修复session变量xss问题

This commit is contained in:
Anyon 2020-12-02 14:15:11 +08:00
parent 4cc07b238a
commit 5e7c232500

View File

@ -54,8 +54,8 @@
<dd lay-unselect><a data-load="{:url('admin/login/out')}" data-confirm="确定要退出登录吗?"><i class="layui-icon layui-icon-release"></i> 退出登录</a></dd>
</dl>
<a class="layui-elip">
<img alt="headimg" src="{:session('user.headimg')?:'__ROOT__/static/theme/img/headimg.png'}">
<span>{:session('user.nickname')?:session('user.username')}</span>
<img alt="headimg" src="{:htmlentities(session('user.headimg')?:'__ROOT__/static/theme/img/headimg.png')}">
<span>{:htmlentities(session('user.nickname')?:session('user.username'))}</span>
</a>
</li>
{else}