mirror_php/typecho
1
0
Fork 0
mirror of https://github.com/typecho/typecho.git synced 2025-04-21 18:21:53 +02:00
Code Issues Projects Releases Wiki Activity

修正用户昵称修改时可能造成的xss

Browse Source
This commit is contained in:
祁宁 2014-03-11 19:40:07 +08:00
parent bde86574b8
commit 1a51276b3d
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
var/Widget/Users/Edit.php
View File

@ -167,6 +167,7 @@ class Widget_Users_Edit extends Widget_Abstract_Users implements Widget_Interfac
/** 给表单增加规则 */
if ('insert' == $action || 'update' == $action) {
$screenName->addRule(array($this, 'screenNameExists'), _t('昵称已经存在'));
$screenName->addRule('xssCheck', _t('请不要在昵称中使用特殊字符'));
$url->addRule('url', _t('个人主页地址格式错误'));
$mail->addRule('required', _t('必须填写电子邮箱'));
$mail->addRule(array($this, 'mailExists'), _t('电子邮箱地址已经存在'));