htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -40,7 +40,7 @@ if (isset($_POST['do'])) {
}else{
email($OJ_ADMIN,"Privilege Add Warning!",$msg);
}
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
}
?>
@@ -51,9 +51,9 @@ if (isset($_POST['do'])) {
<div class="form-group">
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
<?php if(isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else if(isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
<?php } ?>
@@ -112,9 +112,9 @@ if (isset($_POST['do'])) {
<div class="form-group">
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
<?php if(isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else if(isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
<?php } ?>
@@ -147,9 +147,9 @@ if (isset($_POST['do'])) {
<div class="form-group">
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
<?php if(isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else if(isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
<?php } ?>