Browse Source

XSS in username

for-closed-social
Unknwon 9 years ago
parent
commit
63fecac537
1 changed files with 10 additions and 0 deletions
  1. +10
    -0
      models/user.go

+ 10
- 0
models/user.go View File

@ -21,6 +21,7 @@ import (
"time" "time"
"github.com/Unknwon/com" "github.com/Unknwon/com"
"github.com/go-xorm/xorm"
"github.com/nfnt/resize" "github.com/nfnt/resize"
"github.com/gogits/gogs/modules/avatar" "github.com/gogits/gogs/modules/avatar"
@ -96,6 +97,15 @@ type User struct {
Members []*User `xorm:"-"` Members []*User `xorm:"-"`
} }
func (u *User) AfterSet(colName string, _ xorm.Cell) {
switch colName {
case "full_name":
u.FullName = base.Sanitizer.Sanitize(u.FullName)
case "created":
u.Created = regulateTimeZone(u.Created)
}
}
// EmailAdresses is the list of all email addresses of a user. Can contain the // EmailAdresses is the list of all email addresses of a user. Can contain the
// primary email address, but is not obligatory // primary email address, but is not obligatory
type EmailAddress struct { type EmailAddress struct {

Loading…
Cancel
Save