code

service/login.class.php

@@ -1081,6 +1081,14 @@ class login {
         $loginName = common::check_input($_POST['uname']);
         $old_password = common::check_input($_POST['old_password']);
         $password = common::check_input($_POST['password']);
+        if (empty($old_password) || empty($password)){
+                $data = array(
+                    'msg' => 'Old password  or New password is incorrect!',
+                    'data' => ''
+            );
+            common::echo_json_encode(500, $data);
+            exit();
+        }
     
         //首先校验验证码 暂时注销掉
         // $verifcation_code = "";
@@ -1210,18 +1218,24 @@ class login {
             exit();
         }else{
             $reference_number_lower = strtolower($reference_number);
-            $online_ocean_sql = "select serial_no,order_from from public.kln_ocean 
-                where ((ARRAY['$reference_number_lower'] && array_append(ARRAY[lower(booking_no::text), lower(h_bol::text), lower(m_bol), lower(carrier_booking), lower(quote_no), lower(tracking_no)]||string_to_array(lower(ctnrs),','), ''::text))
-                    or lower(po_no) like '%$reference_number_lower%'
-                    or lower(invoice_no) like '%$reference_number_lower%')";
-            $online_ocean_arr = common::excuteListSql($online_ocean_sql);        
-            if(empty($online_ocean_arr)){
+            $checked = common::checkInputInval($reference_number_lower);
+            if ($checked){
+                $online_ocean_sql = "select serial_no,order_from from public.kln_ocean 
+                    where ((ARRAY['$reference_number_lower'] && array_append(ARRAY[lower(booking_no::text), lower(h_bol::text), lower(m_bol), lower(carrier_booking), lower(quote_no), lower(tracking_no)]||string_to_array(lower(ctnrs),','), ''::text))
+                        or lower(po_no) like '%$reference_number_lower%'
+                        or lower(invoice_no) like '%$reference_number_lower%')";
+                $online_ocean_arr = common::excuteListSql($online_ocean_sql);        
+                if(empty($online_ocean_arr)){
+                    $data = array("msg" =>"No matches");
+                }elseif(!empty($online_ocean_arr) && utils::count($online_ocean_arr) > 1){
+                    $data = array("msg" =>"Multiple results");
+                }else{
+                    $data =  $this->getTrackingInfo($online_ocean_arr[0]["serial_no"],$online_ocean_arr[0]["order_from"]);  
+                }
+            } else {
                 $data = array("msg" =>"No matches");
-            }elseif(!empty($online_ocean_arr) && utils::count($online_ocean_arr) > 1){
-                $data = array("msg" =>"Multiple results");
-            }else{
-                $data =  $this->getTrackingInfo($online_ocean_arr[0]["serial_no"],$online_ocean_arr[0]["order_from"]);  
             }
+            
             common::echo_json_encode(200, $data);
             //记录查询log情况
             $detail = "";

utils/common.class.php

@@ -2470,6 +2470,33 @@ class common {
         }
     }
 
+    public static function checkInputInval($input) { 
+        $data = true;       
+        // 定义危险 SQL 关键字列表
+        $dangerousKeywords = [
+           'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'ALTER', 'CREATE', 
+           'UNION', 'EXEC', 'EXECUTE', 'TRUNCATE', 'GRANT', 'REVOKE', 
+           'WAITFOR', 'DELAY', 'PG_SLEEP', '--', ';'
+        ];
+       
+        // 检查是否包含危险关键字（不区分大小写）
+        foreach ($dangerousKeywords as $keyword) {
+            if (stripos($input, $keyword) !== false) {
+                $data = false;
+            }
+        }
+       
+        // 检查是否包含 SQL 注入常见模式
+        if (preg_match('/\b(OR|AND)\s+1\s*=\s*1\b/i', $input) || 
+           preg_match('/\bUNION\s+SELECT\b/i', $input)) {
+            $data = false;
+        }
+        if(!empty($input) && strlen($input) > 50){
+            $data = false;
+        }
+        return $data;
+    }
+
     //预加载写法
     public static function excuteObjectPrepareSql($sql,$param) {
         if (empty($sql))