修复 完善XSS漏洞的修复

upload/source/function/function_core.php

@@ -210,7 +210,7 @@ function dhtmlspecialchars($string, $flags = null) {
 		if($flags === null) {
 			$string = str_replace(array('&', '"', '<', '>'), array('&amp;', '&quot;', '&lt;', '&gt;'), $string);
 			if(strpos($string, '&amp;#') !== false) {
-				$string = preg_replace('/&amp;((#(\d{3,5}|x[a-fA-F0-9]{4}));)/', '&\\1', $string);
+				$string = preg_replace('/&amp;((#(\d{3,5}));)/', '&\\1', $string);
 			}
 		} else {
 			if(PHP_VERSION < '5.4.0') {

upload/template/default/ranklist/ranklist.htm

@@ -31,13 +31,13 @@
 				<ul class="biduser cl">
 					<li class="bidtop">
 						<!--{if $memberlist}-->
-						<a href="home.php?mod=space&uid=$memberlist[0][uid]&do=profile" target="_blank" id="bid_$memberlist[0][uid]" class="hm" {if $memberlist[0][note]} onmouseover="showTip(this)" tip="$memberlist[0][username]: {echo htmlspecialchars($memberlist[0][note])}"{/if}><!--{avatar($memberlist[0][uid],middle)}--></a>
+						<a href="home.php?mod=space&uid=$memberlist[0][uid]&do=profile" target="_blank" id="bid_$memberlist[0][uid]" class="hm" {if $memberlist[0][note]} onmouseover="showTip(this)" tip="$memberlist[0][username]: $memberlist[0][note]"{/if}><!--{avatar($memberlist[0][uid],middle)}--></a>
 						<!--{/if}-->
 					</li>
 				<!--{eval unset($memberlist[0]);}-->
 				<!--{loop $memberlist $member}-->
 					<li>
-						<a href="home.php?mod=space&uid=$member[uid]&do=profile" target="_blank" id="bid_$member[uid]" {if $member[note]} onmouseover="showTip(this)" tip="$member[username]: {echo htmlspecialchars($member[note])}"{/if}>$member[avatar]</a>
+						<a href="home.php?mod=space&uid=$member[uid]&do=profile" target="_blank" id="bid_$member[uid]" {if $member[note]} onmouseover="showTip(this)" tip="$member[username]: $member[note]"{/if}>$member[avatar]</a>
 					</li>
 				<!--{/loop}-->
 				</ul>