From 9fa3f641a4a9dc3f85552aeaab9ea4373d65aa87 Mon Sep 17 00:00:00 2001 From: llgoer Date: Sun, 9 Jun 2019 20:35:34 +0800 Subject: [PATCH] =?UTF-8?q?=E5=8F=8B=E6=83=85=E9=93=BE=E6=8E=A5=E5=89=8D?= =?UTF-8?q?=E5=8F=B0=E6=8F=90=E4=BA=A4=E9=98=B2=E6=AD=A2XSS=E6=B3=A8?= =?UTF-8?q?=E5=85=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 10 ++++++++++ src/plus/flink.php | 10 +++++----- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index e43b0f98..364cbbb1 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,11 @@ .DS_Store +src/data/tplcache/ +src/data/sessions* +src/data/cache/ +src/data/common.inc.php +src/data/config.cache.bak.php +src/data/config.cache.inc.php +src/install/install_lock.txt +src/install/index.php.bak +src/install/index.html +src/install/module-install.php.bak diff --git a/src/plus/flink.php b/src/plus/flink.php index 0eb829c0..9ed2f293 100755 --- a/src/plus/flink.php +++ b/src/plus/flink.php @@ -22,11 +22,11 @@ if($dopost=='save') ShowMsg('验证码不正确!','-1'); exit(); } - $msg = dede_htmlspecialchars($msg); - $email = dede_htmlspecialchars($email); - $webname = dede_htmlspecialchars($webname); - $url = dede_htmlspecialchars($url); - $logo = dede_htmlspecialchars($logo); + $msg = RemoveXSS(dede_htmlspecialchars($msg)); + $email = RemoveXSS(dede_htmlspecialchars($email)); + $webname = RemoveXSS(dede_htmlspecialchars($webname)); + $url = RemoveXSS(dede_htmlspecialchars($url)); + $logo = RemoveXSS(dede_htmlspecialchars($logo)); $typeid = intval($typeid); $dtime = time(); $query = "INSERT INTO `#@__flink`(sortrank,url,webname,logo,msg,email,typeid,dtime,ischeck)