xss defense

git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@9881 201d5d3c-b55e-5fd7-737f-ddc643e51545

modules/member/member.admin.view.php

@@ -142,7 +142,7 @@
 			
 			$security = new Security();
 			$security->encodeHTML('member_config..');
-			$security->encodeHTML('member_info.user_name','member_info.description','member_info.group_list..');			
+			$security->encodeHTML('memberInfo.user_name', 'memberInfo.nick_name', 'memberInfo.description','memberInfo.group_list..');			
 			$security->encodeHTML('extend_form_list...');
 			
             $this->setTemplateFile('member_info');

modules/member/tpl/member_info.html

@@ -21,19 +21,19 @@
 {@$title = $extend_form_list[$formInfo->member_join_form_srl]->column_title}
 {@$orgValue = $extend_form_list[$formInfo->member_join_form_srl]->value}
 			<!--@if($formInfo->type=='tel')-->
-				{@$value = htmlspecialchars($orgValue[0])}
+				{@$value = $orgValue[0]}
 					<!--@if($orgValue[1])-->-<!--@end-->
-				{@$value .= htmlspecialchars($orgValue[1])}
+				{@$value .= $orgValue[1]}
 					<!--@if($orgValue[2])-->-<!--@end-->
-				{@$value .= htmlspecialchars($orgValue[2])}
+				{@$value .= $orgValue[2]}
 			<!--@elseif($formInfo->type=='kr_zip')-->
-				{@$value = htmlspecialchars($orgValue[0])}<!--@if($orgValue[1]&&$orgValue[0])--><br /><!--@end-->{@$value .= htmlspecialchars($orgValue[1])}
+				{@$value = $orgValue[0]}<!--@if($orgValue[1]&&$orgValue[0])--><br /><!--@end-->{@$value .= $orgValue[1]}
 			<!--@elseif($formInfo->type=='checkbox' && is_array($orgValue))-->
-				{@$value = htmlspecialchars(implode(", ",$orgValue))}
+				{@$value = implode(", ",$orgValue)}
 			<!--@elseif($formInfo->type=='date')-->
 				{@$value = zdate($orgValue, "Y-m-d")}
 			<!--@else-->
-				{@$value = nl2br(htmlspecialchars($orgValue))}
+				{@$value = nl2br($orgValue)}
 			<!--@end-->
 		<!--@end-->