fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-22 03:42:18 +09:00
Code Issues Projects Releases Packages Wiki Activity

xss fix in member module

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@9875 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
flyskyko 2011-11-25 02:07:18 +00:00
parent 41153188d8
commit 235d781638
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/member/member.controller.php
View file

@ -1563,6 +1563,11 @@
if($admin_group->group_srl && in_array($admin_group->group_srl, $group_srl_list)) $_SESSION['is_admin'] = 'Y';
}
*/
// XSS defence
$oSecurity = new Security($this->memberInfo);
$oSecurity->encodeHTML('user_name', 'nick_name', 'address.');
// Information stored in the session login user
Context::set('is_logged', true);
Context::set('logged_info', $this->memberInfo);