From 9e5e6ebd7d44c95acf0ed6217790306257510d67 Mon Sep 17 00:00:00 2001
From: LyLme <admin@lylme.com>
Date: Sat, 26 Mar 2022 17:23:57 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=20=E7=94=B3=E8=AF=B7?=
 =?UTF-8?q?=E6=94=B6=E5=BD=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apply/index.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/apply/index.php b/apply/index.php
index a028872..c4cf027 100644
--- a/apply/index.php
+++ b/apply/index.php
@@ -20,12 +20,22 @@ if(isset($_REQUEST['authcode'])) {
 				$status=0;
 			}
 		}
+		function strlens($str){
+		    if(strlen($str) > 255){
+		        return true;  
+		    }
+		    else{
+		        return false;
+		    }
+		}
 		if($sw == 1) {
 			if(empty($name) || empty($url) || empty($icon) || empty($group_id) || empty($mail) ) {
 				exit('<script>alert("提交失败,请确保所有选项都不为空！");history.go(-1);</script>');
 			} else if(!preg_match('{^http[s]?://([\w-]+\.)+[\w]+(/[\w-./%&=]*)\.(jpg|png|ico)$}i', $icon) 
 						|| !preg_match('{^http[s]?://([\w-]+\.)+[\w-]+(/[\w-./?%&#=]*)?$}i', $url)) {
 				exit('<script>alert("提交失败！输入不符合要求");history.go(-1);</script>');
+			} else if(strlens($name)||strlens($url)||strlens($icon)||strlens($group_id)||strlens($mail)){
+			    exit('<script>alert("非法参数！");history.go(-1);</script>'); 
 			} else {
 				if($DB->num_rows($DB->query("SELECT * FROM `lylme_apply` WHERE `apply_url` LIKE '".$url."';"))>0) {
 					exit('<script>alert("链接已存在，请勿重复提交！");history.go(-1);</script>');