ÈÈËÑ£ºQQ¹Ü¼Ò ½ðɽ¶¾°Ô ³´óʦ Office 2010 office 2007 ϵͳ֮¼ÒÒ»¼üÖØ×°
| File | Line(s) | Change | Rationale | |------|---------|--------|-----------| | post.tpl.php | 112‑118 | Move spoiler parsing htmlspecialchars() . Wrap only the final output in htmlspecialchars() . | Keeps >> quoting intact while still sanitising user‑generated HTML. | | imgproxy.php | 54‑60 | Strip fragment identifiers ( #… ) from the source URL before validation, and add a comment header X-Strip-Fragment: true . | Allows legitimate image URLs used by the community to pass through without breaking the GDPR header logic. | | api/mod/quick.php | 27‑34 | Cast incoming post_id to unsigned 64‑bit ( int64 ) before any arithmetic; return a clear error if the value exceeds 2^63‑1 . | Prevents integer overflow on 32‑bit PHP builds and aligns with the DB schema. | | db_schema.sql (migration) | – | Add a CHECK constraint on post_id ( post_id > 0 ) and update ORM mappings to PDO::PARAM_INT with PDO::PARAM_STR fallback for large numbers. | Future‑proofs the system against similar overflow bugs. |
