htmlentities -> htmlspecialchars
This commit is contained in:
@@ -41,9 +41,9 @@ if (isset($OJ_LANG)) {
|
||||
$sql = "update `users` set `password`=? where `user_id`=? and user_id not in( select user_id from privilege where rightstr='administrator')";
|
||||
|
||||
if (pdo_query($sql, $passwd, $user_id) == 1)
|
||||
echo "<center><h4 class='text-danger'>User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Password Changed!</h4></center>";
|
||||
else
|
||||
echo "<center><h4 class='text-danger'>There is No such User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>There is No such User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "! or User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . " is administrator!</h4></center>";
|
||||
}
|
||||
}
|
||||
?>
|
||||
@@ -53,10 +53,10 @@ if (isset($OJ_LANG)) {
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID ?></label>
|
||||
<?php if (isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control"
|
||||
value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required></div>
|
||||
value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required></div>
|
||||
<?php } else if (isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control"
|
||||
value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required>
|
||||
value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>" type="text" required>
|
||||
</div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control"
|
||||
|
||||
Reference in New Issue
Block a user