修复排行页面XSS漏洞

2018-10-12 15:13:27 +08:00 · 2018-10-12 15:13:27 +08:00 · 2b5b748b63
parent 864c819506
commit 2b5b748b63
1 changed files with 1 additions and 1 deletions
--- a/upload/source/module/misc/misc_ranklist.php
+++ b/upload/source/module/misc/misc_ranklist.php
@ -170,7 +170,7 @@ function getranklist_members($offset = 0, $limit = 20) {
 	$topusers = C::t('home_show')->fetch_all_by_unitprice($offset, $limit, true);
 	foreach($topusers as $member) {
 		$member['avatar'] = avatar($member['uid'], 'small');
-		$member['note'] = dhtmlspecialchars($member['note']);
+		$member['note'] = dhtmlspecialchars(dhtmlspecialchars($member['note']));
 		$members[] = $member;
 	}
 	return $members;