mkm/dev_oa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#I8XDG7 修复不能越权删除他人的文章

Browse Source 
layui升级到2.9.6
This commit is contained in:
HDM58\hdm58 2024-01-25 18:53:57 +08:00
parent d2ea9239d3
commit e5233a0096
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/article/controller/Index.php
View File

@ -238,6 +238,10 @@ class Index extends BaseController
public function delete() public function delete()
{ {
$id = get_params("id"); $id = get_params("id");
$admin_id = Db::name('Article')->where('id',$id).value('uid');
if($admin_id!=$this->uid){
return to_assign(1, "你不是该知识的创建人,没权限删除");
}
$data['id'] = $id; $data['id'] = $id;
$data['delete_time'] = time(); $data['delete_time'] = time();
if (Db::name('Article')->update($data) !== false) { if (Db::name('Article')->update($data) !== false) {