Skip to content

Commit 3962c24

Browse files
matyhtfmatyhtf
committed
修复XSS漏洞
1 parent 64fce17 commit 3962c24

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

src/Server.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -146,15 +146,15 @@ function cmd_getHistory($client_id, $msg)
146146
*/
147147
function cmd_login($client_id, $msg)
148148
{
149-
$info['name'] = Filter::escape($msg['name']);
149+
$info['name'] = Filter::escape(strip_tags($msg['name']));
150150
$info['avatar'] = Filter::escape($msg['avatar']);
151151

152152
//回复给登录用户
153153
$resMsg = array(
154154
'cmd' => 'login',
155155
'fd' => $client_id,
156-
'name' => $msg['name'],
157-
'avatar' => $msg['avatar'],
156+
'name' => $info['name'],
157+
'avatar' => $info['avatar'],
158158
);
159159

160160
//把会话存起来
@@ -172,7 +172,7 @@ function cmd_login($client_id, $msg)
172172
'cmd' => 'fromMsg',
173173
'from' => 0,
174174
'channal' => 0,
175-
'data' => $msg['name'] . "上线了",
175+
'data' => $info['name'] . "上线了",
176176
);
177177
$this->broadcastJson($client_id, $loginMsg);
178178
}

0 commit comments

Comments
 (0)