From d9b2d13caa1ba78e8abe28b0da5911be774edd1f Mon Sep 17 00:00:00 2001 From: klarkxy <278370456@qq.com> Date: Fri, 6 Dec 2024 15:35:38 +0800 Subject: [PATCH] htmlentities -> htmlspecialchars --- web/admin/changepass.php | 8 +++--- web/admin/contest_edit.php | 6 ++--- web/admin/kindeditor.php | 2 +- web/admin/menu.php | 2 +- web/admin/menu2.php | 2 +- web/admin/news_add_page.php | 2 +- web/admin/news_edit.php | 4 +-- web/admin/phpfm.php | 2 +- web/admin/privilege_add.php | 14 +++++------ web/admin/privilege_list.php | 2 +- web/admin/problem_add.php | 15 +++++++---- web/admin/problem_add_loj.php | 4 +-- web/admin/problem_add_page.php | 2 +- web/admin/problem_add_page_bas.php | 2 +- web/admin/problem_add_page_hdu.php | 2 +- web/admin/problem_add_page_pku.php | 2 +- web/admin/problem_add_page_uoj.php | 2 +- web/admin/problem_edit.php | 28 ++++++++++----------- web/admin/problem_export_xml.php | 2 +- web/admin/problem_import_hydro.php | 10 ++++---- web/admin/problem_import_md.php | 8 +++--- web/admin/problem_import_syzoj.php | 2 +- web/admin/problem_list.php | 10 ++++---- web/admin/ranklist_export.php | 4 +-- web/admin/team_generate.php | 2 +- web/admin/team_generate2.php | 2 +- web/admin/user_df_change.php | 2 +- web/admin/user_list.php | 4 +-- web/admin/user_set_ip.php | 8 +++--- web/bsadmin/contest_add.php | 4 +-- web/bsadmin/contest_edit.php | 6 ++--- web/bsadmin/news_edit.php | 4 +-- web/bsadmin/phpfm.php | 2 +- web/bsadmin/privilege_add.php | 2 +- web/bsadmin/problem_edit.php | 16 ++++++------ web/bsadmin/problem_export_xml.php | 2 +- web/bsadmin/team_generate.php | 2 +- web/bsadmin/user_edit.php | 2 +- web/category.php | 2 +- web/ceinfo.php | 2 +- web/changepass.php | 8 +++--- web/contest-check.php | 4 +-- web/discuss.php | 4 +-- web/include/PHPMailer.php | 4 +-- web/include/SMTP.php | 2 +- web/include/bbcode.php | 4 +-- web/include/cache_start.php | 2 +- web/include/init.php | 4 +-- web/include/login-hustoj.php | 4 +-- web/include/my_func.inc.php | 6 ++--- web/include/online.php | 8 +++--- web/include/pdo.php | 4 +-- web/include/problem.php | 2 +- web/include/remote_bas.php | 4 +-- web/include/remote_hdu.php | 4 +-- web/include/remote_luogu.php | 4 +-- web/include/remote_pku.php | 2 +- web/install.php | 2 +- web/login_qq.php | 2 +- web/login_renren.php | 2 +- web/login_weibo.php | 2 +- web/mail.php | 4 +-- web/modify.php | 6 ++--- web/modify_email.php | 2 +- web/modify_info.php | 4 +-- web/online.php | 8 +++--- web/portal.php | 4 +-- web/post.php | 4 +-- web/problem-ajax.php | 2 +- web/problemset.php | 4 +-- web/ranklist.php | 10 ++++---- web/register.php | 10 ++++---- web/reinfo.php | 6 ++--- web/status-ajax.php | 2 +- web/status.php | 8 +++--- web/submit.php | 2 +- web/superthread.php | 6 ++--- web/swadmin/contest_edit.php | 6 ++--- web/swadmin/news_edit.php | 4 +-- web/swadmin/privilege_add.php | 14 +++++------ web/swadmin/problem_add_loj.php | 4 +-- web/swadmin/problem_edit.php | 20 +++++++-------- web/swadmin/problem_export_xml.php | 2 +- web/swadmin/team_generate.php | 2 +- web/swadmin/user_set_ip.php | 2 +- web/template/bs3/balloon_view.php | 6 ++--- web/template/bs3/contestrank-oi.php | 2 +- web/template/bs3/contestrank.php | 4 +-- web/template/bs3/contestrank2.php | 2 +- web/template/bs3/contestset.php | 2 +- web/template/bs3/faqs.php | 2 +- web/template/bs3/mail.php | 6 ++--- web/template/bs3/modifypage.php | 6 ++--- web/template/bs3/printer_view.php | 8 +++--- web/template/bs3/problem.php | 2 +- web/template/bs3/problemset.php | 2 +- web/template/bs3/ranklist.php | 6 ++--- web/template/bs3/sharecodepage.php | 2 +- web/template/bs3/showsource.php | 4 +-- web/template/bs3/showsource2.php | 2 +- web/template/bs3/submitpage.php | 4 +-- web/template/bs3/user_set_ip.php | 8 +++--- web/template/bs3/userinfo.php | 2 +- web/template/bshark/balloon_view.php | 4 +-- web/template/bshark/contestrank-oi.php | 2 +- web/template/bshark/contestrank.php | 2 +- web/template/bshark/contestrank2.php | 2 +- web/template/bshark/contestset.php | 2 +- web/template/bshark/faqs.php | 2 +- web/template/bshark/modifypage.php | 6 ++--- web/template/bshark/problem.php | 2 +- web/template/bshark/problemset.php | 2 +- web/template/bshark/ranklist.php | 6 ++--- web/template/bshark/showsource.php | 2 +- web/template/bshark/statics/semantic.min.js | 2 +- web/template/bshark/submitpage.php | 4 +-- web/template/bshark/user_set_ip.php | 8 +++--- web/template/mdui/balloon_view.php | 6 ++--- web/template/mdui/contestrank-oi.php | 2 +- web/template/mdui/contestrank.php | 2 +- web/template/mdui/contestrank2.php | 2 +- web/template/mdui/contestset.php | 2 +- web/template/mdui/faqs.php | 2 +- web/template/mdui/mail.php | 6 ++--- web/template/mdui/modifypage.php | 6 ++--- web/template/mdui/printer_view.php | 8 +++--- web/template/mdui/problemset.php | 2 +- web/template/mdui/ranklist.php | 6 ++--- web/template/mdui/sharecodepage.php | 2 +- web/template/mdui/showsource.php | 4 +-- web/template/mdui/showsource2.php | 2 +- web/template/mdui/submitpage.php | 4 +-- web/template/mdui/user_set_ip.php | 6 ++--- web/template/sidebar/balloon_view.php | 4 +-- web/template/sidebar/contestrank-oi.php | 4 +-- web/template/sidebar/contestrank.php | 4 +-- web/template/sidebar/contestrank2.php | 2 +- web/template/sidebar/contestrank4.php | 2 +- web/template/sidebar/contestrank5.php | 4 +-- web/template/sidebar/index.php | 2 +- web/template/sidebar/mail.php | 6 ++--- web/template/sidebar/modifypage.php | 6 ++--- web/template/sidebar/printer_view.php | 8 +++--- web/template/sidebar/problem.php | 10 ++++---- web/template/sidebar/problem1.php | 2 +- web/template/sidebar/problem2.php | 2 +- web/template/sidebar/problemset.php | 14 +++++------ web/template/sidebar/ranklist.php | 4 +-- web/template/sidebar/showsource.php | 2 +- web/template/sidebar/showsource2.php | 2 +- web/template/sidebar/submitpage.php | 6 ++--- web/template/sidebar/user_set_ip.php | 8 +++--- web/template/sweet/balloon_view.php | 6 ++--- web/template/sweet/category.php | 2 +- web/template/sweet/contestrank-oi.php | 2 +- web/template/sweet/contestrank.php | 2 +- web/template/sweet/contestrank2.php | 2 +- web/template/sweet/mail.php | 4 +-- web/template/sweet/modifypage.php | 6 ++--- web/template/sweet/printer_view.php | 8 +++--- web/template/sweet/problem.php | 2 +- web/template/sweet/ranklist.php | 2 +- web/template/sweet/showsource.php | 4 +-- web/template/sweet/showsource2.php | 2 +- web/template/sweet/submitpage.php | 4 +-- web/template/sweet/userinfo.php | 2 +- web/template/syzoj/balloon_view.php | 4 +-- web/template/syzoj/contestrank-oi.php | 4 +-- web/template/syzoj/contestrank.php | 4 +-- web/template/syzoj/contestrank2.php | 2 +- web/template/syzoj/contestrank4.php | 2 +- web/template/syzoj/contestrank5.php | 4 +-- web/template/syzoj/index.php | 2 +- web/template/syzoj/mail.php | 6 ++--- web/template/syzoj/modifypage.php | 6 ++--- web/template/syzoj/printer_view.php | 8 +++--- web/template/syzoj/problem.php | 10 ++++---- web/template/syzoj/problemset.php | 6 ++--- web/template/syzoj/ranklist.php | 4 +-- web/template/syzoj/showsource.php | 2 +- web/template/syzoj/showsource2.php | 2 +- web/template/syzoj/submitpage.php | 6 ++--- web/template/syzoj/user_set_ip.php | 8 +++--- web/thread.php | 4 +-- 184 files changed, 410 insertions(+), 405 deletions(-) diff --git a/web/admin/changepass.php b/web/admin/changepass.php index 7d9810b..94add71 100644 --- a/web/admin/changepass.php +++ b/web/admin/changepass.php @@ -41,9 +41,9 @@ if (isset($OJ_LANG)) { $sql = "update `users` set `password`=? where `user_id`=? and user_id not in( select user_id from privilege where rightstr='administrator')"; if (pdo_query($sql, $passwd, $user_id) == 1) - echo "

User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!

"; + echo "

User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!

"; else - echo "

There is No such User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!

"; + echo "

There is No such User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!

"; } } ?> @@ -53,10 +53,10 @@ if (isset($OJ_LANG)) {
+ value="" type="text" required>
+ value="" type="text" required>
" . $MSG_CONTEST . "-" . $MSG_Description . "" ?>
@@ -222,7 +222,7 @@ include_once("kindeditor.php"); : '> + value=''>

diff --git a/web/admin/kindeditor.php b/web/admin/kindeditor.php index 97bd164..8c62474 100644 --- a/web/admin/kindeditor.php +++ b/web/admin/kindeditor.php @@ -41,7 +41,7 @@ if( typeof sync === "function") sync(); } }); - // prettyPrint(); + prettyPrint(); }); }),100); diff --git a/web/admin/menu.php b/web/admin/menu.php index 4c40d3e..2c8d95b 100644 --- a/web/admin/menu.php +++ b/web/admin/menu.php @@ -36,7 +36,7 @@
  • -
  • +
  • diff --git a/web/admin/menu2.php b/web/admin/menu2.php index 6c55acd..cbf5a17 100644 --- a/web/admin/menu2.php +++ b/web/admin/menu2.php @@ -75,7 +75,7 @@ - + diff --git a/web/admin/news_add_page.php b/web/admin/news_add_page.php index 2aa5deb..57543af 100644 --- a/web/admin/news_add_page.php +++ b/web/admin/news_add_page.php @@ -37,7 +37,7 @@ if(isset($_POST['pid'])){ if($pieces[0]=="") unset($pieces[0]); $plist=implode(",",$pieces); - $content="[plist=".$plist."]".htmlentities($_POST['keyword'],ENT_QUOTES,"utf-8")."[/plist]"; + $content="[plist=".$plist."]".htmlspecialchars($_POST['keyword'],ENT_QUOTES,"utf-8")."[/plist]"; } ?> diff --git a/web/admin/news_edit.php b/web/admin/news_edit.php index 7a2ee4f..6c2a389 100644 --- a/web/admin/news_edit.php +++ b/web/admin/news_edit.php @@ -49,7 +49,7 @@ if(isset($_POST['news_id'])){ $row = $result[0]; - $title = htmlentities($row['title'],ENT_QUOTES,"UTF-8"); + $title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8"); $content = $row['content']; $showInMenu = $row['menu'] == 1; } @@ -67,7 +67,7 @@ if(isset($_POST['news_id'])){

    -

    diff --git a/web/admin/phpfm.php b/web/admin/phpfm.php index bd3f780..165f1c5 100644 --- a/web/admin/phpfm.php +++ b/web/admin/phpfm.php @@ -2540,7 +2540,7 @@ function zip_extract(){ function html_encode($str){ global $charSet; $str = preg_replace(array('/&/', '//', '/"/'), array('&', '<', '>', '"'), $str); // Bypass PHP to allow any charset!! - $str = htmlentities($str, ENT_QUOTES, $charSet, false); + $str = htmlspecialchars($str, ENT_QUOTES, $charSet, false); return $str; } function rep($x,$y){ diff --git a/web/admin/privilege_add.php b/web/admin/privilege_add.php index 5676b2c..54e2a13 100644 --- a/web/admin/privilege_add.php +++ b/web/admin/privilege_add.php @@ -40,7 +40,7 @@ if (isset($_POST['do'])) { }else{ email($OJ_ADMIN,"Privilege Add Warning!",$msg); } - echo "

    User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!

    "; + echo "

    User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!

    "; } ?> @@ -51,9 +51,9 @@ if (isset($_POST['do'])) {
    -
    +
    -
    +
    " type="text" required >
    @@ -112,9 +112,9 @@ if (isset($_POST['do'])) {
    -
    +
    -
    +
    " type="text" required >
    @@ -147,9 +147,9 @@ if (isset($_POST['do'])) {
    -
    +
    -
    +
    " type="text" required >
    diff --git a/web/admin/privilege_list.php b/web/admin/privilege_list.php index c56e14c..3b24fb1 100644 --- a/web/admin/privilege_list.php +++ b/web/admin/privilege_list.php @@ -72,7 +72,7 @@ if(isset($_GET['keyword']) && $_GET['keyword']!=""){ echo "
  • "; - echo ""; + echo ""; echo ""; } ?> diff --git a/web/admin/problem_add.php b/web/admin/problem_add.php index e677422..0d30065 100644 --- a/web/admin/problem_add.php +++ b/web/admin/problem_add.php @@ -12,24 +12,28 @@ require_once ("../include/problem.php"); // contest_id $title = $_POST['title']; -$title = str_replace(",", ",", $title); +// $title = str_replace(",", ",", $title); +$title = htmlspecialchars_decode($title, ENT_QUOTES, 'UTF-8'); $time_limit = $_POST['time_limit']; $memory_limit = $_POST['memory_limit']; $description = $_POST['description']; //$description = str_replace("

    ", "", $description); //$description = str_replace("

    ", "
    ", $description); -$description = str_replace(",", ",", $description); +// $description = str_replace(",", ",", $description); +$description = htmlspecialchars_decode($description, ENT_QUOTES, 'UTF-8'); $input = $_POST['input']; //$input = str_replace("

    ", "", $input); //$input = str_replace("

    ", "
    ", $input); -$input = str_replace(",", ",", $input); +// $input = str_replace(",", ",", $input); +$input = htmlspecialchars_decode($input, ENT_QUOTES, 'UTF-8'); $output = $_POST['output']; //$output = str_replace("

    ", "", $output); //$output = str_replace("

    ", "
    ", $output); -$output = str_replace(",", ",", $output); +// $output = str_replace(",", ",", $output); +$output = htmlspecialchars_decode($output, ENT_QUOTES, 'UTF-8'); $sample_input = $_POST['sample_input']; $sample_output = $_POST['sample_output']; @@ -44,7 +48,8 @@ if ($test_output=="") $test_output="\n"; $hint = $_POST['hint']; //$hint = str_replace("

    ", "", $hint); //$hint = str_replace("

    ", "
    ", $hint); -$hint = str_replace(",", ",", $hint); +// $hint = str_replace(",", ",", $hint); +$hint = htmlspecialchars_decode($hint, ENT_QUOTES, 'UTF-8'); $source = $_POST['source']; diff --git a/web/admin/problem_add_loj.php b/web/admin/problem_add_loj.php index e2e3fd8..293bcd2 100644 --- a/web/admin/problem_add_loj.php +++ b/web/admin/problem_add_loj.php @@ -59,11 +59,11 @@ $_SESSION[$OJ_NAME.'_'."p$pid"]=true; $loj_id=intval($_POST['loj_id']); //print_r($_POST); echo "
    ".$loj_id."
    "; -echo htmlentities("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip"); +echo htmlspecialchars("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip"); echo system("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip"); echo system("/home/judge/src/install/ans2out $OJ_DATA/$pid/"); echo "
    "; -echo htmlentities("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid"); +echo htmlspecialchars("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid"); echo system("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid"); echo system("/usr/bin/loj.ac $OJ_DATA/$pid"); echo "
    "; diff --git a/web/admin/problem_add_page.php b/web/admin/problem_add_page.php index 5212014..9fc0298 100644 --- a/web/admin/problem_add_page.php +++ b/web/admin/problem_add_page.php @@ -90,7 +90,7 @@ if (!(isset($_SESSION[$OJ_NAME . '_' . 'administrator']) || isset($_SESSION[$OJ_

    " . $MSG_SOURCE . " 用空格分隔" . "" ?>

    + rows=1>

    " . $MSG_CONTEST . "" ?> Hint:

    SpecialJudge: NY

    -

    Source:

    +

    Source:

    contest:

    Hint:
    SpecialJudge: NY

    -

    Source:

    +

    Source:

    diff --git a/web/admin/problem_add_page_pku.php b/web/admin/problem_add_page_pku.php index 6359c5a..f5af44e 100644 --- a/web/admin/problem_add_page_pku.php +++ b/web/admin/problem_add_page_pku.php @@ -60,7 +60,7 @@ include_once("kindeditor.php") ; $element=$html->find('pre[class=sio]',1); $sample_output=$element->innertext; $element=$html->find('div[class=ptx]',3); - $hint=htmlentities($element->outertext); + $hint=htmlspecialchars($element->outertext); ?>
    diff --git a/web/admin/problem_add_page_uoj.php b/web/admin/problem_add_page_uoj.php index aa388b2..f7856ae 100644 --- a/web/admin/problem_add_page_uoj.php +++ b/web/admin/problem_add_page_uoj.php @@ -89,7 +89,7 @@ $url=$_POST ['url'];

    Add a Problem

    - +

    Problem Id:  New Problem

    Title:

    diff --git a/web/admin/problem_edit.php b/web/admin/problem_edit.php index ac456a4..192f6d4 100644 --- a/web/admin/problem_edit.php +++ b/web/admin/problem_edit.php @@ -49,7 +49,7 @@ include_once("kindeditor.php") ;

    - : '> + : '>

    @@ -61,32 +61,32 @@ include_once("kindeditor.php") ;

    ".$MSG_Description.""?> -
    +

    ".$MSG_Input.""?> -
    +

    ".$MSG_Output.""?> -
    +

    ".$MSG_Sample_Input.""?> -

    +

    ".$MSG_Sample_Output.""?> -

    +

    ".$MSG_HINT.""?> -
    +

    @@ -99,11 +99,11 @@ include_once("kindeditor.php") ;

    ".$MSG_SOURCE." 用空格分隔".""?> -
    +
    ".$MSG_REMOTE_OJ.""?> - ' placeholder='' > - ' placeholder='' >
    + ' placeholder='' > + ' placeholder='' >

    @@ -237,19 +237,19 @@ include_once("kindeditor.php") ; // $description = str_replace("

    ", "", $description); // $description = str_replace("

    ", "
    ", $description); // $description = str_replace(",", ",", $description); - $description = html_entity_decode($description,ENT_QUOTES,"UTF-8"); + $description = htmlspecialchars_decode($description,ENT_QUOTES,"UTF-8"); $input = $_POST['input']; // $input = str_replace("

    ", "", $input); // $input = str_replace("

    ", "
    ", $input); // $input = str_replace(",", ",", $input); - $input = html_entity_decode($input,ENT_QUOTES,"UTF-8"); + $input = htmlspecialchars_decode($input,ENT_QUOTES,"UTF-8"); $output = $_POST['output']; // $output = str_replace("

    ", "", $output); // $output = str_replace("

    ", "
    ", $output); // $output = str_replace(",", ",", $output); - $output = html_entity_decode($output,ENT_QUOTES,"UTF-8"); + $output = htmlspecialchars_decode($output,ENT_QUOTES,"UTF-8"); $sample_input = $_POST['sample_input']; $sample_output = $_POST['sample_output']; @@ -260,7 +260,7 @@ include_once("kindeditor.php") ; // $hint = str_replace("

    ", "", $hint); // $hint = str_replace("

    ", "
    ", $hint); // $hint = str_replace(",", ",", $hint); - $hint = html_entity_decode($hint,ENT_QUOTES,"UTF-8"); + $hint = htmlspecialchars_decode($hint,ENT_QUOTES,"UTF-8"); $source = $_POST['source']; $remote_oj= $_POST['remote_oj']; diff --git a/web/admin/problem_export_xml.php b/web/admin/problem_export_xml.php index 342504b..bb6009b 100644 --- a/web/admin/problem_export_xml.php +++ b/web/admin/problem_export_xml.php @@ -124,7 +124,7 @@ function getSolution($pid,$lang) { function fixurl($img_url) { if(substr($img_url,0,4)=="data") return $img_url; - $img_url = html_entity_decode($img_url,ENT_QUOTES,"UTF-8"); + $img_url = htmlspecialchars_decode($img_url,ENT_QUOTES,"UTF-8"); if (substr($img_url,0,4)!="http") { if (substr($img_url,0,1)=="/") { diff --git a/web/admin/problem_import_hydro.php b/web/admin/problem_import_hydro.php index 111a0d1..6fc5ba0 100644 --- a/web/admin/problem_import_hydro.php +++ b/web/admin/problem_import_hydro.php @@ -154,7 +154,7 @@ else { $hydrop=yaml_parse($file_content); $title=$hydrop['title']; $source=implode(" ",$hydrop['tag']); - echo "
    ".htmlentities($file_name." $title $source"); + echo "
    ".htmlspecialchars($file_name." $title $source"); if(!in_array($title,$inserted)){ $pid = addproblem($title,1,128, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA); mkdir($OJ_DATA."/$pid/"); @@ -174,13 +174,13 @@ else { if($save_path){ $description=str_replace("file://",$save_path."/",$description); - // echo htmlentities($description); + // echo htmlspecialchars($description); } $spj=0; if($title!="" && (!in_array($title,$inserted)) && !hasProblem($title)){ $pid = addproblem($title,1,128, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA); - echo htmlentities("$description"); + echo htmlspecialchars("$description"); mkdir($OJ_DATA."/$pid/"); array_push($inserted,$title); }else{ @@ -189,7 +189,7 @@ else { echo "skiped $title"; //$pid=0; } - echo "PID:".htmlentities($title,ENT_QUOTES,"UTF-8").""; + echo "PID:".htmlspecialchars($title,ENT_QUOTES,"UTF-8").""; }else if(basename($file_name)=="config.yaml"){ $hydrop=yaml_parse($file_content); if($hydrop['type']=="objective"){ @@ -202,7 +202,7 @@ else { $out.= $hydrop['answers'][$ansi][0]."\n"; $ansi++; } - //echo htmlentities($out); + //echo htmlspecialchars($out); if($pid>0){ file_put_contents($OJ_DATA."/$pid/data.out",$out); file_put_contents($OJ_DATA."/$pid/data.in",($ansi-1)."\n"); diff --git a/web/admin/problem_import_md.php b/web/admin/problem_import_md.php index 9a12f81..67f8588 100644 --- a/web/admin/problem_import_md.php +++ b/web/admin/problem_import_md.php @@ -141,7 +141,7 @@ else { $title=str_replace("#","",$hydrop[0]); $title=str_replace("\r","",$title); $source=""; - echo "
    ".htmlentities($file_name." $title $source"); + echo "
    ".htmlspecialchars($file_name." $title $source"); $regex = '/<(?!div)/'; // $file_content = preg_replace($regex, '<',$file_content); $regex = '/(?\s?/'; @@ -156,10 +156,10 @@ else { if($save_path){ $description=str_replace("file://",$save_path."/",$description); - // echo htmlentities($description); + // echo htmlspecialchars($description); } - //echo htmlentities("$description"); + //echo htmlspecialchars("$description"); $tail=0; $ptitle = $title; while (hasProblem($ptitle)) { @@ -170,7 +170,7 @@ else { $pid = addproblem($title,1,128, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA); mkdir($OJ_DATA."/$pid/"); - echo "PID:".htmlentities($title,ENT_QUOTES,"UTF-8").""; + echo "PID:".htmlspecialchars($title,ENT_QUOTES,"UTF-8").""; } } }else{ diff --git a/web/admin/problem_import_syzoj.php b/web/admin/problem_import_syzoj.php index c5ea216..f0377fa 100644 --- a/web/admin/problem_import_syzoj.php +++ b/web/admin/problem_import_syzoj.php @@ -58,7 +58,7 @@ else { $time=getPartByMark($file_content,"时间限制:","ms"); $time=intval($time)/1000; $memory=getPartByMark($file_content,"空间限制:","MiB"); - echo "
    ".htmlentities(" $title $source"); + echo "
    ".htmlspecialchars(" $title $source"); $pid = addproblem($title,$time,$memory, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA); echo "PID:$pid"; mkdir($OJ_DATA."/$pid"); diff --git a/web/admin/problem_list.php b/web/admin/problem_list.php index 820f9ce..a6fc7ed 100644 --- a/web/admin/problem_list.php +++ b/web/admin/problem_list.php @@ -58,7 +58,7 @@ if(isset($_GET['keyword']) && $_GET['keyword']!=""){
    - " class="form-control search-query" placeholder=""> + " class="form-control search-query" placeholder="">
    @@ -80,7 +80,7 @@ echo "";
    ".$row['rightstr']; if($row['valuestr']!="true") echo ":".$row['valuestr']; echo "DeleteDelete
    -"> +"> @@ -123,7 +123,7 @@ echo ""; foreach($cate as $cat){ $cat=trim($cat); if(mb_ereg("^http",$cat)){ - echo "Remote' ; + echo "Remote' ; } else array_push($category,trim($cat)); } @@ -135,7 +135,7 @@ echo ""; $label_theme = $color_theme[$hash_num%count($color_theme)]; if ($label_theme=="") $label_theme = "default"; - $view .= "".mb_substr($cat,0,10,'utf8')." "; + $view .= "".mb_substr($cat,0,10,'utf8')." "; } echo "
    "; echo $view; @@ -146,7 +146,7 @@ echo ""; echo "
    "; echo ""; echo ""; - echo ""; + echo ""; if ($OJ_SaaS_ENABLE && $domain == $DOMAIN) { echo ""; } else { diff --git a/web/admin/user_set_ip.php b/web/admin/user_set_ip.php index 8ca33a1..c9cb1c9 100644 --- a/web/admin/user_set_ip.php +++ b/web/admin/user_set_ip.php @@ -27,7 +27,7 @@ if(isset($_POST['do'])){ $sql = "insert into loginlog (user_id,password,ip,time) value(?,?,?,now())"; $result = pdo_query($sql,$user_id,"set ip by ".$_SESSION[$OJ_NAME."_user_id"],$ip); - echo "

    User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed!

    "; + echo "

    User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed!

    "; } ?> @@ -35,9 +35,9 @@ if(isset($_POST['do'])){
    -
    +
    -
    +
    " type="text" required >
    @@ -46,7 +46,7 @@ if(isset($_POST['do'])){
    -
    +
    " type="text" autocomplete="off" required >
    diff --git a/web/bsadmin/contest_add.php b/web/bsadmin/contest_add.php index ed9744c..3a2292c 100644 --- a/web/bsadmin/contest_add.php +++ b/web/bsadmin/contest_add.php @@ -219,7 +219,7 @@ else{

    @@ -254,7 +254,7 @@ else{ : - '> + '>

    diff --git a/web/bsadmin/contest_edit.php b/web/bsadmin/contest_edit.php index 2afe593..d24d9cc 100644 --- a/web/bsadmin/contest_edit.php +++ b/web/bsadmin/contest_edit.php @@ -161,7 +161,7 @@ if(isset($_POST['startdate'])){ $password = $row['password']; $langmask = $row['langmask']; $description = $row['description']; - $title = htmlentities($row['title'],ENT_QUOTES,"UTF-8"); + $title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8"); $plist = ""; $sql = "SELECT `problem_id` FROM `contest_problem` WHERE `contest_id`=? ORDER BY `num`"; @@ -205,7 +205,7 @@ if(isset($_POST['startdate'])){

    @@ -240,7 +240,7 @@ if(isset($_POST['startdate'])){ : - '> + '>

    diff --git a/web/bsadmin/news_edit.php b/web/bsadmin/news_edit.php index 207408b..d3f8860 100644 --- a/web/bsadmin/news_edit.php +++ b/web/bsadmin/news_edit.php @@ -66,7 +66,7 @@ if(isset($_POST['news_id'])){ $row = $result[0]; - $title = htmlentities($row['title'],ENT_QUOTES,"UTF-8"); + $title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8"); $content = $row['content']; } ?> @@ -109,7 +109,7 @@ if(isset($_POST['news_id'])){ 内容 -
    +
    > diff --git a/web/bsadmin/phpfm.php b/web/bsadmin/phpfm.php index 769d002..5781fd5 100644 --- a/web/bsadmin/phpfm.php +++ b/web/bsadmin/phpfm.php @@ -2423,7 +2423,7 @@ function zip_extract(){ function html_encode($str){ global $charSet; $str = preg_replace(array('/&/', '//', '/"/'), array('&', '<', '>', '"'), $str); // Bypass PHP to allow any charset!! - $str = htmlentities($str, ENT_QUOTES, $charSet, false); + $str = htmlspecialchars($str, ENT_QUOTES, $charSet, false); return $str; } function rep($x,$y){ diff --git a/web/bsadmin/privilege_add.php b/web/bsadmin/privilege_add.php index ceeba4a..2dbcbae 100644 --- a/web/bsadmin/privilege_add.php +++ b/web/bsadmin/privilege_add.php @@ -81,7 +81,7 @@ if (isset($_POST['do'])) { $sql = "insert into `privilege`(user_id,rightstr,valuestr,defunct) values(?,?,?,'N')"; $rows = pdo_query($sql,$user_id,$rightstr,$valuestr); - echo "

    User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!

    "; + echo "

    User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!

    "; } ?> diff --git a/web/bsadmin/problem_edit.php b/web/bsadmin/problem_edit.php index 3828f1d..71b5c86 100644 --- a/web/bsadmin/problem_edit.php +++ b/web/bsadmin/problem_edit.php @@ -74,24 +74,24 @@ include_once("kindeditor.php"); ?> '> - "> + ">
    MB
    题目描述 -
    +
    输入格式 -
    +
    输出格式 -
    +
    样例输入 -
    +
    样例输出 -
    +
    提示 -
    +
    来源 -
    +
    >>

    diff --git a/web/bsadmin/problem_export_xml.php b/web/bsadmin/problem_export_xml.php index b7bde9a..b09d0e0 100644 --- a/web/bsadmin/problem_export_xml.php +++ b/web/bsadmin/problem_export_xml.php @@ -106,7 +106,7 @@ function getSolution($pid,$lang){ return $ret; } function fixurl($img_url){ - $img_url= html_entity_decode( $img_url,ENT_QUOTES,"UTF-8"); + $img_url= htmlspecialchars_decode( $img_url,ENT_QUOTES,"UTF-8"); if (substr($img_url,0,4)!="http"){ if(substr($img_url,0,1)=="/"){ diff --git a/web/bsadmin/team_generate.php b/web/bsadmin/team_generate.php index 941258a..fa73e5b 100644 --- a/web/bsadmin/team_generate.php +++ b/web/bsadmin/team_generate.php @@ -98,7 +98,7 @@ require_once("../include/set_get_key.php"); if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){ $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip=explode(',',$REMOTE_ADDR); - $ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } $sql="INSERT INTO `users`("."`user_id`,`email`,`ip`,`accesstime`,`password`,`reg_time`,`nick`,`school`)". "VALUES(?,?,?,NOW(),?,NOW(),?,?)on DUPLICATE KEY UPDATE `email`=?,`ip`=?,`accesstime`=NOW(),`password`=?,`reg_time`=now(),nick=?,`school`=?, `qq`=?, `backimg`=?, `codeshare`=?, `mailok`=?"; diff --git a/web/bsadmin/user_edit.php b/web/bsadmin/user_edit.php index 2df04c2..9270f64 100644 --- a/web/bsadmin/user_edit.php +++ b/web/bsadmin/user_edit.php @@ -124,7 +124,7 @@ include_once("kindeditor.php"); 密码: > 邮箱: - "> + "> 学校 > diff --git a/web/category.php b/web/category.php index eb67c4d..22133cb 100644 --- a/web/category.php +++ b/web/category.php @@ -39,7 +39,7 @@ $hash_num=hexdec(substr(md5($cat),0,7)); $label_theme=$color_theme[$hash_num%count($color_theme)]; if($label_theme=="") $label_theme="default"; - $view_category.= "".htmlentities($cat,ENT_QUOTES,'utf-8')." "; + $view_category.= "".htmlspecialchars($cat,ENT_QUOTES,'utf-8')." "; } diff --git a/web/ceinfo.php b/web/ceinfo.php index 9071533..0223ee2 100644 --- a/web/ceinfo.php +++ b/web/ceinfo.php @@ -48,7 +48,7 @@ if ($ok==true){ $result=pdo_query($sql,$id); $row=$result[0]; if($row&&is_valid($row['error'])) - $view_reinfo= htmlentities(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8"); + $view_reinfo= htmlspecialchars(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8"); diff --git a/web/changepass.php b/web/changepass.php index 3df9af9..deb61c8 100644 --- a/web/changepass.php +++ b/web/changepass.php @@ -41,9 +41,9 @@ if (isset($OJ_LANG)) { $sql = "update `users` set `password`=? where `user_id`=? and user_id not in( select user_id from privilege where rightstr='administrator')"; if (pdo_query($sql, $passwd, $user_id) == 1) - echo "

    User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!

    "; + echo "

    User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!

    "; else - echo "

    There is No such User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!

    "; + echo "

    There is No such User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!

    "; } } ?> @@ -53,10 +53,10 @@ if (isset($OJ_LANG)) {
    + value="" type="text" required>
    + value="" type="text" required>
    $MSG_BBS"; echo ""; if($row['cid']) - echo "
    "; + echo ""; else - echo ""; + echo ""; $timestamp = strtotime($row['lastupdate']); diff --git a/web/include/PHPMailer.php b/web/include/PHPMailer.php index 1ca6d39..1bcf5c8 100644 --- a/web/include/PHPMailer.php +++ b/web/include/PHPMailer.php @@ -920,7 +920,7 @@ class PHPMailer break; case 'html': //Cleans up output a bit for a better looking, HTML-safe output - echo htmlentities( + echo htmlspecialchars( preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, 'UTF-8' @@ -4512,7 +4512,7 @@ class PHPMailer return call_user_func($advanced, $html); } - return html_entity_decode( + return htmlspecialchars_decode( trim(strip_tags(preg_replace('/<(head|title|style|script)[^>]*>.*?<\/\\1>/si', '', $html))), ENT_QUOTES, $this->CharSet diff --git a/web/include/SMTP.php b/web/include/SMTP.php index 3c3fbe5..bc9015b 100644 --- a/web/include/SMTP.php +++ b/web/include/SMTP.php @@ -299,7 +299,7 @@ class SMTP break; case 'html': //Cleans up output a bit for a better looking, HTML-safe output - echo gmdate('Y-m-d H:i:s'), ' ', htmlentities( + echo gmdate('Y-m-d H:i:s'), ' ', htmlspecialchars( preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, 'UTF-8' diff --git a/web/include/bbcode.php b/web/include/bbcode.php index 33360b0..13433fd 100644 --- a/web/include/bbcode.php +++ b/web/include/bbcode.php @@ -307,8 +307,8 @@ class BBCode $url = $buffer; } if(!isset($colorIndex)) $colorIndex =0; - $plist=html_entity_decode($url); - $pnum= count(explode(",",html_entity_decode($url))); + $plist=htmlspecialchars_decode($url); + $pnum= count(explode(",",htmlspecialchars_decode($url))); //var_dump($colorIndex); // emit the tag 如果希望题单显示2列,修改下面的col-lg-12为col-lg-6 $output = $output . '
    ' diff --git a/web/include/cache_start.php b/web/include/cache_start.php index 2fc9bba..0002d9f 100644 --- a/web/include/cache_start.php +++ b/web/include/cache_start.php @@ -9,7 +9,7 @@ if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){ $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip=explode(',',$REMOTE_ADDR); - $ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } $sid.=session_id().$ip; } diff --git a/web/include/init.php b/web/include/init.php index d9a1dea..9ca996a 100644 --- a/web/include/init.php +++ b/web/include/init.php @@ -61,11 +61,11 @@ if(isset($_SESSION[$OJ_NAME.'_user_id'])&&isset($OJ_LIMIT_TO_1_IP)&& $OJ_LIMIT_T if( isset($_SERVER['HTTP_X_FORWARDED_FOR'] )&&!empty( trim( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ){ $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip=explode(',',$REMOTE_ADDR); - $ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } else if(isset($_SERVER['HTTP_X_REAL_IP'])&& !empty( trim( $_SERVER['HTTP_X_REAL_IP'] ) ) ){ $REMOTE_ADDR = $_SERVER['HTTP_X_REAL_IP']; $tmp_ip=explode(',',$REMOTE_ADDR); - $ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } $sql="select ip from loginlog where user_id=? order by time desc"; $rows=pdo_query($sql,$_SESSION[$OJ_NAME.'_user_id'] ); diff --git a/web/include/login-hustoj.php b/web/include/login-hustoj.php index e1d2619..d344cd6 100644 --- a/web/include/login-hustoj.php +++ b/web/include/login-hustoj.php @@ -16,11 +16,11 @@ if( isset($_SERVER['HTTP_X_FORWARDED_FOR'] )&&!empty( trim( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ){ $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip=explode(',',$REMOTE_ADDR); - $ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } else if(isset($_SERVER['HTTP_X_REAL_IP'])&& !empty( trim( $_SERVER['HTTP_X_REAL_IP'] ) ) ){ $REMOTE_ADDR = $_SERVER['HTTP_X_REAL_IP']; $tmp_ip=explode(',',$REMOTE_ADDR); - $ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } if(isset($OJ_EXAM_CONTEST_ID)&&intval($OJ_EXAM_CONTEST_ID)>0){ //考试模式 $ccid=$OJ_EXAM_CONTEST_ID; diff --git a/web/include/my_func.inc.php b/web/include/my_func.inc.php index a9f15f9..85c3ad6 100644 --- a/web/include/my_func.inc.php +++ b/web/include/my_func.inc.php @@ -56,7 +56,7 @@ function create_subdomain($user_id,$template="bs3",$friendly="0"){ $CONF_FILE=realpath(dirname(__FILE__)."/../")."/SaaS/$user_id.".$DOMAIN.".php"; //if ($user_id=="zhblue") echo ""; -// echo "
    ".htmlentities($CONF_STR);
    +//      echo "
    ".htmlspecialchars($CONF_STR);
     //      echo "
    ".$CONF_FILE; mkdir($FARMBASE."/$user_id/run0",0755,true); mkdir($FARMBASE."/$user_id/data",0700,true); @@ -75,7 +75,7 @@ function create_subdomain($user_id,$template="bs3",$friendly="0"){ $CONF_FILE=$FARMBASE."/".$user_id."/etc/judge.conf"; -// echo "
    ".htmlentities($CONF_STR);
    +//      echo "
    ".htmlspecialchars($CONF_STR);
     //      echo "
    ".$CONF_FILE; file_put_contents($CONF_FILE,$CONF_STR); @@ -87,7 +87,7 @@ grant { '; $CONF_FILE=$FARMBASE."/".$user_id."/etc/java0.policy"; -// echo "
    ".htmlentities($CONF_STR);
    +//      echo "
    ".htmlspecialchars($CONF_STR);
     //      echo "
    ".$CONF_FILE; file_put_contents($CONF_FILE,$CONF_STR); $DB_NAME="jol_".$user_id; diff --git a/web/include/online.php b/web/include/online.php index eba7b4b..a01c898 100644 --- a/web/include/online.php +++ b/web/include/online.php @@ -82,18 +82,18 @@ class online{ $tmp_ip=explode(',',$REMOTE_ADDR); - $this->ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $this->ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } if(isset($_SESSION[$OJ_NAME.'_'.'user_id'])) - $this->ua = htmlentities($_SESSION[$OJ_NAME.'_'.'user_id'],ENT_QUOTES,"UTF-8"); + $this->ua = htmlspecialchars($_SESSION[$OJ_NAME.'_'.'user_id'],ENT_QUOTES,"UTF-8"); else $this->ua ="guest"; - $this->ua .= "@".htmlentities($_SERVER['HTTP_USER_AGENT'],ENT_QUOTES,"UTF-8"); + $this->ua .= "@".htmlspecialchars($_SERVER['HTTP_USER_AGENT'],ENT_QUOTES,"UTF-8"); $this->uri = ($_SERVER['PHP_SELF']); if(isset($_SERVER['HTTP_REFERER'])){ - $this->refer = (htmlentities($_SERVER['HTTP_REFERER'],ENT_QUOTES,"UTF-8")); + $this->refer = (htmlspecialchars($_SERVER['HTTP_REFERER'],ENT_QUOTES,"UTF-8")); } $this->hash = md5(session_id().$this->ip); diff --git a/web/include/pdo.php b/web/include/pdo.php index 2506765..bb4d6e2 100644 --- a/web/include/pdo.php +++ b/web/include/pdo.php @@ -43,13 +43,13 @@ function pdo_query($sql){ }catch(PDOException $e){ // echo "".$e->getMessage().""; // open this line to debug SQL fail problems // $view_errors="SQL:".$sql."\n".$e->getMessage(); -// echo htmlentities($view_errors."\n\n"); +// echo htmlspecialchars($view_errors."\n\n"); GLOBAL $MSG_UPDATE_DATABASE,$MSG_HELP_UPDATE_DATABASE; GLOBAL $POP_UPED,$OJ_NAME,$_SESSION; if(!$POP_UPED&&isset($_SESSION[$OJ_NAME.'_administrator'])){ echo " $MSG_HELP_UPDATE_DATABASE $MSG_UPDATE_DATABASE。"; $view_errors="SQL:".$sql."\n".$e->getMessage(); - echo htmlentities($view_errors."\n\n"); + echo htmlspecialchars($view_errors."\n\n"); $POP_UPED=true; } diff --git a/web/include/problem.php b/web/include/problem.php index d1a7349..917877b 100644 --- a/web/include/problem.php +++ b/web/include/problem.php @@ -5,7 +5,7 @@ function addproblem($title, $time_limit, $memory_limit, $description, $input, $o //echo $sql; $pid = pdo_query($sql, $title, $time_limit, $memory_limit, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj); - echo "New Problem:$pid ".htmlentities($title,ENT_QUOTES)." added!
    "; + echo "New Problem:$pid ".htmlspecialchars($title,ENT_QUOTES)." added!
    "; if (isset($_POST['contest_id']) && intval($_POST['contest_id'])>0) { $cid = intval($_POST['contest_id']); diff --git a/web/include/remote_bas.php b/web/include/remote_bas.php index aa057be..5176b62 100644 --- a/web/include/remote_bas.php +++ b/web/include/remote_bas.php @@ -58,7 +58,7 @@ function do_submit_one($remote_site,$username,$password,$sid){ }else{ $sid=explode("\n",$data); $sid=intval($sid[1]); - echo htmlentities($data)."--".$sid; + echo htmlspecialchars($data)."--".$sid; } return $sid; } @@ -108,7 +108,7 @@ function do_result_one($remote_site,$username,$password,$sid,$rid){ echo "previous submission failed , pending another submiting "; return -1; } - echo "
    ==".htmlentities($html)."=="; + echo "
    ==".htmlspecialchars($html)."=="; if($data[2]=="Waiting"||$data[2]=="Judging"){ $sql="update solution set result=17,judgetime=now() where solution_id=?"; pdo_query($sql,$sid); diff --git a/web/include/remote_hdu.php b/web/include/remote_hdu.php index e1880ad..8cf8c5d 100644 --- a/web/include/remote_hdu.php +++ b/web/include/remote_hdu.php @@ -23,7 +23,7 @@ function do_login($remote_site,$username,$password){ ); //echo "try login..."; $data=curl_post_urlencoded($remote_site.'/userloginex.php?action=login&cid=0¬ice=0',$form); - //echo htmlentities($remote_site.'/login'); + //echo htmlspecialchars($remote_site.'/login'); if(str_contains($data,"No such user or wrong password.")) return false; else return true; } @@ -222,7 +222,7 @@ if(isset($_POST[$OJ_NAME.'_refer'])){ do_submit($remote_site,$remote_user); } - //echo (htmlentities(curl_get($remote_site."/login0.php"))); + //echo (htmlspecialchars(curl_get($remote_site."/login0.php"))); if (!is_login($remote_site)){ var_dump(do_login($remote_site,$remote_user,$remote_pass)); }else{ diff --git a/web/include/remote_luogu.php b/web/include/remote_luogu.php index 46e46e4..140e298 100644 --- a/web/include/remote_luogu.php +++ b/web/include/remote_luogu.php @@ -20,7 +20,7 @@ function do_login($remote_site,$username,$password){ // ); //echo "try login..."; // $data=curl_post_urlencoded($remote_site.'/userloginex.php?action=login&cid=0¬ice=0',$form); - //echo htmlentities($remote_site.'/login'); + //echo htmlspecialchars($remote_site.'/login'); // if(str_contains($data,"No such user or wrong password.")) return false; return true; } @@ -247,7 +247,7 @@ if(isset($_POST[$OJ_NAME.'_refer'])){ do_submit($remote_site,$remote_user); } - //echo (htmlentities(curl_get($remote_site."/login0.php"))); + //echo (htmlspecialchars(curl_get($remote_site."/login0.php"))); if (!is_login($remote_site)){ var_dump(do_login($remote_site,$remote_user,$remote_pass)); }else{ diff --git a/web/include/remote_pku.php b/web/include/remote_pku.php index 9308f86..b369300 100644 --- a/web/include/remote_pku.php +++ b/web/include/remote_pku.php @@ -26,7 +26,7 @@ function do_login($remote_site,$username,$password){ ); //echo "try login..."; $data=curl_post_urlencoded($remote_site.'/login',$form); - //echo htmlentities($remote_site.'/login'); + //echo htmlspecialchars($remote_site.'/login'); if(str_contains($data,"Password")) return false; else return true; } diff --git a/web/install.php b/web/install.php index 5ffedf1..49f5874 100644 --- a/web/install.php +++ b/web/install.php @@ -90,7 +90,7 @@ function toInput($temp){ if(mb_strpos($kv[0],"OJ_UDP")>0) return ""; if(mb_strpos($kv[0],"OJ_WEIBO")>0) return ""; $temp=toName($kv[0]).":\n"; - $temp.="\t\n"; + $temp.="\t\n"; return $temp."\n"; } diff --git a/web/login_qq.php b/web/login_qq.php index 08c4580..dff0529 100644 --- a/web/login_qq.php +++ b/web/login_qq.php @@ -83,7 +83,7 @@ if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){ $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip=explode(',',$REMOTE_ADDR); - $ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } pdo_query($sql,$user_id,$email,$ip,$password,$nick,$school); } diff --git a/web/login_renren.php b/web/login_renren.php index b80a17b..1afa8a0 100644 --- a/web/login_renren.php +++ b/web/login_renren.php @@ -49,7 +49,7 @@ if(isset($_GET['code'])){ if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){ $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip=explode(',',$REMOTE_ADDR); - $ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } pdo_query($sql,$uname,$email,$ip,$password,$nick,$school); } diff --git a/web/login_weibo.php b/web/login_weibo.php index 5badc90..bafc0b7 100644 --- a/web/login_weibo.php +++ b/web/login_weibo.php @@ -59,7 +59,7 @@ if(isset($_GET['code'])){ if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){ $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip=explode(',',$REMOTE_ADDR); - $ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } pdo_query($sql,$uname,$email,$ip,$password,$nick,$school); } diff --git a/web/mail.php b/web/mail.php index c6320a8..591c912 100644 --- a/web/mail.php +++ b/web/mail.php @@ -29,10 +29,10 @@ $to_user=""; $title=""; if (isset($_GET['to_user'])){ - $to_user=htmlentities($_GET['to_user'],ENT_QUOTES,"UTF-8"); + $to_user=htmlspecialchars($_GET['to_user'],ENT_QUOTES,"UTF-8"); } if (isset($_GET['title'])){ - $title=htmlentities($_GET['title'],ENT_QUOTES,"UTF-8"); + $title=htmlspecialchars($_GET['title'],ENT_QUOTES,"UTF-8"); } if (!isset($_SESSION[$OJ_NAME.'_'.'user_id'])){ diff --git a/web/modify.php b/web/modify.php index 522c5a1..dad21ed 100644 --- a/web/modify.php +++ b/web/modify.php @@ -84,9 +84,9 @@ if (strlen($_POST['npassword']) == 0) $password = pwGen($_POST['opassword']); else $password = pwGen($_POST['npassword']); -$nick = htmlentities($nick, ENT_QUOTES, "UTF-8"); -$school = (htmlentities($school, ENT_QUOTES, "UTF-8")); -$email = (htmlentities($email, ENT_QUOTES, "UTF-8")); +$nick = htmlspecialchars($nick, ENT_QUOTES, "UTF-8"); +$school = (htmlspecialchars($school, ENT_QUOTES, "UTF-8")); +$email = (htmlspecialchars($email, ENT_QUOTES, "UTF-8")); $sql = "UPDATE `users` SET" . "`password`=?," // . "`nick`=?," //删除此行和81行含的,$nick禁用昵称修改 diff --git a/web/modify_email.php b/web/modify_email.php index 9da9558..50f1952 100644 --- a/web/modify_email.php +++ b/web/modify_email.php @@ -36,7 +36,7 @@ if ($err_cnt>0){ exit(0); } -$email=(htmlentities ($email,ENT_QUOTES,"UTF-8")); +$email=(htmlspecialchars ($email,ENT_QUOTES,"UTF-8")); $sql="UPDATE `users` SET" ."`email`=?"; $sql.="WHERE `user_id`=?"; diff --git a/web/modify_info.php b/web/modify_info.php index 1d90a44..6cc7600 100644 --- a/web/modify_info.php +++ b/web/modify_info.php @@ -56,8 +56,8 @@ if ($err_cnt>0){ exit(0); } -$nick=htmlentities ($nick,ENT_QUOTES,"UTF-8"); -$school=(htmlentities ($school,ENT_QUOTES,"UTF-8")); +$nick=htmlspecialchars ($nick,ENT_QUOTES,"UTF-8"); +$school=(htmlspecialchars ($school,ENT_QUOTES,"UTF-8")); $sql="UPDATE `users` SET" ."`nick`=?," ."`school`=? "; diff --git a/web/online.php b/web/online.php index ea4ed52..ab54269 100644 --- a/web/online.php +++ b/web/online.php @@ -37,10 +37,10 @@ if (isset($_SESSION[$OJ_NAME.'_'.'administrator'])){ foreach($result as $row){ - $view_online[$i][0]= "".htmlentities($row[0],ENT_QUOTES,"UTF-8").""; - $view_online[$i][1]=htmlentities($row[1],ENT_QUOTES,"UTF-8"); - $view_online[$i][2]=htmlentities($row[2],ENT_QUOTES,"UTF-8"); - $view_online[$i][3]=htmlentities($row[3],ENT_QUOTES,"UTF-8"); + $view_online[$i][0]= "".htmlspecialchars($row[0],ENT_QUOTES,"UTF-8").""; + $view_online[$i][1]=htmlspecialchars($row[1],ENT_QUOTES,"UTF-8"); + $view_online[$i][2]=htmlspecialchars($row[2],ENT_QUOTES,"UTF-8"); + $view_online[$i][3]=htmlspecialchars($row[3],ENT_QUOTES,"UTF-8"); $i++; } diff --git a/web/portal.php b/web/portal.php index d6e2028..3657b2b 100644 --- a/web/portal.php +++ b/web/portal.php @@ -61,7 +61,7 @@ foreach ($result as $row) { $label_theme = $color_theme[$hash_num%count($color_theme)]; //$color_theme 在 const.inc.php 里 if ($label_theme=="") $label_theme = "default"; - $view_problemset[$i][3] .= "".mb_substr($cat,0,10,'utf8')." "; + $view_problemset[$i][3] .= "".mb_substr($cat,0,10,'utf8')." "; } $view_problemset[$i][3] .= "
    "; @@ -116,7 +116,7 @@ foreach ($result as $row) { } $sql = "SELECT * FROM contest WHERE contest.defunct='N' $wheremy ORDER BY contest_id DESC"; - //echo htmlentities($sql); + //echo htmlspecialchars($sql); $result = pdo_query($sql); $view_contest=array(); foreach ($result as $row) { diff --git a/web/post.php b/web/post.php index 2479d54..3496e1f 100644 --- a/web/post.php +++ b/web/post.php @@ -45,7 +45,7 @@ if($_REQUEST['action']=='new'){ if($pid==0){ if($cid>0){ - $problem_id = htmlentities($_POST['pid'],ENT_QUOTES,'UTF-8'); + $problem_id = htmlspecialchars($_POST['pid'],ENT_QUOTES,'UTF-8'); //echo "problem_id:".$problem_id; $num = strpos($PID,$problem_id); //echo "num:$num"; @@ -79,7 +79,7 @@ if($_REQUEST['action']=='reply' || !is_null($tid)){ if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){ $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip = explode(',',$REMOTE_ADDR); - $ip = (htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $ip = (htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } $sql = "INSERT INTO `reply` (`author_id`, `time`, `content`, `topic_id`,`ip`) VALUES(?,NOW(),?,?,?)"; diff --git a/web/problem-ajax.php b/web/problem-ajax.php index d0076de..fd2fbe6 100644 --- a/web/problem-ajax.php +++ b/web/problem-ajax.php @@ -29,7 +29,7 @@ if (isset($_GET['pid'])){ if ($result){ $row=$result[0]; - echo "".htmlentities($row['user_id'],ENT_QUOTES,'utf-8').""; + echo "".htmlspecialchars($row['user_id'],ENT_QUOTES,'utf-8').""; }else{ echo "$MSG_IMPORTED"; } diff --git a/web/problemset.php b/web/problemset.php index 67744dd..6a8396a 100644 --- a/web/problemset.php +++ b/web/problemset.php @@ -102,7 +102,7 @@ if (isset($_SESSION[$OJ_NAME . '_' . 'administrator'])) { //all problems pdo_query("SET sort_buffer_size = 1024*1024"); // Out of sort memory, consider increasing server sort buffer size $sql = "SELECT `problem_id`,`title`,`source`,`submit`,`accepted`,defunct FROM problem A WHERE $filter_sql $order_by $limit_sql "; $count_sql = "SELECT count(1) from problem where $filter_sql "; -//echo htmlentities( $sql); +//echo htmlspecialchars( $sql); if (isset($_GET['search']) && trim($_GET['search']) != "") { $total = pdo_query($count_sql, $search, $search); $cnt = $total[0][0] / $page_cnt; @@ -155,7 +155,7 @@ foreach ($result as $row) { if ($label_theme == "") $label_theme = "default"; - $view_problemset[$i][3] .= "" . mb_substr($cat, 0, 10, 'utf8') . " "; + $view_problemset[$i][3] .= "" . mb_substr($cat, 0, 10, 'utf8') . " "; } $view_problemset[$i][3] .= "
    "; diff --git a/web/ranklist.php b/web/ranklist.php index e67c07b..a529e6f 100644 --- a/web/ranklist.php +++ b/web/ranklist.php @@ -119,12 +119,12 @@ $rank ++; $view_rank[$i][0]= $rank; - $view_rank[$i][1]= "" . $row['user_id'] . ""; + $view_rank[$i][1]= "" . $row['user_id'] . ""; if(isset($row['starred']) && $row['starred'] >0 ) $view_rank[$i][1]="⭐".$view_rank[$i][1]."⭐"; //github starred rewarding - $view_rank[$i][2]= "
    " . htmlentities ( $row['nick'] ,ENT_QUOTES,"UTF-8") ."
    "; - $view_rank[$i][3]= "
    " . htmlentities ( $row['group_name'] ,ENT_QUOTES,"UTF-8") ."
    "; - $view_rank[$i][4]= "
    " . $row['solved'].""."
    "; - $view_rank[$i][5]= "
    " . $row['submit'] . ""."
    "; + $view_rank[$i][2]= "
    " . htmlspecialchars ( $row['nick'] ,ENT_QUOTES,"UTF-8") ."
    "; + $view_rank[$i][3]= "
    " . htmlspecialchars ( $row['group_name'] ,ENT_QUOTES,"UTF-8") ."
    "; + $view_rank[$i][4]= "
    " . $row['solved'].""."
    "; + $view_rank[$i][5]= "
    " . $row['submit'] . ""."
    "; if ($row['submit'] == 0) $view_rank[$i][6]= "0.00%"; diff --git a/web/register.php b/web/register.php index cc60a7a..ab7f49e 100644 --- a/web/register.php +++ b/web/register.php @@ -97,18 +97,18 @@ if ($domain==$DOMAIN && $OJ_NAME==$user_id){ print "history.go(-1);\n"; exit(0); } -$nick=(htmlentities ($nick,ENT_QUOTES,"UTF-8")); -$school=(htmlentities ($school,ENT_QUOTES,"UTF-8")); -$email=(htmlentities ($email,ENT_QUOTES,"UTF-8")); +$nick=(htmlspecialchars ($nick,ENT_QUOTES,"UTF-8")); +$school=(htmlspecialchars ($school,ENT_QUOTES,"UTF-8")); +$email=(htmlspecialchars ($email,ENT_QUOTES,"UTF-8")); $ip = ($_SERVER['REMOTE_ADDR']); if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])&&!empty(trim($_SERVER['HTTP_X_FORWARDED_FOR']))) { $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip = explode(',', $REMOTE_ADDR); - $ip = (htmlentities($tmp_ip[0], ENT_QUOTES, "UTF-8")); + $ip = (htmlspecialchars($tmp_ip[0], ENT_QUOTES, "UTF-8")); } else if (isset($_SERVER['HTTP_X_REAL_IP'])&&!empty(trim($_SERVER['HTTP_X_REAL_IP']))) { $REMOTE_ADDR = $_SERVER['HTTP_X_REAL_IP']; $tmp_ip = explode(',', $REMOTE_ADDR); - $ip = (htmlentities($tmp_ip[0], ENT_QUOTES, "UTF-8")); + $ip = (htmlspecialchars($tmp_ip[0], ENT_QUOTES, "UTF-8")); } // 检查IP是否已经注册过 diff --git a/web/reinfo.php b/web/reinfo.php index 3de46e0..977cc95 100644 --- a/web/reinfo.php +++ b/web/reinfo.php @@ -78,7 +78,7 @@ if($ok){ // ){ if($row['user_id']!=$_SESSION[$OJ_NAME.'_'.'user_id']){ - $view_mail_link= "Mail the auther"; + $view_mail_link= "Mail the auther"; } $sql = "SELECT `error` FROM `runtimeinfo` WHERE `solution_id`=?"; @@ -86,14 +86,14 @@ if($ok){ if(isset($result[0])){ $row = $result[0]; - $view_reinfo=htmlentities(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8"); + $view_reinfo=htmlspecialchars(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8"); } if(strpos($row['error'],"judge/")!==false&&!isset($_SESSION[$OJ_NAME."_administrator"])) $view_reinfo = "潜在的数组或指针越界,请检查代码。"; else if(strpos($row['error'],"php")!==false) $view_reinfo = "error2"; else if(strpos($row['error'],"PASS")!==false) $view_reinfo = "error3"; else if($OJ_SHOW_DIFF && $row && ($ok||$isRE) && ($OJ_TEST_RUN||is_valid($row['error'])||$ok)){ - $view_reinfo = htmlentities(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8"); + $view_reinfo = htmlspecialchars(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8"); $view_reinfo .="
    $MSG_MARK:$mark"; diff --git a/web/status-ajax.php b/web/status-ajax.php index cddbc77..4815753 100644 --- a/web/status-ajax.php +++ b/web/status-ajax.php @@ -49,7 +49,7 @@ if (!empty($result)) { if(strpos($row['error'],"judge")!==false) echo "error1"; else if(strpos($row['error'],"php")!==false) echo "error2"; else if(strpos($row['error'],"PASS")!==false) echo "error3"; - else echo htmlentities(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8"); + else echo htmlspecialchars(str_replace("\n\r","\n",$row['error']),ENT_QUOTES,"UTF-8"); $sql = "delete from custominput where solution_id=?"; pdo_query($sql,$solution_id); } diff --git a/web/status.php b/web/status.php index b326363..891aceb 100644 --- a/web/status.php +++ b/web/status.php @@ -178,7 +178,7 @@ if (isset($_GET['top'])) { $problem_id = ""; if (isset($_GET['problem_id']) && $_GET['problem_id']!="") { if (isset($_GET['cid'])) { - $problem_id = htmlentities($_GET['problem_id'],ENT_QUOTES,'UTF-8'); + $problem_id = htmlspecialchars($_GET['problem_id'],ENT_QUOTES,'UTF-8'); $num = array_search($problem_id,$PID); $problem_id = $PID[$num]; $sql = $sql."AND `num`='".$num."' "; @@ -215,7 +215,7 @@ if (isset($_GET['user_id'])) { $sql = $sql."AND solution.user_id=? "; if ($str2!="") $str2 = $str2."&"; - $str2 = $str2."&user_id=".htmlentities(urlencode($user_id),ENT_QUOTES); + $str2 = $str2."&user_id=".htmlspecialchars(urlencode($user_id),ENT_QUOTES); array_push($param,$user_id); } else{ @@ -261,13 +261,13 @@ if(isset($_GET['school'])&&trim($_GET['school'])!="" || isset($_GET['school'])&& $school=trim($_GET['school']); $sql.=" and users.school=? "; array_push($param,trim($_GET['school'])); - $str2 = $str2."&school=".htmlentities(trim($_GET['school']),ENT_QUOTES); + $str2 = $str2."&school=".htmlspecialchars(trim($_GET['school']),ENT_QUOTES); } if(isset($_GET['group_name'])&&trim($_GET['group_name'])!=""){ $group_name=trim($_GET['group_name']); $sql.=" and users.group_name=? "; array_push($param,trim($_GET['group_name'])); - $str2 = $str2."&group_name=".htmlentities(trim($_GET['group_name']),ENT_QUOTES); + $str2 = $str2."&group_name=".htmlspecialchars(trim($_GET['group_name']),ENT_QUOTES); } }else{ $sql0="select $fields from solution inner join users on solution.user_id=users.user_id"; diff --git a/web/submit.php b/web/submit.php index fca0914..0781838 100644 --- a/web/submit.php +++ b/web/submit.php @@ -265,7 +265,7 @@ $ip = $_SERVER['REMOTE_ADDR']; if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip = explode(',', $REMOTE_ADDR); - $ip = htmlentities($tmp_ip[0], ENT_QUOTES, "UTF-8"); + $ip = htmlspecialchars($tmp_ip[0], ENT_QUOTES, "UTF-8"); } diff --git a/web/superthread.php b/web/superthread.php index 39b4bdd..3931b2e 100644 --- a/web/superthread.php +++ b/web/superthread.php @@ -25,7 +25,7 @@ + >> #
    - Notice :
    This reply is blocked by administrator.
    "; - if ($isuser || $isadmin) echo nl2br(htmlentities($row['content'],ENT_QUOTES,"UTF-8")); + if ($isuser || $isadmin) echo nl2br(htmlspecialchars($row['content'],ENT_QUOTES,"UTF-8")); } ?> diff --git a/web/swadmin/contest_edit.php b/web/swadmin/contest_edit.php index de381c6..a353ad6 100644 --- a/web/swadmin/contest_edit.php +++ b/web/swadmin/contest_edit.php @@ -121,7 +121,7 @@ if(isset($_POST['startdate'])){ $password = $row['password']; $langmask = $row['langmask']; $description = $row['description']; - $title = htmlentities($row['title'],ENT_QUOTES,"UTF-8"); + $title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8"); $plist = ""; $sql = "SELECT `problem_id` FROM `contest_problem` WHERE `contest_id`=? ORDER BY `num`"; @@ -173,7 +173,7 @@ if(isset($_POST['startdate'])){

    ".$MSG_CONTEST."-".$MSG_Description.""?>

    ".($row['defunct']=="N"?"$MSG_AVAILABLE":"$MSG_RESERVED").""; if(isset($_SESSION[$OJ_NAME.'_'.'administrator']) || isset($_SESSION[$OJ_NAME.'_'."p".$row['problem_id']]) ){ ?> - ] ? ")) + ] ? ")) location.href="problem_del.php?id=&getkey="'> diff --git a/web/admin/ranklist_export.php b/web/admin/ranklist_export.php index be9f31d..304ab42 100644 --- a/web/admin/ranklist_export.php +++ b/web/admin/ranklist_export.php @@ -119,7 +119,7 @@ $view_rank[$i][0]= $rank; $view_rank[$i][1]= $row['user_id']; - $view_rank[$i][2]= htmlentities ( $row['nick'] ,ENT_QUOTES,"UTF-8"); + $view_rank[$i][2]= htmlspecialchars ( $row['nick'] ,ENT_QUOTES,"UTF-8"); $view_rank[$i][3]= $row['solved']; $view_rank[$i][4]= $row['submit']; @@ -135,7 +135,7 @@ //循环数据生成二维数组 $exl_value=$view_rank; //foreach ($list as $k => $y){ - // $exl_value[] = array($rank,$row['user_id'], htmlentities ( $row['nick'] ,ENT_QUOTES,"UTF-8"),$row['solved'],$row['submit'],$row['submit'] ); + // $exl_value[] = array($rank,$row['user_id'], htmlspecialchars ( $row['nick'] ,ENT_QUOTES,"UTF-8"),$row['solved'],$row['submit'],$row['submit'] ); // } $file_name = $MSG_Number.'_'.time().'.csv'; $excel = new export_class(); diff --git a/web/admin/team_generate.php b/web/admin/team_generate.php index 9a1d027..5c5606a 100644 --- a/web/admin/team_generate.php +++ b/web/admin/team_generate.php @@ -39,7 +39,7 @@ if (!(isset($_SESSION[$OJ_NAME.'_'.'administrator']) || isset($_SESSION[$OJ_NAME if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){ $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip=explode(',',$REMOTE_ADDR); - $ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } if(mb_strlen($nick,'utf-8')>20){ diff --git a/web/admin/team_generate2.php b/web/admin/team_generate2.php index 43499d0..49c9a34 100644 --- a/web/admin/team_generate2.php +++ b/web/admin/team_generate2.php @@ -69,7 +69,7 @@ if(isset($_POST['idlist']) && isset($_POST['pwdlist']) && isset($_POST['nicklist if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){ $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip=explode(',',$REMOTE_ADDR); - $ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } if(mb_strlen($nick,'utf-8')>20){ $new_len=mb_strlen($nick,'utf-8'); diff --git a/web/admin/user_df_change.php b/web/admin/user_df_change.php index e43f48c..ad342ea 100644 --- a/web/admin/user_df_change.php +++ b/web/admin/user_df_change.php @@ -2,7 +2,7 @@ require_once "../include/email.class.php"; require_once("../include/check_get_key.php"); $user_id=$_GET['cid']; -//echo htmlentities($user_id,ENT_QUOTE,'UTF-8'); +//echo htmlspecialchars($user_id,ENT_QUOTE,'UTF-8'); if(!isset($_SESSION[$OJ_NAME.'_'.'administrator'])) exit(); $sql="select `defunct`,email FROM `users` WHERE `user_id`=?"; $result=pdo_query($sql,$user_id); diff --git a/web/admin/user_list.php b/web/admin/user_list.php index f9b441a..20cebb1 100644 --- a/web/admin/user_list.php +++ b/web/admin/user_list.php @@ -52,7 +52,7 @@ if (isset($OJ_LANG)) {
    - @@ -79,7 +79,7 @@ if (isset($OJ_LANG)) { echo "
    " . $row['user_id'] . "" . $row['nick'] . "" . $row['ip'] . "" . $row['ip'] . "" . $row['email'] . " 
    ".htmlentities($row['title'],ENT_QUOTES,"UTF-8")."".htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")."".htmlentities($row['title'],ENT_QUOTES,"UTF-8")."".htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")." - >>
    @@ -206,7 +206,7 @@ if(isset($_POST['startdate'])){ : - '> + '>

    diff --git a/web/swadmin/news_edit.php b/web/swadmin/news_edit.php index da302b1..3838c6d 100644 --- a/web/swadmin/news_edit.php +++ b/web/swadmin/news_edit.php @@ -56,7 +56,7 @@ if(isset($_POST['news_id'])){ $row = $result[0]; - $title = htmlentities($row['title'],ENT_QUOTES,"UTF-8"); + $title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8"); $content = $row['content']; } ?> @@ -68,7 +68,7 @@ if(isset($_POST['news_id'])){

    diff --git a/web/swadmin/privilege_add.php b/web/swadmin/privilege_add.php index 7fa9b26..c76f248 100644 --- a/web/swadmin/privilege_add.php +++ b/web/swadmin/privilege_add.php @@ -30,7 +30,7 @@ if (isset($_POST['do'])) { $sql = "insert into `privilege`(user_id,rightstr,valuestr,defunct) values(?,?,?,'N')"; $rows = pdo_query($sql,$user_id,$rightstr,$valuestr); - echo "

    User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!

    "; + echo "

    User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!

    "; } ?> @@ -41,9 +41,9 @@ if (isset($_POST['do'])) {
    -
    +
    -
    +
    " type="text" required >
    @@ -100,9 +100,9 @@ if (isset($_POST['do'])) {
    -
    +
    -
    +
    " type="text" required >
    @@ -135,9 +135,9 @@ if (isset($_POST['do'])) {
    -
    +
    -
    +
    " type="text" required >
    diff --git a/web/swadmin/problem_add_loj.php b/web/swadmin/problem_add_loj.php index e2e3fd8..293bcd2 100644 --- a/web/swadmin/problem_add_loj.php +++ b/web/swadmin/problem_add_loj.php @@ -59,11 +59,11 @@ $_SESSION[$OJ_NAME.'_'."p$pid"]=true; $loj_id=intval($_POST['loj_id']); //print_r($_POST); echo "
    ".$loj_id."
    "; -echo htmlentities("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip"); +echo htmlspecialchars("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip"); echo system("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip"); echo system("/home/judge/src/install/ans2out $OJ_DATA/$pid/"); echo "
    "; -echo htmlentities("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid"); +echo htmlspecialchars("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid"); echo system("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid"); echo system("/usr/bin/loj.ac $OJ_DATA/$pid"); echo "
    "; diff --git a/web/swadmin/problem_edit.php b/web/swadmin/problem_edit.php index f7c5e46..8e624a6 100644 --- a/web/swadmin/problem_edit.php +++ b/web/swadmin/problem_edit.php @@ -34,38 +34,38 @@ include_once("kindeditor.php") ; '>

    - : '> + : '>


    - '> Sec

    + '> Sec


    - '> MB

    + '> MB

    ".$MSG_Description.""?> -
    +

    ".$MSG_Input.""?> -
    +

    ".$MSG_Output.""?> -
    +

    ".$MSG_Sample_Input.""?> -

    +

    ".$MSG_Sample_Output.""?> -

    +

    ".$MSG_HINT.""?> -
    +

    ".$MSG_SPJ.""?> @@ -75,7 +75,7 @@ include_once("kindeditor.php") ;

    ".$MSG_SOURCE.""?> -

    +

    diff --git a/web/swadmin/problem_export_xml.php b/web/swadmin/problem_export_xml.php index b7bde9a..b09d0e0 100644 --- a/web/swadmin/problem_export_xml.php +++ b/web/swadmin/problem_export_xml.php @@ -106,7 +106,7 @@ function getSolution($pid,$lang){ return $ret; } function fixurl($img_url){ - $img_url= html_entity_decode( $img_url,ENT_QUOTES,"UTF-8"); + $img_url= htmlspecialchars_decode( $img_url,ENT_QUOTES,"UTF-8"); if (substr($img_url,0,4)!="http"){ if(substr($img_url,0,1)=="/"){ diff --git a/web/swadmin/team_generate.php b/web/swadmin/team_generate.php index af90ae7..51c7134 100644 --- a/web/swadmin/team_generate.php +++ b/web/swadmin/team_generate.php @@ -38,7 +38,7 @@ if (!(isset($_SESSION[$OJ_NAME.'_'.'administrator']))){ if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){ $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip=explode(',',$REMOTE_ADDR); - $ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8")); + $ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8")); } $sql="INSERT INTO `users`("."`user_id`,`email`,`ip`,`accesstime`,`password`,`reg_time`,`nick`,`school`)". "VALUES(?,?,?,NOW(),?,NOW(),?,?)on DUPLICATE KEY UPDATE `email`=?,`ip`=?,`accesstime`=NOW(),`password`=?,`reg_time`=now(),nick=?,`school`=?"; diff --git a/web/swadmin/user_set_ip.php b/web/swadmin/user_set_ip.php index c14126a..38de8ae 100644 --- a/web/swadmin/user_set_ip.php +++ b/web/swadmin/user_set_ip.php @@ -15,7 +15,7 @@ if(isset($_POST['user_id'])){ $ip=$_POST['ip']; $sql="insert into loginlog (user_id,password,ip,time) value(?,?,?,now())"; $result=pdo_query($sql,$user_id,"set ip by ".$_SESSION[$OJ_NAME."_user_id"],$ip); - echo "$MSG_USER ".htmlentities($user_id)." $MSG_SET_LOGIN_IP : ".htmlentities($ip); + echo "$MSG_USER ".htmlspecialchars($user_id)." $MSG_SET_LOGIN_IP : ".htmlspecialchars($ip); } ?> diff --git a/web/template/bs3/balloon_view.php b/web/template/bs3/balloon_view.php index 5194fee..050b7d3 100755 --- a/web/template/bs3/balloon_view.php +++ b/web/template/bs3/balloon_view.php @@ -8,13 +8,13 @@ - <?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?> + <?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?>

    Balloon Ticket

    ".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n"; -echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n".""; +echo "

    ".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n"; +echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."

    "; echo "Problem ".$PID[$view_pid]."
    "; if(isset($_GET['fb']) && intval($_GET['fb'])==1){ echo "Balloon Color: ".$ball_name[$view_pid]." First Blood!
    "; diff --git a/web/template/bs3/contestrank-oi.php b/web/template/bs3/contestrank-oi.php index 830a8ea..ae87f94 100644 --- a/web/template/bs3/contestrank-oi.php +++ b/web/template/bs3/contestrank-oi.php @@ -305,7 +305,7 @@ echo "$uuid"; echo ""; - echo "
    "; + echo ""; $usolved = $U[$i]->solved; echo ""; diff --git a/web/template/bs3/contestrank.php b/web/template/bs3/contestrank.php index 0cd4354..74821a9 100644 --- a/web/template/bs3/contestrank.php +++ b/web/template/bs3/contestrank.php @@ -304,7 +304,7 @@ echo "$uuid"; echo ""; - echo ""; + echo ""; $usolved = $U[$i]->solved; echo ""; @@ -355,7 +355,7 @@
    $uid  "; } ?> diff --git a/web/template/bs3/contestrank2.php b/web/template/bs3/contestrank2.php index 389f759..dda9c75 100644 --- a/web/template/bs3/contestrank2.php +++ b/web/template/bs3/contestrank2.php @@ -50,7 +50,7 @@ $usolved=$U[$i]->solved; if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "
    ".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."$usolved".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."$usolved"; else echo""; echo "$uuid"; -echo "".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8").""; +echo "".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8").""; echo "$usolved"; echo "".sec2str($U[$i]->time); for ($j=0;$j<$pid_cnt;$j++){ diff --git a/web/template/bs3/contestset.php b/web/template/bs3/contestset.php index dadb0f2..bdec66f 100644 --- a/web/template/bs3/contestset.php +++ b/web/template/bs3/contestset.php @@ -28,7 +28,7 @@
    - " placeholder=""> + " placeholder=""> diff --git a/web/template/bs3/faqs.php b/web/template/bs3/faqs.php index 9210a6a..a4bd553 100644 --- a/web/template/bs3/faqs.php +++ b/web/template/bs3/faqs.php @@ -189,7 +189,7 @@ public class Main{
    - this page can be replaced by add a news which titled ""; + this page can be replaced by add a news which titled "";
    diff --git a/web/template/bs3/mail.php b/web/template/bs3/mail.php index 10db5df..2de7e6d 100644 --- a/web/template/bs3/mail.php +++ b/web/template/bs3/mail.php @@ -31,14 +31,14 @@ if($view_content) echo "
    - + -
    $from_user -> $to_user[".htmlentities(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]$from_user -> $to_user[".htmlspecialchars(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]
    ". htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."
    +
    ". htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."
    "; ?> - diff --git a/web/template/bs3/modifypage.php b/web/template/bs3/modifypage.php index 5a3b4bd..2179f0d 100644 --- a/web/template/bs3/modifypage.php +++ b/web/template/bs3/modifypage.php @@ -35,7 +35,7 @@
    -
    " type="text">
    +
    " type="text">
    @@ -51,12 +51,12 @@
    -
    " type="text">
    +
    " type="text">
    -
    " type="text">
    +
    " type="text">
    diff --git a/web/template/bs3/printer_view.php b/web/template/bs3/printer_view.php index 47cb052..3f74447 100755 --- a/web/template/bs3/printer_view.php +++ b/web/template/bs3/printer_view.php @@ -8,7 +8,7 @@ - <?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?> + <?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?> @@ -27,9 +27,9 @@ function draw(){
    ".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n"; -echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n".""; -echo "
    ".htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."
    "; +echo "

    ".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n"; +echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."

    "; +echo "
    ".htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."
    "; ?> diff --git a/web/template/bs3/problem.php b/web/template/bs3/problem.php index e932ba9..6fee44e 100644 --- a/web/template/bs3/problem.php +++ b/web/template/bs3/problem.php @@ -203,7 +203,7 @@ $hash_num=hexdec(substr(md5($cat),0,7)); $label_theme=$color_theme[$hash_num%count($color_theme)]; if($label_theme=="") $label_theme="default"; - echo "".htmlentities($cat,ENT_QUOTES,'utf-8')." "; + echo "".htmlspecialchars($cat,ENT_QUOTES,'utf-8')." "; }?>
    diff --git a/web/template/bs3/problemset.php b/web/template/bs3/problemset.php index 50e5e01..e0c9229 100644 --- a/web/template/bs3/problemset.php +++ b/web/template/bs3/problemset.php @@ -44,7 +44,7 @@ if(!isset($_GET['ajax'])){ $start = $page > $section ? $page - $section : 1; $end = $page + $section > $view_total_page ? $view_total_page : $page + $section; for ( $i = $start; $i <= $end; $i++ ) { - echo "
  • " . $i . "
  • "; + echo "
  • " . $i . "
  • "; } ?>
  • >> diff --git a/web/template/bs3/ranklist.php b/web/template/bs3/ranklist.php index f843d3a..8ded2a0 100644 --- a/web/template/bs3/ranklist.php +++ b/web/template/bs3/ranklist.php @@ -31,7 +31,7 @@
  • @@ -90,10 +90,10 @@ echo "
    "; $qs=""; if(isset($_GET['prefix'])){ - $qs.="&prefix=".htmlentities($_GET['prefix'],ENT_QUOTES,"utf-8"); + $qs.="&prefix=".htmlspecialchars($_GET['prefix'],ENT_QUOTES,"utf-8"); } if(isset($scope)){ - $qs.="&scope=".htmlentities($scope,ENT_QUOTES,"utf-8"); + $qs.="&scope=".htmlspecialchars($scope,ENT_QUOTES,"utf-8"); } for($i = 0; $i <$view_total ; $i += $page_size) { diff --git a/web/template/bs3/sharecodepage.php b/web/template/bs3/sharecodepage.php index 01703d3..0a602be 100644 --- a/web/template/bs3/sharecodepage.php +++ b/web/template/bs3/sharecodepage.php @@ -48,7 +48,7 @@
    -
    +
    diff --git a/web/template/bs3/showsource.php b/web/template/bs3/showsource.php index 7645fd5..2382649 100644 --- a/web/template/bs3/showsource.php +++ b/web/template/bs3/showsource.php @@ -49,7 +49,7 @@ SyntaxHighlighter.all(); Mail the author"; +echo "Mail the author"; $brush=strtolower($language_name[$slanguage]); if ($brush=='pascal') $brush='delphi'; if ($brush=='obj-c') $brush='c'; @@ -68,7 +68,7 @@ echo "\tMemory:".$smemory." kb\n"; echo "****************************************************************/\n\n"; $auth=ob_get_contents(); ob_end_clean(); -echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth.""; +echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth.""; }else{ echo $MSG_WARNING_ACCESS_DENIED ; } diff --git a/web/template/bs3/showsource2.php b/web/template/bs3/showsource2.php index d395420..f01896d 100755 --- a/web/template/bs3/showsource2.php +++ b/web/template/bs3/showsource2.php @@ -19,7 +19,7 @@ echo "\tMemory:".$smemory." kb\n"; echo "****************************************************************/\n\n"; $auth=ob_get_contents(); ob_end_clean(); -echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth.""; +echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth.""; }else{ echo $MSG_WARNING_ACCESS_DENIED; } diff --git a/web/template/bs3/submitpage.php b/web/template/bs3/submitpage.php index ccbc190..4209f94 100644 --- a/web/template/bs3/submitpage.php +++ b/web/template/bs3/submitpage.php @@ -78,10 +78,10 @@ -
    +
    - + diff --git a/web/template/bs3/user_set_ip.php b/web/template/bs3/user_set_ip.php index 4d17604..38e70ec 100644 --- a/web/template/bs3/user_set_ip.php +++ b/web/template/bs3/user_set_ip.php @@ -101,7 +101,7 @@

    User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed to ".$ip."

    "; + echo "

    User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed to ".$ip."

    "; else echo "

    Login IP Change

    "; ?> @@ -111,9 +111,9 @@
    -
    +
    -
    +
    " type="text" required >
    @@ -122,7 +122,7 @@
    -
    +
    " type="text" autocomplete="off" required >
    diff --git a/web/template/bs3/userinfo.php b/web/template/bs3/userinfo.php index b470760..8cc6df7 100644 --- a/web/template/bs3/userinfo.php +++ b/web/template/bs3/userinfo.php @@ -29,7 +29,7 @@
    From: +
    From: To:"> Title: >
    - " placeholder=""> + " placeholder="">
    "; + echo ""; $usolved = $U[$i]->solved; echo ""; diff --git a/web/template/bshark/contestrank.php b/web/template/bshark/contestrank.php index 47cc787..b3c3138 100644 --- a/web/template/bshark/contestrank.php +++ b/web/template/bshark/contestrank.php @@ -174,7 +174,7 @@ echo "$uuid"; echo ""; - echo ""; + echo ""; $usolved = $U[$i]->solved; echo ""; diff --git a/web/template/bshark/contestrank2.php b/web/template/bshark/contestrank2.php index cc84bdc..e8d690d 100644 --- a/web/template/bshark/contestrank2.php +++ b/web/template/bshark/contestrank2.php @@ -46,7 +46,7 @@ else echo "
    - + $MSG_MAIL"; ?> diff --git a/web/template/bshark/balloon_view.php b/web/template/bshark/balloon_view.php index 462433e..bd7deae 100644 --- a/web/template/bshark/balloon_view.php +++ b/web/template/bshark/balloon_view.php @@ -7,8 +7,8 @@

    Balloon Ticket

    ".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n"; -echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n".""; +echo "

    ".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n"; +echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."

    "; echo "Problem ".$PID[$view_pid]."
    "; if(isset($_GET['fb']) && intval($_GET['fb'])==1){ echo "Balloon Color: ".$ball_name[$view_pid]." First Blood!
    "; diff --git a/web/template/bshark/contestrank-oi.php b/web/template/bshark/contestrank-oi.php index 6ee20a1..5bdf7c9 100644 --- a/web/template/bshark/contestrank-oi.php +++ b/web/template/bshark/contestrank-oi.php @@ -176,7 +176,7 @@ echo "$uuid"; echo ""; - echo "
    " . htmlentities($U[$i]->nick, ENT_QUOTES, "UTF-8") . "" . htmlspecialchars($U[$i]->nick, ENT_QUOTES, "UTF-8") . "$usolved" . htmlentities($U[$i]->nick, ENT_QUOTES, "UTF-8") . "" . htmlspecialchars($U[$i]->nick, ENT_QUOTES, "UTF-8") . "$usolved"; echo "$uuid"; - echo "" . htmlentities($U[$i]->nick, ENT_QUOTES, "UTF-8") . ""; + echo "" . htmlspecialchars($U[$i]->nick, ENT_QUOTES, "UTF-8") . ""; echo "$usolved"; echo "" . sec2str($U[$i]->time); for ($j = 0; $j < $pid_cnt; $j++) { diff --git a/web/template/bshark/contestset.php b/web/template/bshark/contestset.php index d3310b3..852eee4 100644 --- a/web/template/bshark/contestset.php +++ b/web/template/bshark/contestset.php @@ -96,7 +96,7 @@
    " + echo htmlspecialchars($_POST['keyword'], ENT_QUOTES, "UTF-8") ?>" placeholder="">
    -this page can be replaced by add a news which titled ""; +this page can be replaced by add a news which titled ""; diff --git a/web/template/bshark/modifypage.php b/web/template/bshark/modifypage.php index 0dacae4..017e3a1 100644 --- a/web/template/bshark/modifypage.php +++ b/web/template/bshark/modifypage.php @@ -38,7 +38,7 @@ "> + type="text" value="">