htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -58,7 +58,7 @@ if(isset($_GET['keyword']) && $_GET['keyword']!=""){
<center>
<form action=problem_list.php class="form-search form-inline">
<input type="text" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlentities($_GET['keyword'],ENT_QUOTES,"utf-8")?>" class="form-control search-query" placeholder="<?php echo $MSG_PROBLEM_ID.', '.$MSG_TITLE.', '.$MSG_Description.', '.$MSG_SOURCE?>">
<input type="text" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlspecialchars($_GET['keyword'],ENT_QUOTES,"utf-8")?>" class="form-control search-query" placeholder="<?php echo $MSG_PROBLEM_ID.', '.$MSG_TITLE.', '.$MSG_Description.', '.$MSG_SOURCE?>">
<button type="submit" class="form-control"><?php echo $MSG_SEARCH?></button>
</form>
</center>
@@ -80,7 +80,7 @@ echo "</select>";
<center>
<table width=100% border=1 style="text-align:center;">
<form id='pform' method=post action=contest_add.php >
<input type="hidden" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlentities($_GET['keyword'],ENT_QUOTES,"utf-8")?>">
<input type="hidden" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlspecialchars($_GET['keyword'],ENT_QUOTES,"utf-8")?>">
<input type="hidden" name=hlist value="" >
<tr>
<td width=60px><?php echo $MSG_PROBLEM_ID?><input type=checkbox style='vertical-align:2px;' onchange='$("input[type=checkbox]").prop("checked", this.checked)'></td>
@@ -123,7 +123,7 @@ echo "</select>";
foreach($cate as $cat){
$cat=trim($cat);
if(mb_ereg("^http",$cat)){
echo "<a class='label' style='display: inline-block;' href=\"".htmlentities($cat,ENT_QUOTES,'utf-8').'" target="_blank">Remote</a>' ;
echo "<a class='label' style='display: inline-block;' href=\"".htmlspecialchars($cat,ENT_QUOTES,'utf-8').'" target="_blank">Remote</a>' ;
}
else array_push($category,trim($cat));
}
@@ -135,7 +135,7 @@ echo "</select>";
$label_theme = $color_theme[$hash_num%count($color_theme)];
if ($label_theme=="") $label_theme = "default";
$view .= "<a title='".htmlentities($cat,ENT_QUOTES,'UTF-8')."' class='label label-$label_theme' style='display: inline-block;' href='problem_list.php?keyword=".htmlentities(urlencode($cat),ENT_QUOTES,'UTF-8')."'>".mb_substr($cat,0,10,'utf8')."</a>&nbsp;";
$view .= "<a title='".htmlspecialchars($cat,ENT_QUOTES,'UTF-8')."' class='label label-$label_theme' style='display: inline-block;' href='problem_list.php?keyword=".htmlspecialchars(urlencode($cat),ENT_QUOTES,'UTF-8')."'>".mb_substr($cat,0,10,'utf8')."</a>&nbsp;";
}
echo "<div class=\"show_tag_controled\" style=\"float: right; \">";
echo $view;
@@ -146,7 +146,7 @@ echo "</select>";
echo "<td><a href=problem_df_change.php?id=".$row['problem_id']."&getkey=".$_SESSION[$OJ_NAME.'_'.'getkey'].">".($row['defunct']=="N"?"<span titlc='click to reserve it' class=green>$MSG_AVAILABLE</span>":"<span class=red title='click to be available'>$MSG_RESERVED</span>")."</a><td>";
if(isset($_SESSION[$OJ_NAME.'_'.'administrator']) || isset($_SESSION[$OJ_NAME.'_'."p".$row['problem_id']]) ){
?>
<a href=# onclick='javascript:if(confirm("<?php echo $MSG_DELETE."[".htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>] ? "))
<a href=# onclick='javascript:if(confirm("<?php echo $MSG_DELETE."[".htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>] ? "))
location.href="problem_del.php?id=<?php echo $row['problem_id']?>&getkey=<?php echo $_SESSION[$OJ_NAME.'_'.'getkey']?>"'>
<?php echo $MSG_DELETE ?>
</a>