From 3f218c568a8923ec18569d3ab01529323292fbe5 Mon Sep 17 00:00:00 2001
From: hujiabin <519660157@qq.com>
Date: Mon, 8 Jul 2024 16:16:55 +0800
Subject: [PATCH] 1

---
 webapp/controller/InGameMallController.class.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/webapp/controller/InGameMallController.class.php b/webapp/controller/InGameMallController.class.php
index e1903713..bc1453e9 100644
--- a/webapp/controller/InGameMallController.class.php
+++ b/webapp/controller/InGameMallController.class.php
@@ -249,6 +249,10 @@ class InGameMallController extends BaseAuthedController {
             $this->_rspErr(1, 'param price error');
             return;
         }
+        if ($priceBn > 0xFFFFFFFF) {
+            $this->_rspErr(1, 'param price error');
+            return;
+        }
         $propertyChgService = new PropertyChgService();
         if (\mt\Item::isBagItem($itemMeta['type'],$itemMeta['sub_type'])){
             $costItems = array(
@@ -329,6 +333,10 @@ class InGameMallController extends BaseAuthedController {
             myself()->_rspErr(1, 'cannot cancel the goods');
             return;
         }
+        if ($goodsDb['price'] < 0){
+            myself()->_rspErr(1, ' goods price error');
+            return;
+        }
         $costItems = array(
             array(
                 'item_id' => V_ITEM_GOLD,
@@ -532,6 +540,10 @@ EOD;
             $this->_rspErr(1, 'param price error');
             return;
         }
+        if ($priceBn > 0xFFFFFFFF) {
+            $this->_rspErr(1, 'param price error');
+            return;
+        }
         $goodsDb = InGameMall::findByOrderId($orderId);
         if (!$goodsDb) {
             myself()->_rspErr(1, 'goods not found');