Discuz! 1_modcp_editpost.tpl.php xss bug

在文件1modcpeditpost.tpl.php里代码: ..... ? elseif$action == 'editmessage' ? textarea type="text" id="message?=$pid?" name="message?=$pid?" style="width: 80%; height: 200px; overflow: visible" ondblclick="doaneevent"?=$orig'message'?/textarea p style="margin: 5px; text-align: center;" button...