mirror_php/typecho
1
0
Fork 0
mirror of https://github.com/typecho/typecho.git synced 2025-03-18 08:59:40 +01:00
Code Issues Projects Releases Wiki Activity

修正用户注册没有过滤用户名,导致的xss存储型漏洞

Browse Source
This commit is contained in:
祁宁 2014-03-10 21:31:07 +08:00
parent 5dc5cfb906
commit 98d2433620
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
var/Widget/Login.php
View File

@ -37,6 +37,7 @@ class Widget_Login extends Widget_Abstract_Users implements Widget_Interface_Do
/** 初始化验证类 */
$validator = new Typecho_Validate();
$validator->addRule('name', 'required', _t('请输入用户名'));
$validator->addRule('name', 'xssCheck', _t('请不要使用特殊字符'));
$validator->addRule('password', 'required', _t('请输入密码'));
/** 截获验证异常 */