yunluo/gdk
1
0
Fork 0
mirror of https://github.com/yunluo/gdk.git synced 2024-05-04 15:33:23 +02:00
Code Issues Projects Releases Wiki Activity

修复无限积分购买的漏洞

Browse source
This commit is contained in:
云落 2021-01-16 22:17:28 +08:00
parent 195162580d
commit becd930c91
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
functions/Ajax.php
View file

@ -348,18 +348,24 @@ function bind_email_check()
add_action('wp_ajax_bind_email_check', 'bind_email_check');
add_action('wp_ajax_nopriv_bind_email_check', 'bind_email_check');
//积分支付
function point_buy()
{
if (isset($_POST['point']) && isset($_POST['userid']) && isset($_POST['id']) && $_POST['action'] == 'gdk_pay_buy') {
GDK_Points::set_points(-$_POST['point'],
$all = GDK_Points::get_user_total_points($_POST['userid'], 'accepted');
if( $all < $_POST['point']){
exit;
}else{
GDK_Points::set_points(-$_POST['point'],
$_POST['userid'],
array(
'description' => $_POST['id'],
'status' => get_option('points-points_status', 'accepted'),
'status' => 'accepted',
)
); //扣除金币
$pay_content = get_post_meta($_POST['id'], '_point_content', true);
exit($pay_content);
}
}
}
add_action('wp_ajax_gdk_pay_buy', 'point_buy');