From d9f7552c1006f1ecf1549711f1baece04fd7421c Mon Sep 17 00:00:00 2001
From: aozhiwei <aozhiwei@kingsome.cn>
Date: Wed, 2 Aug 2023 16:10:16 +0800
Subject: [PATCH] 1

---
 webapp/controller/ShopController.class.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/webapp/controller/ShopController.class.php b/webapp/controller/ShopController.class.php
index 2483f5b1..7651667a 100644
--- a/webapp/controller/ShopController.class.php
+++ b/webapp/controller/ShopController.class.php
@@ -197,10 +197,19 @@ class ShopController extends BaseAuthedController {
             $this->_rspErr(1, 'paramater error fiat');
             return;
         }
-        if (!$fiatAmount != 'USD') {
+        if (!$fiatAmount + 0.00001 < $goodsMeta['price']) {
             $this->_rspErr(1, 'paramater error fiatAmount');
             return;
         }
+        if (!in_array($crypto,
+                      array(
+                          'CEG',
+                          'ETH'
+                      )
+        )) {
+            $this->_rspErr(1, 'paramater error crypto');
+            return;
+        }
     }
 
     public function queryInAppBalance()