1，修复静态生成安全隐患。

2，修复api请求安全隐患。
3，修复用户退出后再次注册收验证码的问题。
4，其他细节。

application/admin/controller/Make.php

@@ -900,6 +900,10 @@ class Make extends Base
         if(empty($ids)){
             return $this->error(lang('param_err'));
         }
+        if( count( explode("./",$ids) ) > 1){
+            $this->error(lang('param_err').'2');
+            return;
+        }
         if(!is_array($ids)){
             $ids = explode(',',$ids);
         }

application/admin/view/extend/pay/codepay.html

@@ -1,7 +1,7 @@
 <div class="layui-tab-item">
 
     <fieldset class="layui-elem-field layui-field-title" style="margin-top: 30px;">
-        <legend>码支付设置 <a target="_blank" href="https://codepay.fateqq.com/i/40625" class="layui-btn layui-btn-primary">点击进入注册</a></legend>
+        <legend>码支付设置 <a target="_blank" href="https://api.xiuxiu888.com/i/40625" class="layui-btn layui-btn-primary">点击进入注册</a></legend>
     </fieldset>
 
     <div class="layui-form-item">

application/api/controller/Timming.php

@@ -61,35 +61,35 @@ class Timming extends Base
         }
     }
 
-    public function collect($param)
+    protected function collect($param)
     {
         @parse_str($param,$output);
         $request = controller('admin/collect');
         $request->api($output);
     }
 
-    public function make($param)
+    protected function make($param)
     {
         @parse_str($param,$output);
         $request = controller('admin/make');
         $request->make($output);
     }
 
-    public function cj($param)
+    protected function cj($param)
     {
         @parse_str($param,$output);
         $request = controller('admin/cj');
         $request->col_all($output);
     }
 
-    public function cache($param)
+    protected function cache($param)
     {
         @parse_str($param,$output);
         $request = controller('admin/index');
         $request->clear();
     }
 
-    public function urlsend($param)
+    protected function urlsend($param)
     {
         @parse_str($param,$output);
         $request = controller('admin/urlsend');

application/common/model/User.php

@@ -615,7 +615,7 @@ class User extends Base
         }
 
         $where=[];
-        $where['user_id'] = $GLOBALS['user']['user_id'];
+        $where['user_id'] = intval($GLOBALS['user']['user_id']);
         $where['msg_time'] = ['gt',$stime];
         $where['msg_code'] = ['eq',$param['code']];
         $where['msg_type'] = ['eq', $param['type'] ];
@@ -655,7 +655,7 @@ class User extends Base
             $stime = strtotime('-'.$GLOBALS['config']['email']['time'].' min');
         }
         $where=[];
-        $where['user_id'] = $GLOBALS['user']['user_id'];
+        $where['user_id'] = intval($GLOBALS['user']['user_id']);
         $where['msg_time'] = ['gt',$stime];
         $where['msg_type'] = ['eq', $param['type'] ];
         $where['msg_to'] = ['eq', $param['to'] ];
@@ -684,7 +684,7 @@ class User extends Base
         
         if($res_code==1){
             $data=[];
-            $data['user_id'] = $GLOBALS['user']['user_id'];
+            $data['user_id'] = intval($GLOBALS['user']['user_id']);
             $data['msg_type'] = $param['type'];
             $data['msg_status'] = 0;
             $data['msg_to'] = $to;

application/extra/version.php

@@ -3,7 +3,7 @@ return array (
     'name' => '苹果CMS内容管理系统',
     'copyright' => 'MacCMS',
     'url' => '//github.com/magicblack',
-    'code' => '2020.1000.1073',
+    'code' => '2020.1000.1074',
     'license' => '免费版',
 );
 ?>