3 years ago · b3d32e2bf3
--- a/application/common/view/tpl/dispatch_jump.tpl
+++ b/application/common/view/tpl/dispatch_jump.tpl
@@ -41,7 +41,7 @@
 
				     <p class="clearfix">
			
 
				         <a href="__PUBLIC__" class="btn btn-grey">{:__('Go back')}</a>
			
 
				         {if $url}
			
 
				-            <a href="{$url}" class="btn btn-primary">{:__('Jump now')}</a>
			
 
				+            <a href="{$url|htmlentities}" class="btn btn-primary">{:__('Jump now')}</a>
			
 
				         {/if}
			
 
				     </p>
			
 
				 </div>
			
@@ -52,7 +52,7 @@
 
				             var interval = setInterval(function () {
			
 
				                 var time = --wait.innerHTML;
			
 
				                 if (time <= 0) {
			
 
				-					location.href = "{$url}";
			
 
				+					location.href = "{$url|htmlentities}";
			
 
				                     clearInterval(interval);
			
 
				                 }
			
 
				             }, 1000);
			
--- a/application/index/view/user/login.html
+++ b/application/index/view/user/login.html
@@ -3,7 +3,7 @@
 
				         <div class="logon-tab clearfix"><a class="active">{:__('Sign in')}</a> <a href="{:url('user/register')}?url={$url|urlencode}">{:__('Sign up')}</a></div>
			
 
				         <div class="login-main">
			
 
				             <form name="form" id="login-form" class="form-vertical" method="POST" action="">
			
 
				-                <input type="hidden" name="url" value="{$url}"/>
			
 
				+                <input type="hidden" name="url" value="{$url|htmlentities}"/>
			
 
				                 {:token()}
			
 
				                 <div class="form-group">
			
 
				                     <label class="control-label" for="account">{:__('Account')}</label>
			
--- a/application/index/view/user/register.html
+++ b/application/index/view/user/register.html
@@ -1,10 +1,10 @@
 
				 <div id="content-container" class="container">
			
 
				     <div class="user-section login-section">
			
 
				         <div class="logon-tab clearfix"> <a href="{:url('user/login')}?url={$url|urlencode}">{:__('Sign in')}</a> <a class="active">{:__('Sign up')}</a> </div>
			
 
				-        <div class="login-main"> 
			
 
				+        <div class="login-main">
			
 
				             <form name="form1" id="register-form" class="form-vertical" method="POST" action="">
			
 
				                 <input type="hidden" name="invite_user_id" value="0" />
			
 
				-                <input type="hidden" name="url" value="{$url}" />
			
 
				+                <input type="hidden" name="url" value="{$url|htmlentities}" />
			
 
				                 {:token()}
			
 
				                 <div class="form-group">
			
 
				                     <label class="control-label required">{:__('Email')}<span class="text-success"></span></label>
			
@@ -53,4 +53,4 @@
 
				             </form>
			
 
				         </div>
			
 
				     </div>
			
 
				-</div>
			
 
				+</div>