htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -161,7 +161,7 @@ if(isset($_POST['startdate'])){
$password = $row['password'];
$langmask = $row['langmask'];
$description = $row['description'];
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
$plist = "";
$sql = "SELECT `problem_id` FROM `contest_problem` WHERE `contest_id`=? ORDER BY `num`";
@@ -205,7 +205,7 @@ if(isset($_POST['startdate'])){
</p><p>
<?php echo $MSG_CONTEST.$MSG_Description;?>
<textarea class=kindeditor rows=13 name=description cols=80>
<?php echo htmlentities($description,ENT_QUOTES,'UTF-8')?>
<?php echo htmlspecialchars($description,ENT_QUOTES,'UTF-8')?>
</textarea>
</p>
@@ -240,7 +240,7 @@ if(isset($_POST['startdate'])){
<option value=1 <?php echo $private=='1'?'selected=selected':''?>><?php echo $MSG_Private;?></option>
</select>
<?php echo $MSG_CONTEST."-".$MSG_PASSWORD?>:
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlentities($password,ENT_QUOTES,'utf-8')?>'>
<input type=text class=form-control name=password style="display:inline;width:150px;" value='<?php echo htmlspecialchars($password,ENT_QUOTES,'utf-8')?>'>
</p>
</td>
</tr>