XSS in username

author: Unknwon <u@gogs.io> 2015-09-01 12:19:52 -0400
committer: Unknwon <u@gogs.io> 2015-09-01 12:19:52 -0400
commit: 63fecac537298109253bc00c256336e942f73481 (patch)
tree: 5cd1dcb604f8f129212caae7ecdb2d30c2222515
parent: 670ade9a6178c699c04c08595b1cc8fb4c3b0863 (diff)
download: gitea-63fecac537298109253bc00c256336e942f73481.tar.gz
gitea-63fecac537298109253bc00c256336e942f73481.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/models/user.go b/models/user.go
index e19fe73896..4b2fd0ce66 100644
--- a/models/user.go
+++ b/models/user.go
@@ -21,6 +21,7 @@ import (
 	"time"
 
 	"github.com/Unknwon/com"
+	"github.com/go-xorm/xorm"
 	"github.com/nfnt/resize"
 
 	"github.com/gogits/gogs/modules/avatar"
@@ -96,6 +97,15 @@ type User struct {
 	Members     []*User `xorm:"-"`
 }
 
+func (u *User) AfterSet(colName string, _ xorm.Cell) {
+	switch colName {
+	case "full_name":
+		u.FullName = base.Sanitizer.Sanitize(u.FullName)
+	case "created":
+		u.Created = regulateTimeZone(u.Created)
+	}
+}
+
 // EmailAdresses is the list of all email addresses of a user. Can contain the
 // primary email address, but is not obligatory
 type EmailAddress struct {
author	Unknwon <u@gogs.io>	2015-09-01 12:19:52 -0400
committer	Unknwon <u@gogs.io>	2015-09-01 12:19:52 -0400
commit	63fecac537298109253bc00c256336e942f73481 (patch)
tree	5cd1dcb604f8f129212caae7ecdb2d30c2222515
parent	670ade9a6178c699c04c08595b1cc8fb4c3b0863 (diff)
download	gitea-63fecac537298109253bc00c256336e942f73481.tar.gz gitea-63fecac537298109253bc00c256336e942f73481.zip