From cac61decce9eaaa3e9ff62aff1d0a5a9eb1b36e7 Mon Sep 17 00:00:00 2001
From: Karson <karsonzhang@163.com>
Date: Tue, 20 Jan 2026 11:23:02 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=97=A5=E6=9C=9F=E6=98=BE?=
 =?UTF-8?q?=E7=A4=BA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

加强表单元素生成转义
---
 extend/fast/Date.php | 6 +++---
 extend/fast/Form.php | 9 ++++++---
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/extend/fast/Date.php b/extend/fast/Date.php
index 7a7e1f89..f68696ab 100644
--- a/extend/fast/Date.php
+++ b/extend/fast/Date.php
@@ -124,7 +124,7 @@ class Date
      */
     public static function human($remote, $local = null)
     {
-        $time_diff = (is_null($local) ? time() : $local) - $remote;
+        $time_diff = (is_null($local) ? time() : $local) - (int)$remote;
         $tense = $time_diff < 0 ? 'after' : 'ago';
         $time_diff = abs($time_diff);
         $chunks = [
@@ -196,11 +196,11 @@ class Date
             case 'quarter':
                 $quarter = ceil(date('n', $baseTime) / 3) + $offset;
                 $month = $quarter * 3;
-                $offset_year = ceil($month/12) - 1;
+                $offset_year = ceil($month / 12) - 1;
                 $year = $year + $offset_year;
                 $month = $month - ($offset_year * 12);
                 $time = $position ?
-                    mktime(0, 0, 0, $month-2, 1, $year) :
+                    mktime(0, 0, 0, $month - 2, 1, $year) :
                     mktime(23, 59, 59, $month, self::days_in_month($month, $year), $year);
                 break;
             case 'year':
diff --git a/extend/fast/Form.php b/extend/fast/Form.php
index 3260c4df..8c601aed 100644
--- a/extend/fast/Form.php
+++ b/extend/fast/Form.php
@@ -205,6 +205,7 @@ class FormBuilder
             $value = $this->getValueAttribute($name, $value);
             $options['class'] = isset($options['class']) ? $options['class'] . (stripos($options['class'], 'form-control') !== false ? '' : ' form-control') : 'form-control';
         }
+        $value = $this->escape($value);
 
         $merge = compact('type', 'value', 'id');
         $options = array_merge($options, $merge);
@@ -586,9 +587,9 @@ EOD;
     public function datetimepicker($name, $value, $options = [])
     {
         $defaults = [
-            'data-date-format' => "YYYY-MM-DD HH:mm:ss",
+            'data-date-format'      => "YYYY-MM-DD HH:mm:ss",
             // 兼容旧的用法
-            'data-use-current' => "true",
+            'data-use-current'      => "true",
             'data-date-use-current' => "true",
         ];
         $value = is_numeric($value) ? date("Y-m-d H:i:s", $value) : $value;
@@ -680,6 +681,7 @@ EOD;
             return "<ins>{$value}</ins>";
         }, $title));
         $value = is_array($value) ? json_encode($value) : $value;
+        $value = $this->escape($value);
         $html = <<<EOD
 <dl class="fieldlist" data-name="{$name}" {$template} {$attributes}>
     <dd>
@@ -710,7 +712,8 @@ EOD;
             $level = $index + 1;
             $class = "cxselect-{$level}";
             $classes[] = $class;
-            $selectValue = isset($values[$value]) ? $values[$value] : (isset($values[$index]) ? $values[$index] : '');
+            $selectValue = $values[$value] ?? ($values[$index] ?? '');
+            $selectValue = $this->escape($selectValue);
 
             $cxselect[] = <<<EOD
 <select class="{$class} form-control" name="{$value}" data-value="{$selectValue}" data-url="{$url}?level={$level}&name={$value}" {$attributes}></select>