blackteay/ThinkAdmin
1
0
Fork 0
mirror of https://gitee.com/zoujingli/ThinkAdmin.git synced 2025-05-21 22:39:16 +08:00
Code Issues Projects Releases Wiki Activity

修改微信关键词xss过滤,只允许a标签

Browse Source
This commit is contained in:
邹景立 2021-09-17 14:48:35 +08:00
parent 416b2af237
commit d7a9fc09a7
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/wechat/controller/Keys.php
View File

@ -169,6 +169,7 @@ class Keys extends Controller
if (WechatKeys::mk()->where($map)->count() > 0) { if (WechatKeys::mk()->where($map)->count() > 0) {
$this->error('该关键字已经存在!'); $this->error('该关键字已经存在!');
} }
$data['content'] = strip_tags($data['content'], '<a>');
} elseif ($this->request->isGet()) { } elseif ($this->request->isGet()) {
$public = dirname($this->request->basefile(true)); $public = dirname($this->request->basefile(true));
$this->defaultImage = "{$public}/static/theme/img/image.png"; $this->defaultImage = "{$public}/static/theme/img/image.png";

2
app/wechat/view/api/view/text.html
View File

@ -4,6 +4,6 @@
<div class="header"><span>{:date('H:i')}</span></div> <div class="header"><span>{:date('H:i')}</span></div>
<div class="container"> <div class="container">
<div class="logo">Ta</div> <div class="logo">Ta</div>
<div class="content arrow">{$content|default=''}</div> <div class="content arrow">{$content|raw|default=''}</div>
</div> </div>
{/block} {/block}