From c2193ab3a210a118d38f5cefa17900b42f90623a Mon Sep 17 00:00:00 2001
From: songliang <songliang@kingsome.cn>
Date: Sun, 16 Jul 2023 13:53:00 +0800
Subject: [PATCH] ...

---
 webapp/controller/ShopController.class.php | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/webapp/controller/ShopController.class.php b/webapp/controller/ShopController.class.php
index 54ff9a3d..da8260bc 100644
--- a/webapp/controller/ShopController.class.php
+++ b/webapp/controller/ShopController.class.php
@@ -844,10 +844,10 @@ class ShopController extends BaseAuthedController
     public function buyGoodsNormal()
     {
         $address = $this->_getAddress();
-        // if (empty($address)) {
-        //     $this->_rspErr(4, 'address is empty');
-        //     return;
-        // }
+        if (empty($address)) {
+            $this->_rspErr(4, 'address is empty');
+            return;
+        }
         $id = getReqVal('id', 0);
         $token_type = getReqVal('token_type', '');
         $goods_num = getReqVal('goods_num', 0);
@@ -1170,14 +1170,23 @@ class ShopController extends BaseAuthedController
     public function buyGoodsDS()
     {
         $idx = getReqVal('idx', 0);
-        $grid = getReqVal('grid', 0);
-        $count = getReqVal('count', 0);
+        if ($idx <= 0) {
+            $this->_rspErr(2, 'idx is invalid');
+            return;
+        }
 
+        $grid = getReqVal('grid', 0);
         if ($grid < 1 || $grid > 6) {
             $this->_rspErr(2, 'grid is invalid');
             return;
         }
 
+        $count = getReqVal('count', 0);
+        if ($count<=0) {
+            $this->_rspErr(2, 'count is invalid');
+            return;
+        }
+
         $conn = $this->_getMysql('');
 
         $row = SqlHelper::selectOne(