核销统一字段名

application/api/controller/company/Coupon.php

@@ -87,10 +87,15 @@ class Coupon extends Apic
 
     //统一核销,获取信息
     public function gethexiao(){
-        $code = input('code','');
+        $code = input('code','','trim');
+        $code = htmlspecialchars_decode($code);
         $code = explode('_',$code);
+        if(!is_array($code) || !isset($code[0]) || !isset($code[1])){
+            $this->error('错误的核销码');
+        }
+
         $action = $code[0];
-        $id = $code[1];
+        $id = intval($code[1]);
 
         if($action != 'hexiaocoupon' && $action != 'hexiaoorder'){
             $this->error('错误的核销码');