正在显示
2 个修改的文件
包含
5 行增加
和
1 行删除
@@ -39,11 +39,11 @@ class AdminFaultAuditController extends AdminBaseController{ | @@ -39,11 +39,11 @@ class AdminFaultAuditController extends AdminBaseController{ | ||
39 | ->field('a.*,b.serial_number,b.hospital,u.phone') | 39 | ->field('a.*,b.serial_number,b.hospital,u.phone') |
40 | ->join('equipment b','a.eq_name=b.name') | 40 | ->join('equipment b','a.eq_name=b.name') |
41 | ->join('users u','a.users_id=u.id') | 41 | ->join('users u','a.users_id=u.id') |
42 | + ->where('b.is_delete',0) | ||
42 | ->where($where) | 43 | ->where($where) |
43 | ->order('a.state','ase') | 44 | ->order('a.state','ase') |
44 | ->order('a.create_time','desc') | 45 | ->order('a.create_time','desc') |
45 | ->paginate(10); | 46 | ->paginate(10); |
46 | - | ||
47 | $this->assign('page',$data->render()); | 47 | $this->assign('page',$data->render()); |
48 | $this->assign('data',$data); | 48 | $this->assign('data',$data); |
49 | $this->assign('fault_type', isset($param['fault_type']) ? $param['fault_type'] : ''); | 49 | $this->assign('fault_type', isset($param['fault_type']) ? $param['fault_type'] : ''); |
simplewind/thinkphp/library/think/App.php
100644 → 100755
@@ -374,6 +374,10 @@ class App | @@ -374,6 +374,10 @@ class App | ||
374 | $controller = strip_tags($result[1] ?: $config['default_controller']); | 374 | $controller = strip_tags($result[1] ?: $config['default_controller']); |
375 | $controller = $convert ? strtolower($controller) : $controller; | 375 | $controller = $convert ? strtolower($controller) : $controller; |
376 | 376 | ||
377 | + if (!preg_match('/^[A-Za-z](\w|\.)*$/', $controller)) { | ||
378 | + throw new HttpException(404, 'controller not exists:' . $controller); | ||
379 | + } | ||
380 | + | ||
377 | // 获取操作名 | 381 | // 获取操作名 |
378 | $actionName = strip_tags($result[2] ?: $config['default_action']); | 382 | $actionName = strip_tags($result[2] ?: $config['default_action']); |
379 | $actionName = $convert ? strtolower($actionName) : $actionName; | 383 | $actionName = $convert ? strtolower($actionName) : $actionName; |
-
请 注册 或 登录 后发表评论