("uid = '%d' and item_id = '%d' ", array($uid ,$item_id ))->find() ;
 		if($itemMember && $itemMember['cat_id'] > 0 ){
 				$cat_id = $itemMember['cat_id'] ;
 		}
 		//再看是否添加为团队-项目成员
-		$teamItemMember = D("TeamItemMember")->where("member_uid = '$uid' and item_id = '$item_id' ")->find() ;
+		$teamItemMember = D("TeamItemMember")->where("member_uid = '%d' and item_id = '%d' ",array($uid ,$item_id ))->find() ;
 		if($teamItemMember && $teamItemMember['cat_id'] > 0 ){
 				$cat_id = $teamItemMember['cat_id'] ;
 		}
@@ -172,7 +173,7 @@ class CatalogModel extends BaseModel {
 	// $to_item_id 要复制到的项目id。可以是同一个项目，可以是跨项目。默认是同一个项目
 	public function copy($uid , $old_cat_id , $new_p_cat_id = 0 , $to_item_id = 0 ){
 		$userInfo = D("User")->userInfo($uid);
-		$old_cat_ary = $this->where("cat_id = '$old_cat_id' ")->find() ;
+		$old_cat_ary = $this->where("cat_id = '%d' ",array($old_cat_id) )->find() ;
 		$to_item_id = $to_item_id ? $to_item_id : $cat_ary['item_id'] ;
 	
 		//这里需要读取目录下的页面以及子目录信息
@@ -181,7 +182,7 @@ class CatalogModel extends BaseModel {
 		//获取$level.先初始化$level = 2 ;
 		$level = 2 ;
 		if($new_p_cat_id){
-			$p_cat_ary = $this->where("cat_id = '$new_p_cat_id' ")->find() ;
+			$p_cat_ary = $this->where("cat_id = '%d' " ,array($new_p_cat_id)  )->find() ;
 			$level = $p_cat_ary['level'] + 1 ;
 		}
 		//插入
@@ -191,6 +192,7 @@ class CatalogModel extends BaseModel {
 
 	//获取某个目录下的页面和子目录
 	public function getCat($cat_id){
+			$cat_id = intval($cat_id) ;
 			$cat_ary = $this->where("cat_id = '$cat_id' ")->find() ;
 			$item_id = $cat_ary['item_id'] ;
 			//获取项目下所有页面信息

server/Application/Api/Model/ItemModel.class.php

@@ -5,6 +5,7 @@ use Api\Model\BaseModel;
 class ItemModel extends BaseModel {
 
     public function export($item_id  , $uncompress = 0){
+        $item_id = intval($item_id) ;
         $item = D("Item")->where("item_id = '$item_id' ")->field(" item_type, item_name ,item_description,password ")->find();
         $page_field = "page_title ,cat_id,page_content,s_number,page_comments";
         $catalog_field = "cat_id,cat_name ,parent_cat_id,level,s_number";
@@ -148,6 +149,7 @@ class ItemModel extends BaseModel {
     }
 
     public function getContent($item_id , $page_field ="*" , $catalog_field ="*" , $uncompress = 0 ){
+            $item_id = intval($item_id) ;
             //获取该项目下的所有页面
             $all_pages = D("Page")->where("item_id = '$item_id' and is_del = 0 ")->order(" s_number asc , page_id asc  ")->field($page_field)->select();
             $pages = array() ;
@@ -238,6 +240,7 @@ class ItemModel extends BaseModel {
 
     //删除项目
     public function delete_item($item_id){
+        $item_id = intval($item_id) ;
         D("Page")->where("item_id = '$item_id' ")->delete();
         D("Page")->where("item_id = '$item_id' ")->delete();
         D("Catalog")->where("item_id = '$item_id' ")->delete();
@@ -251,6 +254,7 @@ class ItemModel extends BaseModel {
     
     //软删除项目
     public function soft_delete_item($item_id){
+        $item_id = intval($item_id) ;
         return $this->where("item_id = '$item_id' ")->save(array("is_del"=>1 ,"last_update_time"=>time()));
     }
 
@@ -268,7 +272,8 @@ class ItemModel extends BaseModel {
         if(!$menuData || !$menuData['catalogs']){
             return $menuData ;
         }
-
+        $uid = intval($uid) ; 
+        $item_id = intval($item_id) ;
         $cat_id = 0 ;
         //首先看是否被添加为项目成员
         $itemMember = D("ItemMember")->where("uid = '$uid' and item_id = '$item_id' ")->find() ;

server/Application/Api/Model/ItemTokenModel.class.php

@@ -22,6 +22,7 @@ class ItemTokenModel extends BaseModel {
 	}
 
 	public function getTokenByItemId($item_id){
+		$item_id = intval($item_id) ;
 		$item_token = $this->where("item_id='$item_id'")->find();
 		if (!$item_token) {
 			$this->createToken($item_id);
@@ -36,6 +37,7 @@ class ItemTokenModel extends BaseModel {
 	}
 
 	public function setLastTime($item_id){
+		$item_id = intval($item_id) ;
 		return $this->where("item_id='$item_id'")->save(array("last_check_time"=>time()));
 	}
 

server/Application/Api/Model/PageModel.class.php

@@ -144,6 +144,7 @@ class PageModel extends BaseModel {
 
    //软删除页面
    public function softDeletePage($page_id){
+    $page_id = intval($page_id) ;
       //放入回收站
       $login_user = session('login_user');
       $page = D("Page")->field("item_id,page_title")->where(" page_id = '$page_id' ")->find() ;
@@ -161,11 +162,13 @@ class PageModel extends BaseModel {
 
    //删除页面
    public function deletePage($page_id){
+    $page_id = intval($page_id) ;
       $ret = M("Page")->where(" page_id = '$page_id' ")->delete();
       return $ret;
    }
 
    public function deleteFile($file_id){
+    $file_id = intval($file_id) ;
         return D("Attachment")->deleteFile($file_id) ;
     }
 

server/Application/Api/Model/RunapiModel.class.php

@@ -11,6 +11,7 @@ class RunapiModel  {
     
     //获取全局参数
     public function getGlobalParam($item_id){
+        $item_id = intval($item_id) ; 
         $return = array(
             'query'=>array(),
             'body'=>array(),

server/Application/Api/Model/UserModel.class.php

@@ -52,6 +52,7 @@ class UserModel extends BaseModel {
 
     //删除用户
     public function delete_user($uid){
+        $uid = intval($uid) ;
         D("TeamMember")->where("member_uid = '$uid' ")->delete();
         D("TeamItemMember")->where("member_uid = '$uid' ")->delete();
         D("ItemMember")->where("uid = '$uid' ")->delete();

server/Application/Home/Model/ItemModel.class.php

@@ -5,6 +5,7 @@ use Home\Model\BaseModel;
 class ItemModel extends BaseModel {
 
     public function export($item_id){
+        $item_id = intval($item_id) ;
         $item = D("Item")->where("item_id = '$item_id' ")->field(" item_type, item_name ,item_description,password ")->find();
         //获取所有父目录id为0的页面
         $pages = D("Page")->where("cat_id = '0' and item_id = '$item_id' ")->field(" page_title ,page_content,s_number,page_comments ")->order(" s_number asc  ")->select();