友情链接前台提交防止XSS注入

.gitignore

@@ -1 +1,11 @@
 .DS_Store
+src/data/tplcache/
+src/data/sessions*
+src/data/cache/
+src/data/common.inc.php
+src/data/config.cache.bak.php
+src/data/config.cache.inc.php
+src/install/install_lock.txt
+src/install/index.php.bak
+src/install/index.html
+src/install/module-install.php.bak

src/plus/flink.php

@@ -22,11 +22,11 @@ if($dopost=='save')
         ShowMsg('验证码不正确!','-1');
         exit();
     }
-    $msg = dede_htmlspecialchars($msg);
-    $email = dede_htmlspecialchars($email);
-    $webname = dede_htmlspecialchars($webname);
-    $url = dede_htmlspecialchars($url);
-    $logo = dede_htmlspecialchars($logo);
+    $msg = RemoveXSS(dede_htmlspecialchars($msg));
+    $email = RemoveXSS(dede_htmlspecialchars($email));
+    $webname = RemoveXSS(dede_htmlspecialchars($webname));
+    $url = RemoveXSS(dede_htmlspecialchars($url));
+    $logo = RemoveXSS(dede_htmlspecialchars($logo));
     $typeid = intval($typeid);
     $dtime = time();
     $query = "INSERT INTO `#@__flink`(sortrank,url,webname,logo,msg,email,typeid,dtime,ischeck)