修复 XSS漏洞

2017-10-20 14:57:33 +08:00 · 2017-10-20 14:57:33 +08:00 · f6b096a5b6
parent 64ac10b0bc
commit f6b096a5b6
1 changed files with 1 additions and 1 deletions
--- a/upload/template/default/ranklist/ranklist.htm
+++ b/upload/template/default/ranklist/ranklist.htm
@ -31,7 +31,7 @@
 				<ul class="biduser cl">
 					<li class="bidtop">
 						<!--{if $memberlist}-->
-						<a href="home.php?mod=space&uid=$memberlist[0][uid]&do=profile" target="_blank" id="bid_$memberlist[0][uid]" class="hm" {if $memberlist[0][note]} onmouseover="showTip(this)" tip="$memberlist[0][username]: $memberlist[0][note]"{/if}><!--{avatar($memberlist[0][uid],middle)}--></a>
+						<a href="home.php?mod=space&uid=$memberlist[0][uid]&do=profile" target="_blank" id="bid_$memberlist[0][uid]" class="hm" {if $memberlist[0][note]} onmouseover="showTip(this)" tip="$memberlist[0][username]: {echo htmlspecialchars($memberlist[0][note])}"{/if}><!--{avatar($memberlist[0][uid],middle)}--></a>
 						<!--{/if}-->
 					</li>
 				<!--{eval unset($memberlist[0]);}-->