merge from 1.5.2

git-svn-id: http://xe-core.googlecode.com/svn/trunk@10446 201d5d3c-b55e-5fd7-737f-ddc643e51545
2026-01-25 14:19:58 +09:00 · 2012-03-20 08:03:02 +00:00 · 2012-03-20 08:03:02 +00:00 · c727926d9e
commit c727926d9e
parent 6c23751ef8
382 changed files with 6855 additions and 3603 deletions
--- a/modules/member/member.model.php
+++ b/modules/member/member.model.php
@ -250,6 +250,25 @@
                    }
                }

+				// XSS defence
+				$oSecurity = new Security($info);
+				$oSecurity->encodeHTML('user_name', 'nick_name', 'find_account_answer', 'description', 'address.', 'group_list..');
+
+                if($extra_vars)
+				{
+                    foreach($extra_vars as $key => $val)
+					{
+						$oSecurity->encodeHTML($key);
+                    }
+                }
+
+				// Check format.
+				$oValidator = new Validator();
+				if(!$oValidator->applyRule('url', $info->homepage))
+				{
+					$info->homepage = '';
+				}
+
                $GLOBALS['__member_info__'][$info->member_srl] = $info;
            }