XSS in username

tokarchuk/v1.17
Unknwon 9 years ago
parent 670ade9a61
commit 63fecac537
  1. 10
      models/user.go

@ -21,6 +21,7 @@ import (
"time" "time"
"github.com/Unknwon/com" "github.com/Unknwon/com"
"github.com/go-xorm/xorm"
"github.com/nfnt/resize" "github.com/nfnt/resize"
"github.com/gogits/gogs/modules/avatar" "github.com/gogits/gogs/modules/avatar"
@ -96,6 +97,15 @@ type User struct {
Members []*User `xorm:"-"` Members []*User `xorm:"-"`
} }
func (u *User) AfterSet(colName string, _ xorm.Cell) {
switch colName {
case "full_name":
u.FullName = base.Sanitizer.Sanitize(u.FullName)
case "created":
u.Created = regulateTimeZone(u.Created)
}
}
// EmailAdresses is the list of all email addresses of a user. Can contain the // EmailAdresses is the list of all email addresses of a user. Can contain the
// primary email address, but is not obligatory // primary email address, but is not obligatory
type EmailAddress struct { type EmailAddress struct {

Loading…
Cancel
Save