首页 发现 帮助
注册 登录
Omnimaga
/
SMF2.1
镜像自地址 [email protected]:Omnimaga/SMF2.1.git
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Take care of htmlspecialchars in Index.template

Signed-off-by: Suki <[email protected]>
Suki 10 年之前
父节点
8b0e8ded43
当前提交
310f75a982
共有 3 个文件被更改,包括 4 次插入4 次删除
分列视图 显示文件统计
  1. 1 1
      Sources/Load.php
  2. 1 1
      Sources/Subs.php
  3. 2 2
      Themes/default/index.template.php

+ 1 - 1
Sources/Load.php
查看文件 

@@ -1649,7 +1649,7 @@ function loadTheme($id_theme = 0, $initialize = true)
 
 	$context['forum_name'] = $mbname;
 
 	$context['forum_name_html_safe'] = $smcFunc['htmlspecialchars']($context['forum_name']);
 
 	$context['header_logo_url_html_safe'] = empty($settings['header_logo_url']) ? '' : $smcFunc['htmlspecialchars']($settings['header_logo_url']);
 
-	$context['current_action'] = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
 
+	$context['current_action'] = isset($_REQUEST['action']) ? $smcFunc['htmlspecialchars']($_REQUEST['action']) : null;
 
 	$context['current_subaction'] = isset($_REQUEST['sa']) ? $_REQUEST['sa'] : null;
 
 	$context['can_register'] = empty($modSettings['registration_method']) || $modSettings['registration_method'] != 3;
 
 	if (isset($modSettings['load_average']))

+ 1 - 1
Sources/Subs.php
查看文件 

@@ -2856,7 +2856,7 @@ function setupThemeContext($forceload = false)
 
 
 	$context['in_maintenance'] = !empty($maintenance);
 
 	$context['current_time'] = timeformat(time(), false);
 
-	$context['current_action'] = isset($_GET['action']) ? $_GET['action'] : '';
 
+	$context['current_action'] = isset($_GET['action']) ? $smcFunc['htmlspecialchars']($_GET['action']) : '';
 
 	$context['show_quick_login'] = !empty($modSettings['enableVBStyleLogin']) && $user_info['is_guest'];
 
 
 	// Get some news...

+ 2 - 2
Themes/default/index.template.php
查看文件 

@@ -167,8 +167,8 @@ function template_html_above()
 
 
 	echo '
 
 </head>
 
-<body id="', $context['browser_body_id'], '" class="action_', !empty($context['current_action']) ? htmlspecialchars($context['current_action']) : (!empty($context['current_board']) ?
 
-		'messageindex' : (!empty($context['current_topic']) ? 'display' : 'home')), !empty($context['current_board']) ? ' board_' . htmlspecialchars($context['current_board']) : '', '">';
 
+<body id="', $context['browser_body_id'], '" class="action_', !empty($context['current_action']) ? $context['current_action'] : (!empty($context['current_board']) ?
 
+		'messageindex' : (!empty($context['current_topic']) ? 'display' : 'home')), !empty($context['current_board']) ? ' board_' . $context['current_board'] : '', '">';
 
 }
 
 
 function template_body_above()