问题主要在泄露了邮箱,和加密的密码信息。可能大部分不在意,但是如果是管理员账号就 不一样了,想避泄露信息,最简单办法是取消任何关注的话题就会避免。泄露方法就不公布了,希望大家网站都能稳定运行
如果你懂技术 修复方法是
把models下面的topic文件中大概568行(我的是3.0版本,其他自行寻找)get_focus_users_by_topic 方法的
public function get_focus_users_by_topic($topic_id, $limit = 10)
{
if ($uids = $this->query_all("SELECT DISTINCT uid FROM " . $this->get_table('topic_focus') . " WHERE topic_id = " . intval($topic_id), $limit))
{
return $this->model('account')->get_user_info_by_uids(fetch_array_value($uids, 'uid'));
}
} 修改为
public function get_focus_users_by_topic($topic_id, $limit = 10)
{
$user_list = array();
$uids = $this->query_all("SELECT DISTINCT uid FROM " . $this->get_table('topic_focus') . " WHERE topic_id = " . intval($topic_id), $limit);
if ($uids)
{
$user_list_query = $this->model('account')->get_user_info_by_uids(fetch_array_value($uids, 'uid'));
if ($user_list_query)
{
foreach ($user_list_query AS $user_info)
{
$user_list[$user_info['uid']]['uid'] = $user_info['uid'];
$user_list[$user_info['uid']]['user_name'] = $user_info['user_name'];
$user_list[$user_info['uid']]['avatar_file'] = get_avatar_url($user_info['uid'], 'mid');
$user_list[$user_info['uid']]['url'] = get_js_url('/people/' . $user_info['url_token']);
}
}
}
return $user_list;
}
阅读全文
收起全文
