From d9bf3b37157106ed1a4871c07a8c5bb4cef52182 Mon Sep 17 00:00:00 2001
From: Karson <karsonzhang@163.com>
Date: Mon, 1 Apr 2019 13:01:41 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E9=BB=98=E8=AE=A4=E8=BF=87?=
 =?UTF-8?q?=E6=BB=A4=E5=87=BD=E6=95=B0=E5=A4=84=E7=90=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/common/controller/Api.php      | 2 +-
 application/common/controller/Frontend.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/application/common/controller/Api.php b/application/common/controller/Api.php
index 51bf20e0..acd65ec1 100644
--- a/application/common/controller/Api.php
+++ b/application/common/controller/Api.php
@@ -93,7 +93,7 @@ class Api
     protected function _initialize()
     {
         //移除HTML标签
-        $this->request->filter('strip_tags');
+        $this->request->filter('trim,strip_tags,htmlspecialchars');
 
         $this->auth = Auth::instance();
 
diff --git a/application/common/controller/Frontend.php b/application/common/controller/Frontend.php
index 99250803..a661b3ef 100644
--- a/application/common/controller/Frontend.php
+++ b/application/common/controller/Frontend.php
@@ -42,7 +42,7 @@ class Frontend extends Controller
     public function _initialize()
     {
         //移除HTML标签
-        $this->request->filter('strip_tags');
+        $this->request->filter('trim,strip_tags,htmlspecialchars');
         $modulename = $this->request->module();
         $controllername = Loader::parseName($this->request->controller());
         $actionname = strtolower($this->request->action());