fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 11:44:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

회원가입시 중복체크 전에 htmlspecialchars 적용

Browse source
This commit is contained in:
Kijin Sung 2015-05-06 10:34:34 +09:00
parent 73f5359294
commit 702053a8c8
1 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/member/member.controller.php
View file

@ -1985,7 +1985,12 @@ class memberController extends member
list($args->email_id, $args->email_host) = explode('@', $args->email_address);
// Website, blog, checks the address
// Sanitize user ID, username, nickname, homepage, blog
$args->user_id = htmlspecialchars($args->user_id, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$args->user_name = htmlspecialchars($args->user_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$args->nick_name = htmlspecialchars($args->nick_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$args->homepage = htmlspecialchars($args->homepage, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$args->blog = htmlspecialchars($args->blog, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
if($args->homepage && !preg_match("/^[a-z]+:\/\//i",$args->homepage)) $args->homepage = 'http://'.$args->homepage;
if($args->blog && !preg_match("/^[a-z]+:\/\//i",$args->blog)) $args->blog = 'http://'.$args->blog;
@ -2042,9 +2047,6 @@ class memberController extends member
// Insert data into the DB
$args->list_order = -1 * $args->member_srl;
$args->nick_name = htmlspecialchars($args->nick_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$args->homepage = htmlspecialchars($args->homepage, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$args->blog = htmlspecialchars($args->blog, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
if(!$args->user_id) $args->user_id = 't'.$args->member_srl;
if(!$args->user_name) $args->user_name = $args->member_srl;