htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -219,7 +219,7 @@ else{
</p><p>
<?php echo $MSG_CONTEST.$MSG_Description;?>
<textarea class=kindeditor rows=13 name=description cols=80>
<?php echo htmlentities($description,ENT_QUOTES,'UTF-8')?>
<?php echo htmlspecialchars($description,ENT_QUOTES,'UTF-8')?>
</textarea>
</p>
@@ -254,7 +254,7 @@ else{
<option value=1 <?php echo $private=='1'?'selected=selected':''?>><?php echo $MSG_Private;?></option>
</select>
<?php echo $MSG_CONTEST."-".$MSG_PASSWORD?>:
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlentities($password,ENT_QUOTES,'utf-8')?>'>
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlspecialchars($password,ENT_QUOTES,'utf-8')?>'>
</p>
</td>
</tr>

View File

@@ -161,7 +161,7 @@ if(isset($_POST['startdate'])){
$password = $row['password'];
$langmask = $row['langmask'];
$description = $row['description'];
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
$plist = "";
$sql = "SELECT `problem_id` FROM `contest_problem` WHERE `contest_id`=? ORDER BY `num`";
@@ -205,7 +205,7 @@ if(isset($_POST['startdate'])){
</p><p>
<?php echo $MSG_CONTEST.$MSG_Description;?>
<textarea class=kindeditor rows=13 name=description cols=80>
<?php echo htmlentities($description,ENT_QUOTES,'UTF-8')?>
<?php echo htmlspecialchars($description,ENT_QUOTES,'UTF-8')?>
</textarea>
</p>
@@ -240,7 +240,7 @@ if(isset($_POST['startdate'])){
<option value=1 <?php echo $private=='1'?'selected=selected':''?>><?php echo $MSG_Private;?></option>
</select>
<?php echo $MSG_CONTEST."-".$MSG_PASSWORD?>:
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlentities($password,ENT_QUOTES,'utf-8')?>'>
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlspecialchars($password,ENT_QUOTES,'utf-8')?>'>
</p>
</td>
</tr>

View File

@@ -66,7 +66,7 @@ if(isset($_POST['news_id'])){
$row = $result[0];
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
$content = $row['content'];
}
?>
@@ -109,7 +109,7 @@ if(isset($_POST['news_id'])){
<?php require_once("../include/set_post_key.php");?>
<label for=title>标题</label><input type="text" name="title" class="form-control" value="<?php echo $title;?>">
<lable for=content>内容</lable>
<textarea name='content' rows=15 class="kindeditor" ><?php echo htmlentities($content,ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea name='content' rows=15 class="kindeditor" ><?php echo htmlspecialchars($content,ENT_QUOTES,"UTF-8")?></textarea><br>
<input type=hidden name='news_id' value=<?php echo $news_id?>>
<button type='submit' class="btn btn-info btn-addon i"><i class="fa fa-save"></i>保存</button>
</form>

View File

@@ -2423,7 +2423,7 @@ function zip_extract(){
function html_encode($str){
global $charSet;
$str = preg_replace(array('/&/', '/</', '/>/', '/"/'), array('&amp;', '&lt;', '&gt;', '&quot;'), $str); // Bypass PHP to allow any charset!!
$str = htmlentities($str, ENT_QUOTES, $charSet, false);
$str = htmlspecialchars($str, ENT_QUOTES, $charSet, false);
return $str;
}
function rep($x,$y){

View File

@@ -81,7 +81,7 @@ if (isset($_POST['do'])) {
$sql = "insert into `privilege`(user_id,rightstr,valuestr,defunct) values(?,?,?,'N')";
$rows = pdo_query($sql,$user_id,$rightstr,$valuestr);
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
}
?>
<form method=post>

View File

@@ -74,24 +74,24 @@ include_once("kindeditor.php");
?>
<?php require_once("../include/set_post_key.php");?>
<input type=hidden name=problem_id value='<?php echo $row['problem_id']?>'>
<label for=title>标题</label><input type="text" name="title" class="form-control" value="<?php echo htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>">
<label for=title>标题</label><input type="text" name="title" class="form-control" value="<?php echo htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>">
<label for=limit>时空限制</label>
<div><input type="number" name="time_limit" class="form-control" style="width:40%;display:inline" size=20 value="<?php echo $row['time_limit'];?>">秒
<input type="number" name="memory_limit" class="form-control" style="width:40%;display:inline" size=20 value="<?php echo $row['memory_limit'];?>">MB</div>
<lable for=description>题目描述</lable>
<textarea name='description' rows=15 class="kindeditor" ><?php echo htmlentities($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea name='description' rows=15 class="kindeditor" ><?php echo htmlspecialchars($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
<lable for=input>输入格式</lable>
<textarea name='input' rows=15 class="kindeditor" ><?php echo htmlentities($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea name='input' rows=15 class="kindeditor" ><?php echo htmlspecialchars($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
<lable for=output>输出格式</lable>
<textarea name='output' rows=15 class="kindeditor" ><?php echo htmlentities($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea name='output' rows=15 class="kindeditor" ><?php echo htmlspecialchars($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
<lable for=sample_input>样例输入</lable>
<textarea name='sample_input' rows=15 class='form-control'><?php echo htmlentities($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea name='sample_input' rows=15 class='form-control'><?php echo htmlspecialchars($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br>
<lable for=sample_output>样例输出</lable>
<textarea name='sample_output' rows=15 class='form-control'><?php echo htmlentities($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea name='sample_output' rows=15 class='form-control'><?php echo htmlspecialchars($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br>
<lable for=hint>提示</lable>
<textarea name='hint' rows=15 class="kindeditor" ><?php echo htmlentities($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea name='hint' rows=15 class="kindeditor" ><?php echo htmlspecialchars($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
<lable for=source>来源</lable>
<textarea name='source' rows=1 class="form-control"><?php echo htmlentities($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea name='source' rows=1 class="form-control"><?php echo htmlspecialchars($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br>
<label for=spj>Special Judge</label>
<?php echo "No "?><input type=radio name=spj value='0' <?php echo $row['spj']=="0"?"checked":""?>><?php echo "/ Yes "?><input type=radio name=spj value='1' <?php echo $row['spj']=="1"?"checked":""?>><br><br>
<button type='submit' class="btn btn-info btn-addon i"><i class="fa fa-edit"></i>编辑</button>

View File

@@ -106,7 +106,7 @@ function getSolution($pid,$lang){
return $ret;
}
function fixurl($img_url){
$img_url= html_entity_decode( $img_url,ENT_QUOTES,"UTF-8");
$img_url= htmlspecialchars_decode( $img_url,ENT_QUOTES,"UTF-8");
if (substr($img_url,0,4)!="http"){
if(substr($img_url,0,1)=="/"){

View File

@@ -98,7 +98,7 @@ require_once("../include/set_get_key.php");
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
$tmp_ip=explode(',',$REMOTE_ADDR);
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
}
$sql="INSERT INTO `users`("."`user_id`,`email`,`ip`,`accesstime`,`password`,`reg_time`,`nick`,`school`)".
"VALUES(?,?,?,NOW(),?,NOW(),?,?)on DUPLICATE KEY UPDATE `email`=?,`ip`=?,`accesstime`=NOW(),`password`=?,`reg_time`=now(),nick=?,`school`=?, `qq`=?, `backimg`=?, `codeshare`=?, `mailok`=?";

View File

@@ -124,7 +124,7 @@ include_once("kindeditor.php");
密码:
<input type="text" class="form-control" name="password" placeholder="谨慎操作!请勿随意修改"<?php if ($isadmin == 1) echo " readonly";?>>
邮箱:
<input type="email" class="form-control" name="email" value="<?php echo htmlentities($email,ENT_QUOTES,"UTF-8")?>"<?php if ($isadmin == 1) echo " readonly";?>>
<input type="email" class="form-control" name="email" value="<?php echo htmlspecialchars($email,ENT_QUOTES,"UTF-8")?>"<?php if ($isadmin == 1) echo " readonly";?>>
学校
<input type="text" class="form-control" name="nick" value="<?php echo $school;?>"<?php if ($isadmin == 1) echo " readonly";?>>
<button type="submit" class="btn btn-dark">提交</button>