From 799cdaebca685eb7de6ca31f49b08ece9973cff7 Mon Sep 17 00:00:00 2001
From: Devil <fuxiang.gong@qq.com>
Date: Sat, 31 Aug 2019 20:35:19 +0800
Subject: [PATCH] =?UTF-8?q?=E5=95=86=E5=93=81=E8=AF=A6=E6=83=85=E6=8E=A5?=
 =?UTF-8?q?=E5=8F=A3=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/index/controller/Goods.php | 28 ++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/application/index/controller/Goods.php b/application/index/controller/Goods.php
index c5418a166..810118814 100755
--- a/application/index/controller/Goods.php
+++ b/application/index/controller/Goods.php
@@ -256,6 +256,12 @@ class Goods extends Common
      */
     public function Favor()
     {
+        // 是否ajax请求
+        if(!IS_AJAX)
+        {
+            return $this->error('非法访问');
+        }
+        
         // 是否登录
         $this->IsLogin();
 
@@ -275,6 +281,12 @@ class Goods extends Common
      */
     public function SpecType()
     {
+        // 是否ajax请求
+        if(!IS_AJAX)
+        {
+            return $this->error('非法访问');
+        }
+
         // 开始处理
         $params = input('post.');
         return GoodsService::GoodsSpecType($params);
@@ -290,6 +302,12 @@ class Goods extends Common
      */
     public function SpecDetail()
     {
+        // 是否ajax请求
+        if(!IS_AJAX)
+        {
+            return $this->error('非法访问');
+        }
+
         // 开始处理
         $params = input('post.');
         return GoodsService::GoodsSpecDetail($params);
@@ -304,8 +322,18 @@ class Goods extends Common
      */
     public function Comment()
     {
+        // 是否ajax请求
+        if(!IS_AJAX)
+        {
+            return $this->error('非法访问');
+        }
+
         // 参数
         $params = input();
+        if(empty($params['goods_id']))
+        {
+            return DataReturn('参数有误', -1);
+        }
 
         // 分页
         $number = 10;