htmlentities -> htmlspecialchars
This commit is contained in:
@@ -41,9 +41,9 @@ if (isset($OJ_LANG)) {
|
||||
$sql = "update `users` set `password`=? where `user_id`=? and user_id not in( select user_id from privilege where rightstr='administrator')";
|
||||
|
||||
if (pdo_query($sql, $passwd, $user_id) == 1)
|
||||
echo "<center><h4 class='text-danger'>User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!</h4></center>";
|
||||
else
|
||||
echo "<center><h4 class='text-danger'>There is No such User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>There is No such User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!</h4></center>";
|
||||
}
|
||||
}
|
||||
?>
|
||||
@@ -53,10 +53,10 @@ if (isset($OJ_LANG)) {
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID ?></label>
|
||||
<?php if (isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control"
|
||||
value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required></div>
|
||||
value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required></div>
|
||||
<?php } else if (isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control"
|
||||
value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required>
|
||||
value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required>
|
||||
</div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control"
|
||||
|
||||
@@ -127,7 +127,7 @@ include_once("kindeditor.php");
|
||||
$password = $row['password'];
|
||||
$langmask = $row['langmask'];
|
||||
$description = $row['description'];
|
||||
$title = htmlentities($row['title'], ENT_QUOTES, "UTF-8");
|
||||
$title = htmlspecialchars($row['title'], ENT_QUOTES, "UTF-8");
|
||||
|
||||
$plist = "";
|
||||
$sql = "SELECT `problem_id` FROM `contest_problem` WHERE `contest_id`=? ORDER BY `num`";
|
||||
@@ -183,7 +183,7 @@ include_once("kindeditor.php");
|
||||
<p align=left>
|
||||
<?php echo "<h4>" . $MSG_CONTEST . "-" . $MSG_Description . "</h4>" ?>
|
||||
<textarea class=kindeditor rows=13 name=description cols=80>
|
||||
<?php echo htmlentities($description, ENT_QUOTES, 'UTF-8') ?>
|
||||
<?php echo htmlspecialchars($description, ENT_QUOTES, 'UTF-8') ?>
|
||||
</textarea>
|
||||
<br>
|
||||
<table width="100%">
|
||||
@@ -222,7 +222,7 @@ include_once("kindeditor.php");
|
||||
</select>
|
||||
<?php echo $MSG_CONTEST . "-" . $MSG_PASSWORD ?>:
|
||||
<input type=text name=password style="width:150px;"
|
||||
value='<?php echo htmlentities($password, ENT_QUOTES, 'utf-8') ?>'>
|
||||
value='<?php echo htmlspecialchars($password, ENT_QUOTES, 'utf-8') ?>'>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@@ -41,7 +41,7 @@
|
||||
if( typeof sync === "function") sync();
|
||||
}
|
||||
});
|
||||
// prettyPrint();
|
||||
prettyPrint();
|
||||
});
|
||||
}),100);
|
||||
</script>
|
||||
|
||||
@@ -36,7 +36,7 @@
|
||||
<li><a class='btn btn-success' href="problem_list.php" target="main" title="<?php echo $MSG_HELP_PROBLEM_LIST?>"><b><?php echo $MSG_PROBLEM.$MSG_LIST?></b></a>
|
||||
<?php }
|
||||
if (isset($_SESSION[$OJ_NAME.'_'.'administrator'])||isset($_SESSION[$OJ_NAME.'_'.'problem_editor'])){?>
|
||||
<li><a class='btn btn-success' href="problem_add_page.php" target="main" title="<?php echo html_entity_decode($MSG_HELP_ADD_PROBLEM)?>"><b><?php echo $MSG_ADD.$MSG_PROBLEM?></b></a>
|
||||
<li><a class='btn btn-success' href="problem_add_page.php" target="main" title="<?php echo htmlspecialchars_decode($MSG_HELP_ADD_PROBLEM)?>"><b><?php echo $MSG_ADD.$MSG_PROBLEM?></b></a>
|
||||
<?php }
|
||||
if (isset($_SESSION[$OJ_NAME.'_'.'administrator'])){?>
|
||||
<li><a class='btn btn-success' href="problem_import.php" target="main" title="<?php echo $MSG_HELP_IMPORT_PROBLEM?>"><b><?php echo $MSG_IMPORT.$MSG_PROBLEM?></b></a>
|
||||
|
||||
@@ -75,7 +75,7 @@
|
||||
<a class="dropdown-item btn-sm" href="problem_list.php" target="main" title="<?php echo $MSG_HELP_PROBLEM_LIST?>"><b><?php echo $MSG_PROBLEM."-".$MSG_LIST?></b></a>
|
||||
<?php }
|
||||
if (isset($_SESSION[$OJ_NAME.'_'.'administrator'])||isset($_SESSION[$OJ_NAME.'_'.'problem_editor'])) {?>
|
||||
<a class="dropdown-item btn-sm" href="problem_add_page.php" target="main" title="<?php echo html_entity_decode($MSG_HELP_ADD_PROBLEM)?>"><b><?php echo $MSG_PROBLEM."-".$MSG_ADD?></b></a>
|
||||
<a class="dropdown-item btn-sm" href="problem_add_page.php" target="main" title="<?php echo htmlspecialchars_decode($MSG_HELP_ADD_PROBLEM)?>"><b><?php echo $MSG_PROBLEM."-".$MSG_ADD?></b></a>
|
||||
<a class="dropdown-item btn-sm" href="problem_import.php" target="main" title="<?php echo $MSG_HELP_IMPORT_PROBLEM?>"><b><?php echo $MSG_PROBLEM."-".$MSG_IMPORT?></b></a>
|
||||
<a class="dropdown-item btn-sm" href="problem_export.php" target="main" title="<?php echo $MSG_HELP_EXPORT_PROBLEM?>"><b><?php echo $MSG_PROBLEM."-".$MSG_EXPORT?></b></a>
|
||||
<?php }?>
|
||||
|
||||
@@ -37,7 +37,7 @@ if(isset($_POST['pid'])){
|
||||
if($pieces[0]=="") unset($pieces[0]);
|
||||
$plist=implode(",",$pieces);
|
||||
|
||||
$content="[plist=".$plist."]".htmlentities($_POST['keyword'],ENT_QUOTES,"utf-8")."[/plist]";
|
||||
$content="[plist=".$plist."]".htmlspecialchars($_POST['keyword'],ENT_QUOTES,"utf-8")."[/plist]";
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ if(isset($_POST['news_id'])){
|
||||
|
||||
$row = $result[0];
|
||||
|
||||
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$content = $row['content'];
|
||||
$showInMenu = $row['menu'] == 1;
|
||||
}
|
||||
@@ -67,7 +67,7 @@ if(isset($_POST['news_id'])){
|
||||
</label>
|
||||
</p>
|
||||
<p align=left>
|
||||
<textarea class=kindeditor name=content rows=41 ><?php echo htmlentities($content,ENT_QUOTES,"UTF-8")?>
|
||||
<textarea class=kindeditor name=content rows=41 ><?php echo htmlspecialchars($content,ENT_QUOTES,"UTF-8")?>
|
||||
</textarea>
|
||||
</p>
|
||||
<?php require_once("../include/set_post_key.php");?>
|
||||
|
||||
@@ -2540,7 +2540,7 @@ function zip_extract(){
|
||||
function html_encode($str){
|
||||
global $charSet;
|
||||
$str = preg_replace(array('/&/', '/</', '/>/', '/"/'), array('&', '<', '>', '"'), $str); // Bypass PHP to allow any charset!!
|
||||
$str = htmlentities($str, ENT_QUOTES, $charSet, false);
|
||||
$str = htmlspecialchars($str, ENT_QUOTES, $charSet, false);
|
||||
return $str;
|
||||
}
|
||||
function rep($x,$y){
|
||||
|
||||
@@ -40,7 +40,7 @@ if (isset($_POST['do'])) {
|
||||
}else{
|
||||
email($OJ_ADMIN,"Privilege Add Warning!",$msg);
|
||||
}
|
||||
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -51,9 +51,9 @@ if (isset($_POST['do'])) {
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
@@ -112,9 +112,9 @@ if (isset($_POST['do'])) {
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
@@ -147,9 +147,9 @@ if (isset($_POST['do'])) {
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
|
||||
@@ -72,7 +72,7 @@ if(isset($_GET['keyword']) && $_GET['keyword']!=""){
|
||||
echo "<td>".$row['rightstr'];
|
||||
if($row['valuestr']!="true") echo ":".$row['valuestr'];
|
||||
echo "</td>";
|
||||
echo "<td><a href='privilege_delete.php?uid=".htmlentities($row['user_id'],ENT_QUOTES,"UTF-8")."&rightstr={$row['rightstr']}&getkey=".$_SESSION[$OJ_NAME.'_'.'getkey']."'>Delete</a></td>";
|
||||
echo "<td><a href='privilege_delete.php?uid=".htmlspecialchars($row['user_id'],ENT_QUOTES,"UTF-8")."&rightstr={$row['rightstr']}&getkey=".$_SESSION[$OJ_NAME.'_'.'getkey']."'>Delete</a></td>";
|
||||
echo "</tr>";
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -12,24 +12,28 @@ require_once ("../include/problem.php");
|
||||
|
||||
// contest_id
|
||||
$title = $_POST['title'];
|
||||
$title = str_replace(",", ",", $title);
|
||||
// $title = str_replace(",", ",", $title);
|
||||
$title = htmlspecialchars_decode($title, ENT_QUOTES, 'UTF-8');
|
||||
$time_limit = $_POST['time_limit'];
|
||||
$memory_limit = $_POST['memory_limit'];
|
||||
|
||||
$description = $_POST['description'];
|
||||
//$description = str_replace("<p>", "", $description);
|
||||
//$description = str_replace("</p>", "<br />", $description);
|
||||
$description = str_replace(",", ",", $description);
|
||||
// $description = str_replace(",", ",", $description);
|
||||
$description = htmlspecialchars_decode($description, ENT_QUOTES, 'UTF-8');
|
||||
|
||||
$input = $_POST['input'];
|
||||
//$input = str_replace("<p>", "", $input);
|
||||
//$input = str_replace("</p>", "<br />", $input);
|
||||
$input = str_replace(",", ",", $input);
|
||||
// $input = str_replace(",", ",", $input);
|
||||
$input = htmlspecialchars_decode($input, ENT_QUOTES, 'UTF-8');
|
||||
|
||||
$output = $_POST['output'];
|
||||
//$output = str_replace("<p>", "", $output);
|
||||
//$output = str_replace("</p>", "<br />", $output);
|
||||
$output = str_replace(",", ",", $output);
|
||||
// $output = str_replace(",", ",", $output);
|
||||
$output = htmlspecialchars_decode($output, ENT_QUOTES, 'UTF-8');
|
||||
|
||||
$sample_input = $_POST['sample_input'];
|
||||
$sample_output = $_POST['sample_output'];
|
||||
@@ -44,7 +48,8 @@ if ($test_output=="") $test_output="\n";
|
||||
$hint = $_POST['hint'];
|
||||
//$hint = str_replace("<p>", "", $hint);
|
||||
//$hint = str_replace("</p>", "<br />", $hint);
|
||||
$hint = str_replace(",", ",", $hint);
|
||||
// $hint = str_replace(",", ",", $hint);
|
||||
$hint = htmlspecialchars_decode($hint, ENT_QUOTES, 'UTF-8');
|
||||
|
||||
$source = $_POST['source'];
|
||||
|
||||
|
||||
@@ -59,11 +59,11 @@ $_SESSION[$OJ_NAME.'_'."p$pid"]=true;
|
||||
$loj_id=intval($_POST['loj_id']);
|
||||
//print_r($_POST);
|
||||
echo "<br>".$loj_id."<br>";
|
||||
echo htmlentities("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
|
||||
echo htmlspecialchars("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
|
||||
echo system("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
|
||||
echo system("/home/judge/src/install/ans2out $OJ_DATA/$pid/");
|
||||
echo "<br>";
|
||||
echo htmlentities("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
|
||||
echo htmlspecialchars("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
|
||||
echo system("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
|
||||
echo system("/usr/bin/loj.ac $OJ_DATA/$pid");
|
||||
echo "<br>";
|
||||
|
||||
@@ -90,7 +90,7 @@ if (!(isset($_SESSION[$OJ_NAME . '_' . 'administrator']) || isset($_SESSION[$OJ_
|
||||
<p align=left>
|
||||
<?php echo "<h4>" . $MSG_SOURCE . " 用空格分隔" . "</h4>" ?>
|
||||
<textarea name=source style="width:100%;"
|
||||
rows=1><?php echo htmlentities($source, ENT_QUOTES, 'UTF-8') ?></textarea><br><br>
|
||||
rows=1><?php echo htmlspecialchars($source, ENT_QUOTES, 'UTF-8') ?></textarea><br><br>
|
||||
</p>
|
||||
<p align=left><?php echo "<h4>" . $MSG_CONTEST . "</h4>" ?>
|
||||
<select name=contest_id>
|
||||
|
||||
@@ -94,7 +94,7 @@ Test Output:<textarea rows=1 name=test_output cols=80></textarea>
|
||||
Hint:
|
||||
<textarea rows=1 name=hint cols=80></textarea>
|
||||
<p>SpecialJudge: N<input type=radio name=spj value='0' checked>Y<input type=radio name=spj value='1'></p>
|
||||
<p align=left>Source:<textarea class='input input-xxlarge' name=source rows=1 cols=170><?php echo htmlentities($url,ENT_QUOTES,'UTF-8')?></textarea></p>
|
||||
<p align=left>Source:<textarea class='input input-xxlarge' name=source rows=1 cols=170><?php echo htmlspecialchars($url,ENT_QUOTES,'UTF-8')?></textarea></p>
|
||||
<p align=left>contest:
|
||||
<select name=contest_id>
|
||||
<?php $sql="SELECT `contest_id`,`title` FROM `contest` WHERE `start_time`>NOW() order by `contest_id`";
|
||||
|
||||
@@ -89,7 +89,7 @@ Test Output:<textarea rows=3 name=test_output cols=80></textarea></p>
|
||||
<p align=left>Hint:<br>
|
||||
<textarea rows=3 name=hint cols=30></textarea>
|
||||
SpecialJudge: N<input type=radio name=spj value='0' checked>Y<input type=radio name=spj value='1'></p>
|
||||
<p align=left>Source:<textarea name=source rows=1 cols=70 ><?php echo htmlentities($url)?></textarea></p>
|
||||
<p align=left>Source:<textarea name=source rows=1 cols=70 ><?php echo htmlspecialchars($url)?></textarea></p>
|
||||
<div align=center>
|
||||
<?php require_once("../include/set_post_key.php");?>
|
||||
<input type=hidden name=remote_oj value="hdu" >
|
||||
|
||||
@@ -60,7 +60,7 @@ include_once("kindeditor.php") ;
|
||||
$element=$html->find('pre[class=sio]',1);
|
||||
$sample_output=$element->innertext;
|
||||
$element=$html->find('div[class=ptx]',3);
|
||||
$hint=htmlentities($element->outertext);
|
||||
$hint=htmlspecialchars($element->outertext);
|
||||
?>
|
||||
<form method=POST action=problem_add.php>
|
||||
<input type=hidden name=problem_id value=New Problem>
|
||||
|
||||
@@ -89,7 +89,7 @@ $url=$_POST ['url'];
|
||||
<input type=submit value=Submit name=submit>
|
||||
<p align=center><font size=4 color=#333399>Add a Problem</font></p>
|
||||
<input type="hidden" name=problem_id value="New Problem">
|
||||
<input type="hidden" name="url" value="<?php echo htmlentities($url)?>">
|
||||
<input type="hidden" name="url" value="<?php echo htmlspecialchars($url)?>">
|
||||
<input type="hidden" name="loj_id" value="<?php echo $loj_id?>">
|
||||
<p align=left>Problem Id: New Problem</p>
|
||||
<p align=left>Title:<input type=text name=title size=71 value="<?php echo $title?>"></p>
|
||||
|
||||
@@ -49,7 +49,7 @@ include_once("kindeditor.php") ;
|
||||
<p align=left>
|
||||
<center>
|
||||
<h3>
|
||||
<?php echo $row['problem_id']?>: <input class="input input-xxlarge" style='width:90%' type=text name=title value='<?php echo htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>'>
|
||||
<?php echo $row['problem_id']?>: <input class="input input-xxlarge" style='width:90%' type=text name=title value='<?php echo htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>'>
|
||||
</h3>
|
||||
</center>
|
||||
</p>
|
||||
@@ -61,32 +61,32 @@ include_once("kindeditor.php") ;
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Description."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=description cols=80><?php echo htmlentities($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=description cols=80><?php echo htmlspecialchars($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Input."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=input cols=80><?php echo htmlentities($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=input cols=80><?php echo htmlspecialchars($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Output."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=output cols=80><?php echo htmlentities($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=output cols=80><?php echo htmlspecialchars($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Sample_Input."</h4>"?>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_input><?php echo htmlentities($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_input><?php echo htmlspecialchars($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
</p>
|
||||
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Sample_Output."</h4>"?>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_output><?php echo htmlentities($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_output><?php echo htmlspecialchars($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
</p>
|
||||
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_HINT."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=hint cols=80><?php echo htmlentities($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=hint cols=80><?php echo htmlspecialchars($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
@@ -99,11 +99,11 @@ include_once("kindeditor.php") ;
|
||||
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_SOURCE." 用空格分隔"."</h4>"?>
|
||||
<textarea name=source style="width:100%;" rows=1><?php echo htmlentities($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name=source style="width:100%;" rows=1><?php echo htmlspecialchars($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
|
||||
<?php echo "<h4>".$MSG_REMOTE_OJ."</h4>"?>
|
||||
<input name=remote_oj value='<?php echo htmlentities($row['remote_oj'],ENT_QUOTES,"UTF-8")?>' placeholder='<?php echo $MSG_HELP_LOCAL_EMPTY ?>' >
|
||||
<input name=remote_id value='<?php echo htmlentities($row['remote_id'],ENT_QUOTES,"UTF-8")?>' placeholder='<?php echo $MSG_HELP_LOCAL_EMPTY ?>' ><br>
|
||||
<input name=remote_oj value='<?php echo htmlspecialchars($row['remote_oj'],ENT_QUOTES,"UTF-8")?>' placeholder='<?php echo $MSG_HELP_LOCAL_EMPTY ?>' >
|
||||
<input name=remote_id value='<?php echo htmlspecialchars($row['remote_id'],ENT_QUOTES,"UTF-8")?>' placeholder='<?php echo $MSG_HELP_LOCAL_EMPTY ?>' ><br>
|
||||
</p>
|
||||
|
||||
<div align=center>
|
||||
@@ -237,19 +237,19 @@ include_once("kindeditor.php") ;
|
||||
// $description = str_replace("<p>", "", $description);
|
||||
// $description = str_replace("</p>", "<br />", $description);
|
||||
// $description = str_replace(",", ",", $description);
|
||||
$description = html_entity_decode($description,ENT_QUOTES,"UTF-8");
|
||||
$description = htmlspecialchars_decode($description,ENT_QUOTES,"UTF-8");
|
||||
|
||||
$input = $_POST['input'];
|
||||
// $input = str_replace("<p>", "", $input);
|
||||
// $input = str_replace("</p>", "<br />", $input);
|
||||
// $input = str_replace(",", ",", $input);
|
||||
$input = html_entity_decode($input,ENT_QUOTES,"UTF-8");
|
||||
$input = htmlspecialchars_decode($input,ENT_QUOTES,"UTF-8");
|
||||
|
||||
$output = $_POST['output'];
|
||||
// $output = str_replace("<p>", "", $output);
|
||||
// $output = str_replace("</p>", "<br />", $output);
|
||||
// $output = str_replace(",", ",", $output);
|
||||
$output = html_entity_decode($output,ENT_QUOTES,"UTF-8");
|
||||
$output = htmlspecialchars_decode($output,ENT_QUOTES,"UTF-8");
|
||||
|
||||
$sample_input = $_POST['sample_input'];
|
||||
$sample_output = $_POST['sample_output'];
|
||||
@@ -260,7 +260,7 @@ include_once("kindeditor.php") ;
|
||||
// $hint = str_replace("<p>", "", $hint);
|
||||
// $hint = str_replace("</p>", "<br />", $hint);
|
||||
// $hint = str_replace(",", ",", $hint);
|
||||
$hint = html_entity_decode($hint,ENT_QUOTES,"UTF-8");
|
||||
$hint = htmlspecialchars_decode($hint,ENT_QUOTES,"UTF-8");
|
||||
|
||||
$source = $_POST['source'];
|
||||
$remote_oj= $_POST['remote_oj'];
|
||||
|
||||
@@ -124,7 +124,7 @@ function getSolution($pid,$lang) {
|
||||
|
||||
function fixurl($img_url) {
|
||||
if(substr($img_url,0,4)=="data") return $img_url;
|
||||
$img_url = html_entity_decode($img_url,ENT_QUOTES,"UTF-8");
|
||||
$img_url = htmlspecialchars_decode($img_url,ENT_QUOTES,"UTF-8");
|
||||
|
||||
if (substr($img_url,0,4)!="http") {
|
||||
if (substr($img_url,0,1)=="/") {
|
||||
|
||||
@@ -154,7 +154,7 @@ else {
|
||||
$hydrop=yaml_parse($file_content);
|
||||
$title=$hydrop['title'];
|
||||
$source=implode(" ",$hydrop['tag']);
|
||||
echo "<hr>".htmlentities($file_name." $title $source");
|
||||
echo "<hr>".htmlspecialchars($file_name." $title $source");
|
||||
if(!in_array($title,$inserted)){
|
||||
$pid = addproblem($title,1,128, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA);
|
||||
mkdir($OJ_DATA."/$pid/");
|
||||
@@ -174,13 +174,13 @@ else {
|
||||
if($save_path){
|
||||
$description=str_replace("file://",$save_path."/",$description);
|
||||
|
||||
// echo htmlentities($description);
|
||||
// echo htmlspecialchars($description);
|
||||
}
|
||||
|
||||
$spj=0;
|
||||
if($title!="" && (!in_array($title,$inserted)) && !hasProblem($title)){
|
||||
$pid = addproblem($title,1,128, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA);
|
||||
echo htmlentities("$description");
|
||||
echo htmlspecialchars("$description");
|
||||
mkdir($OJ_DATA."/$pid/");
|
||||
array_push($inserted,$title);
|
||||
}else{
|
||||
@@ -189,7 +189,7 @@ else {
|
||||
echo "skiped $title";
|
||||
//$pid=0;
|
||||
}
|
||||
echo "PID:<a href='../problem.php?id=$pid' >".htmlentities($title,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "PID:<a href='../problem.php?id=$pid' >".htmlspecialchars($title,ENT_QUOTES,"UTF-8")."</a>";
|
||||
}else if(basename($file_name)=="config.yaml"){
|
||||
$hydrop=yaml_parse($file_content);
|
||||
if($hydrop['type']=="objective"){
|
||||
@@ -202,7 +202,7 @@ else {
|
||||
$out.= $hydrop['answers'][$ansi][0]."\n";
|
||||
$ansi++;
|
||||
}
|
||||
//echo htmlentities($out);
|
||||
//echo htmlspecialchars($out);
|
||||
if($pid>0){
|
||||
file_put_contents($OJ_DATA."/$pid/data.out",$out);
|
||||
file_put_contents($OJ_DATA."/$pid/data.in",($ansi-1)."\n");
|
||||
|
||||
@@ -141,7 +141,7 @@ else {
|
||||
$title=str_replace("#","",$hydrop[0]);
|
||||
$title=str_replace("\r","",$title);
|
||||
$source="";
|
||||
echo "<hr>".htmlentities($file_name." $title $source");
|
||||
echo "<hr>".htmlspecialchars($file_name." $title $source");
|
||||
$regex = '/<(?!div)/';
|
||||
// $file_content = preg_replace($regex, '<',$file_content);
|
||||
$regex = '/(?<!div)>\s?/';
|
||||
@@ -156,10 +156,10 @@ else {
|
||||
if($save_path){
|
||||
$description=str_replace("file://",$save_path."/",$description);
|
||||
|
||||
// echo htmlentities($description);
|
||||
// echo htmlspecialchars($description);
|
||||
}
|
||||
|
||||
//echo htmlentities("$description");
|
||||
//echo htmlspecialchars("$description");
|
||||
$tail=0;
|
||||
$ptitle = $title;
|
||||
while (hasProblem($ptitle)) {
|
||||
@@ -170,7 +170,7 @@ else {
|
||||
$pid = addproblem($title,1,128, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA);
|
||||
mkdir($OJ_DATA."/$pid/");
|
||||
|
||||
echo "PID:<a href='../problem.php?id=$pid' >".htmlentities($title,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "PID:<a href='../problem.php?id=$pid' >".htmlspecialchars($title,ENT_QUOTES,"UTF-8")."</a>";
|
||||
}
|
||||
}
|
||||
}else{
|
||||
|
||||
@@ -58,7 +58,7 @@ else {
|
||||
$time=getPartByMark($file_content,"时间限制:","ms");
|
||||
$time=intval($time)/1000;
|
||||
$memory=getPartByMark($file_content,"空间限制:","MiB");
|
||||
echo "<hr>".htmlentities(" $title $source");
|
||||
echo "<hr>".htmlspecialchars(" $title $source");
|
||||
$pid = addproblem($title,$time,$memory, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj, $OJ_DATA);
|
||||
echo "PID:$pid";
|
||||
mkdir($OJ_DATA."/$pid");
|
||||
|
||||
@@ -58,7 +58,7 @@ if(isset($_GET['keyword']) && $_GET['keyword']!=""){
|
||||
|
||||
<center>
|
||||
<form action=problem_list.php class="form-search form-inline">
|
||||
<input type="text" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlentities($_GET['keyword'],ENT_QUOTES,"utf-8")?>" class="form-control search-query" placeholder="<?php echo $MSG_PROBLEM_ID.', '.$MSG_TITLE.', '.$MSG_Description.', '.$MSG_SOURCE?>">
|
||||
<input type="text" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlspecialchars($_GET['keyword'],ENT_QUOTES,"utf-8")?>" class="form-control search-query" placeholder="<?php echo $MSG_PROBLEM_ID.', '.$MSG_TITLE.', '.$MSG_Description.', '.$MSG_SOURCE?>">
|
||||
<button type="submit" class="form-control"><?php echo $MSG_SEARCH?></button>
|
||||
</form>
|
||||
</center>
|
||||
@@ -80,7 +80,7 @@ echo "</select>";
|
||||
<center>
|
||||
<table width=100% border=1 style="text-align:center;">
|
||||
<form id='pform' method=post action=contest_add.php >
|
||||
<input type="hidden" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlentities($_GET['keyword'],ENT_QUOTES,"utf-8")?>">
|
||||
<input type="hidden" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlspecialchars($_GET['keyword'],ENT_QUOTES,"utf-8")?>">
|
||||
<input type="hidden" name=hlist value="" >
|
||||
<tr>
|
||||
<td width=60px><?php echo $MSG_PROBLEM_ID?><input type=checkbox style='vertical-align:2px;' onchange='$("input[type=checkbox]").prop("checked", this.checked)'></td>
|
||||
@@ -123,7 +123,7 @@ echo "</select>";
|
||||
foreach($cate as $cat){
|
||||
$cat=trim($cat);
|
||||
if(mb_ereg("^http",$cat)){
|
||||
echo "<a class='label' style='display: inline-block;' href=\"".htmlentities($cat,ENT_QUOTES,'utf-8').'" target="_blank">Remote</a>' ;
|
||||
echo "<a class='label' style='display: inline-block;' href=\"".htmlspecialchars($cat,ENT_QUOTES,'utf-8').'" target="_blank">Remote</a>' ;
|
||||
}
|
||||
else array_push($category,trim($cat));
|
||||
}
|
||||
@@ -135,7 +135,7 @@ echo "</select>";
|
||||
$label_theme = $color_theme[$hash_num%count($color_theme)];
|
||||
|
||||
if ($label_theme=="") $label_theme = "default";
|
||||
$view .= "<a title='".htmlentities($cat,ENT_QUOTES,'UTF-8')."' class='label label-$label_theme' style='display: inline-block;' href='problem_list.php?keyword=".htmlentities(urlencode($cat),ENT_QUOTES,'UTF-8')."'>".mb_substr($cat,0,10,'utf8')."</a> ";
|
||||
$view .= "<a title='".htmlspecialchars($cat,ENT_QUOTES,'UTF-8')."' class='label label-$label_theme' style='display: inline-block;' href='problem_list.php?keyword=".htmlspecialchars(urlencode($cat),ENT_QUOTES,'UTF-8')."'>".mb_substr($cat,0,10,'utf8')."</a> ";
|
||||
}
|
||||
echo "<div class=\"show_tag_controled\" style=\"float: right; \">";
|
||||
echo $view;
|
||||
@@ -146,7 +146,7 @@ echo "</select>";
|
||||
echo "<td><a href=problem_df_change.php?id=".$row['problem_id']."&getkey=".$_SESSION[$OJ_NAME.'_'.'getkey'].">".($row['defunct']=="N"?"<span titlc='click to reserve it' class=green>$MSG_AVAILABLE</span>":"<span class=red title='click to be available'>$MSG_RESERVED</span>")."</a><td>";
|
||||
if(isset($_SESSION[$OJ_NAME.'_'.'administrator']) || isset($_SESSION[$OJ_NAME.'_'."p".$row['problem_id']]) ){
|
||||
?>
|
||||
<a href=# onclick='javascript:if(confirm("<?php echo $MSG_DELETE."[".htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>] ? "))
|
||||
<a href=# onclick='javascript:if(confirm("<?php echo $MSG_DELETE."[".htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>] ? "))
|
||||
location.href="problem_del.php?id=<?php echo $row['problem_id']?>&getkey=<?php echo $_SESSION[$OJ_NAME.'_'.'getkey']?>"'>
|
||||
<?php echo $MSG_DELETE ?>
|
||||
</a>
|
||||
|
||||
@@ -119,7 +119,7 @@
|
||||
|
||||
$view_rank[$i][0]= $rank;
|
||||
$view_rank[$i][1]= $row['user_id'];
|
||||
$view_rank[$i][2]= htmlentities ( $row['nick'] ,ENT_QUOTES,"UTF-8");
|
||||
$view_rank[$i][2]= htmlspecialchars ( $row['nick'] ,ENT_QUOTES,"UTF-8");
|
||||
$view_rank[$i][3]= $row['solved'];
|
||||
$view_rank[$i][4]= $row['submit'];
|
||||
|
||||
@@ -135,7 +135,7 @@
|
||||
//循环数据生成二维数组
|
||||
$exl_value=$view_rank;
|
||||
//foreach ($list as $k => $y){
|
||||
// $exl_value[] = array($rank,$row['user_id'], htmlentities ( $row['nick'] ,ENT_QUOTES,"UTF-8"),$row['solved'],$row['submit'],$row['submit'] );
|
||||
// $exl_value[] = array($rank,$row['user_id'], htmlspecialchars ( $row['nick'] ,ENT_QUOTES,"UTF-8"),$row['solved'],$row['submit'],$row['submit'] );
|
||||
// }
|
||||
$file_name = $MSG_Number.'_'.time().'.csv';
|
||||
$excel = new export_class();
|
||||
|
||||
@@ -39,7 +39,7 @@ if (!(isset($_SESSION[$OJ_NAME.'_'.'administrator']) || isset($_SESSION[$OJ_NAME
|
||||
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
|
||||
if(mb_strlen($nick,'utf-8')>20){
|
||||
|
||||
@@ -69,7 +69,7 @@ if(isset($_POST['idlist']) && isset($_POST['pwdlist']) && isset($_POST['nicklist
|
||||
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
if(mb_strlen($nick,'utf-8')>20){
|
||||
$new_len=mb_strlen($nick,'utf-8');
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
require_once "../include/email.class.php";
|
||||
require_once("../include/check_get_key.php");
|
||||
$user_id=$_GET['cid'];
|
||||
//echo htmlentities($user_id,ENT_QUOTE,'UTF-8');
|
||||
//echo htmlspecialchars($user_id,ENT_QUOTE,'UTF-8');
|
||||
if(!isset($_SESSION[$OJ_NAME.'_'.'administrator'])) exit();
|
||||
$sql="select `defunct`,email FROM `users` WHERE `user_id`=?";
|
||||
$result=pdo_query($sql,$user_id);
|
||||
|
||||
@@ -52,7 +52,7 @@ if (isset($OJ_LANG)) {
|
||||
|
||||
<center>
|
||||
<form action=user_list.php class="form-search form-inline">
|
||||
<input type="text" name="keyword" value="<?php echo htmlentities($gkeyword, ENT_QUOTES) ?>"
|
||||
<input type="text" name="keyword" value="<?php echo htmlspecialchars($gkeyword, ENT_QUOTES) ?>"
|
||||
class="form-control search-query" placeholder="<?php echo $MSG_USER_ID . ', ' . $MSG_NICK . ', ' . $MSG_SCHOOL ?>">
|
||||
<button type="submit" class="form-control"><?php echo $MSG_SEARCH ?></button>
|
||||
<a href="user_list.php?trash"><i class='icon large trash color grey'></i></a>
|
||||
@@ -79,7 +79,7 @@ if (isset($OJ_LANG)) {
|
||||
echo "<tr>";
|
||||
echo "<td><a href='../userinfo.php?user=" . $row['user_id'] . "'>" . $row['user_id'] . "</a></td>";
|
||||
echo "<td><span fd='nick' user_id='" . $row['user_id'] . "'>" . $row['nick'] . "</span></td>";
|
||||
echo "<td><a href='user_list.php?keyword=" . htmlentities(urlencode($row['ip'])) . "' >" . $row['ip'] . "</td>";
|
||||
echo "<td><a href='user_list.php?keyword=" . htmlspecialchars(urlencode($row['ip'])) . "' >" . $row['ip'] . "</td>";
|
||||
if ($OJ_SaaS_ENABLE && $domain == $DOMAIN) {
|
||||
echo "<td><a href='http://" . $row['user_id'] . ".$DOMAIN' target=_blank >" . $row['email'] . " </a></td>";
|
||||
} else {
|
||||
|
||||
@@ -27,7 +27,7 @@ if(isset($_POST['do'])){
|
||||
|
||||
$sql = "insert into loginlog (user_id,password,ip,time) value(?,?,?,now())";
|
||||
$result = pdo_query($sql,$user_id,"set ip by ".$_SESSION[$OJ_NAME."_user_id"],$ip);
|
||||
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed!</h4></center>";
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -35,9 +35,9 @@ if(isset($_POST['do'])){
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
@@ -46,7 +46,7 @@ if(isset($_POST['do'])){
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo "New IP"?></label>
|
||||
<?php if(isset($_POST['ip'])) { ?>
|
||||
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlentities($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
|
||||
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlspecialchars($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="ip" class="form-control" placeholder="<?php echo "?.?.?.?*"?>" type="text" autocomplete="off" required ></div>
|
||||
<?php } ?>
|
||||
|
||||
Reference in New Issue
Block a user