From 8a1f205951bc11ff9617e97d797c8bd3afeac034 Mon Sep 17 00:00:00 2001
From: wanyulaowang <32100569+wanyulaowang@users.noreply.github.com>
Date: Sat, 9 Nov 2024 00:25:10 +0800
Subject: [PATCH 1/3] Update style.css
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

修改author页面css,以支持正常显示多行个人介绍说明
---
 style.css | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/style.css b/style.css
index 4b4565f6..d3c3aea7 100644
--- a/style.css
+++ b/style.css
@@ -1577,7 +1577,7 @@ h1.page-title {
   max-width: 70%;
   width: fit-content;
   position: relative;
-  height: 110px;
+  min-height: 110px;
   left: 50%;
   transform: translateX(-50%);
   margin: 10% 0;
@@ -1636,8 +1636,8 @@ h1.page-title {
   font-size: 14px;
   font-weight: var(--global-font-weight);
   text-align: center;
-  overflow: hidden;
-  max-height: 20px;
+  overflow: auto;
+  max-height: 400px;
   height: fit-content;
   margin: 0 10px;
 }

From 96666744dc72b2636b64815f17b7ea6722d57b09 Mon Sep 17 00:00:00 2001
From: wanyulaowang <32100569+wanyulaowang@users.noreply.github.com>
Date: Sat, 9 Nov 2024 12:35:02 +0800
Subject: [PATCH 2/3] Update section-article-function.php
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1.修复多行作者个人介绍无法正常换行显示问题
2.添加xss代码攻击过滤处理步骤
---
 tpl/section-article-function.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tpl/section-article-function.php b/tpl/section-article-function.php
index 30874829..eba62459 100644
--- a/tpl/section-article-function.php
+++ b/tpl/section-article-function.php
@@ -63,9 +63,12 @@
                 if (empty($author_description)) {
                     $author_description = __('This author has not provided a description.', 'sakurairo');
                 }
+                // 对描述内容进行转义，防止XSS攻击
+    			$safe_description = htmlspecialchars($author_description, ENT_QUOTES, 'UTF-8');
             ?>
                 <div class="desc">
-                    <i class="fa-solid fa-feather" aria-hidden="true"></i><?= $author_description; ?>
+                    <i class="fa-solid fa-feather" aria-hidden="true"></i>
+                    <?php echo nl2br($safe_description);?>
                 </div>
             <?php } ?>
         </section>

From d46910fd42a0aba6ad6c8265946e17b0c7f1d244 Mon Sep 17 00:00:00 2001
From: wanyulaowang <32100569+wanyulaowang@users.noreply.github.com>
Date: Sat, 9 Nov 2024 12:38:33 +0800
Subject: [PATCH 3/3] Update author.php
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

添加个人介绍文本转义步骤,防止xss攻击
---
 author.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/author.php b/author.php
index 7ef4a9d9..18e9df23 100644
--- a/author.php
+++ b/author.php
@@ -11,7 +11,7 @@
         <h3><?php the_author(); ?></h3>
         <div class="description">
             <?php 
-            $description = get_the_author_meta('description');
+            $description = htmlspecialchars(get_the_author_meta('description'), ENT_QUOTES, 'UTF-8');
             echo $description ? nl2br($description) : __("No personal profile set yet", "sakurairo"); 
             ?>
         </div>
@@ -63,4 +63,4 @@
 
 <?php
 get_footer();
-?>
\ No newline at end of file
+?>