fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-01 08:12:17 +09:00
Code Issues Projects Releases Packages Wiki Activity

XEVE-19-001, XEVE-19-003, XEVE-19-006

Browse source 
xpressengine/xe-core@18ec8078eb
This commit is contained in:
Kijin Sung 2019-05-04 17:36:41 +09:00
parent 880ae97e31
commit 70108f858d
9 changed files with 86 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/comment/comment.controller.php
View file

@ -440,7 +440,7 @@ class commentController extends comment
if($obj->homepage)
{
$obj->homepage = removeHackTag($obj->homepage);
$obj->homepage = escape($obj->homepage);
if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage))
{
$obj->homepage = 'http://'.$obj->homepage;
@ -803,7 +803,7 @@ class commentController extends comment
if($obj->homepage)
{
$obj->homepage = removeHackTag($obj->homepage);
$obj->homepage = escape($obj->homepage);
if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage))
{
$obj->homepage = 'http://'.$obj->homepage;

12
modules/comment/comment.item.php
View file

@ -287,12 +287,12 @@ class commentItem extends BaseObject
return;
}
if(strncasecmp('http://', $url, 7) !== 0)
if(!preg_match('@^[a-z]+://@i', $url))
{
$url = "http://" . $url;
$url = 'http://' . $url;
}
return htmlspecialchars($url, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
return escape($url, false);
}
function getMemberSrl()
@ -302,17 +302,17 @@ class commentItem extends BaseObject
function getUserID()
{
return htmlspecialchars($this->get('user_id'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
return escape($this->get('user_id'), false);
}
function getUserName()
{
return htmlspecialchars($this->get('user_name'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
return escape($this->get('user_name'), false);
}
function getNickName()
{
return htmlspecialchars($this->get('nick_name'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
return escape($this->get('nick_name'), false);
}
function getVote()