在评论中增加了防止插入script的过滤,增加了用户姓名和EMAIL的调用
This commit is contained in:
Li Jianxuan
parent
6d192de3b9
commit
5aacc7edb2
|
|
@ -655,9 +655,19 @@ class DataController extends Zend_Controller_Action
|
|||
echo "Email格式不正确";
|
||||
exit();
|
||||
}
|
||||
|
||||
if(preg_match("/script/i",$url))
|
||||
{
|
||||
$url = preg_replace("/script/i","script",$url);
|
||||
}
|
||||
|
||||
if(strlen($content)<5) exit("评论长度不得少于3个汉字 :)");
|
||||
|
||||
if(preg_match("/script/i",$content))
|
||||
{
|
||||
$content = preg_replace("/script/i","script",$content);
|
||||
}
|
||||
|
||||
$uuid = trim($this->_request->getParam('uuid'));
|
||||
|
||||
if(!preg_match("/^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$/",$uuid))
|
||||
|
|
@ -1145,8 +1155,8 @@ class DataController extends Zend_Controller_Action
|
|||
$pdf = new ApplicantPDF();
|
||||
$pdf->template=$this->view->config->offline->template;
|
||||
$pdf->data = $formData;
|
||||
$pdf->drawWestdc();
|
||||
$pdf->addRef($rows);
|
||||
$pdf->drawWestdc();
|
||||
$pdf->addRef($rows);
|
||||
$pdf->addSecurity($this->view->config->offline->security);
|
||||
header("Content-Disposition: inline; filename=westdc-data-apply.pdf");
|
||||
header("Content-Type:application/pdf");
|
||||
|
|
@ -1161,7 +1171,7 @@ class DataController extends Zend_Controller_Action
|
|||
$pdf->template=$this->view->config->offline->template;
|
||||
$pdf->data = $formData;
|
||||
$pdf->drawWestdc();
|
||||
$pdf->addRef($rows);
|
||||
$pdf->addRef($rows);
|
||||
$pdf->addSecurity($this->view->config->offline->security);
|
||||
$fn=$formData['realname'].date('YmdHis').".pdf";
|
||||
$pdf->Output($this->view->config->offline->savepath."/".$fn, 'F');
|
||||
|
|
|
|||
|
|
@ -257,18 +257,31 @@ echo '</li>';
|
|||
<div id="allcomments">
|
||||
<div id="loading"><img src="/images/loading.gif" />评论加载中</div>
|
||||
</div>
|
||||
<?php
|
||||
$auth = Zend_Auth::getInstance();
|
||||
if($auth->hasIdentity())
|
||||
{
|
||||
$user = $auth->getIdentity();
|
||||
$name = $user->realname;
|
||||
$email = $user->email;
|
||||
}else
|
||||
{
|
||||
$name = "";
|
||||
$email = "";
|
||||
}
|
||||
?>
|
||||
<form id="postcommentform">
|
||||
<p>
|
||||
<label class="required" style="background:none;">姓名</label>
|
||||
<input type="text" name="author" />
|
||||
<input type="text" name="author" value="<?php echo $name;?>" />
|
||||
</p>
|
||||
<p>
|
||||
<label class="required" style="background:none;">EMAIL</label>
|
||||
<input type="text" name="email" />
|
||||
<input type="text" name="email" value="<?php echo $email;?>" />
|
||||
</p>
|
||||
<p>
|
||||
<label>WEBSITE</label>
|
||||
<input type="text" name="url" />
|
||||
<input type="text" name="url" value="" /> <small>e.g. http://westdc.westgis.ac.cn/</small>
|
||||
</p>
|
||||
<p>
|
||||
<label class="required" style="background:none;">内容</label>
|
||||
|
|
|
|||
Loading…
Reference in New Issue