作者 魏强

tongbu

@@ -39,11 +39,11 @@ class AdminFaultAuditController extends AdminBaseController{ @@ -39,11 +39,11 @@ class AdminFaultAuditController extends AdminBaseController{
39 ->field('a.*,b.serial_number,b.hospital,u.phone') 39 ->field('a.*,b.serial_number,b.hospital,u.phone')
40 ->join('equipment b','a.eq_name=b.name') 40 ->join('equipment b','a.eq_name=b.name')
41 ->join('users u','a.users_id=u.id') 41 ->join('users u','a.users_id=u.id')
  42 + ->where('b.is_delete',0)
42 ->where($where) 43 ->where($where)
43 ->order('a.state','ase') 44 ->order('a.state','ase')
44 ->order('a.create_time','desc') 45 ->order('a.create_time','desc')
45 ->paginate(10); 46 ->paginate(10);
46 -  
47 $this->assign('page',$data->render()); 47 $this->assign('page',$data->render());
48 $this->assign('data',$data); 48 $this->assign('data',$data);
49 $this->assign('fault_type', isset($param['fault_type']) ? $param['fault_type'] : ''); 49 $this->assign('fault_type', isset($param['fault_type']) ? $param['fault_type'] : '');
@@ -374,6 +374,10 @@ class App @@ -374,6 +374,10 @@ class App
374 $controller = strip_tags($result[1] ?: $config['default_controller']); 374 $controller = strip_tags($result[1] ?: $config['default_controller']);
375 $controller = $convert ? strtolower($controller) : $controller; 375 $controller = $convert ? strtolower($controller) : $controller;
376 376
  377 + if (!preg_match('/^[A-Za-z](\w|\.)*$/', $controller)) {
  378 + throw new HttpException(404, 'controller not exists:' . $controller);
  379 + }
  380 +
377 // 获取操作名 381 // 获取操作名
378 $actionName = strip_tags($result[2] ?: $config['default_action']); 382 $actionName = strip_tags($result[2] ?: $config['default_action']);
379 $actionName = $convert ? strtolower($actionName) : $actionName; 383 $actionName = $convert ? strtolower($actionName) : $actionName;