htmlentities -> htmlspecialchars
This commit is contained in:
@@ -58,7 +58,7 @@ if(isset($_GET['keyword']) && $_GET['keyword']!=""){
|
||||
|
||||
<center>
|
||||
<form action=problem_list.php class="form-search form-inline">
|
||||
<input type="text" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlentities($_GET['keyword'],ENT_QUOTES,"utf-8")?>" class="form-control search-query" placeholder="<?php echo $MSG_PROBLEM_ID.', '.$MSG_TITLE.', '.$MSG_Description.', '.$MSG_SOURCE?>">
|
||||
<input type="text" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlspecialchars($_GET['keyword'],ENT_QUOTES,"utf-8")?>" class="form-control search-query" placeholder="<?php echo $MSG_PROBLEM_ID.', '.$MSG_TITLE.', '.$MSG_Description.', '.$MSG_SOURCE?>">
|
||||
<button type="submit" class="form-control"><?php echo $MSG_SEARCH?></button>
|
||||
</form>
|
||||
</center>
|
||||
@@ -80,7 +80,7 @@ echo "</select>";
|
||||
<center>
|
||||
<table width=100% border=1 style="text-align:center;">
|
||||
<form id='pform' method=post action=contest_add.php >
|
||||
<input type="hidden" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlentities($_GET['keyword'],ENT_QUOTES,"utf-8")?>">
|
||||
<input type="hidden" name=keyword value="<?php if(isset($_GET['keyword']))echo htmlspecialchars($_GET['keyword'],ENT_QUOTES,"utf-8")?>">
|
||||
<input type="hidden" name=hlist value="" >
|
||||
<tr>
|
||||
<td width=60px><?php echo $MSG_PROBLEM_ID?><input type=checkbox style='vertical-align:2px;' onchange='$("input[type=checkbox]").prop("checked", this.checked)'></td>
|
||||
@@ -123,7 +123,7 @@ echo "</select>";
|
||||
foreach($cate as $cat){
|
||||
$cat=trim($cat);
|
||||
if(mb_ereg("^http",$cat)){
|
||||
echo "<a class='label' style='display: inline-block;' href=\"".htmlentities($cat,ENT_QUOTES,'utf-8').'" target="_blank">Remote</a>' ;
|
||||
echo "<a class='label' style='display: inline-block;' href=\"".htmlspecialchars($cat,ENT_QUOTES,'utf-8').'" target="_blank">Remote</a>' ;
|
||||
}
|
||||
else array_push($category,trim($cat));
|
||||
}
|
||||
@@ -135,7 +135,7 @@ echo "</select>";
|
||||
$label_theme = $color_theme[$hash_num%count($color_theme)];
|
||||
|
||||
if ($label_theme=="") $label_theme = "default";
|
||||
$view .= "<a title='".htmlentities($cat,ENT_QUOTES,'UTF-8')."' class='label label-$label_theme' style='display: inline-block;' href='problem_list.php?keyword=".htmlentities(urlencode($cat),ENT_QUOTES,'UTF-8')."'>".mb_substr($cat,0,10,'utf8')."</a> ";
|
||||
$view .= "<a title='".htmlspecialchars($cat,ENT_QUOTES,'UTF-8')."' class='label label-$label_theme' style='display: inline-block;' href='problem_list.php?keyword=".htmlspecialchars(urlencode($cat),ENT_QUOTES,'UTF-8')."'>".mb_substr($cat,0,10,'utf8')."</a> ";
|
||||
}
|
||||
echo "<div class=\"show_tag_controled\" style=\"float: right; \">";
|
||||
echo $view;
|
||||
@@ -146,7 +146,7 @@ echo "</select>";
|
||||
echo "<td><a href=problem_df_change.php?id=".$row['problem_id']."&getkey=".$_SESSION[$OJ_NAME.'_'.'getkey'].">".($row['defunct']=="N"?"<span titlc='click to reserve it' class=green>$MSG_AVAILABLE</span>":"<span class=red title='click to be available'>$MSG_RESERVED</span>")."</a><td>";
|
||||
if(isset($_SESSION[$OJ_NAME.'_'.'administrator']) || isset($_SESSION[$OJ_NAME.'_'."p".$row['problem_id']]) ){
|
||||
?>
|
||||
<a href=# onclick='javascript:if(confirm("<?php echo $MSG_DELETE."[".htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>] ? "))
|
||||
<a href=# onclick='javascript:if(confirm("<?php echo $MSG_DELETE."[".htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>] ? "))
|
||||
location.href="problem_del.php?id=<?php echo $row['problem_id']?>&getkey=<?php echo $_SESSION[$OJ_NAME.'_'.'getkey']?>"'>
|
||||
<?php echo $MSG_DELETE ?>
|
||||
</a>
|
||||
|
||||
Reference in New Issue
Block a user