diff --git a/post.php b/post.php index 6ae00d5..5918249 100644 --- a/post.php +++ b/post.php @@ -49,7 +49,8 @@ if ($user->islogin && isset($_POST['pid']) && isset($_POST['title']) && isset($_ $username_list = parse_user_tag($_POST['content']); foreach ($username_list as $key => $id) { if ($id == $user->username) continue; - cavern_notify_user($id, "{{$user->name}}@{$user->username} 在 [{$_POST['title']}] 中提到了你", "post.php?pid=$pid"); + $_title = htmlspecialchars($_POST['title']); + cavern_notify_user($id, "{{$user->name}}@{$user->username} 在 [$_title] 中提到了你", "post.php?pid=$pid"); } http_response_code(201); // 201 Created