From 63fecac537298109253bc00c256336e942f73481 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Tue, 1 Sep 2015 12:19:52 -0400
Subject: XSS in username

---
 models/user.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'models')

diff --git a/models/user.go b/models/user.go
index e19fe738..4b2fd0ce 100644
--- a/models/user.go
+++ b/models/user.go
@@ -21,6 +21,7 @@ import (
 	"time"
 
 	"github.com/Unknwon/com"
+	"github.com/go-xorm/xorm"
 	"github.com/nfnt/resize"
 
 	"github.com/gogits/gogs/modules/avatar"
@@ -96,6 +97,15 @@ type User struct {
 	Members     []*User `xorm:"-"`
 }
 
+func (u *User) AfterSet(colName string, _ xorm.Cell) {
+	switch colName {
+	case "full_name":
+		u.FullName = base.Sanitizer.Sanitize(u.FullName)
+	case "created":
+		u.Created = regulateTimeZone(u.Created)
+	}
+}
+
 // EmailAdresses is the list of all email addresses of a user. Can contain the
 // primary email address, but is not obligatory
 type EmailAddress struct {
-- 
cgit v1.2.3