From 625adb839515e33886c9bb3602687a25d2c829db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Thu, 13 Mar 2014 12:25:23 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E6=9F=90=E4=BA=9B=E5=AD=98?= =?UTF-8?q?=E5=82=A8=E5=9E=8Bxss=E3=80=82=E3=80=82=E3=80=82=E4=B8=AA?= =?UTF-8?q?=E4=BA=BA=E8=AE=A4=E4=B8=BA=E6=9C=89=E7=82=B9=E9=B8=A1=E8=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Widget/Options/General.php | 7 ++++--- var/Widget/Options/Reading.php | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/var/Widget/Options/General.php b/var/Widget/Options/General.php index 00709365..23085cd7 100644 --- a/var/Widget/Options/General.php +++ b/var/Widget/Options/General.php @@ -36,7 +36,8 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I /** 站点名称 */ $title = new Typecho_Widget_Helper_Form_Element_Text('title', NULL, $this->options->title, _t('站点名称'), _t('站点的名称将显示在网页的标题处.')); $title->input->setAttribute('class', 'w-100'); - $form->addInput($title->addRule('required', _t('请填写站点名称'))); + $form->addInput($title->addRule('required', _t('请填写站点名称')) + ->addRule('xssCheck', _t('请不要在站点名称中使用特殊字符'))); /** 站点地址 */ $siteUrl = new Typecho_Widget_Helper_Form_Element_Text('siteUrl', NULL, $this->options->originalSiteUrl, _t('站点地址'), _t('站点地址主要用于生成内容的永久链接.') @@ -49,11 +50,11 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I /** 站点描述 */ $description = new Typecho_Widget_Helper_Form_Element_Text('description', NULL, $this->options->description, _t('站点描述'), _t('站点描述将显示在网页代码的头部.')); - $form->addInput($description); + $form->addInput($description->addRule('xssCheck', _t('请不要在站点描述中使用特殊字符'))); /** 关键词 */ $keywords = new Typecho_Widget_Helper_Form_Element_Text('keywords', NULL, $this->options->keywords, _t('关键词'), _t('请以半角逗号 "," 分割多个关键字.')); - $form->addInput($keywords); + $form->addInput($keywords->addRule('xssCheck', _t('请不要在关键词中使用特殊字符'))); /** 注册 */ $allowRegister = new Typecho_Widget_Helper_Form_Element_Radio('allowRegister', array('0' => _t('不允许'), '1' => _t('允许')), $this->options->allowRegister, _t('是否允许注册'), diff --git a/var/Widget/Options/Reading.php b/var/Widget/Options/Reading.php index 20ef9b68..84262a82 100644 --- a/var/Widget/Options/Reading.php +++ b/var/Widget/Options/Reading.php @@ -39,7 +39,7 @@ class Widget_Options_Reading extends Widget_Options_Permalink . _t('在某些主题中这个格式可能不会生效, 因为主题作者可以自定义日期格式.') . '
' . _t('请参考 PHP 日期格式写法.')); $postDateFormat->input->setAttribute('class', 'w-40 mono'); - $form->addInput($postDateFormat); + $form->addInput($postDateFormat->addRule('xssCheck', _t('请不要在日期格式中使用特殊字符'))); //首页显示 $frontPageParts = explode(':', $this->options->frontPage);