fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-08 11:11:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

issue 1235 do not display email address in user information page

Browse source 
also, XSS defense in user information page


git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10133 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ovclas 2012-02-20 08:34:28 +00:00
parent efe463161e
commit 023835f62e
3 changed files with 19 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/member/member.controller.php
View file

@ -1564,10 +1564,6 @@
}
*/
// XSS defence
$oSecurity = new Security($this->memberInfo);
$oSecurity->encodeHTML('user_name', 'nick_name', 'address.');
// Information stored in the session login user
Context::set('is_logged', true);
Context::set('logged_info', $this->memberInfo);

12
modules/member/member.model.php
View file

@ -250,6 +250,18 @@
}
}
// XSS defence
$oSecurity = new Security($info);
$oSecurity->encodeHTML('user_name', 'nick_name', 'address.');
if($extra_vars)
{
foreach($extra_vars as $key => $val)
{
$oSecurity->encodeHTML($key);
}
}
$GLOBALS['__member_info__'][$info->member_srl] = $info;
}

7
modules/member/member.view.php
View file

@ -65,6 +65,13 @@
unset($member_info->email_id);
unset($member_info->email_host);
if($logged_info->is_admin != 'Y' && ($member_info->member_srl != $logged_info->member_srl))
{
$start = strpos($member_info->email_address, '@')+1;
$replaceStr = str_repeat('*', (strlen($member_info->email_address) - $start));
$member_info->email_address = substr_replace($member_info->email_address, $replaceStr, $start);
}
if(!$member_info->member_srl) return $this->dispMemberSignUpForm();
Context::set('memberInfo', get_object_vars($member_info));