修正用户注册没有过滤用户名,导致的xss存储型漏洞

This commit is contained in:
祁宁 2014-03-10 21:31:07 +08:00
parent 5dc5cfb906
commit 98d2433620

View File

@ -37,6 +37,7 @@ class Widget_Login extends Widget_Abstract_Users implements Widget_Interface_Do
/** 初始化验证类 */
$validator = new Typecho_Validate();
$validator->addRule('name', 'required', _t('请输入用户名'));
$validator->addRule('name', 'xssCheck', _t('请不要使用特殊字符'));
$validator->addRule('password', 'required', _t('请输入密码'));
/** 截获验证异常 */