htmlentities -> htmlspecialchars
This commit is contained in:
@@ -52,7 +52,7 @@ if (isset($OJ_LANG)) {
|
||||
|
||||
<center>
|
||||
<form action=user_list.php class="form-search form-inline">
|
||||
<input type="text" name="keyword" value="<?php echo htmlentities($gkeyword, ENT_QUOTES) ?>"
|
||||
<input type="text" name="keyword" value="<?php echo htmlspecialchars($gkeyword, ENT_QUOTES) ?>"
|
||||
class="form-control search-query" placeholder="<?php echo $MSG_USER_ID . ', ' . $MSG_NICK . ', ' . $MSG_SCHOOL ?>">
|
||||
<button type="submit" class="form-control"><?php echo $MSG_SEARCH ?></button>
|
||||
<a href="user_list.php?trash"><i class='icon large trash color grey'></i></a>
|
||||
@@ -79,7 +79,7 @@ if (isset($OJ_LANG)) {
|
||||
echo "<tr>";
|
||||
echo "<td><a href='../userinfo.php?user=" . $row['user_id'] . "'>" . $row['user_id'] . "</a></td>";
|
||||
echo "<td><span fd='nick' user_id='" . $row['user_id'] . "'>" . $row['nick'] . "</span></td>";
|
||||
echo "<td><a href='user_list.php?keyword=" . htmlentities(urlencode($row['ip'])) . "' >" . $row['ip'] . "</td>";
|
||||
echo "<td><a href='user_list.php?keyword=" . htmlspecialchars(urlencode($row['ip'])) . "' >" . $row['ip'] . "</td>";
|
||||
if ($OJ_SaaS_ENABLE && $domain == $DOMAIN) {
|
||||
echo "<td><a href='http://" . $row['user_id'] . ".$DOMAIN' target=_blank >" . $row['email'] . " </a></td>";
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user