8.7wap安全问题改动记录。。。 [复制链接]

m/control/reply.php
找到forumCheck ( $fid, 'read' );  19行左右
在下面加上：
$pw_posts = GetPtable ( $rt ['ptable'] );
$replyAuthorid = $db->get_value("SELECT authorid FROM $pw_posts WHERE pid = ".pwEscape($pid));
找到$editright = ($isGM || pwRights($isBM,'deltpcs') || ($rt['authorid'] == $winduid));     29行左右
替换为：
$editright = ($isGM || pwRights($isBM,'deltpcs') || ($replyAuthorid == $winduid));

找到 $editright = ($isGM || pwRights($isBM,'deltpcs') || ($rt['authorid'] == $winduid));   69行左右

  !$editright && wap_msg ( '您没有权限编辑此回复' , 'index.php?a=reply&tid='.$tid.'&pid='.$pid );

  if (empty($step)) {
  $pw_posts = GetPtable ( $rt ['ptable'] );
  $reply = $db->get_one("SELECT * FROM $pw_posts WHERE pid = ".pwEscape($pid));
   $reply['content'] = str_replace(array('<','>',' '),array('<','>',' '),$reply['content']);
替换为：
  $pw_posts = GetPtable ( $rt ['ptable'] );
  $reply = $db->get_one("SELECT * FROM $pw_posts WHERE pid = ".pwEscape($pid));

  $editright = ($isGM || pwRights($isBM,'deltpcs') || ($reply['authorid'] == $winduid));
  !$editright && wap_msg ( '您没有权限编辑此回复' , 'index.php?a=reply&tid='.$tid.'&pid='.$pid );

  if (empty($step)) {
   $reply['content'] = str_replace(array('<','>',' '),array('<','>',' '),$reply['content']);