issue 1235 do not display email address in user information page

also, XSS defense in user information page git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10133 201d5d3c-b55e-5fd7-737f-ddc643e51545
2026-05-03 01:03:28 +09:00 · 2012-02-20 08:34:28 +00:00 · 2012-02-20 08:34:28 +00:00 · 023835f62e
commit 023835f62e
parent efe463161e
3 changed files with 19 additions and 4 deletions
--- a/modules/member/member.model.php
+++ b/modules/member/member.model.php
@ -250,6 +250,18 @@
                    }
                }

+				// XSS defence
+				$oSecurity = new Security($info);
+				$oSecurity->encodeHTML('user_name', 'nick_name', 'address.');
+
+                if($extra_vars)
+				{
+                    foreach($extra_vars as $key => $val)
+					{
+						$oSecurity->encodeHTML($key);
+                    }
+                }
+
                $GLOBALS['__member_info__'][$info->member_srl] = $info;
            }