dev
| Revision | 7345c9343d3e1d648d3a385279cd3bc9a1c327b2 (tree) |
|---|---|
| Time | 2013-04-07 04:03:56 |
| Author | Kimura Youichi <kim.upsilon@bucy...> |
| Commiter | Kimura Youichi |
プロフィール更新時に <, > などの記号をエスケープしていない問題を修正 (thx @cn!)
エスケープされていない <, > などの記号はTwitterAPI側で除去されるため、セキュリティ上の問題はない
OpenTween/Connection/HttpTwitter.cs (diff)
OpenTween/Resources/ChangeLog.txt (diff) OpenTween/ShowUserInfo.cs (diff) OpenTween/UserInfo.cs (diff)| @@ -892,10 +892,10 @@ namespace OpenTween | ||
| 892 | 892 | { |
| 893 | 893 | Dictionary<string, string> param = new Dictionary<string, string>(); |
| 894 | 894 | |
| 895 | - param.Add("name", name); | |
| 895 | + param.Add("name", WebUtility.HtmlEncode(name)); | |
| 896 | 896 | param.Add("url", url); |
| 897 | - param.Add("location", location); | |
| 898 | - param.Add("description", description); | |
| 897 | + param.Add("location", WebUtility.HtmlEncode(location)); | |
| 898 | + param.Add("description", WebUtility.HtmlEncode(description)); | |
| 899 | 899 | param.Add("include_entities", "true"); |
| 900 | 900 | |
| 901 | 901 | return httpCon.GetContent(PostMethod, |
| @@ -9,6 +9,7 @@ | ||
| 9 | 9 | * FIX: アカウント追加時の初回認証に失敗する問題を修正 (thx @polka_roco_!) |
| 10 | 10 | * FIX: ツールバー上のAPIレートリミット表示が正しく動作しなくなった問題を修正 |
| 11 | 11 | * FIX: ツイタマなど一部のTwitterクライアントから投稿されたツイートの改行が正しく表示されない問題を修正 (thx @ohta8801, @kossetsu_inryo!) |
| 12 | + * FIX: プロフィール編集画面で入力した <, > などの記号が保持されない問題を修正 (thx @cn!) | |
| 12 | 13 | |
| 13 | 14 | ==== Ver 1.0.9-beta1(2013/02/08) |
| 14 | 15 | * ベータ版です |
| @@ -35,6 +35,7 @@ using System.Windows.Forms; | ||
| 35 | 35 | using System.Text.RegularExpressions; |
| 36 | 36 | using System.Web; |
| 37 | 37 | using System.IO; |
| 38 | +using System.Net; | |
| 38 | 39 | |
| 39 | 40 | namespace OpenTween |
| 40 | 41 | { |
| @@ -86,10 +87,10 @@ namespace OpenTween | ||
| 86 | 87 | try |
| 87 | 88 | { |
| 88 | 89 | _info.Id = user.Id; |
| 89 | - _info.Name = user.Name.Trim(); | |
| 90 | + _info.Name = WebUtility.HtmlDecode(user.Name).Trim(); | |
| 90 | 91 | _info.ScreenName = user.ScreenName; |
| 91 | - _info.Location = user.Location; | |
| 92 | - _info.Description = user.Description; | |
| 92 | + _info.Location = WebUtility.HtmlDecode(user.Location); | |
| 93 | + _info.Description = WebUtility.HtmlDecode(user.Description); | |
| 93 | 94 | _info.ImageUrl = new Uri(user.ProfileImageUrlHttps); |
| 94 | 95 | _info.Url = user.Url; |
| 95 | 96 | _info.Protect = user.Protected; |
| @@ -138,7 +139,7 @@ namespace OpenTween | ||
| 138 | 139 | private string MakeDescriptionBrowserText(string data) |
| 139 | 140 | { |
| 140 | 141 | descriptionTxt = MyOwner.createDetailHtml( |
| 141 | - MyOwner.TwitterInstance.CreateHtmlAnchor(data, atlist, null)); | |
| 142 | + MyOwner.TwitterInstance.CreateHtmlAnchor(WebUtility.HtmlEncode(data), atlist, null)); | |
| 142 | 143 | return descriptionTxt; |
| 143 | 144 | } |
| 144 | 145 |
| @@ -25,6 +25,7 @@ | ||
| 25 | 25 | // Boston, MA 02110-1301, USA. |
| 26 | 26 | |
| 27 | 27 | using System; |
| 28 | +using System.Net; | |
| 28 | 29 | |
| 29 | 30 | namespace OpenTween |
| 30 | 31 | { |
| @@ -37,10 +38,10 @@ namespace OpenTween | ||
| 37 | 38 | public UserInfo(TwitterDataModel.User user) |
| 38 | 39 | { |
| 39 | 40 | this.Id = user.Id; |
| 40 | - this.Name = user.Name.Trim(); | |
| 41 | + this.Name = WebUtility.HtmlDecode(user.Name).Trim(); | |
| 41 | 42 | this.ScreenName = user.ScreenName; |
| 42 | - this.Location = user.Location; | |
| 43 | - this.Description = user.Description; | |
| 43 | + this.Location = WebUtility.HtmlDecode(user.Location); | |
| 44 | + this.Description = WebUtility.HtmlDecode(user.Description); | |
| 44 | 45 | try |
| 45 | 46 | { |
| 46 | 47 | this.ImageUrl = new Uri(user.ProfileImageUrlHttps); |
Fork