htmlentities -> htmlspecialchars
This commit is contained in:
@@ -219,7 +219,7 @@ else{
|
||||
</p><p>
|
||||
<?php echo $MSG_CONTEST.$MSG_Description;?>
|
||||
<textarea class=kindeditor rows=13 name=description cols=80>
|
||||
<?php echo htmlentities($description,ENT_QUOTES,'UTF-8')?>
|
||||
<?php echo htmlspecialchars($description,ENT_QUOTES,'UTF-8')?>
|
||||
</textarea>
|
||||
|
||||
</p>
|
||||
@@ -254,7 +254,7 @@ else{
|
||||
<option value=1 <?php echo $private=='1'?'selected=selected':''?>><?php echo $MSG_Private;?></option>
|
||||
</select>
|
||||
<?php echo $MSG_CONTEST."-".$MSG_PASSWORD?>:
|
||||
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlentities($password,ENT_QUOTES,'utf-8')?>'>
|
||||
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlspecialchars($password,ENT_QUOTES,'utf-8')?>'>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@@ -161,7 +161,7 @@ if(isset($_POST['startdate'])){
|
||||
$password = $row['password'];
|
||||
$langmask = $row['langmask'];
|
||||
$description = $row['description'];
|
||||
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
|
||||
|
||||
$plist = "";
|
||||
$sql = "SELECT `problem_id` FROM `contest_problem` WHERE `contest_id`=? ORDER BY `num`";
|
||||
@@ -205,7 +205,7 @@ if(isset($_POST['startdate'])){
|
||||
</p><p>
|
||||
<?php echo $MSG_CONTEST.$MSG_Description;?>
|
||||
<textarea class=kindeditor rows=13 name=description cols=80>
|
||||
<?php echo htmlentities($description,ENT_QUOTES,'UTF-8')?>
|
||||
<?php echo htmlspecialchars($description,ENT_QUOTES,'UTF-8')?>
|
||||
</textarea>
|
||||
|
||||
</p>
|
||||
@@ -240,7 +240,7 @@ if(isset($_POST['startdate'])){
|
||||
<option value=1 <?php echo $private=='1'?'selected=selected':''?>><?php echo $MSG_Private;?></option>
|
||||
</select>
|
||||
<?php echo $MSG_CONTEST."-".$MSG_PASSWORD?>:
|
||||
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlentities($password,ENT_QUOTES,'utf-8')?>'>
|
||||
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlspecialchars($password,ENT_QUOTES,'utf-8')?>'>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@@ -66,7 +66,7 @@ if(isset($_POST['news_id'])){
|
||||
|
||||
$row = $result[0];
|
||||
|
||||
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$content = $row['content'];
|
||||
}
|
||||
?>
|
||||
@@ -109,7 +109,7 @@ if(isset($_POST['news_id'])){
|
||||
<?php require_once("../include/set_post_key.php");?>
|
||||
<label for=title>标题</label><input type="text" name="title" class="form-control" value="<?php echo $title;?>">
|
||||
<lable for=content>内容</lable>
|
||||
<textarea name='content' rows=15 class="kindeditor" ><?php echo htmlentities($content,ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='content' rows=15 class="kindeditor" ><?php echo htmlspecialchars($content,ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<input type=hidden name='news_id' value=<?php echo $news_id?>>
|
||||
<button type='submit' class="btn btn-info btn-addon i"><i class="fa fa-save"></i>保存</button>
|
||||
</form>
|
||||
|
||||
@@ -2423,7 +2423,7 @@ function zip_extract(){
|
||||
function html_encode($str){
|
||||
global $charSet;
|
||||
$str = preg_replace(array('/&/', '/</', '/>/', '/"/'), array('&', '<', '>', '"'), $str); // Bypass PHP to allow any charset!!
|
||||
$str = htmlentities($str, ENT_QUOTES, $charSet, false);
|
||||
$str = htmlspecialchars($str, ENT_QUOTES, $charSet, false);
|
||||
return $str;
|
||||
}
|
||||
function rep($x,$y){
|
||||
|
||||
@@ -81,7 +81,7 @@ if (isset($_POST['do'])) {
|
||||
|
||||
$sql = "insert into `privilege`(user_id,rightstr,valuestr,defunct) values(?,?,?,'N')";
|
||||
$rows = pdo_query($sql,$user_id,$rightstr,$valuestr);
|
||||
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
|
||||
}
|
||||
?>
|
||||
<form method=post>
|
||||
|
||||
@@ -74,24 +74,24 @@ include_once("kindeditor.php");
|
||||
?>
|
||||
<?php require_once("../include/set_post_key.php");?>
|
||||
<input type=hidden name=problem_id value='<?php echo $row['problem_id']?>'>
|
||||
<label for=title>标题</label><input type="text" name="title" class="form-control" value="<?php echo htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>">
|
||||
<label for=title>标题</label><input type="text" name="title" class="form-control" value="<?php echo htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>">
|
||||
<label for=limit>时空限制</label>
|
||||
<div><input type="number" name="time_limit" class="form-control" style="width:40%;display:inline" size=20 value="<?php echo $row['time_limit'];?>">秒
|
||||
<input type="number" name="memory_limit" class="form-control" style="width:40%;display:inline" size=20 value="<?php echo $row['memory_limit'];?>">MB</div>
|
||||
<lable for=description>题目描述</lable>
|
||||
<textarea name='description' rows=15 class="kindeditor" ><?php echo htmlentities($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='description' rows=15 class="kindeditor" ><?php echo htmlspecialchars($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<lable for=input>输入格式</lable>
|
||||
<textarea name='input' rows=15 class="kindeditor" ><?php echo htmlentities($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='input' rows=15 class="kindeditor" ><?php echo htmlspecialchars($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<lable for=output>输出格式</lable>
|
||||
<textarea name='output' rows=15 class="kindeditor" ><?php echo htmlentities($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='output' rows=15 class="kindeditor" ><?php echo htmlspecialchars($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<lable for=sample_input>样例输入</lable>
|
||||
<textarea name='sample_input' rows=15 class='form-control'><?php echo htmlentities($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='sample_input' rows=15 class='form-control'><?php echo htmlspecialchars($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<lable for=sample_output>样例输出</lable>
|
||||
<textarea name='sample_output' rows=15 class='form-control'><?php echo htmlentities($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='sample_output' rows=15 class='form-control'><?php echo htmlspecialchars($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<lable for=hint>提示</lable>
|
||||
<textarea name='hint' rows=15 class="kindeditor" ><?php echo htmlentities($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='hint' rows=15 class="kindeditor" ><?php echo htmlspecialchars($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<lable for=source>来源</lable>
|
||||
<textarea name='source' rows=1 class="form-control"><?php echo htmlentities($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea name='source' rows=1 class="form-control"><?php echo htmlspecialchars($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<label for=spj>Special Judge:</label>
|
||||
<?php echo "No "?><input type=radio name=spj value='0' <?php echo $row['spj']=="0"?"checked":""?>><?php echo "/ Yes "?><input type=radio name=spj value='1' <?php echo $row['spj']=="1"?"checked":""?>><br><br>
|
||||
<button type='submit' class="btn btn-info btn-addon i"><i class="fa fa-edit"></i>编辑</button>
|
||||
|
||||
@@ -106,7 +106,7 @@ function getSolution($pid,$lang){
|
||||
return $ret;
|
||||
}
|
||||
function fixurl($img_url){
|
||||
$img_url= html_entity_decode( $img_url,ENT_QUOTES,"UTF-8");
|
||||
$img_url= htmlspecialchars_decode( $img_url,ENT_QUOTES,"UTF-8");
|
||||
|
||||
if (substr($img_url,0,4)!="http"){
|
||||
if(substr($img_url,0,1)=="/"){
|
||||
|
||||
@@ -98,7 +98,7 @@ require_once("../include/set_get_key.php");
|
||||
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
$sql="INSERT INTO `users`("."`user_id`,`email`,`ip`,`accesstime`,`password`,`reg_time`,`nick`,`school`)".
|
||||
"VALUES(?,?,?,NOW(),?,NOW(),?,?)on DUPLICATE KEY UPDATE `email`=?,`ip`=?,`accesstime`=NOW(),`password`=?,`reg_time`=now(),nick=?,`school`=?, `qq`=?, `backimg`=?, `codeshare`=?, `mailok`=?";
|
||||
|
||||
@@ -124,7 +124,7 @@ include_once("kindeditor.php");
|
||||
密码:
|
||||
<input type="text" class="form-control" name="password" placeholder="谨慎操作!请勿随意修改"<?php if ($isadmin == 1) echo " readonly";?>>
|
||||
邮箱:
|
||||
<input type="email" class="form-control" name="email" value="<?php echo htmlentities($email,ENT_QUOTES,"UTF-8")?>"<?php if ($isadmin == 1) echo " readonly";?>>
|
||||
<input type="email" class="form-control" name="email" value="<?php echo htmlspecialchars($email,ENT_QUOTES,"UTF-8")?>"<?php if ($isadmin == 1) echo " readonly";?>>
|
||||
学校
|
||||
<input type="text" class="form-control" name="nick" value="<?php echo $school;?>"<?php if ($isadmin == 1) echo " readonly";?>>
|
||||
<button type="submit" class="btn btn-dark">提交</button>
|
||||
|
||||
Reference in New Issue
Block a user