过滤输入参数，防止XSS攻击

8 months ago · 5404f19431
1 changed files with 1 additions and 1 deletions
--- a/dzz/system/orgtree.php
+++ b/dzz/system/orgtree.php
@ -14,7 +14,7 @@ Hook::listen('check_login');
 include_once libfile('function/organization');
 $ismobile=helper_browser::ismobile();
 $uid =isset($_GET['uid'])?intval($_GET['uid']):$_G['uid'];
-$zero=$_GET['zero']?urldecode($_GET['zero']):lang('no_institution_users');
+$zero=$_GET['zero']?htmlspecialchars($_GET['zero']):lang('no_institution_users');

 $limit=1000;
 if($_GET['do']=='orgtree'){