diff --git a/app/web/controller/Account.php b/app/web/controller/Account.php index 25da52f5497bca12928e1d26fb08be4f727e5a68..8f7a786ce531af7489d27fe1057b5ba4542ba0d7 100644 --- a/app/web/controller/Account.php +++ b/app/web/controller/Account.php @@ -54,11 +54,11 @@ class Account extends Base{ $this->assign('coin',$result[0]['ojcoin']); $this->assign('user_id',$result[0]['user_id']); $this->assign('email',$result[0]['email']); - $this->assign('nick',$result[0]['nick']); - $this->assign('school',$result[0]['school']); - $this->assign('qq',$result[0]['qq']); - $this->assign('blog',$result[0]['blog']); - $this->assign('brief',$result[0]['brief']); + $this->assign('nick',htmlspecialchars($result[0]['nick'])); + $this->assign('school', htmlspecialchars($result[0]['school'])); + $this->assign('qq',htmlspecialchars($result[0]['qq'])); + $this->assign('blog',htmlspecialchars($result[0]['blog'])); + $this->assign('brief',htmlspecialchars($result[0]['brief'])); return $this->fetch(); } public function alterinfo() { @@ -68,11 +68,16 @@ class Account extends Base{ $this->assign('src',$result[0]['head']); $this->assign('user_id',$result[0]['user_id']); $this->assign('email',$result[0]['email']); - $this->assign('nick',$result[0]['nick']); - $this->assign('school',$result[0]['school']); - $this->assign('qq',$result[0]['qq']); - $this->assign('blog',$result[0]['blog']); - $this->assign('brief',$result[0]['brief']); + $this->assign('nick',htmlspecialchars($result[0]['nick'])); + $this->assign('school', htmlspecialchars($result[0]['school'])); + $this->assign('qq',htmlspecialchars($result[0]['qq'])); + $this->assign('blog',htmlspecialchars($result[0]['blog'])); + $this->assign('brief',htmlspecialchars($result[0]['brief'])); + // $this->assign('nick',$result[0]['nick']); + // $this->assign('school',$result[0]['school']); + // $this->assign('qq',$result[0]['qq']); + // $this->assign('blog',$result[0]['blog']); + // $this->assign('brief',$result[0]['brief']); return $this->fetch(); } public function upload_picture() { diff --git a/app/web/controller/Community.php b/app/web/controller/Community.php index 8901995eee26a3335fb9edda9416b4f3f41afcea..6327226df77f7de8ed535a0d51e936e669a60915 100644 --- a/app/web/controller/Community.php +++ b/app/web/controller/Community.php @@ -125,7 +125,7 @@ class Community extends Base { if(empty($info)) return; $this->assign('from', $from); - $this->assign('title', $info['title']); + $this->assign('title', htmlspecialchars($info['title'])); $this->assign('tid',$tid); $data['content']=$this->fetch("send_support_message"); $data['time']=time(); diff --git a/app/web/controller/Problem.php b/app/web/controller/Problem.php index 9bc7495fc2b67f4c08331e6a58f518e4a7ad71c2..36185207c3a117ec7d19d6a7f6cdf774c5b7b31e 100644 --- a/app/web/controller/Problem.php +++ b/app/web/controller/Problem.php @@ -154,7 +154,7 @@ class Problem extends Base{ } public function get_tag($pid) { $have_tag_id=db('problem_tag_match')->where(['problem_id'=>$pid])->field('tag_id')->select(); - $have_tag_name=$have_tag_id; + $have_tag_name=array(); foreach ($have_tag_id as $key => $value) { $tmp_tag_name=db('problem_tag')->where(['tag_id'=>$value['tag_id']])->field('tag_name')->select(); // dump($tmp_tag_name); diff --git a/app/web/view/pc/account/alterinfo.html b/app/web/view/pc/account/alterinfo.html index 91f1eabb2d169afc45fb4ac4ba12d0882c9e2548..e7bd283ec99b781ee9782bb1d799dd6c92f111b2 100644 --- a/app/web/view/pc/account/alterinfo.html +++ b/app/web/view/pc/account/alterinfo.html @@ -35,7 +35,7 @@
- +
diff --git a/app/web/view/pc/account/info.html b/app/web/view/pc/account/info.html index b855738384d3f4f9f3f89c53bb79999afba5428e..4dd69d5d47fad442c285d7ac1b833a73b171f1e6 100644 --- a/app/web/view/pc/account/info.html +++ b/app/web/view/pc/account/info.html @@ -38,7 +38,7 @@
- +
diff --git a/app/web/view/pc/community/articles.html b/app/web/view/pc/community/articles.html index 33e57d28ec96eb58271c948709e6d80bdb46b733..9c6b7dba21ff010f7d6d11893864fdb55b2cf546 100644 --- a/app/web/view/pc/community/articles.html +++ b/app/web/view/pc/community/articles.html @@ -10,7 +10,7 @@
-

{$article.title}

+

{:htmlspecialchars($article.title)}

{eq name="article.type" value="0"} 普通讨论 {/eq} {if condition="$article.type>0"} 问题讨论 diff --git a/app/web/view/pc/community/editor_post.html b/app/web/view/pc/community/editor_post.html index 329f86b28a33ed120315b526ba1b807e3005bbba..c8d4b649881ec9a979a6dac6cd630b13093dd9b8 100644 --- a/app/web/view/pc/community/editor_post.html +++ b/app/web/view/pc/community/editor_post.html @@ -19,7 +19,7 @@
- +
标题为必填项
diff --git a/app/web/view/pc/community/get_newest_topic.html b/app/web/view/pc/community/get_newest_topic.html index 644b2c07ddf216c376d7429c6d6c604653895e94..40b4eff18de9101bf7c28197b00117e3df7a3b6f 100644 --- a/app/web/view/pc/community/get_newest_topic.html +++ b/app/web/view/pc/community/get_newest_topic.html @@ -1,6 +1,6 @@ {foreach $list as $v}
  • - {$v.title} | + {:htmlspecialchars($v.title)} | {$v.support}
    • {/foreach} \ No newline at end of file