修复session变量xss问题

2025-04-06 03:58:04 +08:00 · 2020-12-02 14:15:11 +08:00 · 2020-12-02 14:15:11 +08:00 · 5e7c232500
commit 5e7c232500
parent 4cc07b238a
1 changed files with 2 additions and 2 deletions
--- a/app/admin/view/index/index.html
+++ b/app/admin/view/index/index.html
@ -54,8 +54,8 @@
                    <dd lay-unselect><a data-load="{:url('admin/login/out')}" data-confirm="确定要退出登录吗？"><i class="layui-icon layui-icon-release"></i> 退出登录</a></dd>
                </dl>
                <a class="layui-elip">
-                    <img alt="headimg" src="{:session('user.headimg')?:'__ROOT__/static/theme/img/headimg.png'}">
-                    <span>{:session('user.nickname')?:session('user.username')}</span>
+                    <img alt="headimg" src="{:htmlentities(session('user.headimg')?:'__ROOT__/static/theme/img/headimg.png')}">
+                    <span>{:htmlentities(session('user.nickname')?:session('user.username'))}</span>
                </a>
            </li>
            {else}