野草weedcmsV5.2.1 任意删除文件漏洞

　　member.php

　　if($action=='edit_member_ok'){ //member.php?action=edit_member_ok

　　check_request(); //检查来路

　　if(!check_login()){ //检测是否登录会员

　　message(array('text'=>$language['please_login'],'link'=>'member.php'));

　　}

　　...省略一堆无关东西

　　$member_photo_delete=empty($_POST['member_photo_delete'])?'':trim($_POST['member_photo_delete']);

　　..继续省略一堆无关东西

　　if(!empty($member_photo_delete)){

　　@unlink(ROOT_PATH."/uploads/".$member_photo_delete);

　　//直接删除了