deprecate Utils::convertString() due to security

2016-09-30 20:53:43 +08:00 · 2016-09-30 20:53:43 +08:00 · a4ad0d7e19
commit a4ad0d7e19
parent a079331bf8
3 changed files with 2 additions and 26 deletions
--- a/app/Models/User.php
+++ b/app/Models/User.php
@ -55,7 +55,7 @@ class User
            $this->model        = UserModel::find($uid);
        } else {
            if (isset($info['email'])) {
-                $this->email    = Utils::convertString($info['email']);
+                $this->email    = e($info['email']);
                $this->model    = UserModel::where('email', $this->email)->first();
            } elseif (isset($info['username'])) {
                $player         = PlayerModel::where('player_name', $info['username'])->first();
--- a/app/Services/Utils.php
+++ b/app/Services/Utils.php
@ -8,30 +8,6 @@ use Log;

 class Utils
 {
-    /**
-     * Simple SQL injection protection
-     *
-     * @param  string $string
-     * @return string
-     */
-    public static function convertString($string)
-    {
-        return addslashes(trim($string));
-    }
-
-    /**
-     * Get the value of key in an array if index exist
-     *
-     * @param  string $key
-     * @param  array  $array
-     * @param  string $default
-     * @return string
-     */
-    public static function getValue($key, $array, $default = "")
-    {
-        return array_key_exists($key, $array) ? $array[$key] : $default;
-    }
-
    /**
     * Rename uploaded file
     *
--- a/setup/index.php
+++ b/setup/index.php
@ -41,7 +41,7 @@ switch ($step) {
                if (!check_password($password)) {
                    redirect_to('index.php?step=2', '无效的密码。密码长度应该大于 8 并小于 16。');

-                } else if (Utils::convertString($password) != $password) {
+                } else if (e($password) != $password) {
                    redirect_to('index.php?step=2', '无效的密码。密码中包含了奇怪的字符。');
                }
            } else {