htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -52,7 +52,7 @@ if (isset($OJ_LANG)) {
<center>
<form action=user_list.php class="form-search form-inline">
<input type="text" name="keyword" value="<?php echo htmlentities($gkeyword, ENT_QUOTES) ?>"
<input type="text" name="keyword" value="<?php echo htmlspecialchars($gkeyword, ENT_QUOTES) ?>"
class="form-control search-query" placeholder="<?php echo $MSG_USER_ID . ', ' . $MSG_NICK . ', ' . $MSG_SCHOOL ?>">
<button type="submit" class="form-control"><?php echo $MSG_SEARCH ?></button>
<a href="user_list.php?trash"><i class='icon large trash color grey'></i></a>
@@ -79,7 +79,7 @@ if (isset($OJ_LANG)) {
echo "<tr>";
echo "<td><a href='../userinfo.php?user=" . $row['user_id'] . "'>" . $row['user_id'] . "</a></td>";
echo "<td><span fd='nick' user_id='" . $row['user_id'] . "'>" . $row['nick'] . "</span></td>";
echo "<td><a href='user_list.php?keyword=" . htmlentities(urlencode($row['ip'])) . "' >" . $row['ip'] . "</td>";
echo "<td><a href='user_list.php?keyword=" . htmlspecialchars(urlencode($row['ip'])) . "' >" . $row['ip'] . "</td>";
if ($OJ_SaaS_ENABLE && $domain == $DOMAIN) {
echo "<td><a href='http://" . $row['user_id'] . ".$DOMAIN' target=_blank >" . $row['email'] . "&nbsp;</a></td>";
} else {