From 35f5a80e0c2cc9025ed709c1a43181573815e7e5 Mon Sep 17 00:00:00 2001 From: WuRong <1667629529@qq.com> Date: Thu, 13 Jun 2019 18:55:48 +0800 Subject: [PATCH] =?UTF-8?q?1.=20=E4=BF=AE=E5=A4=8D=E4=BA=86=E5=B7=B2?= =?UTF-8?q?=E7=9F=A5=E7=9A=84XSS=E6=BC=8F=E6=B4=9E=EF=BC=9Ahtmlspecialchar?= =?UTF-8?q?s=202.=20=E4=BB=A3=E7=A0=81=E4=B8=8D=E8=A7=84=E8=8C=83=EF=BC=8C?= =?UTF-8?q?=E5=8F=98=E9=87=8F=E5=88=9D=E5=A7=8B=E5=8C=96=E4=B8=BA=EF=BC=9A?= =?UTF-8?q?array()?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/web/controller/Account.php | 25 +++++++++++-------- app/web/controller/Community.php | 2 +- app/web/controller/Problem.php | 2 +- app/web/view/pc/account/alterinfo.html | 2 +- app/web/view/pc/account/info.html | 2 +- app/web/view/pc/community/articles.html | 2 +- app/web/view/pc/community/editor_post.html | 2 +- .../view/pc/community/get_newest_topic.html | 2 +- 8 files changed, 22 insertions(+), 17 deletions(-) diff --git a/app/web/controller/Account.php b/app/web/controller/Account.php index 25da52f..8f7a786 100644 --- a/app/web/controller/Account.php +++ b/app/web/controller/Account.php @@ -54,11 +54,11 @@ class Account extends Base{ $this->assign('coin',$result[0]['ojcoin']); $this->assign('user_id',$result[0]['user_id']); $this->assign('email',$result[0]['email']); - $this->assign('nick',$result[0]['nick']); - $this->assign('school',$result[0]['school']); - $this->assign('qq',$result[0]['qq']); - $this->assign('blog',$result[0]['blog']); - $this->assign('brief',$result[0]['brief']); + $this->assign('nick',htmlspecialchars($result[0]['nick'])); + $this->assign('school', htmlspecialchars($result[0]['school'])); + $this->assign('qq',htmlspecialchars($result[0]['qq'])); + $this->assign('blog',htmlspecialchars($result[0]['blog'])); + $this->assign('brief',htmlspecialchars($result[0]['brief'])); return $this->fetch(); } public function alterinfo() { @@ -68,11 +68,16 @@ class Account extends Base{ $this->assign('src',$result[0]['head']); $this->assign('user_id',$result[0]['user_id']); $this->assign('email',$result[0]['email']); - $this->assign('nick',$result[0]['nick']); - $this->assign('school',$result[0]['school']); - $this->assign('qq',$result[0]['qq']); - $this->assign('blog',$result[0]['blog']); - $this->assign('brief',$result[0]['brief']); + $this->assign('nick',htmlspecialchars($result[0]['nick'])); + $this->assign('school', htmlspecialchars($result[0]['school'])); + $this->assign('qq',htmlspecialchars($result[0]['qq'])); + $this->assign('blog',htmlspecialchars($result[0]['blog'])); + $this->assign('brief',htmlspecialchars($result[0]['brief'])); + // $this->assign('nick',$result[0]['nick']); + // $this->assign('school',$result[0]['school']); + // $this->assign('qq',$result[0]['qq']); + // $this->assign('blog',$result[0]['blog']); + // $this->assign('brief',$result[0]['brief']); return $this->fetch(); } public function upload_picture() { diff --git a/app/web/controller/Community.php b/app/web/controller/Community.php index 8901995..6327226 100644 --- a/app/web/controller/Community.php +++ b/app/web/controller/Community.php @@ -125,7 +125,7 @@ class Community extends Base { if(empty($info)) return; $this->assign('from', $from); - $this->assign('title', $info['title']); + $this->assign('title', htmlspecialchars($info['title'])); $this->assign('tid',$tid); $data['content']=$this->fetch("send_support_message"); $data['time']=time(); diff --git a/app/web/controller/Problem.php b/app/web/controller/Problem.php index 9bc7495..3618520 100644 --- a/app/web/controller/Problem.php +++ b/app/web/controller/Problem.php @@ -154,7 +154,7 @@ class Problem extends Base{ } public function get_tag($pid) { $have_tag_id=db('problem_tag_match')->where(['problem_id'=>$pid])->field('tag_id')->select(); - $have_tag_name=$have_tag_id; + $have_tag_name=array(); foreach ($have_tag_id as $key => $value) { $tmp_tag_name=db('problem_tag')->where(['tag_id'=>$value['tag_id']])->field('tag_name')->select(); // dump($tmp_tag_name); diff --git a/app/web/view/pc/account/alterinfo.html b/app/web/view/pc/account/alterinfo.html index 91f1eab..e7bd283 100644 --- a/app/web/view/pc/account/alterinfo.html +++ b/app/web/view/pc/account/alterinfo.html @@ -35,7 +35,7 @@
- +
diff --git a/app/web/view/pc/account/info.html b/app/web/view/pc/account/info.html index b855738..4dd69d5 100644 --- a/app/web/view/pc/account/info.html +++ b/app/web/view/pc/account/info.html @@ -38,7 +38,7 @@
- +
diff --git a/app/web/view/pc/community/articles.html b/app/web/view/pc/community/articles.html index 33e57d2..9c6b7db 100644 --- a/app/web/view/pc/community/articles.html +++ b/app/web/view/pc/community/articles.html @@ -10,7 +10,7 @@
-

{$article.title}

+

{:htmlspecialchars($article.title)}

{eq name="article.type" value="0"} 普通讨论 {/eq} {if condition="$article.type>0"} 问题讨论 diff --git a/app/web/view/pc/community/editor_post.html b/app/web/view/pc/community/editor_post.html index 329f86b..c8d4b64 100644 --- a/app/web/view/pc/community/editor_post.html +++ b/app/web/view/pc/community/editor_post.html @@ -19,7 +19,7 @@
- +
标题为必填项
diff --git a/app/web/view/pc/community/get_newest_topic.html b/app/web/view/pc/community/get_newest_topic.html index 644b2c0..40b4eff 100644 --- a/app/web/view/pc/community/get_newest_topic.html +++ b/app/web/view/pc/community/get_newest_topic.html @@ -1,6 +1,6 @@ {foreach $list as $v}
  • - {$v.title} | + {:htmlspecialchars($v.title)} | {$v.support}
    • {/foreach} \ No newline at end of file -- Gitee