From 435c2a4b0d556fc1e50656258392917a184d0690 Mon Sep 17 00:00:00 2001
From: tianya <tianya@imcollege.cn>
Date: Mon, 24 Aug 2020 11:56:36 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DQRCode=20XSS=E8=B7=A8?=
 =?UTF-8?q?=E7=AB=99=E8=84=9A=E6=9C=AC=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/plus/qrcode.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/plus/qrcode.php b/src/plus/qrcode.php
index 63e4ea4..1d42d70 100755
--- a/src/plus/qrcode.php
+++ b/src/plus/qrcode.php
@@ -5,7 +5,7 @@ require_once(dirname(__FILE__).'/../include/common.inc.php');
 require_once(DEDEINC.'/qrcode.class.php');
 
 $action = isset($action)? $action : '';
-$type = isset($type)? $type : '';
+$type = isset($type)? RemoveXSS(HtmlReplace($type,3)) : '';
 $id = (isset($id) && is_numeric($id)) ? $id : 0;
 if ( !in_array($type,array('list','arc','index')) ) $url = "http://2v.dedecms.com";