fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-12 07:11:42 +09:00
Code Issues Projects Releases Packages Wiki Activity

issue XSS Defense for member view in admin page

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10105 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ovclas 2012-02-10 00:46:54 +00:00
parent beaf02a9a3
commit 8111cac363
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/member/member.admin.view.php
View file

@ -139,10 +139,10 @@
$disableColumns = array('password', 'find_account_question');
Context::set('disableColumns', $disableColumns);
$security = new Security();
$security->encodeHTML('member_config..');
$security->encodeHTML('memberInfo.user_name', 'memberInfo.nick_name', 'memberInfo.description','memberInfo.group_list..');
$security->encodeHTML('memberInfo.user_name', 'memberInfo.nick_name', 'memberInfo.find_account_answer', 'memberInfo.description','memberInfo.group_list..');
$security->encodeHTML('extend_form_list...');
$this->setTemplateFile('member_info');