htmlentities -> htmlspecialchars
This commit is contained in:
@@ -41,9 +41,9 @@ if (isset($OJ_LANG)) {
|
||||
$sql = "update `users` set `password`=? where `user_id`=? and user_id not in( select user_id from privilege where rightstr='administrator')";
|
||||
|
||||
if (pdo_query($sql, $passwd, $user_id) == 1)
|
||||
echo "<center><h4 class='text-danger'>User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!</h4></center>";
|
||||
else
|
||||
echo "<center><h4 class='text-danger'>There is No such User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>There is No such User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!</h4></center>";
|
||||
}
|
||||
}
|
||||
?>
|
||||
@@ -53,10 +53,10 @@ if (isset($OJ_LANG)) {
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID ?></label>
|
||||
<?php if (isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control"
|
||||
value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required></div>
|
||||
value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required></div>
|
||||
<?php } else if (isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control"
|
||||
value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required>
|
||||
value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required>
|
||||
</div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control"
|
||||
|
||||
@@ -127,7 +127,7 @@ include_once("kindeditor.php");
|
||||
$password = $row['password'];
|
||||
$langmask = $row['langmask'];
|
||||
$description = $row['description'];
|
||||
$title = htmlentities($row['title'], ENT_QUOTES, "UTF-8");
|
||||
$title = htmlspecialchars($row['title'], ENT_QUOTES, "UTF-8");
|
||||
|
||||
$plist = "";
|
||||
$sql = "SELECT `problem_id` FROM `contest_problem` WHERE `contest_id`=? ORDER BY `num`";
|
||||
@@ -183,7 +183,7 @@ include_once("kindeditor.php");
|
||||
<p align=left>
|
||||
<?php echo "<h4>" . $MSG_CONTEST . "-" . $MSG_Description . "</h4>" ?>
|
||||
<textarea class=kindeditor rows=13 name=description cols=80>
|
||||
<?php echo htmlentities($description, ENT_QUOTES, 'UTF-8') ?>
|
||||
<?php echo htmlspecialchars($description, ENT_QUOTES, 'UTF-8') ?>
|
||||
</textarea>
|
||||
<br>
|
||||
<table width="100%">
|
||||
@@ -222,7 +222,7 @@ include_once("kindeditor.php");
|
||||
</select>
|
||||
<?php echo $MSG_CONTEST . "-" . $MSG_PASSWORD ?>:
|
||||
<input type=text name=password style="width:150px;"
|
||||
value='<?php echo htmlentities($password, ENT_QUOTES, 'utf-8') ?>'>
|
||||
value='<?php echo htmlspecialchars($password, ENT_QUOTES, 'utf-8') ?>'>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@@ -41,7 +41,7 @@
|
||||
if( typeof sync === "function") sync();
|
||||
}
|
||||
});
|
||||
// prettyPrint();
|
||||
prettyPrint();
|
||||
});
|
||||
}),100);
|
||||
</script>
|
||||
|
||||
@@ -36,7 +36,7 @@
|
||||
<li><a class='btn btn-success' href="problem_list.php" target="main" title="<?php echo $MSG_HELP_PROBLEM_LIST?>"><b><?php echo $MSG_PROBLEM.$MSG_LIST?></b></a>
|
||||
<?php }
|
||||
if (isset($_SESSION[$OJ_NAME.'_'.'administrator'])||isset($_SESSION[$OJ_NAME.'_'.'problem_editor'])){?>
|
||||
<li><a class='btn btn-success' href="problem_add_page.php" target="main" title="<?php echo html_entity_decode($MSG_HELP_ADD_PROBLEM)?>"><b><?php echo $MSG_ADD.$MSG_PROBLEM?></b></a>
|
||||
<li><a class='btn btn-success' href="problem_add_page.php" target="main" title="<?php echo htmlspecialchars_decode($MSG_HELP_ADD_PROBLEM)?>"><b><?php echo $MSG_ADD.$MSG_PROBLEM?></b></a>
|
||||
<?php }
|
||||
if (isset($_SESSION[$OJ_NAME.'_'.'administrator'])){?>
|
||||
<li><a class='btn btn-success' href="problem_import.php" target="main" title="<?php echo $MSG_HELP_IMPORT_PROBLEM?>"><b><?php echo $MSG_IMPORT.$MSG_PROBLEM?></b></a>
|
||||
|
||||
@@ -75,7 +75,7 @@
|
||||
<a class="dropdown-item btn-sm" href="problem_list.php" target="main" title="<?php echo $MSG_HELP_PROBLEM_LIST?>"><b><?php echo $MSG_PROBLEM."-".$MSG_LIST?></b></a>
|
||||
<?php }
|
||||
if (isset($_SESSION[$OJ_NAME.'_'.'administrator'])||isset($_SESSION[$OJ_NAME.'_'.'problem_editor'])) {?>
|
||||
<a class="dropdown-item btn-sm" href="problem_add_page.php" target="main" title="<?php echo html_entity_decode($MSG_HELP_ADD_PROBLEM)?>"><b><?php echo $MSG_PROBLEM."-".$MSG_ADD?></b></a>
|
||||
<a class="dropdown-item btn-sm" href="problem_add_page.php" target="main" title="<?php echo htmlspecialchars_decode($MSG_HELP_ADD_PROBLEM)?>"><b><?php echo $MSG_PROBLEM."-".$MSG_ADD?></b></a>
|
||||
<a class="dropdown-item btn-sm" href="problem_import.php" target="main" title="<?php echo $MSG_HELP_IMPORT_PROBLEM?>"><b><?php echo $MSG_PROBLEM."-".$MSG_IMPORT?></b></a>
|
||||
<a class="dropdown-item btn-sm" href="problem_export.php" target="main" title="<?php echo $MSG_HELP_EXPORT_PROBLEM?>"><b><?php echo $MSG_PROBLEM."-".$MSG_EXPORT?></b></a>
|
||||
<?php }?>
|
||||
|
||||
@@ -37,7 +37,7 @@ if(isset($_POST['pid'])){
|
||||
if($pieces[0]=="") unset($pieces[0]);
|
||||
$plist=implode(",",$pieces);
|
||||
|
||||
$content="[plist=".$plist."]".htmlentities($_POST['keyword'],ENT_QUOTES,"utf-8")."[/plist]";
|
||||
$content="[plist=".$plist."]".htmlspecialchars($_POST['keyword'],ENT_QUOTES,"utf-8")."[/plist]";
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ if(isset($_POST['news_id'])){
|
||||
|
||||
$row = $result[0];
|
||||
|
||||
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$content = $row['content'];
|
||||
$showInMenu = $row['menu'] == 1;
|
||||
}
|
||||
@@ -67,7 +67,7 @@ if(isset($_POST['news_id'])){
|
||||
</label>
|
||||
</p>
|
||||
<p align=left>
|
||||
<textarea class=kindeditor name=content rows=41 ><?php echo htmlentities($content,ENT_QUOTES,"UTF-8")?>
|
||||
<textarea class=kindeditor name=content rows=41 ><?php echo htmlspecialchars($content,ENT_QUOTES,"UTF-8")?>
|
||||
</textarea>
|
||||
</p>
|
||||
<?php require_once("../include/set_post_key.php");?>
|
||||
|
||||
@@ -2540,7 +2540,7 @@ function zip_extract(){
|
||||
function html_encode($str){
|
||||
global $charSet;
|
||||
$str = preg_replace(array('/&/', '/</', '/>/', '/"/'), array('&', '<', '>', '"'), $str); // Bypass PHP to allow any charset!!
|
||||
$str = htmlentities($str, ENT_QUOTES, $charSet, false);
|
||||
$str = htmlspecialchars($str, ENT_QUOTES, $charSet, false);
|
||||
return $str;
|
||||
}
|
||||
function rep($x,$y){
|
||||
|
||||
@@ -40,7 +40,7 @@ if (isset($_POST['do'])) {
|
||||
}else{
|
||||
email($OJ_ADMIN,"Privilege Add Warning!",$msg);
|
||||
}
|
||||
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -51,9 +51,9 @@ if (isset($_POST['do'])) {
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
@@ -112,9 +112,9 @@ if (isset($_POST['do'])) {
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
@@ -147,9 +147,9 @@ if (isset($_POST['do'])) {
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
|
||||
@@ -72,7 +72,7 @@ if(isset($_GET['keyword']) && $_GET['keyword']!=""){
|
||||
echo "<td>".$row['rightstr'];
|
||||
if($row['valuestr']!="true") echo ":".$row['valuestr'];
|
||||
echo "</td>";
|
||||
echo "<td><a href='privilege_delete.php?uid=".htmlentities($row['user_id'],ENT_QUOTES,"UTF-8")."&rightstr={$row['rightstr']}&getkey=".$_SESSION[$OJ_NAME.'_'.'getkey']."'>Delete</a></td>";
|
||||
echo "<td><a href='privilege_delete.php?uid=".htmlspecialchars($row['user_id'],ENT_QUOTES,"UTF-8")."&rightstr={$row['rightstr']}&getkey=".$_SESSION[$OJ_NAME.'_'.'getkey']."'>Delete</a></td>";
|
||||
echo "</tr>";
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -12,24 +12,28 @@ require_once ("../include/problem.php");
|
||||
|
||||
// contest_id
|
||||
$title = $_POST['title'];
|
||||
$title = str_replace(",", ",", $title);
|
||||
// $title = str_replace(",", ",", $title);
|
||||
$title = htmlspecialchars_decode($title, ENT_QUOTES, 'UTF-8');
|
||||
$time_limit = $_POST['time_limit'];
|
||||
$memory_limit = $_POST['memory_limit'];
|
||||
|
||||
$description = $_POST['description'];
|
||||
//$description = str_replace("<p>", "", $description);
|
||||
//$description = str_replace("</p>", "<br />", $description);
|
||||
$description = str_replace(",", ",", $description);
|
||||
// $description = str_replace(",", ",", $description);
|
||||
$description = htmlspecialchars_decode($description, ENT_QUOTES, 'UTF-8');
|
||||
|
||||
$input = $_POST['input'];
|
||||
//$input = str_replace("<p>", "", $input);
|
||||
//$input = str_replace("</p>", "<br />", $input);
|
||||
$input = str_replace(",", ",", $input);
|
||||
// $input = str_replace(",", ",", $input);
|
||||
$input = htmlspecialchars_decode($input, ENT_QUOTES, 'UTF-8');
|
||||
|
||||
$output = $_POST['output'];
|
||||
//$output = str_replace("<p>", "", $output);
|
||||
//$output = str_replace("</p>", "<br />", $output);
|
||||
$output = str_replace(",", ",", $output);
|
||||
// $output = str_replace(",", ",", $output);
|
||||
$output = htmlspecialchars_decode($output, ENT_QUOTES, 'UTF-8');
|
||||
|
||||
$sample_input = $_POST['sample_input'];
|
||||
$sample_output = $_POST['sample_output'];
|
||||
@@ -44,7 +48,8 @@ if ($test_output=="") $test_output="\n";
|
||||
$hint = $_POST['hint'];
|
||||
//$hint = str_replace("<p>", "", $hint);
|
||||
//$hint = str_replace("</p>", "<br />", $hint);
|
||||
$hint = str_replace(",", ",", $hint);
|
||||
// $hint = str_replace(",", ",", $hint);
|
||||
$hint = htmlspecialchars_decode($hint, ENT_QUOTES, 'UTF-8');
|
||||
|
||||
$source = $_POST['source'];
|
||||
|
||||
|
||||
@@ -59,11 +59,11 @@ $_SESSION[$OJ_NAME.'_'."p$pid"]=true;
|
||||
$loj_id=intval($_POST['loj_id']);
|
||||
//print_r($_POST);
|
||||
echo "<br>".$loj_id."<br>";
|
||||
echo htmlentities("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
|
||||
echo htmlspecialchars("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
|
||||
echo system("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
|
||||
echo system("/home/judge/src/install/ans2out $OJ_DATA/$pid/");
|
||||
echo "<br>";
|
||||
echo htmlentities("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
|
||||
echo htmlspecialchars("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
|
||||
echo system("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
|
||||
echo system("/usr/bin/loj.ac $OJ_DATA/$pid");
|
||||
echo "<br>";
|
||||
|
||||
@@ -90,7 +90,7 @@ if (!(isset($_SESSION[$OJ_NAME . '_' . 'administrator']) || isset($_SESSION[$OJ_
|
||||
<p align=left>
|
||||
<?php echo "<h4>" . $MSG_SOURCE . " 用空格分隔" . "</h4>" ?>
|
||||
<textarea name=source style="width:100%;"
|
||||
rows=1><?php echo htmlentities($source, ENT_QUOTES, 'UTF-8') ?></textarea><br><br>
|
||||
rows=1><?php echo htmlspecialchars($source, ENT_QUOTES, 'UTF-8') ?></textarea><br><br>
|
||||
</p>
|
||||
<p align=left><?php echo "<h4>" . $MSG_CONTEST . "</h4>" ?>
|
||||
<select name=contest_id>
|
||||
|
||||
@@ -94,7 +94,7 @@ Test Output:<textarea rows=1 name=test_output cols=80></textarea>
|
||||
Hint:
|
||||
<textarea rows=1 name=hint cols=80></textarea>
|
||||
<p>SpecialJudge: N<input type=radio name=spj value='0' checked>Y<input type=radio name=spj value='1'></p>
|
||||
<p align=left>Source:<textarea class='input input-xxlarge' name=source rows=1 cols=170><?php echo htmlentities($url,ENT_QUOTES,'UTF-8')?></textarea></p>
|
||||
<p align=left>Source:<textarea class='input input-xxlarge' name=source rows=1 cols=170><?php echo htmlspecialchars($url,ENT_QUOTES,'UTF-8')?></textarea></p>
|
||||
<p align=left>contest:
|
||||
<select name=contest_id>
|
||||
<?php $sql="SELECT `contest_id`,`title` FROM `contest` WHERE `start_time`>NOW() order by `contest_id`";
|
||||
|
||||
@@ -89,7 +89,7 @@ Test Output:<textarea rows=3 name=test_output cols=80></textarea></p>
|
||||
<p align=left>Hint:<br>
|
||||
<textarea rows=3 name=hint cols=30></textarea>
|
||||
SpecialJudge: N<input type=radio name=spj value='0' checked>Y<input type=radio name=spj value='1'></p>
|
||||
<p align=left>Source:<textarea name=source rows=1 cols=70 ><?php echo htmlentities($url)?></textarea></p>
|
||||
<p align=left>Source:<textarea name=source rows=1 cols=70 ><?php echo htmlspecialchars($url)?></textarea></p>
|
||||
<div align=center>
|
||||
<?php require_once("../include/set_post_key.php");?>
|
||||
<input type=hidden name=remote_oj value="hdu" >
|
||||
|
||||
@@ -60,7 +60,7 @@ include_once("kindeditor.php") ;
|
||||
$element=$html->find('pre[class=sio]',1);
|
||||
$sample_output=$element->innertext;
|
||||
$element=$html->find('div[class=ptx]',3);
|
||||
$hint=htmlentities($element->outertext);
|
||||
$hint=htmlspecialchars($element->outertext);
|
||||
?>
|
||||
<form method=POST action=problem_add.php>
|
||||
<input type=hidden name=problem_id value=New Problem>
|
||||
|
||||
@@ -89,7 +89,7 @@ $url=$_POST ['url'];
|
||||
<input type=submit value=Submit name=submit>
|
||||
<p align=center><font size=4 color=#333399>Add a Problem</font></p>
|
||||
<input type="hidden" name=problem_id value="New Problem">
|
||||
<input type="hidden" name="url" value="<?php echo htmlentities($url)?>">
|
||||
<input type="hidden" name="url" value="<?php echo htmlspecialchars($url)?>">
|
||||
<input type="hidden" name="loj_id" value="<?php echo $loj_id?>">
|
||||
<p align=left>Problem Id: New Problem</p>
|
||||
<p align=left>Title:<input type=text name=title size=71 value="<?php echo $title?>"></p>
|
||||
|
||||
@@ -49,7 +49,7 @@ include_once("kindeditor.php") ;
|
||||
<p align=left>
|
||||
<center>
|
||||
<h3>
|
||||
<?php echo $row['problem_id']?>: <input class="input input-xxlarge" style='width:90%' type=text name=title value='<?php echo htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>'>
|
||||
<?php echo $row['problem_id']?>: <input class="input input-xxlarge" style='width:90%' type=text name=title value='<?php echo htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>'>
|
||||
</h3>
|
||||
</center>
|
||||
</p>
|
||||
@@ -61,32 +61,32 @@ include_once("kindeditor.php") ;
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Description."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=description cols=80><?php echo htmlentities($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=description cols=80><?php echo htmlspecialchars($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Input."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=input cols=80><?php echo htmlentities($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=input cols=80><?php echo htmlspecialchars($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Output."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=output cols=80><?php echo htmlentities($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=output cols=80><?php echo htmlspecialchars($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Sample_Input."</h4>"?>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_input><?php echo htmlentities($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_input><?php echo htmlspecialchars($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
</p>
|
||||
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Sample_Output."</h4>"?>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_output><?php echo htmlentities($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_output><?php echo htmlspecialchars($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
</p>
|
||||
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_HINT."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=hint cols=80><?php echo htmlentities($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=hint cols=80><?php echo htmlspecialchars($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
@@ -99,11 +99,11 @@ include_once("kindeditor.php") ;
|
||||
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_SOURCE." 用空格分隔"."</h4>"?>
|
||||
<textarea name=source style="width:100%;" rows=1><?php echo htmlentities($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name=source style="width:100%;" rows=1><?php echo htmlspecialchars($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
|
||||
<?php echo "<h4>".$MSG_REMOTE_OJ."</h4>"?>
|
||||
<input name=remote_oj value='<?php echo htmlentities($row['remote_oj'],ENT_QUOTES,"UTF-8")?>' placeholder='<?php echo $MSG_HELP_LOCAL_EMPTY ?>' >
|
||||
<input name=remote_id value='<?php echo htmlentities($row['remote_id'],ENT_QUOTES,"UTF-8")?>' placeholder='<?php echo $MSG_HELP_LOCAL_EMPTY ?>' ><br>
|
||||
<input name=remote_oj value='<?php echo htmlspecialchars($row['remote_oj'],ENT_QUOTES,"UTF-8")?>' placeholder='<?php echo $MSG_HELP_LOCAL_EMPTY ?>' >
|
||||
<input name=remote_id value='<?php echo htmlspecialchars($row['remote_id'],ENT_QUOTES,"UTF-8")?>' placeholder='<?php echo $MSG_HELP_LOCAL_EMPTY ?>' ><br>
|
||||
</p>
|
||||
|
||||
<div align=center>
|
||||
@@ -237,19 +237,19 @@ include_once("kindeditor.php") ;
|
||||
// $description = str_replace("<p>", "", $description);
|
||||
// $description = str_replace("</p>", "<br />", $description);
|
||||
// $description = str_replace(",", ",", $description);
|
||||
$description = html_entity_decode($description,ENT_QUOTES,"UTF-8");
|
||||
$description = htmlspecialchars_decode($description,ENT_QUOTES,"UTF-8");
|
||||
|
||||
$input = $_POST['input'];
|
||||
// $input = str_replace("<p>", "", $input);
|
||||
// $input = str_replace("</p>", "<br />", $input);
|
||||
// $input = str_replace(",", ",", $input);
|
||||
$input = html_entity_decode($input,ENT_QUOTES,"UTF-8");
|
||||
$input = htmlspecialchars_decode($input,ENT_QUOTES,"UTF-8");
|
||||
|
||||
$output = $_POST['output'];
|
||||
// $output = str_replace("<p>", "", $output);
|
||||
// $output = str_replace("</p>", "<br />", $output);
|
||||
// $output = str_replace(",", ",", $output);
|
||||
$output = html_entity_decode($output,ENT_QUOTES,"UTF-8");
|
||||
$output = htmlspecialchars_decode($output,ENT_QUOTES,"UTF-8");
|
||||
|
||||
$sample_input = $_POST['sample_input'];
|
||||
$sample_output = $_POST['sample_output'];
|
||||
@@ -260,7 +260,7 @@ include_once("kindeditor.php") ;
|
||||
// $hint = str_replace("<p>", "", $hint);
|
||||
// $hint = str_replace("</p>", "<br />", $hint);
|
||||
// $hint = str_replace(",", ",", $hint);
|
||||
$hint = html_entity_decode($hint,ENT_QUOTES,"UTF-8");
|
||||
$hint = htmlspecialchars_decode($hint,ENT_QUOTES,"UTF-8");
|
||||
|
||||
$source = $_POST['source'];
|
||||
$remote_oj= $_POST['remote_oj'];
|
||||
|
||||
@@ -124,7 +124,7 @@ function getSolution($pid,$lang) {
|
||||
|
||||
function fixurl($img_url) {
|
||||
if(substr($img_url,0,4)=="data") return $img_url;
|
||||
$img_url = html_entity_decode($img_url,ENT_QUOTES,"UTF-8");
|
||||
$img_url = htmlspecialchars_decode($img_url,ENT_QUOTES,"UTF-8");
|
||||
|
||||
if (substr($img_url,0,4)!="http") {
|
||||
if (substr($img_url,0,1)=="/") {
|
||||
|
||||
@@ -154,7 +154,7 @@ else {
|
||||
$hydrop=yaml_parse($file_content);
|
||||
$title=$hydrop['title'];
|
||||
$source=implode(" ",$hydrop['tag']);
|
||||
echo "<hr>".htmlentities($file_name." $title $source");
|
||||
echo "<hr>".htmlspecialchars($file_name." $title $source");
|
||||
if(!in_array($title,$inserted)){
|
||||
$pid = addproblem($title,1,128, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA);
|
||||
mkdir($OJ_DATA."/$pid/");
|
||||
@@ -174,13 +174,13 @@ else {
|
||||
if($save_path){
|
||||
$description=str_replace("file://",$save_path."/",$description);
|
||||
|
||||
// echo htmlentities($description);
|
||||
// echo htmlspecialchars($description);
|
||||
}
|
||||
|
||||
$spj=0;
|
||||
if($title!="" && (!in_array($title,$inserted)) && !hasProblem($title)){
|
||||
$pid = addproblem($title,1,128, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA);
|
||||
echo htmlentities("$description");
|
||||
echo htmlspecialchars("$description");
|
||||
mkdir($OJ_DATA."/$pid/");
|
||||
array_push($inserted,$title);
|
||||
}else{
|
||||
@@ -189,7 +189,7 @@ else {
|
||||
echo "skiped $title";
|
||||
//$pid=0;
|
||||
}
|
||||
echo "PID:<a href='../problem.php?id=$pid' >".htmlentities($title,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "PID:<a href='../problem.php?id=$pid' >".htmlspecialchars($title,ENT_QUOTES,"UTF-8")."</a>";
|
||||
}else if(basename($file_name)=="config.yaml"){
|
||||
$hydrop=yaml_parse($file_content);
|
||||
if($hydrop['type']=="objective"){
|
||||
@@ -202,7 +202,7 @@ else {
|
||||
$out.= $hydrop['answers'][$ansi][0]."\n";
|
||||
$ansi++;
|
||||
}
|
||||
//echo htmlentities($out);
|
||||
//echo htmlspecialchars($out);
|
||||
if($pid>0){
|
||||
file_put_contents($OJ_DATA."/$pid/data.out",$out);
|
||||
file_put_contents($OJ_DATA."/$pid/data.in",($ansi-1)."\n");
|
||||
|
||||
@@ -141,7 +141,7 @@ else {
|
||||
$title=str_replace("#","",$hydrop[0]);
|
||||
$title=str_replace("\r","",$title);
|
||||
$source="";
|
||||
echo "<hr>".htmlentities($file_name." $title $source");
|
||||
echo "<hr>".htmlspecialchars($file_name." $title $source");
|
||||
$regex = '/<(?!div)/';
|
||||
// $file_content = preg_replace($regex, '<',$file_content);
|
||||
$regex = '/(?<!div)>\s?/';
|
||||
@@ -156,10 +156,10 @@ else {
|
||||
if($save_path){
|
||||
$description=str_replace("file://",$save_path."/",$description);
|
||||
|
||||
// echo htmlentities($description);
|
||||
// echo htmlspecialchars($description);
|
||||
}
|
||||
|
||||
//echo htmlentities("$description");
|
||||
//echo htmlspecialchars("$description");
|
||||
$tail=0;
|
||||
$ptitle = $title;
|
||||
while (hasProblem($ptitle)) {
|
||||
@@ -170,7 +170,7 @@ else {
|
||||
$pid = addproblem($title,1,128, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA);
|
||||
mkdir($OJ_DATA."/$pid/");
|
||||
|
||||
echo "PID:<a href='../problem.php?id=$pid' >".htmlentities($title,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "PID:<a href='../problem.php?id=$pid' >".htmlspecialchars($title,ENT_QUOTES,"UTF-8")."</a>";
|
||||
}
|
||||
}
|
||||
}else{
|
||||
|
||||
@@ -58,7 +58,7 @@ else {
|
||||
$time=getPartByMark($file_content,"时间限制:","ms");
|
||||
$time=intval($time)/1000;
|
||||
$memory=getPartByMark($file_content,"空间限制:","MiB");
|
||||
echo "<hr>".htmlentities(" $title $source");
|
||||
echo "<hr>".htmlspecialchars(" $title $source");
|
||||
$pid = addproblem($title,$time,$memory, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA);
|
||||
echo "PID:$pid";
|
||||
mkdir($OJ_DATA."/$pid");
|
||||
|
||||
@@ -58,7 +58,7 @@ if(isset($_GET['keyword']) && $_GET['keyword']!=""){
|
||||
|
||||
<center>
|
||||
<form action=problem_list.php class="form-search form-inline">
|
||||
<input type="text" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlentities($_GET['keyword'],ENT_QUOTES,"utf-8")?>" class="form-control search-query" placeholder="<?php echo $MSG_PROBLEM_ID.', '.$MSG_TITLE.', '.$MSG_Description.', '.$MSG_SOURCE?>">
|
||||
<input type="text" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlspecialchars($_GET['keyword'],ENT_QUOTES,"utf-8")?>" class="form-control search-query" placeholder="<?php echo $MSG_PROBLEM_ID.', '.$MSG_TITLE.', '.$MSG_Description.', '.$MSG_SOURCE?>">
|
||||
<button type="submit" class="form-control"><?php echo $MSG_SEARCH?></button>
|
||||
</form>
|
||||
</center>
|
||||
@@ -80,7 +80,7 @@ echo "</select>";
|
||||
<center>
|
||||
<table width=100% border=1 style="text-align:center;">
|
||||
<form id='pform' method=post action=contest_add.php >
|
||||
<input type="hidden" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlentities($_GET['keyword'],ENT_QUOTES,"utf-8")?>">
|
||||
<input type="hidden" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlspecialchars($_GET['keyword'],ENT_QUOTES,"utf-8")?>">
|
||||
<input type="hidden" name=hlist value="" >
|
||||
<tr>
|
||||
<td width=60px><?php echo $MSG_PROBLEM_ID?><input type=checkbox style='vertical-align:2px;' onchange='$("input[type=checkbox]").prop("checked", this.checked)'></td>
|
||||
@@ -123,7 +123,7 @@ echo "</select>";
|
||||
foreach($cate as $cat){
|
||||
$cat=trim($cat);
|
||||
if(mb_ereg("^http",$cat)){
|
||||
echo "<a class='label' style='display: inline-block;' href=\"".htmlentities($cat,ENT_QUOTES,'utf-8').'" target="_blank">Remote</a>' ;
|
||||
echo "<a class='label' style='display: inline-block;' href=\"".htmlspecialchars($cat,ENT_QUOTES,'utf-8').'" target="_blank">Remote</a>' ;
|
||||
}
|
||||
else array_push($category,trim($cat));
|
||||
}
|
||||
@@ -135,7 +135,7 @@ echo "</select>";
|
||||
$label_theme = $color_theme[$hash_num%count($color_theme)];
|
||||
|
||||
if ($label_theme=="") $label_theme = "default";
|
||||
$view .= "<a title='".htmlentities($cat,ENT_QUOTES,'UTF-8')."' class='label label-$label_theme' style='display: inline-block;' href='problem_list.php?keyword=".htmlentities(urlencode($cat),ENT_QUOTES,'UTF-8')."'>".mb_substr($cat,0,10,'utf8')."</a> ";
|
||||
$view .= "<a title='".htmlspecialchars($cat,ENT_QUOTES,'UTF-8')."' class='label label-$label_theme' style='display: inline-block;' href='problem_list.php?keyword=".htmlspecialchars(urlencode($cat),ENT_QUOTES,'UTF-8')."'>".mb_substr($cat,0,10,'utf8')."</a> ";
|
||||
}
|
||||
echo "<div class=\"show_tag_controled\" style=\"float: right; \">";
|
||||
echo $view;
|
||||
@@ -146,7 +146,7 @@ echo "</select>";
|
||||
echo "<td><a href=problem_df_change.php?id=".$row['problem_id']."&getkey=".$_SESSION[$OJ_NAME.'_'.'getkey'].">".($row['defunct']=="N"?"<span titlc='click to reserve it' class=green>$MSG_AVAILABLE</span>":"<span class=red title='click to be available'>$MSG_RESERVED</span>")."</a><td>";
|
||||
if(isset($_SESSION[$OJ_NAME.'_'.'administrator']) || isset($_SESSION[$OJ_NAME.'_'."p".$row['problem_id']]) ){
|
||||
?>
|
||||
<a href=# onclick='javascript:if(confirm("<?php echo $MSG_DELETE."[".htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>] ? "))
|
||||
<a href=# onclick='javascript:if(confirm("<?php echo $MSG_DELETE."[".htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>] ? "))
|
||||
location.href="problem_del.php?id=<?php echo $row['problem_id']?>&getkey=<?php echo $_SESSION[$OJ_NAME.'_'.'getkey']?>"'>
|
||||
<?php echo $MSG_DELETE ?>
|
||||
</a>
|
||||
|
||||
@@ -119,7 +119,7 @@
|
||||
|
||||
$view_rank[$i][0]= $rank;
|
||||
$view_rank[$i][1]= $row['user_id'];
|
||||
$view_rank[$i][2]= htmlentities ( $row['nick'] ,ENT_QUOTES,"UTF-8");
|
||||
$view_rank[$i][2]= htmlspecialchars ( $row['nick'] ,ENT_QUOTES,"UTF-8");
|
||||
$view_rank[$i][3]= $row['solved'];
|
||||
$view_rank[$i][4]= $row['submit'];
|
||||
|
||||
@@ -135,7 +135,7 @@
|
||||
//循环数据生成二维数组
|
||||
$exl_value=$view_rank;
|
||||
//foreach ($list as $k => $y){
|
||||
// $exl_value[] = array($rank,$row['user_id'], htmlentities ( $row['nick'] ,ENT_QUOTES,"UTF-8"),$row['solved'],$row['submit'],$row['submit'] );
|
||||
// $exl_value[] = array($rank,$row['user_id'], htmlspecialchars ( $row['nick'] ,ENT_QUOTES,"UTF-8"),$row['solved'],$row['submit'],$row['submit'] );
|
||||
// }
|
||||
$file_name = $MSG_Number.'_'.time().'.csv';
|
||||
$excel = new export_class();
|
||||
|
||||
@@ -39,7 +39,7 @@ if (!(isset($_SESSION[$OJ_NAME.'_'.'administrator']) || isset($_SESSION[$OJ_NAME
|
||||
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
|
||||
if(mb_strlen($nick,'utf-8')>20){
|
||||
|
||||
@@ -69,7 +69,7 @@ if(isset($_POST['idlist']) && isset($_POST['pwdlist']) && isset($_POST['nicklist
|
||||
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
if(mb_strlen($nick,'utf-8')>20){
|
||||
$new_len=mb_strlen($nick,'utf-8');
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
require_once "../include/email.class.php";
|
||||
require_once("../include/check_get_key.php");
|
||||
$user_id=$_GET['cid'];
|
||||
//echo htmlentities($user_id,ENT_QUOTE,'UTF-8');
|
||||
//echo htmlspecialchars($user_id,ENT_QUOTE,'UTF-8');
|
||||
if(!isset($_SESSION[$OJ_NAME.'_'.'administrator'])) exit();
|
||||
$sql="select `defunct`,email FROM `users` WHERE `user_id`=?";
|
||||
$result=pdo_query($sql,$user_id);
|
||||
|
||||
@@ -52,7 +52,7 @@ if (isset($OJ_LANG)) {
|
||||
|
||||
<center>
|
||||
<form action=user_list.php class="form-search form-inline">
|
||||
<input type="text" name="keyword" value="<?php echo htmlentities($gkeyword, ENT_QUOTES) ?>"
|
||||
<input type="text" name="keyword" value="<?php echo htmlspecialchars($gkeyword, ENT_QUOTES) ?>"
|
||||
class="form-control search-query" placeholder="<?php echo $MSG_USER_ID . ', ' . $MSG_NICK . ', ' . $MSG_SCHOOL ?>">
|
||||
<button type="submit" class="form-control"><?php echo $MSG_SEARCH ?></button>
|
||||
<a href="user_list.php?trash"><i class='icon large trash color grey'></i></a>
|
||||
@@ -79,7 +79,7 @@ if (isset($OJ_LANG)) {
|
||||
echo "<tr>";
|
||||
echo "<td><a href='../userinfo.php?user=" . $row['user_id'] . "'>" . $row['user_id'] . "</a></td>";
|
||||
echo "<td><span fd='nick' user_id='" . $row['user_id'] . "'>" . $row['nick'] . "</span></td>";
|
||||
echo "<td><a href='user_list.php?keyword=" . htmlentities(urlencode($row['ip'])) . "' >" . $row['ip'] . "</td>";
|
||||
echo "<td><a href='user_list.php?keyword=" . htmlspecialchars(urlencode($row['ip'])) . "' >" . $row['ip'] . "</td>";
|
||||
if ($OJ_SaaS_ENABLE && $domain == $DOMAIN) {
|
||||
echo "<td><a href='http://" . $row['user_id'] . ".$DOMAIN' target=_blank >" . $row['email'] . " </a></td>";
|
||||
} else {
|
||||
|
||||
@@ -27,7 +27,7 @@ if(isset($_POST['do'])){
|
||||
|
||||
$sql = "insert into loginlog (user_id,password,ip,time) value(?,?,?,now())";
|
||||
$result = pdo_query($sql,$user_id,"set ip by ".$_SESSION[$OJ_NAME."_user_id"],$ip);
|
||||
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed!</h4></center>";
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -35,9 +35,9 @@ if(isset($_POST['do'])){
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
@@ -46,7 +46,7 @@ if(isset($_POST['do'])){
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo "New IP"?></label>
|
||||
<?php if(isset($_POST['ip'])) { ?>
|
||||
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlentities($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
|
||||
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlspecialchars($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="ip" class="form-control" placeholder="<?php echo "?.?.?.?*"?>" type="text" autocomplete="off" required ></div>
|
||||
<?php } ?>
|
||||
|
||||
@@ -219,7 +219,7 @@ else{
|
||||
</p><p>
|
||||
<?php echo $MSG_CONTEST.$MSG_Description;?>
|
||||
<textarea class=kindeditor rows=13 name=description cols=80>
|
||||
<?php echo htmlentities($description,ENT_QUOTES,'UTF-8')?>
|
||||
<?php echo htmlspecialchars($description,ENT_QUOTES,'UTF-8')?>
|
||||
</textarea>
|
||||
|
||||
</p>
|
||||
@@ -254,7 +254,7 @@ else{
|
||||
<option value=1 <?php echo $private=='1'?'selected=selected':''?>><?php echo $MSG_Private;?></option>
|
||||
</select>
|
||||
<?php echo $MSG_CONTEST."-".$MSG_PASSWORD?>:
|
||||
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlentities($password,ENT_QUOTES,'utf-8')?>'>
|
||||
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlspecialchars($password,ENT_QUOTES,'utf-8')?>'>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@@ -161,7 +161,7 @@ if(isset($_POST['startdate'])){
|
||||
$password = $row['password'];
|
||||
$langmask = $row['langmask'];
|
||||
$description = $row['description'];
|
||||
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
|
||||
|
||||
$plist = "";
|
||||
$sql = "SELECT `problem_id` FROM `contest_problem` WHERE `contest_id`=? ORDER BY `num`";
|
||||
@@ -205,7 +205,7 @@ if(isset($_POST['startdate'])){
|
||||
</p><p>
|
||||
<?php echo $MSG_CONTEST.$MSG_Description;?>
|
||||
<textarea class=kindeditor rows=13 name=description cols=80>
|
||||
<?php echo htmlentities($description,ENT_QUOTES,'UTF-8')?>
|
||||
<?php echo htmlspecialchars($description,ENT_QUOTES,'UTF-8')?>
|
||||
</textarea>
|
||||
|
||||
</p>
|
||||
@@ -240,7 +240,7 @@ if(isset($_POST['startdate'])){
|
||||
<option value=1 <?php echo $private=='1'?'selected=selected':''?>><?php echo $MSG_Private;?></option>
|
||||
</select>
|
||||
<?php echo $MSG_CONTEST."-".$MSG_PASSWORD?>:
|
||||
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlentities($password,ENT_QUOTES,'utf-8')?>'>
|
||||
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlspecialchars($password,ENT_QUOTES,'utf-8')?>'>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@@ -66,7 +66,7 @@ if(isset($_POST['news_id'])){
|
||||
|
||||
$row = $result[0];
|
||||
|
||||
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$content = $row['content'];
|
||||
}
|
||||
?>
|
||||
@@ -109,7 +109,7 @@ if(isset($_POST['news_id'])){
|
||||
<?php require_once("../include/set_post_key.php");?>
|
||||
<label for=title>标题</label><input type="text" name="title" class="form-control" value="<?php echo $title;?>">
|
||||
<lable for=content>内容</lable>
|
||||
<textarea name='content' rows=15 class="kindeditor" ><?php echo htmlentities($content,ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='content' rows=15 class="kindeditor" ><?php echo htmlspecialchars($content,ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<input type=hidden name='news_id' value=<?php echo $news_id?>>
|
||||
<button type='submit' class="btn btn-info btn-addon i"><i class="fa fa-save"></i>保存</button>
|
||||
</form>
|
||||
|
||||
@@ -2423,7 +2423,7 @@ function zip_extract(){
|
||||
function html_encode($str){
|
||||
global $charSet;
|
||||
$str = preg_replace(array('/&/', '/</', '/>/', '/"/'), array('&', '<', '>', '"'), $str); // Bypass PHP to allow any charset!!
|
||||
$str = htmlentities($str, ENT_QUOTES, $charSet, false);
|
||||
$str = htmlspecialchars($str, ENT_QUOTES, $charSet, false);
|
||||
return $str;
|
||||
}
|
||||
function rep($x,$y){
|
||||
|
||||
@@ -81,7 +81,7 @@ if (isset($_POST['do'])) {
|
||||
|
||||
$sql = "insert into `privilege`(user_id,rightstr,valuestr,defunct) values(?,?,?,'N')";
|
||||
$rows = pdo_query($sql,$user_id,$rightstr,$valuestr);
|
||||
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
|
||||
}
|
||||
?>
|
||||
<form method=post>
|
||||
|
||||
@@ -74,24 +74,24 @@ include_once("kindeditor.php");
|
||||
?>
|
||||
<?php require_once("../include/set_post_key.php");?>
|
||||
<input type=hidden name=problem_id value='<?php echo $row['problem_id']?>'>
|
||||
<label for=title>标题</label><input type="text" name="title" class="form-control" value="<?php echo htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>">
|
||||
<label for=title>标题</label><input type="text" name="title" class="form-control" value="<?php echo htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>">
|
||||
<label for=limit>时空限制</label>
|
||||
<div><input type="number" name="time_limit" class="form-control" style="width:40%;display:inline" size=20 value="<?php echo $row['time_limit'];?>">秒
|
||||
<input type="number" name="memory_limit" class="form-control" style="width:40%;display:inline" size=20 value="<?php echo $row['memory_limit'];?>">MB</div>
|
||||
<lable for=description>题目描述</lable>
|
||||
<textarea name='description' rows=15 class="kindeditor" ><?php echo htmlentities($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='description' rows=15 class="kindeditor" ><?php echo htmlspecialchars($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<lable for=input>输入格式</lable>
|
||||
<textarea name='input' rows=15 class="kindeditor" ><?php echo htmlentities($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='input' rows=15 class="kindeditor" ><?php echo htmlspecialchars($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<lable for=output>输出格式</lable>
|
||||
<textarea name='output' rows=15 class="kindeditor" ><?php echo htmlentities($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='output' rows=15 class="kindeditor" ><?php echo htmlspecialchars($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<lable for=sample_input>样例输入</lable>
|
||||
<textarea name='sample_input' rows=15 class='form-control'><?php echo htmlentities($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='sample_input' rows=15 class='form-control'><?php echo htmlspecialchars($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<lable for=sample_output>样例输出</lable>
|
||||
<textarea name='sample_output' rows=15 class='form-control'><?php echo htmlentities($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='sample_output' rows=15 class='form-control'><?php echo htmlspecialchars($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<lable for=hint>提示</lable>
|
||||
<textarea name='hint' rows=15 class="kindeditor" ><?php echo htmlentities($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='hint' rows=15 class="kindeditor" ><?php echo htmlspecialchars($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<lable for=source>来源</lable>
|
||||
<textarea name='source' rows=1 class="form-control"><?php echo htmlentities($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='source' rows=1 class="form-control"><?php echo htmlspecialchars($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<label for=spj>Special Judge:</label>
|
||||
<?php echo "No "?><input type=radio name=spj value='0' <?php echo $row['spj']=="0"?"checked":""?>><?php echo "/ Yes "?><input type=radio name=spj value='1' <?php echo $row['spj']=="1"?"checked":""?>><br><br>
|
||||
<button type='submit' class="btn btn-info btn-addon i"><i class="fa fa-edit"></i>编辑</button>
|
||||
|
||||
@@ -106,7 +106,7 @@ function getSolution($pid,$lang){
|
||||
return $ret;
|
||||
}
|
||||
function fixurl($img_url){
|
||||
$img_url= html_entity_decode( $img_url,ENT_QUOTES,"UTF-8");
|
||||
$img_url= htmlspecialchars_decode( $img_url,ENT_QUOTES,"UTF-8");
|
||||
|
||||
if (substr($img_url,0,4)!="http"){
|
||||
if(substr($img_url,0,1)=="/"){
|
||||
|
||||
@@ -98,7 +98,7 @@ require_once("../include/set_get_key.php");
|
||||
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
$sql="INSERT INTO `users`("."`user_id`,`email`,`ip`,`accesstime`,`password`,`reg_time`,`nick`,`school`)".
|
||||
"VALUES(?,?,?,NOW(),?,NOW(),?,?)on DUPLICATE KEY UPDATE `email`=?,`ip`=?,`accesstime`=NOW(),`password`=?,`reg_time`=now(),nick=?,`school`=?, `qq`=?, `backimg`=?, `codeshare`=?, `mailok`=?";
|
||||
|
||||
@@ -124,7 +124,7 @@ include_once("kindeditor.php");
|
||||
密码:
|
||||
<input type="text" class="form-control" name="password" placeholder="谨慎操作!请勿随意修改"<?php if ($isadmin == 1) echo " readonly";?>>
|
||||
邮箱:
|
||||
<input type="email" class="form-control" name="email" value="<?php echo htmlentities($email,ENT_QUOTES,"UTF-8")?>"<?php if ($isadmin == 1) echo " readonly";?>>
|
||||
<input type="email" class="form-control" name="email" value="<?php echo htmlspecialchars($email,ENT_QUOTES,"UTF-8")?>"<?php if ($isadmin == 1) echo " readonly";?>>
|
||||
学校
|
||||
<input type="text" class="form-control" name="nick" value="<?php echo $school;?>"<?php if ($isadmin == 1) echo " readonly";?>>
|
||||
<button type="submit" class="btn btn-dark">提交</button>
|
||||
|
||||
@@ -39,7 +39,7 @@
|
||||
$hash_num=hexdec(substr(md5($cat),0,7));
|
||||
$label_theme=$color_theme[$hash_num%count($color_theme)];
|
||||
if($label_theme=="") $label_theme="default";
|
||||
$view_category.= "<a class='label label-$label_theme' style='display: inline-block; margin:5px ' href='problemset.php?search=".htmlentities(urlencode($cat),ENT_QUOTES,'utf-8')."'>".htmlentities($cat,ENT_QUOTES,'utf-8')."</a> ";
|
||||
$view_category.= "<a class='label label-$label_theme' style='display: inline-block; margin:5px ' href='problemset.php?search=".htmlspecialchars(urlencode($cat),ENT_QUOTES,'utf-8')."'>".htmlspecialchars($cat,ENT_QUOTES,'utf-8')."</a> ";
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -48,7 +48,7 @@ if ($ok==true){
|
||||
$result=pdo_query($sql,$id);
|
||||
$row=$result[0];
|
||||
if($row&&is_valid($row['error']))
|
||||
$view_reinfo= htmlentities(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8");
|
||||
$view_reinfo= htmlspecialchars(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8");
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -41,9 +41,9 @@ if (isset($OJ_LANG)) {
|
||||
$sql = "update `users` set `password`=? where `user_id`=? and user_id not in( select user_id from privilege where rightstr='administrator')";
|
||||
|
||||
if (pdo_query($sql, $passwd, $user_id) == 1)
|
||||
echo "<center><h4 class='text-danger'>User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!</h4></center>";
|
||||
else
|
||||
echo "<center><h4 class='text-danger'>There is No such User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>There is No such User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!</h4></center>";
|
||||
}
|
||||
}
|
||||
?>
|
||||
@@ -53,10 +53,10 @@ if (isset($OJ_LANG)) {
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID ?></label>
|
||||
<?php if (isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control"
|
||||
value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required></div>
|
||||
value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required></div>
|
||||
<?php } else if (isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control"
|
||||
value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required>
|
||||
value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required>
|
||||
</div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control"
|
||||
|
||||
@@ -79,11 +79,11 @@
|
||||
if( isset($_SERVER['HTTP_X_FORWARDED_FOR'] )&&!empty( trim( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
} else if(isset($_SERVER['HTTP_X_REAL_IP'])&& !empty( trim( $_SERVER['HTTP_X_REAL_IP'] ) ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_REAL_IP'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
$sql="INSERT INTO `loginlog`(user_id,password,ip,time) VALUES(?,?,?,NOW())";
|
||||
pdo_query($sql,$user_id,"c".$cid,$ip);
|
||||
|
||||
@@ -181,9 +181,9 @@ echo "<title>$MSG_BBS</title>";
|
||||
echo "</td>";
|
||||
|
||||
if($row['cid'])
|
||||
echo "<td align='left'><a href=\"thread.php?tid={$row['tid']}&cid={$row['cid']}\">".htmlentities($row['title'],ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
echo "<td align='left'><a href=\"thread.php?tid={$row['tid']}&cid={$row['cid']}\">".htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
else
|
||||
echo "<td align='left'><a href=\"thread.php?tid={$row['tid']}\">".htmlentities($row['title'],ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
echo "<td align='left'><a href=\"thread.php?tid={$row['tid']}\">".htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
|
||||
|
||||
$timestamp = strtotime($row['lastupdate']);
|
||||
|
||||
@@ -920,7 +920,7 @@ class PHPMailer
|
||||
break;
|
||||
case 'html':
|
||||
//Cleans up output a bit for a better looking, HTML-safe output
|
||||
echo htmlentities(
|
||||
echo htmlspecialchars(
|
||||
preg_replace('/[\r\n]+/', '', $str),
|
||||
ENT_QUOTES,
|
||||
'UTF-8'
|
||||
@@ -4512,7 +4512,7 @@ class PHPMailer
|
||||
return call_user_func($advanced, $html);
|
||||
}
|
||||
|
||||
return html_entity_decode(
|
||||
return htmlspecialchars_decode(
|
||||
trim(strip_tags(preg_replace('/<(head|title|style|script)[^>]*>.*?<\/\\1>/si', '', $html))),
|
||||
ENT_QUOTES,
|
||||
$this->CharSet
|
||||
|
||||
@@ -299,7 +299,7 @@ class SMTP
|
||||
break;
|
||||
case 'html':
|
||||
//Cleans up output a bit for a better looking, HTML-safe output
|
||||
echo gmdate('Y-m-d H:i:s'), ' ', htmlentities(
|
||||
echo gmdate('Y-m-d H:i:s'), ' ', htmlspecialchars(
|
||||
preg_replace('/[\r\n]+/', '', $str),
|
||||
ENT_QUOTES,
|
||||
'UTF-8'
|
||||
|
||||
@@ -307,8 +307,8 @@ class BBCode
|
||||
$url = $buffer;
|
||||
}
|
||||
if(!isset($colorIndex)) $colorIndex =0;
|
||||
$plist=html_entity_decode($url);
|
||||
$pnum= count(explode(",",html_entity_decode($url)));
|
||||
$plist=htmlspecialchars_decode($url);
|
||||
$pnum= count(explode(",",htmlspecialchars_decode($url)));
|
||||
//var_dump($colorIndex);
|
||||
// emit the tag 如果希望题单显示2列,修改下面的col-lg-12为col-lg-6
|
||||
$output = $output . '<div class="col-xs-12 col-lg-12"><div class="panel '.$plist_color[$colorIndex%count($plist_color)].'">'
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
$sid.=session_id().$ip;
|
||||
}
|
||||
|
||||
@@ -61,11 +61,11 @@ if(isset($_SESSION[$OJ_NAME.'_user_id'])&&isset($OJ_LIMIT_TO_1_IP)&& $OJ_LIMIT_T
|
||||
if( isset($_SERVER['HTTP_X_FORWARDED_FOR'] )&&!empty( trim( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
} else if(isset($_SERVER['HTTP_X_REAL_IP'])&& !empty( trim( $_SERVER['HTTP_X_REAL_IP'] ) ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_REAL_IP'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
$sql="select ip from loginlog where user_id=? order by time desc";
|
||||
$rows=pdo_query($sql,$_SESSION[$OJ_NAME.'_user_id'] );
|
||||
|
||||
@@ -16,11 +16,11 @@
|
||||
if( isset($_SERVER['HTTP_X_FORWARDED_FOR'] )&&!empty( trim( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
} else if(isset($_SERVER['HTTP_X_REAL_IP'])&& !empty( trim( $_SERVER['HTTP_X_REAL_IP'] ) ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_REAL_IP'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
if(isset($OJ_EXAM_CONTEST_ID)&&intval($OJ_EXAM_CONTEST_ID)>0){ //考试模式
|
||||
$ccid=$OJ_EXAM_CONTEST_ID;
|
||||
|
||||
@@ -56,7 +56,7 @@ function create_subdomain($user_id,$template="bs3",$friendly="0"){
|
||||
|
||||
$CONF_FILE=realpath(dirname(__FILE__)."/../")."/SaaS/$user_id.".$DOMAIN.".php";
|
||||
//if ($user_id=="zhblue") echo "<textarea>".$sql."</textarea>";
|
||||
// echo "<pre>".htmlentities($CONF_STR);
|
||||
// echo "<pre>".htmlspecialchars($CONF_STR);
|
||||
// echo "</pre>".$CONF_FILE;
|
||||
mkdir($FARMBASE."/$user_id/run0",0755,true);
|
||||
mkdir($FARMBASE."/$user_id/data",0700,true);
|
||||
@@ -75,7 +75,7 @@ function create_subdomain($user_id,$template="bs3",$friendly="0"){
|
||||
|
||||
|
||||
$CONF_FILE=$FARMBASE."/".$user_id."/etc/judge.conf";
|
||||
// echo "<pre>".htmlentities($CONF_STR);
|
||||
// echo "<pre>".htmlspecialchars($CONF_STR);
|
||||
// echo "</pre>".$CONF_FILE;
|
||||
file_put_contents($CONF_FILE,$CONF_STR);
|
||||
|
||||
@@ -87,7 +87,7 @@ grant {
|
||||
';
|
||||
|
||||
$CONF_FILE=$FARMBASE."/".$user_id."/etc/java0.policy";
|
||||
// echo "<pre>".htmlentities($CONF_STR);
|
||||
// echo "<pre>".htmlspecialchars($CONF_STR);
|
||||
// echo "</pre>".$CONF_FILE;
|
||||
file_put_contents($CONF_FILE,$CONF_STR);
|
||||
$DB_NAME="jol_".$user_id;
|
||||
|
||||
@@ -82,18 +82,18 @@ class online{
|
||||
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
|
||||
$this->ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$this->ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
|
||||
}
|
||||
|
||||
if(isset($_SESSION[$OJ_NAME.'_'.'user_id']))
|
||||
$this->ua = htmlentities($_SESSION[$OJ_NAME.'_'.'user_id'],ENT_QUOTES,"UTF-8");
|
||||
$this->ua = htmlspecialchars($_SESSION[$OJ_NAME.'_'.'user_id'],ENT_QUOTES,"UTF-8");
|
||||
else
|
||||
$this->ua ="guest";
|
||||
$this->ua .= "@".htmlentities($_SERVER['HTTP_USER_AGENT'],ENT_QUOTES,"UTF-8");
|
||||
$this->ua .= "@".htmlspecialchars($_SERVER['HTTP_USER_AGENT'],ENT_QUOTES,"UTF-8");
|
||||
$this->uri = ($_SERVER['PHP_SELF']);
|
||||
if(isset($_SERVER['HTTP_REFERER'])){
|
||||
$this->refer = (htmlentities($_SERVER['HTTP_REFERER'],ENT_QUOTES,"UTF-8"));
|
||||
$this->refer = (htmlspecialchars($_SERVER['HTTP_REFERER'],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
$this->hash = md5(session_id().$this->ip);
|
||||
|
||||
|
||||
@@ -43,13 +43,13 @@ function pdo_query($sql){
|
||||
}catch(PDOException $e){
|
||||
// echo "<span class=red>".$e->getMessage()."</span>"; // open this line to debug SQL fail problems
|
||||
// $view_errors="SQL:".$sql."\n".$e->getMessage();
|
||||
// echo htmlentities($view_errors."\n\n");
|
||||
// echo htmlspecialchars($view_errors."\n\n");
|
||||
GLOBAL $MSG_UPDATE_DATABASE,$MSG_HELP_UPDATE_DATABASE;
|
||||
GLOBAL $POP_UPED,$OJ_NAME,$_SESSION;
|
||||
if(!$POP_UPED&&isset($_SESSION[$OJ_NAME.'_administrator'])){
|
||||
echo " $MSG_HELP_UPDATE_DATABASE <a href='/admin/update_db.php'>$MSG_UPDATE_DATABASE</a>。";
|
||||
$view_errors="SQL:".$sql."\n".$e->getMessage();
|
||||
echo htmlentities($view_errors."\n\n");
|
||||
echo htmlspecialchars($view_errors."\n\n");
|
||||
$POP_UPED=true;
|
||||
}
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ function addproblem($title, $time_limit, $memory_limit, $description, $input, $o
|
||||
//echo $sql;
|
||||
$pid = pdo_query($sql, $title, $time_limit, $memory_limit, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj);
|
||||
|
||||
echo "New Problem:<a target=_blank href='../problem.php?id=$pid'>$pid ".htmlentities($title,ENT_QUOTES)."</a> added!<br>";
|
||||
echo "New Problem:<a target=_blank href='../problem.php?id=$pid'>$pid ".htmlspecialchars($title,ENT_QUOTES)."</a> added!<br>";
|
||||
|
||||
if (isset($_POST['contest_id']) && intval($_POST['contest_id'])>0) {
|
||||
$cid = intval($_POST['contest_id']);
|
||||
|
||||
@@ -58,7 +58,7 @@ function do_submit_one($remote_site,$username,$password,$sid){
|
||||
}else{
|
||||
$sid=explode("\n",$data);
|
||||
$sid=intval($sid[1]);
|
||||
echo htmlentities($data)."--".$sid;
|
||||
echo htmlspecialchars($data)."--".$sid;
|
||||
}
|
||||
return $sid;
|
||||
}
|
||||
@@ -108,7 +108,7 @@ function do_result_one($remote_site,$username,$password,$sid,$rid){
|
||||
echo "previous submission failed , pending another submiting ";
|
||||
return -1;
|
||||
}
|
||||
echo "<br>==".htmlentities($html)."==";
|
||||
echo "<br>==".htmlspecialchars($html)."==";
|
||||
if($data[2]=="Waiting"||$data[2]=="Judging"){
|
||||
$sql="update solution set result=17,judgetime=now() where solution_id=?";
|
||||
pdo_query($sql,$sid);
|
||||
|
||||
@@ -23,7 +23,7 @@ function do_login($remote_site,$username,$password){
|
||||
);
|
||||
//echo "try login...";
|
||||
$data=curl_post_urlencoded($remote_site.'/userloginex.php?action=login&cid=0¬ice=0',$form);
|
||||
//echo htmlentities($remote_site.'/login');
|
||||
//echo htmlspecialchars($remote_site.'/login');
|
||||
if(str_contains($data,"No such user or wrong password.")) return false;
|
||||
else return true;
|
||||
}
|
||||
@@ -222,7 +222,7 @@ if(isset($_POST[$OJ_NAME.'_refer'])){
|
||||
do_submit($remote_site,$remote_user);
|
||||
}
|
||||
|
||||
//echo (htmlentities(curl_get($remote_site."/login0.php")));
|
||||
//echo (htmlspecialchars(curl_get($remote_site."/login0.php")));
|
||||
if (!is_login($remote_site)){
|
||||
var_dump(do_login($remote_site,$remote_user,$remote_pass));
|
||||
}else{
|
||||
|
||||
@@ -20,7 +20,7 @@ function do_login($remote_site,$username,$password){
|
||||
// );
|
||||
//echo "try login...";
|
||||
// $data=curl_post_urlencoded($remote_site.'/userloginex.php?action=login&cid=0¬ice=0',$form);
|
||||
//echo htmlentities($remote_site.'/login');
|
||||
//echo htmlspecialchars($remote_site.'/login');
|
||||
// if(str_contains($data,"No such user or wrong password.")) return false;
|
||||
return true;
|
||||
}
|
||||
@@ -247,7 +247,7 @@ if(isset($_POST[$OJ_NAME.'_refer'])){
|
||||
do_submit($remote_site,$remote_user);
|
||||
}
|
||||
|
||||
//echo (htmlentities(curl_get($remote_site."/login0.php")));
|
||||
//echo (htmlspecialchars(curl_get($remote_site."/login0.php")));
|
||||
if (!is_login($remote_site)){
|
||||
var_dump(do_login($remote_site,$remote_user,$remote_pass));
|
||||
}else{
|
||||
|
||||
@@ -26,7 +26,7 @@ function do_login($remote_site,$username,$password){
|
||||
);
|
||||
//echo "try login...";
|
||||
$data=curl_post_urlencoded($remote_site.'/login',$form);
|
||||
//echo htmlentities($remote_site.'/login');
|
||||
//echo htmlspecialchars($remote_site.'/login');
|
||||
if(str_contains($data,"Password")) return false;
|
||||
else return true;
|
||||
}
|
||||
|
||||
@@ -90,7 +90,7 @@ function toInput($temp){
|
||||
if(mb_strpos($kv[0],"OJ_UDP")>0) return "";
|
||||
if(mb_strpos($kv[0],"OJ_WEIBO")>0) return "";
|
||||
$temp=toName($kv[0]).":<input name='".$kv[0]."' value=".$kv[1]." >\n";
|
||||
$temp.="\t<input name='old_".$kv[0]."' type='hidden' value='".htmlentities($kv[1],ENT_QUOTES,'UTF-8')."' >\n";
|
||||
$temp.="\t<input name='old_".$kv[0]."' type='hidden' value='".htmlspecialchars($kv[1],ENT_QUOTES,'UTF-8')."' >\n";
|
||||
|
||||
return $temp."\n";
|
||||
}
|
||||
|
||||
@@ -83,7 +83,7 @@
|
||||
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
pdo_query($sql,$user_id,$email,$ip,$password,$nick,$school);
|
||||
}
|
||||
|
||||
@@ -49,7 +49,7 @@ if(isset($_GET['code'])){
|
||||
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
pdo_query($sql,$uname,$email,$ip,$password,$nick,$school);
|
||||
}
|
||||
|
||||
@@ -59,7 +59,7 @@ if(isset($_GET['code'])){
|
||||
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
pdo_query($sql,$uname,$email,$ip,$password,$nick,$school);
|
||||
}
|
||||
|
||||
@@ -29,10 +29,10 @@
|
||||
$to_user="";
|
||||
$title="";
|
||||
if (isset($_GET['to_user'])){
|
||||
$to_user=htmlentities($_GET['to_user'],ENT_QUOTES,"UTF-8");
|
||||
$to_user=htmlspecialchars($_GET['to_user'],ENT_QUOTES,"UTF-8");
|
||||
}
|
||||
if (isset($_GET['title'])){
|
||||
$title=htmlentities($_GET['title'],ENT_QUOTES,"UTF-8");
|
||||
$title=htmlspecialchars($_GET['title'],ENT_QUOTES,"UTF-8");
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$OJ_NAME.'_'.'user_id'])){
|
||||
|
||||
@@ -84,9 +84,9 @@ if (strlen($_POST['npassword']) == 0)
|
||||
$password = pwGen($_POST['opassword']);
|
||||
else
|
||||
$password = pwGen($_POST['npassword']);
|
||||
$nick = htmlentities($nick, ENT_QUOTES, "UTF-8");
|
||||
$school = (htmlentities($school, ENT_QUOTES, "UTF-8"));
|
||||
$email = (htmlentities($email, ENT_QUOTES, "UTF-8"));
|
||||
$nick = htmlspecialchars($nick, ENT_QUOTES, "UTF-8");
|
||||
$school = (htmlspecialchars($school, ENT_QUOTES, "UTF-8"));
|
||||
$email = (htmlspecialchars($email, ENT_QUOTES, "UTF-8"));
|
||||
$sql = "UPDATE `users` SET"
|
||||
. "`password`=?,"
|
||||
// . "`nick`=?," //删除此行和81行含的,$nick禁用昵称修改
|
||||
|
||||
@@ -36,7 +36,7 @@ if ($err_cnt>0){
|
||||
exit(0);
|
||||
|
||||
}
|
||||
$email=(htmlentities ($email,ENT_QUOTES,"UTF-8"));
|
||||
$email=(htmlspecialchars ($email,ENT_QUOTES,"UTF-8"));
|
||||
$sql="UPDATE `users` SET"
|
||||
."`email`=?";
|
||||
$sql.="WHERE `user_id`=?";
|
||||
|
||||
@@ -56,8 +56,8 @@ if ($err_cnt>0){
|
||||
exit(0);
|
||||
|
||||
}
|
||||
$nick=htmlentities ($nick,ENT_QUOTES,"UTF-8");
|
||||
$school=(htmlentities ($school,ENT_QUOTES,"UTF-8"));
|
||||
$nick=htmlspecialchars ($nick,ENT_QUOTES,"UTF-8");
|
||||
$school=(htmlspecialchars ($school,ENT_QUOTES,"UTF-8"));
|
||||
$sql="UPDATE `users` SET"
|
||||
."`nick`=?,"
|
||||
."`school`=? ";
|
||||
|
||||
@@ -37,10 +37,10 @@ if (isset($_SESSION[$OJ_NAME.'_'.'administrator'])){
|
||||
|
||||
foreach($result as $row){
|
||||
|
||||
$view_online[$i][0]= "<a href='userinfo.php?user=".htmlentities($row[0],ENT_QUOTES,"UTF-8")."'>".htmlentities($row[0],ENT_QUOTES,"UTF-8")."</a>";
|
||||
$view_online[$i][1]=htmlentities($row[1],ENT_QUOTES,"UTF-8");
|
||||
$view_online[$i][2]=htmlentities($row[2],ENT_QUOTES,"UTF-8");
|
||||
$view_online[$i][3]=htmlentities($row[3],ENT_QUOTES,"UTF-8");
|
||||
$view_online[$i][0]= "<a href='userinfo.php?user=".htmlspecialchars($row[0],ENT_QUOTES,"UTF-8")."'>".htmlspecialchars($row[0],ENT_QUOTES,"UTF-8")."</a>";
|
||||
$view_online[$i][1]=htmlspecialchars($row[1],ENT_QUOTES,"UTF-8");
|
||||
$view_online[$i][2]=htmlspecialchars($row[2],ENT_QUOTES,"UTF-8");
|
||||
$view_online[$i][3]=htmlspecialchars($row[3],ENT_QUOTES,"UTF-8");
|
||||
|
||||
$i++;
|
||||
}
|
||||
|
||||
@@ -61,7 +61,7 @@ foreach ($result as $row) {
|
||||
$label_theme = $color_theme[$hash_num%count($color_theme)]; //$color_theme 在 const.inc.php 里
|
||||
if ($label_theme=="")
|
||||
$label_theme = "default";
|
||||
$view_problemset[$i][3] .= "<a title='".htmlentities($cat,ENT_QUOTES,'UTF-8')."' class='label label-$label_theme' style='display: inline-block;' href='problemset.php?search=".htmlentities(urlencode($cat),ENT_QUOTES,'UTF-8')."'>".mb_substr($cat,0,10,'utf8')."</a> ";
|
||||
$view_problemset[$i][3] .= "<a title='".htmlspecialchars($cat,ENT_QUOTES,'UTF-8')."' class='label label-$label_theme' style='display: inline-block;' href='problemset.php?search=".htmlspecialchars(urlencode($cat),ENT_QUOTES,'UTF-8')."'>".mb_substr($cat,0,10,'utf8')."</a> ";
|
||||
}
|
||||
|
||||
$view_problemset[$i][3] .= "</div >";
|
||||
@@ -116,7 +116,7 @@ foreach ($result as $row) {
|
||||
}
|
||||
|
||||
$sql = "SELECT * FROM contest WHERE contest.defunct='N' $wheremy ORDER BY contest_id DESC";
|
||||
//echo htmlentities($sql);
|
||||
//echo htmlspecialchars($sql);
|
||||
$result = pdo_query($sql);
|
||||
$view_contest=array();
|
||||
foreach ($result as $row) {
|
||||
|
||||
@@ -45,7 +45,7 @@ if($_REQUEST['action']=='new'){
|
||||
|
||||
if($pid==0){
|
||||
if($cid>0){
|
||||
$problem_id = htmlentities($_POST['pid'],ENT_QUOTES,'UTF-8');
|
||||
$problem_id = htmlspecialchars($_POST['pid'],ENT_QUOTES,'UTF-8');
|
||||
//echo "problem_id:".$problem_id;
|
||||
$num = strpos($PID,$problem_id);
|
||||
//echo "num:$num";
|
||||
@@ -79,7 +79,7 @@ if($_REQUEST['action']=='reply' || !is_null($tid)){
|
||||
if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip = explode(',',$REMOTE_ADDR);
|
||||
$ip = (htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip = (htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
|
||||
$sql = "INSERT INTO `reply` (`author_id`, `time`, `content`, `topic_id`,`ip`) VALUES(?,NOW(),?,?,?)";
|
||||
|
||||
@@ -29,7 +29,7 @@ if (isset($_GET['pid'])){
|
||||
|
||||
if ($result){
|
||||
$row=$result[0];
|
||||
echo "<a href='userinfo.php?user=".htmlentities($row['user_id'],ENT_QUOTES,'utf-8')."'>".htmlentities($row['user_id'],ENT_QUOTES,'utf-8')."</a>";
|
||||
echo "<a href='userinfo.php?user=".htmlspecialchars($row['user_id'],ENT_QUOTES,'utf-8')."'>".htmlspecialchars($row['user_id'],ENT_QUOTES,'utf-8')."</a>";
|
||||
}else{
|
||||
echo "$MSG_IMPORTED";
|
||||
}
|
||||
|
||||
@@ -102,7 +102,7 @@ if (isset($_SESSION[$OJ_NAME . '_' . 'administrator'])) { //all problems
|
||||
pdo_query("SET sort_buffer_size = 1024*1024"); // Out of sort memory, consider increasing server sort buffer size
|
||||
$sql = "SELECT `problem_id`,`title`,`source`,`submit`,`accepted`,defunct FROM problem A WHERE $filter_sql $order_by $limit_sql ";
|
||||
$count_sql = "SELECT count(1) from problem where $filter_sql ";
|
||||
//echo htmlentities( $sql);
|
||||
//echo htmlspecialchars( $sql);
|
||||
if (isset($_GET['search']) && trim($_GET['search']) != "") {
|
||||
$total = pdo_query($count_sql, $search, $search);
|
||||
$cnt = $total[0][0] / $page_cnt;
|
||||
@@ -155,7 +155,7 @@ foreach ($result as $row) {
|
||||
if ($label_theme == "")
|
||||
$label_theme = "default";
|
||||
|
||||
$view_problemset[$i][3] .= "<a title='" . htmlentities($cat, ENT_QUOTES, 'UTF-8') . "' class='label label-$label_theme' style='display: inline-block;' href='problemset.php?search=" . htmlentities(urlencode($cat), ENT_QUOTES, 'UTF-8') . "'>" . mb_substr($cat, 0, 10, 'utf8') . "</a> ";
|
||||
$view_problemset[$i][3] .= "<a title='" . htmlspecialchars($cat, ENT_QUOTES, 'UTF-8') . "' class='label label-$label_theme' style='display: inline-block;' href='problemset.php?search=" . htmlspecialchars(urlencode($cat), ENT_QUOTES, 'UTF-8') . "'>" . mb_substr($cat, 0, 10, 'utf8') . "</a> ";
|
||||
}
|
||||
|
||||
$view_problemset[$i][3] .= "</div >";
|
||||
|
||||
@@ -119,12 +119,12 @@
|
||||
$rank ++;
|
||||
|
||||
$view_rank[$i][0]= $rank;
|
||||
$view_rank[$i][1]= "<a href='userinfo.php?user=" .htmlentities ( $row['user_id'],ENT_QUOTES,"UTF-8") . "'>" . $row['user_id'] . "</a>";
|
||||
$view_rank[$i][1]= "<a href='userinfo.php?user=" .htmlspecialchars ( $row['user_id'],ENT_QUOTES,"UTF-8") . "'>" . $row['user_id'] . "</a>";
|
||||
if(isset($row['starred']) && $row['starred'] >0 ) $view_rank[$i][1]="⭐".$view_rank[$i][1]."⭐"; //github starred rewarding
|
||||
$view_rank[$i][2]= "<div class=center>" . htmlentities ( $row['nick'] ,ENT_QUOTES,"UTF-8") ."</div>";
|
||||
$view_rank[$i][3]= "<div class=center>" . htmlentities ( $row['group_name'] ,ENT_QUOTES,"UTF-8") ."</div>";
|
||||
$view_rank[$i][4]= "<div class=center><a href='status.php?user_id=" .htmlentities ( $row['user_id'],ENT_QUOTES,"UTF-8") ."&jresult=4'>" . $row['solved']."</a>"."</div>";
|
||||
$view_rank[$i][5]= "<div class=center><a href='status.php?user_id=" . htmlentities ($row['user_id'],ENT_QUOTES,"UTF-8") ."'>" . $row['submit'] . "</a>"."</div>";
|
||||
$view_rank[$i][2]= "<div class=center>" . htmlspecialchars ( $row['nick'] ,ENT_QUOTES,"UTF-8") ."</div>";
|
||||
$view_rank[$i][3]= "<div class=center>" . htmlspecialchars ( $row['group_name'] ,ENT_QUOTES,"UTF-8") ."</div>";
|
||||
$view_rank[$i][4]= "<div class=center><a href='status.php?user_id=" .htmlspecialchars ( $row['user_id'],ENT_QUOTES,"UTF-8") ."&jresult=4'>" . $row['solved']."</a>"."</div>";
|
||||
$view_rank[$i][5]= "<div class=center><a href='status.php?user_id=" . htmlspecialchars ($row['user_id'],ENT_QUOTES,"UTF-8") ."'>" . $row['submit'] . "</a>"."</div>";
|
||||
|
||||
if ($row['submit'] == 0)
|
||||
$view_rank[$i][6]= "0.00%";
|
||||
|
||||
@@ -97,18 +97,18 @@ if ($domain==$DOMAIN && $OJ_NAME==$user_id){
|
||||
print "history.go(-1);\n</script>";
|
||||
exit(0);
|
||||
}
|
||||
$nick=(htmlentities ($nick,ENT_QUOTES,"UTF-8"));
|
||||
$school=(htmlentities ($school,ENT_QUOTES,"UTF-8"));
|
||||
$email=(htmlentities ($email,ENT_QUOTES,"UTF-8"));
|
||||
$nick=(htmlspecialchars ($nick,ENT_QUOTES,"UTF-8"));
|
||||
$school=(htmlspecialchars ($school,ENT_QUOTES,"UTF-8"));
|
||||
$email=(htmlspecialchars ($email,ENT_QUOTES,"UTF-8"));
|
||||
$ip = ($_SERVER['REMOTE_ADDR']);
|
||||
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])&&!empty(trim($_SERVER['HTTP_X_FORWARDED_FOR']))) {
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip = explode(',', $REMOTE_ADDR);
|
||||
$ip = (htmlentities($tmp_ip[0], ENT_QUOTES, "UTF-8"));
|
||||
$ip = (htmlspecialchars($tmp_ip[0], ENT_QUOTES, "UTF-8"));
|
||||
} else if (isset($_SERVER['HTTP_X_REAL_IP'])&&!empty(trim($_SERVER['HTTP_X_REAL_IP']))) {
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_REAL_IP'];
|
||||
$tmp_ip = explode(',', $REMOTE_ADDR);
|
||||
$ip = (htmlentities($tmp_ip[0], ENT_QUOTES, "UTF-8"));
|
||||
$ip = (htmlspecialchars($tmp_ip[0], ENT_QUOTES, "UTF-8"));
|
||||
}
|
||||
|
||||
// 检查IP是否已经注册过
|
||||
|
||||
@@ -78,7 +78,7 @@ if($ok){
|
||||
// ){
|
||||
|
||||
if($row['user_id']!=$_SESSION[$OJ_NAME.'_'.'user_id']){
|
||||
$view_mail_link= "<a href='mail.php?to_user=".htmlentities($row['user_id'],ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the auther</a>";
|
||||
$view_mail_link= "<a href='mail.php?to_user=".htmlspecialchars($row['user_id'],ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the auther</a>";
|
||||
}
|
||||
|
||||
$sql = "SELECT `error` FROM `runtimeinfo` WHERE `solution_id`=?";
|
||||
@@ -86,14 +86,14 @@ if($ok){
|
||||
|
||||
if(isset($result[0])){
|
||||
$row = $result[0];
|
||||
$view_reinfo=htmlentities(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8");
|
||||
$view_reinfo=htmlspecialchars(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8");
|
||||
}
|
||||
|
||||
if(strpos($row['error'],"judge/")!==false&&!isset($_SESSION[$OJ_NAME."_administrator"])) $view_reinfo = "潜在的数组或指针越界,请检查代码。";
|
||||
else if(strpos($row['error'],"php")!==false) $view_reinfo = "error2";
|
||||
else if(strpos($row['error'],"PASS")!==false) $view_reinfo = "error3";
|
||||
else if($OJ_SHOW_DIFF && $row && ($ok||$isRE) && ($OJ_TEST_RUN||is_valid($row['error'])||$ok)){
|
||||
$view_reinfo = htmlentities(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8");
|
||||
$view_reinfo = htmlspecialchars(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8");
|
||||
|
||||
$view_reinfo .="<br>$MSG_MARK:$mark";
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ if (!empty($result)) {
|
||||
if(strpos($row['error'],"judge")!==false) echo "error1";
|
||||
else if(strpos($row['error'],"php")!==false) echo "error2";
|
||||
else if(strpos($row['error'],"PASS")!==false) echo "error3";
|
||||
else echo htmlentities(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8");
|
||||
else echo htmlspecialchars(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8");
|
||||
$sql = "delete from custominput where solution_id=?";
|
||||
pdo_query($sql,$solution_id);
|
||||
}
|
||||
|
||||
@@ -178,7 +178,7 @@ if (isset($_GET['top'])) {
|
||||
$problem_id = "";
|
||||
if (isset($_GET['problem_id']) && $_GET['problem_id']!="") {
|
||||
if (isset($_GET['cid'])) {
|
||||
$problem_id = htmlentities($_GET['problem_id'],ENT_QUOTES,'UTF-8');
|
||||
$problem_id = htmlspecialchars($_GET['problem_id'],ENT_QUOTES,'UTF-8');
|
||||
$num = array_search($problem_id,$PID);
|
||||
$problem_id = $PID[$num];
|
||||
$sql = $sql."AND `num`='".$num."' ";
|
||||
@@ -215,7 +215,7 @@ if (isset($_GET['user_id'])) {
|
||||
$sql = $sql."AND solution.user_id=? ";
|
||||
if ($str2!="")
|
||||
$str2 = $str2."&";
|
||||
$str2 = $str2."&user_id=".htmlentities(urlencode($user_id),ENT_QUOTES);
|
||||
$str2 = $str2."&user_id=".htmlspecialchars(urlencode($user_id),ENT_QUOTES);
|
||||
array_push($param,$user_id);
|
||||
}
|
||||
else{
|
||||
@@ -261,13 +261,13 @@ if(isset($_GET['school'])&&trim($_GET['school'])!="" || isset($_GET['school'])&&
|
||||
$school=trim($_GET['school']);
|
||||
$sql.=" and users.school=? ";
|
||||
array_push($param,trim($_GET['school']));
|
||||
$str2 = $str2."&school=".htmlentities(trim($_GET['school']),ENT_QUOTES);
|
||||
$str2 = $str2."&school=".htmlspecialchars(trim($_GET['school']),ENT_QUOTES);
|
||||
}
|
||||
if(isset($_GET['group_name'])&&trim($_GET['group_name'])!=""){
|
||||
$group_name=trim($_GET['group_name']);
|
||||
$sql.=" and users.group_name=? ";
|
||||
array_push($param,trim($_GET['group_name']));
|
||||
$str2 = $str2."&group_name=".htmlentities(trim($_GET['group_name']),ENT_QUOTES);
|
||||
$str2 = $str2."&group_name=".htmlspecialchars(trim($_GET['group_name']),ENT_QUOTES);
|
||||
}
|
||||
}else{
|
||||
$sql0="select $fields from solution inner join users on solution.user_id=users.user_id";
|
||||
|
||||
@@ -265,7 +265,7 @@ $ip = $_SERVER['REMOTE_ADDR'];
|
||||
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip = explode(',', $REMOTE_ADDR);
|
||||
$ip = htmlentities($tmp_ip[0], ENT_QUOTES, "UTF-8");
|
||||
$ip = htmlspecialchars($tmp_ip[0], ENT_QUOTES, "UTF-8");
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
<td style="text-align:left">
|
||||
<a href="discuss.php<?php if ($row['pid']!=0 && $row['cid']!=null) echo "?pid=".$row['pid']."&cid=".$row['cid'];
|
||||
else if ($row['pid']!=0) echo"?pid=".$row['pid']; else if ($row['cid']!=null) echo"?cid=".$row['cid'];?>">
|
||||
<?php if ($row['pid']!=0) echo "Problem ".$row['pid']; else echo "MainBoard";?></a> >> <?php echo nl2br(htmlentities($row['title'] ,ENT_QUOTES,"UTF-8"));?></td>
|
||||
<?php if ($row['pid']!=0) echo "Problem ".$row['pid']; else echo "MainBoard";?></a> >> <?php echo nl2br(htmlspecialchars($row['title'] ,ENT_QUOTES,"UTF-8"));?></td>
|
||||
</tr>
|
||||
|
||||
<?php
|
||||
@@ -62,10 +62,10 @@
|
||||
<?php echo $i+1;?>#</span>
|
||||
</div>
|
||||
<div style="text-align:left; clear:both; margin:10px 30px">
|
||||
<?php if ($row['status'] == 0) echo nl2br(htmlentities($row['content'],ENT_QUOTES,"UTF-8"));
|
||||
<?php if ($row['status'] == 0) echo nl2br(htmlspecialchars($row['content'],ENT_QUOTES,"UTF-8"));
|
||||
else {
|
||||
if (!$isuser || $isadmin)echo "<div style=\"border-left:10px solid gray\"><font color=red><i>Notice : <br>This reply is blocked by administrator.</i></font></div>";
|
||||
if ($isuser || $isadmin) echo nl2br(htmlentities($row['content'],ENT_QUOTES,"UTF-8"));
|
||||
if ($isuser || $isadmin) echo nl2br(htmlspecialchars($row['content'],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
|
||||
@@ -121,7 +121,7 @@ if(isset($_POST['startdate'])){
|
||||
$password = $row['password'];
|
||||
$langmask = $row['langmask'];
|
||||
$description = $row['description'];
|
||||
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
|
||||
|
||||
$plist = "";
|
||||
$sql = "SELECT `problem_id` FROM `contest_problem` WHERE `contest_id`=? ORDER BY `num`";
|
||||
@@ -173,7 +173,7 @@ if(isset($_POST['startdate'])){
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_CONTEST."-".$MSG_Description."</h4>"?>
|
||||
<textarea class=kindeditor rows=13 name=description cols=80>
|
||||
<?php echo htmlentities($description,ENT_QUOTES,'UTF-8')?>
|
||||
<?php echo htmlspecialchars($description,ENT_QUOTES,'UTF-8')?>
|
||||
</textarea>
|
||||
<br>
|
||||
<table width="100%">
|
||||
@@ -206,7 +206,7 @@ if(isset($_POST['startdate'])){
|
||||
<option value=1 <?php echo $private=='1'?'selected=selected':''?>><?php echo $MSG_Private?></option>
|
||||
</select>
|
||||
<?php echo $MSG_CONTEST."-".$MSG_PASSWORD?>:
|
||||
<input type=text name=password style="width:150px;" value='<?php echo htmlentities($password,ENT_QUOTES,'utf-8')?>'>
|
||||
<input type=text name=password style="width:150px;" value='<?php echo htmlspecialchars($password,ENT_QUOTES,'utf-8')?>'>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@@ -56,7 +56,7 @@ if(isset($_POST['news_id'])){
|
||||
|
||||
$row = $result[0];
|
||||
|
||||
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$content = $row['content'];
|
||||
}
|
||||
?>
|
||||
@@ -68,7 +68,7 @@ if(isset($_POST['news_id'])){
|
||||
</p>
|
||||
<p align=left>
|
||||
<textarea class=kindeditor name=content>
|
||||
<?php echo htmlentities($content,ENT_QUOTES,"UTF-8")?>
|
||||
<?php echo htmlspecialchars($content,ENT_QUOTES,"UTF-8")?>
|
||||
</textarea>
|
||||
</p>
|
||||
<?php require_once("../include/set_post_key.php");?>
|
||||
|
||||
@@ -30,7 +30,7 @@ if (isset($_POST['do'])) {
|
||||
|
||||
$sql = "insert into `privilege`(user_id,rightstr,valuestr,defunct) values(?,?,?,'N')";
|
||||
$rows = pdo_query($sql,$user_id,$rightstr,$valuestr);
|
||||
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -41,9 +41,9 @@ if (isset($_POST['do'])) {
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
@@ -100,9 +100,9 @@ if (isset($_POST['do'])) {
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
@@ -135,9 +135,9 @@ if (isset($_POST['do'])) {
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
|
||||
@@ -59,11 +59,11 @@ $_SESSION[$OJ_NAME.'_'."p$pid"]=true;
|
||||
$loj_id=intval($_POST['loj_id']);
|
||||
//print_r($_POST);
|
||||
echo "<br>".$loj_id."<br>";
|
||||
echo htmlentities("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
|
||||
echo htmlspecialchars("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
|
||||
echo system("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
|
||||
echo system("/home/judge/src/install/ans2out $OJ_DATA/$pid/");
|
||||
echo "<br>";
|
||||
echo htmlentities("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
|
||||
echo htmlspecialchars("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
|
||||
echo system("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
|
||||
echo system("/usr/bin/loj.ac $OJ_DATA/$pid");
|
||||
echo "<br>";
|
||||
|
||||
@@ -34,38 +34,38 @@ include_once("kindeditor.php") ;
|
||||
<input type=hidden name=problem_id value='<?php echo $row['problem_id']?>'>
|
||||
<p align=left>
|
||||
<center><h3>
|
||||
<?php echo $row['problem_id']?>: <input class="input input-xxlarge" style='width:90%' type=text name=title value='<?php echo htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>'>
|
||||
<?php echo $row['problem_id']?>: <input class="input input-xxlarge" style='width:90%' type=text name=title value='<?php echo htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>'>
|
||||
</h3></center>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo $MSG_Time_Limit?><br>
|
||||
<input class="input input-mini" type=text name=time_limit size=20 value='<?php echo htmlentities($row['time_limit'],ENT_QUOTES,"UTF-8")?>'> Sec<br><br>
|
||||
<input class="input input-mini" type=text name=time_limit size=20 value='<?php echo htmlspecialchars($row['time_limit'],ENT_QUOTES,"UTF-8")?>'> Sec<br><br>
|
||||
<?php echo $MSG_Memory_Limit?><br>
|
||||
<input class="input input-mini" type=text name=memory_limit size=20 value='<?php echo htmlentities($row['memory_limit'],ENT_QUOTES,"UTF-8")?>'> MB<br><br>
|
||||
<input class="input input-mini" type=text name=memory_limit size=20 value='<?php echo htmlspecialchars($row['memory_limit'],ENT_QUOTES,"UTF-8")?>'> MB<br><br>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Description."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=description cols=80><?php echo htmlentities($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=description cols=80><?php echo htmlspecialchars($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Input."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=input cols=80><?php echo htmlentities($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=input cols=80><?php echo htmlspecialchars($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Output."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=output cols=80><?php echo htmlentities($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=output cols=80><?php echo htmlspecialchars($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Sample_Input."</h4>"?>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_input><?php echo htmlentities($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_input><?php echo htmlspecialchars($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Sample_Output."</h4>"?>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_output><?php echo htmlentities($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_output><?php echo htmlspecialchars($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_HINT."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=hint cols=80><?php echo htmlentities($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=hint cols=80><?php echo htmlspecialchars($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
<p>
|
||||
<?php echo "<h4>".$MSG_SPJ."</h4>"?>
|
||||
@@ -75,7 +75,7 @@ include_once("kindeditor.php") ;
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_SOURCE."</h4>"?>
|
||||
<textarea name=source style="width:100%;" rows=1><?php echo htmlentities($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
<textarea name=source style="width:100%;" rows=1><?php echo htmlspecialchars($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
</p>
|
||||
<div align=center>
|
||||
<?php require_once("../include/set_post_key.php");?>
|
||||
|
||||
@@ -106,7 +106,7 @@ function getSolution($pid,$lang){
|
||||
return $ret;
|
||||
}
|
||||
function fixurl($img_url){
|
||||
$img_url= html_entity_decode( $img_url,ENT_QUOTES,"UTF-8");
|
||||
$img_url= htmlspecialchars_decode( $img_url,ENT_QUOTES,"UTF-8");
|
||||
|
||||
if (substr($img_url,0,4)!="http"){
|
||||
if(substr($img_url,0,1)=="/"){
|
||||
|
||||
@@ -38,7 +38,7 @@ if (!(isset($_SESSION[$OJ_NAME.'_'.'administrator']))){
|
||||
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
$sql="INSERT INTO `users`("."`user_id`,`email`,`ip`,`accesstime`,`password`,`reg_time`,`nick`,`school`)".
|
||||
"VALUES(?,?,?,NOW(),?,NOW(),?,?)on DUPLICATE KEY UPDATE `email`=?,`ip`=?,`accesstime`=NOW(),`password`=?,`reg_time`=now(),nick=?,`school`=?";
|
||||
|
||||
@@ -15,7 +15,7 @@ if(isset($_POST['user_id'])){
|
||||
$ip=$_POST['ip'];
|
||||
$sql="insert into loginlog (user_id,password,ip,time) value(?,?,?,now())";
|
||||
$result=pdo_query($sql,$user_id,"set ip by ".$_SESSION[$OJ_NAME."_user_id"],$ip);
|
||||
echo "$MSG_USER ".htmlentities($user_id)." $MSG_SET_LOGIN_IP : ".htmlentities($ip);
|
||||
echo "$MSG_USER ".htmlspecialchars($user_id)." $MSG_SET_LOGIN_IP : ".htmlspecialchars($ip);
|
||||
}
|
||||
?>
|
||||
<form action=user_set_ip.php class=center method="post">
|
||||
|
||||
@@ -8,13 +8,13 @@
|
||||
<meta name="author" content="">
|
||||
<link rel="icon" href="../../favicon.ico">
|
||||
|
||||
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Balloon Ticket</h1>
|
||||
<?php
|
||||
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "Problem ".$PID[$view_pid]."<br>";
|
||||
if(isset($_GET['fb']) && intval($_GET['fb'])==1){
|
||||
echo "Balloon Color: <font color='".$ball_color[$view_pid]."'>".$ball_name[$view_pid]." First Blood! </font><br>";
|
||||
|
||||
@@ -305,7 +305,7 @@
|
||||
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
|
||||
echo "</td>";
|
||||
|
||||
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
|
||||
$usolved = $U[$i]->solved;
|
||||
echo "<td class='text-center'><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";
|
||||
|
||||
@@ -304,7 +304,7 @@
|
||||
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
|
||||
echo "</td>";
|
||||
|
||||
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
|
||||
$usolved = $U[$i]->solved;
|
||||
echo "<td class='text-center'><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";
|
||||
@@ -355,7 +355,7 @@
|
||||
<div class="ui list">
|
||||
<?php
|
||||
foreach($absent as $a){
|
||||
$uid=htmlentities($a['user_id'],ENT_QUOTES,"UTF-8");
|
||||
$uid=htmlspecialchars($a['user_id'],ENT_QUOTES,"UTF-8");
|
||||
echo "<a href='userinfo.php?user=".$uid."' >$uid</a> ";
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -50,7 +50,7 @@ $usolved=$U[$i]->solved;
|
||||
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
|
||||
else echo"<td>";
|
||||
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
|
||||
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
|
||||
echo "<td>".sec2str($U[$i]->time);
|
||||
for ($j=0;$j<$pid_cnt;$j++){
|
||||
|
||||
@@ -28,7 +28,7 @@
|
||||
<tr align='center'>
|
||||
<td>
|
||||
<form class=form-inline method=post action=contest.php>
|
||||
<input class="form-control" name=keyword value="<?php if(isset($_POST['keyword'])) echo htmlentities($_POST['keyword'],ENT_QUOTES,"UTF-8")?>" placeholder="<?php echo $MSG_CONTEST_NAME?>">
|
||||
<input class="form-control" name=keyword value="<?php if(isset($_POST['keyword'])) echo htmlspecialchars($_POST['keyword'],ENT_QUOTES,"UTF-8")?>" placeholder="<?php echo $MSG_CONTEST_NAME?>">
|
||||
<button class="form-control" type=submit><?php echo $MSG_SEARCH?></button>
|
||||
<a href="contest.php" ><?php echo $MSG_VIEW_ALL_CONTESTS ?></a>
|
||||
</form>
|
||||
|
||||
@@ -189,7 +189,7 @@ public class Main{
|
||||
</font>
|
||||
</center>
|
||||
<hr>
|
||||
this page can be replaced by add a news which titled "<?php echo htmlentities($faqs_name,ENT_QUOTES,"UTF-8")?>";
|
||||
this page can be replaced by add a news which titled "<?php echo htmlspecialchars($faqs_name,ENT_QUOTES,"UTF-8")?>";
|
||||
<hr>
|
||||
|
||||
<center>
|
||||
|
||||
@@ -31,14 +31,14 @@ if($view_content)
|
||||
echo "<center>
|
||||
<table>
|
||||
<tr>
|
||||
<td class=blue>$from_user -> $to_user[".htmlentities(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
|
||||
<td class=blue>$from_user -> $to_user[".htmlspecialchars(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
|
||||
</tr>
|
||||
<tr><td><pre>". htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
|
||||
<tr><td><pre>". htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
|
||||
</td></tr>
|
||||
</table></center>";
|
||||
?>
|
||||
<table><form method=post action=mail.php>
|
||||
<tr><td>From:<?php echo htmlentities($from_user,ENT_QUOTES,"UTF-8")?>
|
||||
<tr><td>From:<?php echo htmlspecialchars($from_user,ENT_QUOTES,"UTF-8")?>
|
||||
To:<input name=to_user size=10 value="<?php if ($from_user==$_SESSION[$OJ_NAME.'_user_id']||$from_user=="") echo $to_user ;else echo $from_user;?>">
|
||||
Title:<input name=title size=20 value="<?php echo $title?>">
|
||||
<input type=submit value=<?php echo $MSG_SUBMIT?>></td>
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_NICK?></label>
|
||||
<div class="col-sm-4"><input name="nick" class="form-control" value="<?php echo htmlentities($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
<div class="col-sm-4"><input name="nick" class="form-control" value="<?php echo htmlspecialchars($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_PASSWORD?></label>
|
||||
@@ -51,12 +51,12 @@
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_SCHOOL?></label>
|
||||
<div class="col-sm-4"><input name="school" class="form-control" value="<?php echo htmlentities($row['school'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
<div class="col-sm-4"><input name="school" class="form-control" value="<?php echo htmlspecialchars($row['school'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
<?php if(isset($_SESSION[$OJ_NAME."_printer"])) echo "$MSG_HELP_BALLOON_SCHOOL";?>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_EMAIL?></label>
|
||||
<div class="col-sm-4"><input name="email" class="form-control" value="<?php echo htmlentities($row['email'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
<div class="col-sm-4"><input name="email" class="form-control" value="<?php echo htmlspecialchars($row['email'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_REFRESH_PRIVILEGE?></label>
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<meta name="author" content="">
|
||||
<link rel="icon" href="../../favicon.ico">
|
||||
|
||||
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
</head>
|
||||
<body>
|
||||
<link href='<?php echo $OJ_CDN_URL?>highlight/styles/shCore.css' rel='stylesheet' type='text/css'/>
|
||||
@@ -27,9 +27,9 @@ function draw(){
|
||||
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
|
||||
<input onclick="location.href='printer.php?id=<?php echo $id?>';" type="button" value="<?php echo $MSG_PRINT_DONE?>"><br>
|
||||
<?php
|
||||
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "<pre class='brush:c'>".htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
|
||||
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "<pre class='brush:c'>".htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
|
||||
?>
|
||||
<input onclick="draw()" type="button" value="Line Number">
|
||||
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
|
||||
|
||||
@@ -203,7 +203,7 @@
|
||||
$hash_num=hexdec(substr(md5($cat),0,7));
|
||||
$label_theme=$color_theme[$hash_num%count($color_theme)];
|
||||
if($label_theme=="") $label_theme="default";
|
||||
echo "<a class='label label-$label_theme' style='display: inline-block;' href='problemset.php?search=".urlencode(htmlentities($cat,ENT_QUOTES,'utf-8'))."'>".htmlentities($cat,ENT_QUOTES,'utf-8')."</a> ";
|
||||
echo "<a class='label label-$label_theme' style='display: inline-block;' href='problemset.php?search=".urlencode(htmlspecialchars($cat,ENT_QUOTES,'utf-8'))."'>".htmlspecialchars($cat,ENT_QUOTES,'utf-8')."</a> ";
|
||||
}?>
|
||||
</div>
|
||||
|
||||
|
||||
@@ -44,7 +44,7 @@ if(!isset($_GET['ajax'])){
|
||||
$start = $page > $section ? $page - $section : 1;
|
||||
$end = $page + $section > $view_total_page ? $view_total_page : $page + $section;
|
||||
for ( $i = $start; $i <= $end; $i++ ) {
|
||||
echo "<li class='" . ( $page == $i ? "active " : "" ) . "page-item'> <a href='problemset.php?page=" . $i .htmlentities($postfix,ENT_QUOTES,'UTF-8'). "'>" . $i . "</a></li>";
|
||||
echo "<li class='" . ( $page == $i ? "active " : "" ) . "page-item'> <a href='problemset.php?page=" . $i .htmlspecialchars($postfix,ENT_QUOTES,'UTF-8'). "'>" . $i . "</a></li>";
|
||||
}
|
||||
?>
|
||||
<li class="page-item"><a href="problemset.php?page=<?php echo $view_total_page?>">>></a>
|
||||
|
||||
@@ -31,7 +31,7 @@
|
||||
<tr align='center'>
|
||||
<td>
|
||||
<form class=form-inline action=ranklist.php>
|
||||
<input class="form-control" name='prefix' value="<?php echo htmlentities(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" placeholder="<?php echo $MSG_USER?>">
|
||||
<input class="form-control" name='prefix' value="<?php echo htmlspecialchars(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" placeholder="<?php echo $MSG_USER?>">
|
||||
<button class="form-control" type='submit'><?php echo $MSG_SEARCH?></button>
|
||||
</form>
|
||||
</td>
|
||||
@@ -90,10 +90,10 @@
|
||||
echo "<center>";
|
||||
$qs="";
|
||||
if(isset($_GET['prefix'])){
|
||||
$qs.="&prefix=".htmlentities($_GET['prefix'],ENT_QUOTES,"utf-8");
|
||||
$qs.="&prefix=".htmlspecialchars($_GET['prefix'],ENT_QUOTES,"utf-8");
|
||||
}
|
||||
if(isset($scope)){
|
||||
$qs.="&scope=".htmlentities($scope,ENT_QUOTES,"utf-8");
|
||||
$qs.="&scope=".htmlspecialchars($scope,ENT_QUOTES,"utf-8");
|
||||
}
|
||||
|
||||
for($i = 0; $i <$view_total ; $i += $page_size) {
|
||||
|
||||
@@ -48,7 +48,7 @@
|
||||
<br>
|
||||
</span>
|
||||
|
||||
<pre id="code" cols=180 rows=20 class="ace_editor" style="min-height:600px;width: 80%"><textarea id="source" class="ace_text-input"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea></pre>
|
||||
<pre id="code" cols=180 rows=20 class="ace_editor" style="min-height:600px;width: 80%"><textarea id="source" class="ace_text-input"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea></pre>
|
||||
<?php if(!$readOnly){?>
|
||||
<button class="btn btn-info" type="button" onclick="submitCode()"><?php echo $MSG_SUBMIT?></button>
|
||||
<?php } ?>
|
||||
|
||||
@@ -49,7 +49,7 @@ SyntaxHighlighter.all();
|
||||
<?php
|
||||
if ($ok==true){
|
||||
if($view_user_id!=$_SESSION[$OJ_NAME.'_'.'user_id'])
|
||||
echo "<a href='mail.php?to_user=".htmlentities($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
|
||||
echo "<a href='mail.php?to_user=".htmlspecialchars($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
|
||||
$brush=strtolower($language_name[$slanguage]);
|
||||
if ($brush=='pascal') $brush='delphi';
|
||||
if ($brush=='obj-c') $brush='c';
|
||||
@@ -68,7 +68,7 @@ echo "\tMemory:".$smemory." kb\n";
|
||||
echo "****************************************************************/\n\n";
|
||||
$auth=ob_get_contents();
|
||||
ob_end_clean();
|
||||
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
|
||||
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
|
||||
}else{
|
||||
echo $MSG_WARNING_ACCESS_DENIED ;
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@ echo "\tMemory:".$smemory." kb\n";
|
||||
echo "****************************************************************/\n\n";
|
||||
$auth=ob_get_contents();
|
||||
ob_end_clean();
|
||||
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
|
||||
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
|
||||
}else{
|
||||
echo $MSG_WARNING_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user