From 9307d94fc88ff316575ee2d252f06aeefdee4e01 Mon Sep 17 00:00:00 2001
From: ovclas <ovclas@gmail.com>
Date: Wed, 29 Feb 2012 08:35:45 +0000
Subject: [PATCH] issue 1353 xss defense modify

git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10271 201d5d3c-b55e-5fd7-737f-ddc643e51545
---
 modules/member/member.admin.view.php | 1 -
 modules/member/member.model.php      | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/member/member.admin.view.php b/modules/member/member.admin.view.php
index 1b65e3f96..cb9a74718 100644
--- a/modules/member/member.admin.view.php
+++ b/modules/member/member.admin.view.php
@@ -142,7 +142,6 @@
 
 			$security = new Security();
 			$security->encodeHTML('member_config..');
-			$security->encodeHTML('memberInfo.user_name', 'memberInfo.nick_name', 'memberInfo.find_account_answer', 'memberInfo.description','memberInfo.group_list..');			
 			$security->encodeHTML('extend_form_list...');
 			
             $this->setTemplateFile('member_info');
diff --git a/modules/member/member.model.php b/modules/member/member.model.php
index 6b98e94ac..3b4b6c17b 100644
--- a/modules/member/member.model.php
+++ b/modules/member/member.model.php
@@ -254,7 +254,7 @@
 
 				// XSS defence
 				$oSecurity = new Security($info);
-				$oSecurity->encodeHTML('user_name', 'nick_name', 'address.', 'group_list.');
+				$oSecurity->encodeHTML('user_name', 'nick_name', 'find_account_answer', 'description', 'address.', 'group_list..');
 
                 if($extra_vars)
 				{