From b8e936dc0972888e3857f3b7af64e584f7922e55 Mon Sep 17 00:00:00 2001
From: v-Brocloni <v-brocloni@blackfish.cn>
Date: Tue, 31 Aug 2021 16:28:30 +0800
Subject: [PATCH] =?UTF-8?q?=E9=87=91=E9=A2=9D=E6=A0=BC=E5=BC=8F=E4=BC=98?=
 =?UTF-8?q?=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/admin/controller/unishop/Order.php | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/application/admin/controller/unishop/Order.php b/application/admin/controller/unishop/Order.php
index d1cba9e..237899c 100644
--- a/application/admin/controller/unishop/Order.php
+++ b/application/admin/controller/unishop/Order.php
@@ -668,6 +668,9 @@ class Order extends Backend
     public function doRefund(){
         $order_id = $this->request->get('id');
         $refund_fee = $this->request->get("refund_fee",0);
+        if (!$this->isAmount($refund_fee)) {
+            $this->error("退款金额格式错误");
+        }
         $order = $this->model->where([
             'id' => $order_id,
             'status'=>1,//订单状态正常
@@ -693,6 +696,24 @@ class Order extends Backend
         $this->success("提交成功", null);
 
     }
+    /**
+     * 金额校验函数
+     * @param $value
+     * @param bool $isZero
+     * @param bool $negative
+     * @return bool
+     */
+    function isAmount($value){
+        // 必须是整数或浮点数，且允许为负
+        if (!preg_match("/^[-]?\d+(.\d{1,2})?$/", $value)){
+            return false;
+        }
+        // 不为负数
+        if ((int)($value * 100) < 0){
+            return false;
+        }
+        return true;
+    }
 
     static function refundOrder($order,$refund_fee){
         if ($refund_fee == 0) {//如果未传入金额，则使用总金额