fix #781 修正不同系统数据密码使用%造成的问题

application/common/model/User.php

@@ -26,7 +26,7 @@ class User extends Base
         return $total;
     }
 
-    public function listData($where, $order, $page, $limit = 20)
+    public function listData($where, $order, $page = 1, $limit = 20, $start = 0)
     {
         $total = $this->where($where)->count();
         $list = Db::name('User')->where($where)->order($order)->page($page)->limit($limit)->select();
@@ -119,9 +119,9 @@ class User extends Base
         $config = config('maccms');
 
         $data = [];
-        $data['user_name'] = htmlspecialchars(urldecode(trim($param['user_name'])));
-        $data['user_pwd'] = htmlspecialchars(urldecode(trim($param['user_pwd'])));
-        $data['user_pwd2'] = htmlspecialchars(urldecode(trim($param['user_pwd2'])));
+        $data['user_name'] = $this->formatSpecialChars($param['user_name']);
+        $data['user_pwd'] = $this->formatSpecialChars($param['user_pwd']);
+        $data['user_pwd2'] = $this->formatSpecialChars($param['user_pwd2']);
         $data['verify'] = $param['verify'];
         $uid = $param['uid'];
         $is_from_3rdparty = !empty($param['user_openid_qq']) || !empty($param['user_openid_weixin']);
@@ -308,7 +308,7 @@ class User extends Base
         $data['user_question'] = htmlspecialchars(urldecode(trim($param['user_question'])));
         $data['user_answer'] = htmlspecialchars(urldecode(trim($param['user_answer'])));
         if (!empty($param['user_pwd2'])) {
-            $data['user_pwd'] = htmlspecialchars(urldecode(trim($param['user_pwd2'])));
+            $data['user_pwd'] = $this->formatSpecialChars($param['user_pwd2']);
         }
         return $this->saveData($data);
     }
@@ -316,8 +316,8 @@ class User extends Base
     public function login($param)
     {
         $data = [];
-        $data['user_name'] = htmlspecialchars(urldecode(trim($param['user_name'])));
-        $data['user_pwd'] = htmlspecialchars(urldecode(trim($param['user_pwd'])));
+        $data['user_name'] = $this->formatSpecialChars($param['user_name'], true);
+        $data['user_pwd'] = $this->formatSpecialChars($param['user_pwd'], true);
         $data['verify'] = $param['verify'];
         $data['openid'] = htmlspecialchars(urldecode(trim($param['openid'])));
         $data['col'] = htmlspecialchars(urldecode(trim($param['col'])));
@@ -478,11 +478,12 @@ class User extends Base
     public function findpass($param)
     {
         $data = [];
-        $data['user_name'] = htmlspecialchars(urldecode(trim($param['user_name'])));
+        $user_pwd_formatted = $this->formatSpecialChars($param['user_pwd']);
+        $data['user_name'] = $this->formatSpecialChars($param['user_name'], true);
         $data['user_question'] = htmlspecialchars(urldecode(trim($param['user_question'])));
         $data['user_answer'] = htmlspecialchars(urldecode(trim($param['user_answer'])));
-        $data['user_pwd'] = htmlspecialchars(urldecode(trim($param['user_pwd'])));
-        $data['user_pwd2'] = htmlspecialchars(urldecode(trim($param['user_pwd2'])));
+        $data['user_pwd'] = $this->formatSpecialChars($param['user_pwd'], true);
+        $data['user_pwd2'] = $this->formatSpecialChars($param['user_pwd2'], true);
         $data['verify'] = $param['verify'];
 
         if (empty($data['user_name']) || empty($data['user_question']) || empty($data['user_answer']) || empty($data['user_pwd']) || empty($data['user_pwd2']) || empty($data['verify'])) {
@@ -509,7 +510,7 @@ class User extends Base
         }
 
         $update = [];
-        $update['user_pwd'] = md5($data['user_pwd']);
+        $update['user_pwd'] = md5($user_pwd_formatted);
 
         $where = [];
         $where['user_id'] = $info['user_id'];
@@ -774,11 +775,13 @@ class User extends Base
             $to = htmlspecialchars(urldecode(trim($param['to'])));
         }
 
+        $user_pwd_formatted = $this->formatSpecialChars($param['user_pwd']);
         $param['code'] = htmlspecialchars(urldecode(trim($param['code'])));
-        $param['user_pwd'] = htmlspecialchars(urldecode(trim($param['user_pwd'])));
-        $param['user_pwd2'] = htmlspecialchars(urldecode(trim($param['user_pwd2'])));
+        $param['user_pwd'] = $this->formatSpecialChars($param['user_pwd']);
+        $param['user_pwd2'] = $this->formatSpecialChars($param['user_pwd2']);
 
-        if (strlen($param['user_pwd']) <6) {
+
+        if (strlen($param['user_pwd']) < 6) {
             return ['code' => 2002, 'msg' => lang('model/user/pass_length_err')];
         }
         if ($param['user_pwd'] != $param['user_pwd2']) {
@@ -820,7 +823,7 @@ class User extends Base
         }
 
         $update=[];
-        $update['user_pwd'] = md5($param['user_pwd']);
+        $update['user_pwd'] = md5($user_pwd_formatted);
 
         $res = $this->where($where)->update($update);
         if($res===false){
@@ -932,4 +935,17 @@ class User extends Base
 
         return ['code'=>1,'msg'=>lang('model/user/reward_ok')];
     }
+
+    /**
+     * 处理特殊字符
+     * @param $string
+     * @param false $compatibility bool 是否需要兼容
+     */
+    private function formatSpecialChars($string, $compatibility = false)
+    {
+        if ($compatibility === true) {
+            return htmlspecialchars(urldecode(trim($string)));
+        }
+        return htmlspecialchars(trim($string));
+    }
 }