在评论中增加了防止插入script的过滤,增加了用户姓名和EMAIL的调用
This commit is contained in:
Li Jianxuan
parent
6d192de3b9
commit
5aacc7edb2
|
|
@ -655,9 +655,19 @@ class DataController extends Zend_Controller_Action
|
||||||
echo "Email格式不正确";
|
echo "Email格式不正确";
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(preg_match("/script/i",$url))
|
||||||
|
{
|
||||||
|
$url = preg_replace("/script/i","script",$url);
|
||||||
|
}
|
||||||
|
|
||||||
if(strlen($content)<5) exit("评论长度不得少于3个汉字 :)");
|
if(strlen($content)<5) exit("评论长度不得少于3个汉字 :)");
|
||||||
|
|
||||||
|
if(preg_match("/script/i",$content))
|
||||||
|
{
|
||||||
|
$content = preg_replace("/script/i","script",$content);
|
||||||
|
}
|
||||||
|
|
||||||
$uuid = trim($this->_request->getParam('uuid'));
|
$uuid = trim($this->_request->getParam('uuid'));
|
||||||
|
|
||||||
if(!preg_match("/^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$/",$uuid))
|
if(!preg_match("/^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$/",$uuid))
|
||||||
|
|
@ -1145,8 +1155,8 @@ class DataController extends Zend_Controller_Action
|
||||||
$pdf = new ApplicantPDF();
|
$pdf = new ApplicantPDF();
|
||||||
$pdf->template=$this->view->config->offline->template;
|
$pdf->template=$this->view->config->offline->template;
|
||||||
$pdf->data = $formData;
|
$pdf->data = $formData;
|
||||||
$pdf->drawWestdc();
|
$pdf->drawWestdc();
|
||||||
$pdf->addRef($rows);
|
$pdf->addRef($rows);
|
||||||
$pdf->addSecurity($this->view->config->offline->security);
|
$pdf->addSecurity($this->view->config->offline->security);
|
||||||
header("Content-Disposition: inline; filename=westdc-data-apply.pdf");
|
header("Content-Disposition: inline; filename=westdc-data-apply.pdf");
|
||||||
header("Content-Type:application/pdf");
|
header("Content-Type:application/pdf");
|
||||||
|
|
@ -1161,7 +1171,7 @@ class DataController extends Zend_Controller_Action
|
||||||
$pdf->template=$this->view->config->offline->template;
|
$pdf->template=$this->view->config->offline->template;
|
||||||
$pdf->data = $formData;
|
$pdf->data = $formData;
|
||||||
$pdf->drawWestdc();
|
$pdf->drawWestdc();
|
||||||
$pdf->addRef($rows);
|
$pdf->addRef($rows);
|
||||||
$pdf->addSecurity($this->view->config->offline->security);
|
$pdf->addSecurity($this->view->config->offline->security);
|
||||||
$fn=$formData['realname'].date('YmdHis').".pdf";
|
$fn=$formData['realname'].date('YmdHis').".pdf";
|
||||||
$pdf->Output($this->view->config->offline->savepath."/".$fn, 'F');
|
$pdf->Output($this->view->config->offline->savepath."/".$fn, 'F');
|
||||||
|
|
|
||||||
|
|
@ -257,18 +257,31 @@ echo '</li>';
|
||||||
<div id="allcomments">
|
<div id="allcomments">
|
||||||
<div id="loading"><img src="/images/loading.gif" />评论加载中</div>
|
<div id="loading"><img src="/images/loading.gif" />评论加载中</div>
|
||||||
</div>
|
</div>
|
||||||
|
<?php
|
||||||
|
$auth = Zend_Auth::getInstance();
|
||||||
|
if($auth->hasIdentity())
|
||||||
|
{
|
||||||
|
$user = $auth->getIdentity();
|
||||||
|
$name = $user->realname;
|
||||||
|
$email = $user->email;
|
||||||
|
}else
|
||||||
|
{
|
||||||
|
$name = "";
|
||||||
|
$email = "";
|
||||||
|
}
|
||||||
|
?>
|
||||||
<form id="postcommentform">
|
<form id="postcommentform">
|
||||||
<p>
|
<p>
|
||||||
<label class="required" style="background:none;">姓名</label>
|
<label class="required" style="background:none;">姓名</label>
|
||||||
<input type="text" name="author" />
|
<input type="text" name="author" value="<?php echo $name;?>" />
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
<label class="required" style="background:none;">EMAIL</label>
|
<label class="required" style="background:none;">EMAIL</label>
|
||||||
<input type="text" name="email" />
|
<input type="text" name="email" value="<?php echo $email;?>" />
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
<label>WEBSITE</label>
|
<label>WEBSITE</label>
|
||||||
<input type="text" name="url" />
|
<input type="text" name="url" value="" /> <small>e.g. http://westdc.westgis.ac.cn/</small>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
<label class="required" style="background:none;">内容</label>
|
<label class="required" style="background:none;">内容</label>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue