Discuz! trade.php 数据库'注射'漏洞

文件trade.php: $message = trim$message; if$message $message = daddslashes$tradelog'message', 1."\t\t\t".$discuzuid."\t".$discuzuser."\t".$timestamp."\t".nl2brstriptagssubstr$message, 0, 200; //$message用substr处理了下,取前200个字符 else $message = daddslashes$tradelog'message', 1; $db-query"UPDATE...