在评论中增加了防止插入script的过滤,增加了用户姓名和EMAIL的调用
This commit is contained in:
Li Jianxuan
parent
6d192de3b9
commit
5aacc7edb2
|
|
@ -656,8 +656,18 @@ class DataController extends Zend_Controller_Action
|
|||
exit();
|
||||
}
|
||||
|
||||
if(preg_match("/script/i",$url))
|
||||
{
|
||||
$url = preg_replace("/script/i","script",$url);
|
||||
}
|
||||
|
||||
if(strlen($content)<5) exit("评论长度不得少于3个汉字 :)");
|
||||
|
||||
if(preg_match("/script/i",$content))
|
||||
{
|
||||
$content = preg_replace("/script/i","script",$content);
|
||||
}
|
||||
|
||||
$uuid = trim($this->_request->getParam('uuid'));
|
||||
|
||||
if(!preg_match("/^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$/",$uuid))
|
||||
|
|
|
|||
|
|
@ -257,18 +257,31 @@ echo '</li>';
|
|||
<div id="allcomments">
|
||||
<div id="loading"><img src="/images/loading.gif" />评论加载中</div>
|
||||
</div>
|
||||
<?php
|
||||
$auth = Zend_Auth::getInstance();
|
||||
if($auth->hasIdentity())
|
||||
{
|
||||
$user = $auth->getIdentity();
|
||||
$name = $user->realname;
|
||||
$email = $user->email;
|
||||
}else
|
||||
{
|
||||
$name = "";
|
||||
$email = "";
|
||||
}
|
||||
?>
|
||||
<form id="postcommentform">
|
||||
<p>
|
||||
<label class="required" style="background:none;">姓名</label>
|
||||
<input type="text" name="author" />
|
||||
<input type="text" name="author" value="<?php echo $name;?>" />
|
||||
</p>
|
||||
<p>
|
||||
<label class="required" style="background:none;">EMAIL</label>
|
||||
<input type="text" name="email" />
|
||||
<input type="text" name="email" value="<?php echo $email;?>" />
|
||||
</p>
|
||||
<p>
|
||||
<label>WEBSITE</label>
|
||||
<input type="text" name="url" />
|
||||
<input type="text" name="url" value="" /> <small>e.g. http://westdc.westgis.ac.cn/</small>
|
||||
</p>
|
||||
<p>
|
||||
<label class="required" style="background:none;">内容</label>
|
||||
|
|
|
|||
Loading…
Reference in New Issue