From 93dbed6237f8a72b868ce2c79ae3410de3ea3a2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BE=A1=E5=AE=85=E7=94=B7=28YznCMS=E5=AE=98=E6=96=B9=29?=
 <530765310@qq.com>
Date: Wed, 21 May 2025 02:54:57 +0000
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=89=8B=E6=9C=BA=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81=E7=A0=81=E5=8F=91=E9=80=81=E5=8F=82=E6=95=B0=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 御宅男(YznCMS官方) <530765310@qq.com>
---
 application/api/controller/Sms.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/application/api/controller/Sms.php b/application/api/controller/Sms.php
index 10a5421bc..e42a7a3ae 100644
--- a/application/api/controller/Sms.php
+++ b/application/api/controller/Sms.php
@@ -52,6 +52,9 @@ class Sms extends Api
         if (!$mobile || !\think\Validate::regex($mobile, "^1\d{10}$")) {
             $this->error(__('手机号不正确'));
         }
+        if (!preg_match("/^[a-z0-9_\-]{3,30}\$/i", $event)) {
+            $this->error(__('事件名称错误'));
+        }
         $last = Smslib::get($mobile, $event);
         if ($last && time() - $last['createtime'] < 60) {
             $this->error(__('发送频繁'));
@@ -102,6 +105,13 @@ class Sms extends Api
         if (!$mobile || !\think\Validate::regex($mobile, "^1\d{10}$")) {
             $this->error(__('手机号不正确'));
         }
+        if (!preg_match("/^[a-z0-9_\-]{3,30}\$/i", $event)) {
+            $this->error(__('事件名称错误'));
+        }
+        if (!preg_match("/^[a-z0-9]{4,6}\$/i", $captcha)) {
+            $this->error(__('验证码格式错误'));
+        }
+        
         if ($event) {
             $userinfo = User::getByMobile($mobile);
             if ($event == 'register' && $userinfo) {
-- 
Gitee