fix input check

helper/text_filter.php

@@ -21,4 +21,9 @@ class text_filter
 
         return $input;
     }
+    static public function filter_input($input)
+    {
+        $input = self::filter_html($input);
+        return $input;
+    }
 }

mobile/control/member_bonus.php

@@ -8,6 +8,7 @@
 
 require_once (BASE_ROOT_PATH . '/helper/bonus_helper.php');
 require_once (BASE_ROOT_PATH . '/helper/user_helper.php');
+require_once (BASE_ROOT_PATH . '/helper/text_filter.php');
 
 
 class member_bonusControl extends mbMemberControl
@@ -31,7 +32,10 @@ class member_bonusControl extends mbMemberControl
         }
         $param['send_type'] = $send_type; // '红包类型，1为随机红包，2为固定额度红包'
         $type_bless = isset($_GET['type_bless']) && !empty($_GET['type_bless']) ? $_GET['type_bless'] : self::def_bless;
-        $param['type_bless'] = urldecode($type_bless);
+        $type_bless = urldecode($type_bless);
+        $type_bless = text_filter::filter_input($type_bless);
+
+        $param['type_bless'] = $type_bless;
 
         $param['total_num'] = intval($_GET['total_num']);
         if($param['total_num'] <= 0) {

mobile/control/member_info.php

@@ -3,6 +3,7 @@
  * 获取用户信息
  ***/
 defined('InShopNC') or exit('Access Invalid!');
+require_once (BASE_ROOT_PATH . '/helper/text_filter.php');
 
 class member_infoControl extends mbMemberControl
 {
@@ -60,12 +61,15 @@ class member_infoControl extends mbMemberControl
         }
 
         if(isset($member_nickname)) {
+            $member_nickname = text_filter::filter_input($member_nickname);
             $update['member_nickname'] = $member_nickname;
         }
         if(isset($member_truename)) {
+            $member_truename = text_filter::filter_input($member_truename);
             $update['member_truename'] = $member_truename;
         }
         if(isset($member_signname)) {
+            $member_signname = text_filter::filter_input($member_signname);
             $update['member_signname'] = $member_signname;
         }
         if(isset($member_birthday))