From 235d7816383bbfaec42b2f30d1b57e7f6d4b4d34 Mon Sep 17 00:00:00 2001
From: flyskyko <sinsy200@gmail.com>
Date: Fri, 25 Nov 2011 02:07:18 +0000
Subject: [PATCH] xss fix in member module

git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@9875 201d5d3c-b55e-5fd7-737f-ddc643e51545
---
 modules/member/member.controller.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php
index d583b228b..8ee4caa71 100644
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@@ -1563,6 +1563,11 @@
                 if($admin_group->group_srl && in_array($admin_group->group_srl, $group_srl_list)) $_SESSION['is_admin'] = 'Y';
             }
             */
+
+			// XSS defence
+			$oSecurity = new Security($this->memberInfo);
+			$oSecurity->encodeHTML('user_name', 'nick_name', 'address.');
+
             // Information stored in the session login user
             Context::set('is_logged', true);
             Context::set('logged_info', $this->memberInfo);