htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -41,9 +41,9 @@ if (isset($OJ_LANG)) {
$sql = "update `users` set `password`=? where `user_id`=? and user_id not in( select user_id from privilege where rightstr='administrator')";
if (pdo_query($sql, $passwd, $user_id) == 1)
echo "<center><h4 class='text-danger'>User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!</h4></center>";
echo "<center><h4 class='text-danger'>User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!</h4></center>";
else
echo "<center><h4 class='text-danger'>There is No such User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!</h4></center>";
echo "<center><h4 class='text-danger'>There is No such User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!</h4></center>";
}
}
?>
@@ -53,10 +53,10 @@ if (isset($OJ_LANG)) {
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID ?></label>
<?php if (isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control"
value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required></div>
value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required></div>
<?php } else if (isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control"
value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required>
value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required>
</div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control"

View File

@@ -127,7 +127,7 @@ include_once("kindeditor.php");
$password = $row['password'];
$langmask = $row['langmask'];
$description = $row['description'];
$title = htmlentities($row['title'], ENT_QUOTES, "UTF-8");
$title = htmlspecialchars($row['title'], ENT_QUOTES, "UTF-8");
$plist = "";
$sql = "SELECT `problem_id` FROM `contest_problem` WHERE `contest_id`=? ORDER BY `num`";
@@ -183,7 +183,7 @@ include_once("kindeditor.php");
<p align=left>
<?php echo "<h4>" . $MSG_CONTEST . "-" . $MSG_Description . "</h4>" ?>
<textarea class=kindeditor rows=13 name=description cols=80>
<?php echo htmlentities($description, ENT_QUOTES, 'UTF-8') ?>
<?php echo htmlspecialchars($description, ENT_QUOTES, 'UTF-8') ?>
</textarea>
<br>
<table width="100%">
@@ -222,7 +222,7 @@ include_once("kindeditor.php");
</select>
<?php echo $MSG_CONTEST . "-" . $MSG_PASSWORD ?>:
<input type=text name=password style="width:150px;"
value='<?php echo htmlentities($password, ENT_QUOTES, 'utf-8') ?>'>
value='<?php echo htmlspecialchars($password, ENT_QUOTES, 'utf-8') ?>'>
</p>
</td>
</tr>

View File

@@ -41,7 +41,7 @@
if( typeof sync === "function") sync();
}
});
// prettyPrint();
prettyPrint();
});
}),100);
</script>

View File

@@ -36,7 +36,7 @@
<li><a class='btn btn-success' href="problem_list.php" target="main" title="<?php echo $MSG_HELP_PROBLEM_LIST?>"><b><?php echo $MSG_PROBLEM.$MSG_LIST?></b></a>
<?php }
if (isset($_SESSION[$OJ_NAME.'_'.'administrator'])||isset($_SESSION[$OJ_NAME.'_'.'problem_editor'])){?>
<li><a class='btn btn-success' href="problem_add_page.php" target="main" title="<?php echo html_entity_decode($MSG_HELP_ADD_PROBLEM)?>"><b><?php echo $MSG_ADD.$MSG_PROBLEM?></b></a>
<li><a class='btn btn-success' href="problem_add_page.php" target="main" title="<?php echo htmlspecialchars_decode($MSG_HELP_ADD_PROBLEM)?>"><b><?php echo $MSG_ADD.$MSG_PROBLEM?></b></a>
<?php }
if (isset($_SESSION[$OJ_NAME.'_'.'administrator'])){?>
<li><a class='btn btn-success' href="problem_import.php" target="main" title="<?php echo $MSG_HELP_IMPORT_PROBLEM?>"><b><?php echo $MSG_IMPORT.$MSG_PROBLEM?></b></a>

View File

@@ -75,7 +75,7 @@
<a class="dropdown-item btn-sm" href="problem_list.php" target="main" title="<?php echo $MSG_HELP_PROBLEM_LIST?>"><b><?php echo $MSG_PROBLEM."-".$MSG_LIST?></b></a>
<?php }
if (isset($_SESSION[$OJ_NAME.'_'.'administrator'])||isset($_SESSION[$OJ_NAME.'_'.'problem_editor'])) {?>
<a class="dropdown-item btn-sm" href="problem_add_page.php" target="main" title="<?php echo html_entity_decode($MSG_HELP_ADD_PROBLEM)?>"><b><?php echo $MSG_PROBLEM."-".$MSG_ADD?></b></a>
<a class="dropdown-item btn-sm" href="problem_add_page.php" target="main" title="<?php echo htmlspecialchars_decode($MSG_HELP_ADD_PROBLEM)?>"><b><?php echo $MSG_PROBLEM."-".$MSG_ADD?></b></a>
<a class="dropdown-item btn-sm" href="problem_import.php" target="main" title="<?php echo $MSG_HELP_IMPORT_PROBLEM?>"><b><?php echo $MSG_PROBLEM."-".$MSG_IMPORT?></b></a>
<a class="dropdown-item btn-sm" href="problem_export.php" target="main" title="<?php echo $MSG_HELP_EXPORT_PROBLEM?>"><b><?php echo $MSG_PROBLEM."-".$MSG_EXPORT?></b></a>
<?php }?>

View File

@@ -37,7 +37,7 @@ if(isset($_POST['pid'])){
if($pieces[0]=="") unset($pieces[0]);
$plist=implode(",",$pieces);
$content="[plist=".$plist."]".htmlentities($_POST['keyword'],ENT_QUOTES,"utf-8")."[/plist]";
$content="[plist=".$plist."]".htmlspecialchars($_POST['keyword'],ENT_QUOTES,"utf-8")."[/plist]";
}
?>

View File

@@ -49,7 +49,7 @@ if(isset($_POST['news_id'])){
$row = $result[0];
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
$content = $row['content'];
$showInMenu = $row['menu'] == 1;
}
@@ -67,7 +67,7 @@ if(isset($_POST['news_id'])){
</label>
</p>
<p align=left>
<textarea class=kindeditor name=content rows=41 ><?php echo htmlentities($content,ENT_QUOTES,"UTF-8")?>
<textarea class=kindeditor name=content rows=41 ><?php echo htmlspecialchars($content,ENT_QUOTES,"UTF-8")?>
</textarea>
</p>
<?php require_once("../include/set_post_key.php");?>

View File

@@ -2540,7 +2540,7 @@ function zip_extract(){
function html_encode($str){
global $charSet;
$str = preg_replace(array('/&/', '/</', '/>/', '/"/'), array('&amp;', '&lt;', '&gt;', '&quot;'), $str); // Bypass PHP to allow any charset!!
$str = htmlentities($str, ENT_QUOTES, $charSet, false);
$str = htmlspecialchars($str, ENT_QUOTES, $charSet, false);
return $str;
}
function rep($x,$y){

View File

@@ -40,7 +40,7 @@ if (isset($_POST['do'])) {
}else{
email($OJ_ADMIN,"Privilege Add Warning!",$msg);
}
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
}
?>
@@ -51,9 +51,9 @@ if (isset($_POST['do'])) {
<div class="form-group">
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
<?php if(isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else if(isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
<?php } ?>
@@ -112,9 +112,9 @@ if (isset($_POST['do'])) {
<div class="form-group">
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
<?php if(isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else if(isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
<?php } ?>
@@ -147,9 +147,9 @@ if (isset($_POST['do'])) {
<div class="form-group">
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
<?php if(isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else if(isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
<?php } ?>

View File

@@ -72,7 +72,7 @@ if(isset($_GET['keyword']) && $_GET['keyword']!=""){
echo "<td>".$row['rightstr'];
if($row['valuestr']!="true") echo ":".$row['valuestr'];
echo "</td>";
echo "<td><a href='privilege_delete.php?uid=".htmlentities($row['user_id'],ENT_QUOTES,"UTF-8")."&rightstr={$row['rightstr']}&getkey=".$_SESSION[$OJ_NAME.'_'.'getkey']."'>Delete</a></td>";
echo "<td><a href='privilege_delete.php?uid=".htmlspecialchars($row['user_id'],ENT_QUOTES,"UTF-8")."&rightstr={$row['rightstr']}&getkey=".$_SESSION[$OJ_NAME.'_'.'getkey']."'>Delete</a></td>";
echo "</tr>";
}
?>

View File

@@ -12,24 +12,28 @@ require_once ("../include/problem.php");
// contest_id
$title = $_POST['title'];
$title = str_replace(",", "&#44;", $title);
// $title = str_replace(",", "&#44;", $title);
$title = htmlspecialchars_decode($title, ENT_QUOTES, 'UTF-8');
$time_limit = $_POST['time_limit'];
$memory_limit = $_POST['memory_limit'];
$description = $_POST['description'];
//$description = str_replace("<p>", "", $description);
//$description = str_replace("</p>", "<br />", $description);
$description = str_replace(",", "&#44;", $description);
// $description = str_replace(",", "&#44;", $description);
$description = htmlspecialchars_decode($description, ENT_QUOTES, 'UTF-8');
$input = $_POST['input'];
//$input = str_replace("<p>", "", $input);
//$input = str_replace("</p>", "<br />", $input);
$input = str_replace(",", "&#44;", $input);
// $input = str_replace(",", "&#44;", $input);
$input = htmlspecialchars_decode($input, ENT_QUOTES, 'UTF-8');
$output = $_POST['output'];
//$output = str_replace("<p>", "", $output);
//$output = str_replace("</p>", "<br />", $output);
$output = str_replace(",", "&#44;", $output);
// $output = str_replace(",", "&#44;", $output);
$output = htmlspecialchars_decode($output, ENT_QUOTES, 'UTF-8');
$sample_input = $_POST['sample_input'];
$sample_output = $_POST['sample_output'];
@@ -44,7 +48,8 @@ if ($test_output=="") $test_output="\n";
$hint = $_POST['hint'];
//$hint = str_replace("<p>", "", $hint);
//$hint = str_replace("</p>", "<br />", $hint);
$hint = str_replace(",", "&#44;", $hint);
// $hint = str_replace(",", "&#44;", $hint);
$hint = htmlspecialchars_decode($hint, ENT_QUOTES, 'UTF-8');
$source = $_POST['source'];

View File

@@ -59,11 +59,11 @@ $_SESSION[$OJ_NAME.'_'."p$pid"]=true;
$loj_id=intval($_POST['loj_id']);
//print_r($_POST);
echo "<br>".$loj_id."<br>";
echo htmlentities("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
echo htmlspecialchars("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
echo system("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
echo system("/home/judge/src/install/ans2out $OJ_DATA/$pid/");
echo "<br>";
echo htmlentities("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
echo htmlspecialchars("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
echo system("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
echo system("/usr/bin/loj.ac $OJ_DATA/$pid");
echo "<br>";

View File

@@ -90,7 +90,7 @@ if (!(isset($_SESSION[$OJ_NAME . '_' . 'administrator']) || isset($_SESSION[$OJ_
<p align=left>
<?php echo "<h4>" . $MSG_SOURCE . " 用空格分隔" . "</h4>" ?>
<textarea name=source style="width:100%;"
rows=1><?php echo htmlentities($source, ENT_QUOTES, 'UTF-8') ?></textarea><br><br>
rows=1><?php echo htmlspecialchars($source, ENT_QUOTES, 'UTF-8') ?></textarea><br><br>
</p>
<p align=left><?php echo "<h4>" . $MSG_CONTEST . "</h4>" ?>
<select name=contest_id>

View File

@@ -94,7 +94,7 @@ Test Output:<textarea rows=1 name=test_output cols=80></textarea>
Hint:
<textarea rows=1 name=hint cols=80></textarea>
<p>SpecialJudge: N<input type=radio name=spj value='0' checked>Y<input type=radio name=spj value='1'></p>
<p align=left>Source:<textarea class='input input-xxlarge' name=source rows=1 cols=170><?php echo htmlentities($url,ENT_QUOTES,'UTF-8')?></textarea></p>
<p align=left>Source:<textarea class='input input-xxlarge' name=source rows=1 cols=170><?php echo htmlspecialchars($url,ENT_QUOTES,'UTF-8')?></textarea></p>
<p align=left>contest:
<select name=contest_id>
<?php $sql="SELECT `contest_id`,`title` FROM `contest` WHERE `start_time`>NOW() order by `contest_id`";

View File

@@ -89,7 +89,7 @@ Test Output:<textarea rows=3 name=test_output cols=80></textarea></p>
<p align=left>Hint:<br>
<textarea rows=3 name=hint cols=30></textarea>
SpecialJudge: N<input type=radio name=spj value='0' checked>Y<input type=radio name=spj value='1'></p>
<p align=left>Source:<textarea name=source rows=1 cols=70 ><?php echo htmlentities($url)?></textarea></p>
<p align=left>Source:<textarea name=source rows=1 cols=70 ><?php echo htmlspecialchars($url)?></textarea></p>
<div align=center>
<?php require_once("../include/set_post_key.php");?>
<input type=hidden name=remote_oj value="hdu" >

View File

@@ -60,7 +60,7 @@ include_once("kindeditor.php") ;
$element=$html->find('pre[class=sio]',1);
$sample_output=$element->innertext;
$element=$html->find('div[class=ptx]',3);
$hint=htmlentities($element->outertext);
$hint=htmlspecialchars($element->outertext);
?>
<form method=POST action=problem_add.php>
<input type=hidden name=problem_id value=New Problem>

View File

@@ -89,7 +89,7 @@ $url=$_POST ['url'];
<input type=submit value=Submit name=submit>
<p align=center><font size=4 color=#333399>Add a Problem</font></p>
<input type="hidden" name=problem_id value="New Problem">
<input type="hidden" name="url" value="<?php echo htmlentities($url)?>">
<input type="hidden" name="url" value="<?php echo htmlspecialchars($url)?>">
<input type="hidden" name="loj_id" value="<?php echo $loj_id?>">
<p align=left>Problem Id:&nbsp;&nbsp;New Problem</p>
<p align=left>Title:<input type=text name=title size=71 value="<?php echo $title?>"></p>

View File

@@ -49,7 +49,7 @@ include_once("kindeditor.php") ;
<p align=left>
<center>
<h3>
<?php echo $row['problem_id']?>: <input class="input input-xxlarge" style='width:90%' type=text name=title value='<?php echo htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>'>
<?php echo $row['problem_id']?>: <input class="input input-xxlarge" style='width:90%' type=text name=title value='<?php echo htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>'>
</h3>
</center>
</p>
@@ -61,32 +61,32 @@ include_once("kindeditor.php") ;
</p>
<p align=left>
<?php echo "<h4>".$MSG_Description."</h4>"?>
<textarea class="kindeditor" rows=13 name=description cols=80><?php echo htmlentities($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea class="kindeditor" rows=13 name=description cols=80><?php echo htmlspecialchars($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
</p>
<p align=left>
<?php echo "<h4>".$MSG_Input."</h4>"?>
<textarea class="kindeditor" rows=13 name=input cols=80><?php echo htmlentities($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea class="kindeditor" rows=13 name=input cols=80><?php echo htmlspecialchars($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
</p>
<p align=left>
<?php echo "<h4>".$MSG_Output."</h4>"?>
<textarea class="kindeditor" rows=13 name=output cols=80><?php echo htmlentities($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea class="kindeditor" rows=13 name=output cols=80><?php echo htmlspecialchars($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
</p>
<p align=left>
<?php echo "<h4>".$MSG_Sample_Input."</h4>"?>
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_input><?php echo htmlentities($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_input><?php echo htmlspecialchars($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
</p>
<p align=left>
<?php echo "<h4>".$MSG_Sample_Output."</h4>"?>
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_output><?php echo htmlentities($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_output><?php echo htmlspecialchars($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
</p>
<p align=left>
<?php echo "<h4>".$MSG_HINT."</h4>"?>
<textarea class="kindeditor" rows=13 name=hint cols=80><?php echo htmlentities($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea class="kindeditor" rows=13 name=hint cols=80><?php echo htmlspecialchars($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
</p>
<p>
@@ -99,11 +99,11 @@ include_once("kindeditor.php") ;
<p align=left>
<?php echo "<h4>".$MSG_SOURCE." 用空格分隔"."</h4>"?>
<textarea name=source style="width:100%;" rows=1><?php echo htmlentities($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea name=source style="width:100%;" rows=1><?php echo htmlspecialchars($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br>
<?php echo "<h4>".$MSG_REMOTE_OJ."</h4>"?>
<input name=remote_oj value='<?php echo htmlentities($row['remote_oj'],ENT_QUOTES,"UTF-8")?>' placeholder='<?php echo $MSG_HELP_LOCAL_EMPTY ?>' >
<input name=remote_id value='<?php echo htmlentities($row['remote_id'],ENT_QUOTES,"UTF-8")?>' placeholder='<?php echo $MSG_HELP_LOCAL_EMPTY ?>' ><br>
<input name=remote_oj value='<?php echo htmlspecialchars($row['remote_oj'],ENT_QUOTES,"UTF-8")?>' placeholder='<?php echo $MSG_HELP_LOCAL_EMPTY ?>' >
<input name=remote_id value='<?php echo htmlspecialchars($row['remote_id'],ENT_QUOTES,"UTF-8")?>' placeholder='<?php echo $MSG_HELP_LOCAL_EMPTY ?>' ><br>
</p>
<div align=center>
@@ -237,19 +237,19 @@ include_once("kindeditor.php") ;
// $description = str_replace("<p>", "", $description);
// $description = str_replace("</p>", "<br />", $description);
// $description = str_replace(",", "&#44;", $description);
$description = html_entity_decode($description,ENT_QUOTES,"UTF-8");
$description = htmlspecialchars_decode($description,ENT_QUOTES,"UTF-8");
$input = $_POST['input'];
// $input = str_replace("<p>", "", $input);
// $input = str_replace("</p>", "<br />", $input);
// $input = str_replace(",", "&#44;", $input);
$input = html_entity_decode($input,ENT_QUOTES,"UTF-8");
$input = htmlspecialchars_decode($input,ENT_QUOTES,"UTF-8");
$output = $_POST['output'];
// $output = str_replace("<p>", "", $output);
// $output = str_replace("</p>", "<br />", $output);
// $output = str_replace(",", "&#44;", $output);
$output = html_entity_decode($output,ENT_QUOTES,"UTF-8");
$output = htmlspecialchars_decode($output,ENT_QUOTES,"UTF-8");
$sample_input = $_POST['sample_input'];
$sample_output = $_POST['sample_output'];
@@ -260,7 +260,7 @@ include_once("kindeditor.php") ;
// $hint = str_replace("<p>", "", $hint);
// $hint = str_replace("</p>", "<br />", $hint);
// $hint = str_replace(",", "&#44;", $hint);
$hint = html_entity_decode($hint,ENT_QUOTES,"UTF-8");
$hint = htmlspecialchars_decode($hint,ENT_QUOTES,"UTF-8");
$source = $_POST['source'];
$remote_oj= $_POST['remote_oj'];

View File

@@ -124,7 +124,7 @@ function getSolution($pid,$lang) {
function fixurl($img_url) {
if(substr($img_url,0,4)=="data") return $img_url;
$img_url = html_entity_decode($img_url,ENT_QUOTES,"UTF-8");
$img_url = htmlspecialchars_decode($img_url,ENT_QUOTES,"UTF-8");
if (substr($img_url,0,4)!="http") {
if (substr($img_url,0,1)=="/") {

View File

@@ -154,7 +154,7 @@ else {
$hydrop=yaml_parse($file_content);
$title=$hydrop['title'];
$source=implode(" ",$hydrop['tag']);
echo "<hr>".htmlentities($file_name." $title $source");
echo "<hr>".htmlspecialchars($file_name." $title $source");
if(!in_array($title,$inserted)){
$pid = addproblem($title,1,128, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA);
mkdir($OJ_DATA."/$pid/");
@@ -174,13 +174,13 @@ else {
if($save_path){
$description=str_replace("file://",$save_path."/",$description);
// echo htmlentities($description);
// echo htmlspecialchars($description);
}
$spj=0;
if($title!="" && (!in_array($title,$inserted)) && !hasProblem($title)){
$pid = addproblem($title,1,128, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA);
echo htmlentities("$description");
echo htmlspecialchars("$description");
mkdir($OJ_DATA."/$pid/");
array_push($inserted,$title);
}else{
@@ -189,7 +189,7 @@ else {
echo "skiped $title";
//$pid=0;
}
echo "PID:<a href='../problem.php?id=$pid' >".htmlentities($title,ENT_QUOTES,"UTF-8")."</a>";
echo "PID:<a href='../problem.php?id=$pid' >".htmlspecialchars($title,ENT_QUOTES,"UTF-8")."</a>";
}else if(basename($file_name)=="config.yaml"){
$hydrop=yaml_parse($file_content);
if($hydrop['type']=="objective"){
@@ -202,7 +202,7 @@ else {
$out.= $hydrop['answers'][$ansi][0]."\n";
$ansi++;
}
//echo htmlentities($out);
//echo htmlspecialchars($out);
if($pid>0){
file_put_contents($OJ_DATA."/$pid/data.out",$out);
file_put_contents($OJ_DATA."/$pid/data.in",($ansi-1)."\n");

View File

@@ -141,7 +141,7 @@ else {
$title=str_replace("#","",$hydrop[0]);
$title=str_replace("\r","",$title);
$source="";
echo "<hr>".htmlentities($file_name." $title $source");
echo "<hr>".htmlspecialchars($file_name." $title $source");
$regex = '/<(?!div)/';
// $file_content = preg_replace($regex, '',$file_content);
$regex = '/(?<!div)>\s?/';
@@ -156,10 +156,10 @@ else {
if($save_path){
$description=str_replace("file://",$save_path."/",$description);
// echo htmlentities($description);
// echo htmlspecialchars($description);
}
//echo htmlentities("$description");
//echo htmlspecialchars("$description");
$tail=0;
$ptitle = $title;
while (hasProblem($ptitle)) {
@@ -170,7 +170,7 @@ else {
$pid = addproblem($title,1,128, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA);
mkdir($OJ_DATA."/$pid/");
echo "PID:<a href='../problem.php?id=$pid' >".htmlentities($title,ENT_QUOTES,"UTF-8")."</a>";
echo "PID:<a href='../problem.php?id=$pid' >".htmlspecialchars($title,ENT_QUOTES,"UTF-8")."</a>";
}
}
}else{

View File

@@ -58,7 +58,7 @@ else {
$time=getPartByMark($file_content,"时间限制:","ms");
$time=intval($time)/1000;
$memory=getPartByMark($file_content,"空间限制:","MiB");
echo "<hr>".htmlentities(" $title $source");
echo "<hr>".htmlspecialchars(" $title $source");
$pid = addproblem($title,$time,$memory, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA);
echo "PID:$pid";
mkdir($OJ_DATA."/$pid");

View File

@@ -58,7 +58,7 @@ if(isset($_GET['keyword']) && $_GET['keyword']!=""){
<center>
<form action=problem_list.php class="form-search form-inline">
<input type="text" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlentities($_GET['keyword'],ENT_QUOTES,"utf-8")?>" class="form-control search-query" placeholder="<?php echo $MSG_PROBLEM_ID.', '.$MSG_TITLE.', '.$MSG_Description.', '.$MSG_SOURCE?>">
<input type="text" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlspecialchars($_GET['keyword'],ENT_QUOTES,"utf-8")?>" class="form-control search-query" placeholder="<?php echo $MSG_PROBLEM_ID.', '.$MSG_TITLE.', '.$MSG_Description.', '.$MSG_SOURCE?>">
<button type="submit" class="form-control"><?php echo $MSG_SEARCH?></button>
</form>
</center>
@@ -80,7 +80,7 @@ echo "</select>";
<center>
<table width=100% border=1 style="text-align:center;">
<form id='pform' method=post action=contest_add.php >
<input type="hidden" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlentities($_GET['keyword'],ENT_QUOTES,"utf-8")?>">
<input type="hidden" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlspecialchars($_GET['keyword'],ENT_QUOTES,"utf-8")?>">
<input type="hidden" name=hlist value="" >
<tr>
<td width=60px><?php echo $MSG_PROBLEM_ID?><input type=checkbox style='vertical-align:2px;' onchange='$("input[type=checkbox]").prop("checked", this.checked)'></td>
@@ -123,7 +123,7 @@ echo "</select>";
foreach($cate as $cat){
$cat=trim($cat);
if(mb_ereg("^http",$cat)){
echo "<a class='label' style='display: inline-block;' href=\"".htmlentities($cat,ENT_QUOTES,'utf-8').'" target="_blank">Remote</a>' ;
echo "<a class='label' style='display: inline-block;' href=\"".htmlspecialchars($cat,ENT_QUOTES,'utf-8').'" target="_blank">Remote</a>' ;
}
else array_push($category,trim($cat));
}
@@ -135,7 +135,7 @@ echo "</select>";
$label_theme = $color_theme[$hash_num%count($color_theme)];
if ($label_theme=="") $label_theme = "default";
$view .= "<a title='".htmlentities($cat,ENT_QUOTES,'UTF-8')."' class='label label-$label_theme' style='display: inline-block;' href='problem_list.php?keyword=".htmlentities(urlencode($cat),ENT_QUOTES,'UTF-8')."'>".mb_substr($cat,0,10,'utf8')."</a>&nbsp;";
$view .= "<a title='".htmlspecialchars($cat,ENT_QUOTES,'UTF-8')."' class='label label-$label_theme' style='display: inline-block;' href='problem_list.php?keyword=".htmlspecialchars(urlencode($cat),ENT_QUOTES,'UTF-8')."'>".mb_substr($cat,0,10,'utf8')."</a>&nbsp;";
}
echo "<div class=\"show_tag_controled\" style=\"float: right; \">";
echo $view;
@@ -146,7 +146,7 @@ echo "</select>";
echo "<td><a href=problem_df_change.php?id=".$row['problem_id']."&getkey=".$_SESSION[$OJ_NAME.'_'.'getkey'].">".($row['defunct']=="N"?"<span titlc='click to reserve it' class=green>$MSG_AVAILABLE</span>":"<span class=red title='click to be available'>$MSG_RESERVED</span>")."</a><td>";
if(isset($_SESSION[$OJ_NAME.'_'.'administrator']) || isset($_SESSION[$OJ_NAME.'_'."p".$row['problem_id']]) ){
?>
<a href=# onclick='javascript:if(confirm("<?php echo $MSG_DELETE."[".htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>] ? "))
<a href=# onclick='javascript:if(confirm("<?php echo $MSG_DELETE."[".htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>] ? "))
location.href="problem_del.php?id=<?php echo $row['problem_id']?>&getkey=<?php echo $_SESSION[$OJ_NAME.'_'.'getkey']?>"'>
<?php echo $MSG_DELETE ?>
</a>

View File

@@ -119,7 +119,7 @@
$view_rank[$i][0]= $rank;
$view_rank[$i][1]= $row['user_id'];
$view_rank[$i][2]= htmlentities ( $row['nick'] ,ENT_QUOTES,"UTF-8");
$view_rank[$i][2]= htmlspecialchars ( $row['nick'] ,ENT_QUOTES,"UTF-8");
$view_rank[$i][3]= $row['solved'];
$view_rank[$i][4]= $row['submit'];
@@ -135,7 +135,7 @@
//循环数据生成二维数组
$exl_value=$view_rank;
//foreach ($list as $k => $y){
// $exl_value[] = array($rank,$row['user_id'], htmlentities ( $row['nick'] ,ENT_QUOTES,"UTF-8"),$row['solved'],$row['submit'],$row['submit'] );
// $exl_value[] = array($rank,$row['user_id'], htmlspecialchars ( $row['nick'] ,ENT_QUOTES,"UTF-8"),$row['solved'],$row['submit'],$row['submit'] );
// }
$file_name = $MSG_Number.'_'.time().'.csv';
$excel = new export_class();

View File

@@ -39,7 +39,7 @@ if (!(isset($_SESSION[$OJ_NAME.'_'.'administrator']) || isset($_SESSION[$OJ_NAME
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
$tmp_ip=explode(',',$REMOTE_ADDR);
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
}
if(mb_strlen($nick,'utf-8')>20){

View File

@@ -69,7 +69,7 @@ if(isset($_POST['idlist']) && isset($_POST['pwdlist']) && isset($_POST['nicklist
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
$tmp_ip=explode(',',$REMOTE_ADDR);
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
}
if(mb_strlen($nick,'utf-8')>20){
$new_len=mb_strlen($nick,'utf-8');

View File

@@ -2,7 +2,7 @@
require_once "../include/email.class.php";
require_once("../include/check_get_key.php");
$user_id=$_GET['cid'];
//echo htmlentities($user_id,ENT_QUOTE,'UTF-8');
//echo htmlspecialchars($user_id,ENT_QUOTE,'UTF-8');
if(!isset($_SESSION[$OJ_NAME.'_'.'administrator'])) exit();
$sql="select `defunct`,email FROM `users` WHERE `user_id`=?";
$result=pdo_query($sql,$user_id);

View File

@@ -52,7 +52,7 @@ if (isset($OJ_LANG)) {
<center>
<form action=user_list.php class="form-search form-inline">
<input type="text" name="keyword" value="<?php echo htmlentities($gkeyword, ENT_QUOTES) ?>"
<input type="text" name="keyword" value="<?php echo htmlspecialchars($gkeyword, ENT_QUOTES) ?>"
class="form-control search-query" placeholder="<?php echo $MSG_USER_ID . ', ' . $MSG_NICK . ', ' . $MSG_SCHOOL ?>">
<button type="submit" class="form-control"><?php echo $MSG_SEARCH ?></button>
<a href="user_list.php?trash"><i class='icon large trash color grey'></i></a>
@@ -79,7 +79,7 @@ if (isset($OJ_LANG)) {
echo "<tr>";
echo "<td><a href='../userinfo.php?user=" . $row['user_id'] . "'>" . $row['user_id'] . "</a></td>";
echo "<td><span fd='nick' user_id='" . $row['user_id'] . "'>" . $row['nick'] . "</span></td>";
echo "<td><a href='user_list.php?keyword=" . htmlentities(urlencode($row['ip'])) . "' >" . $row['ip'] . "</td>";
echo "<td><a href='user_list.php?keyword=" . htmlspecialchars(urlencode($row['ip'])) . "' >" . $row['ip'] . "</td>";
if ($OJ_SaaS_ENABLE && $domain == $DOMAIN) {
echo "<td><a href='http://" . $row['user_id'] . ".$DOMAIN' target=_blank >" . $row['email'] . "&nbsp;</a></td>";
} else {

View File

@@ -27,7 +27,7 @@ if(isset($_POST['do'])){
$sql = "insert into loginlog (user_id,password,ip,time) value(?,?,?,now())";
$result = pdo_query($sql,$user_id,"set ip by ".$_SESSION[$OJ_NAME."_user_id"],$ip);
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed!</h4></center>";
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed!</h4></center>";
}
?>
@@ -35,9 +35,9 @@ if(isset($_POST['do'])){
<div class="form-group">
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
<?php if(isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else if(isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
<?php } ?>
@@ -46,7 +46,7 @@ if(isset($_POST['do'])){
<div class="form-group">
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo "New IP"?></label>
<?php if(isset($_POST['ip'])) { ?>
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlentities($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlspecialchars($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="ip" class="form-control" placeholder="<?php echo "?.?.?.?*"?>" type="text" autocomplete="off" required ></div>
<?php } ?>