htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -920,7 +920,7 @@ class PHPMailer
break;
case 'html':
//Cleans up output a bit for a better looking, HTML-safe output
echo htmlentities(
echo htmlspecialchars(
preg_replace('/[\r\n]+/', '', $str),
ENT_QUOTES,
'UTF-8'
@@ -4512,7 +4512,7 @@ class PHPMailer
return call_user_func($advanced, $html);
}
return html_entity_decode(
return htmlspecialchars_decode(
trim(strip_tags(preg_replace('/<(head|title|style|script)[^>]*>.*?<\/\\1>/si', '', $html))),
ENT_QUOTES,
$this->CharSet

View File

@@ -299,7 +299,7 @@ class SMTP
break;
case 'html':
//Cleans up output a bit for a better looking, HTML-safe output
echo gmdate('Y-m-d H:i:s'), ' ', htmlentities(
echo gmdate('Y-m-d H:i:s'), ' ', htmlspecialchars(
preg_replace('/[\r\n]+/', '', $str),
ENT_QUOTES,
'UTF-8'

View File

@@ -307,8 +307,8 @@ class BBCode
$url = $buffer;
}
if(!isset($colorIndex)) $colorIndex =0;
$plist=html_entity_decode($url);
$pnum= count(explode(",",html_entity_decode($url)));
$plist=htmlspecialchars_decode($url);
$pnum= count(explode(",",htmlspecialchars_decode($url)));
//var_dump($colorIndex);
// emit the tag 如果希望题单显示2列修改下面的col-lg-12为col-lg-6
$output = $output . '<div class="col-xs-12 col-lg-12"><div class="panel '.$plist_color[$colorIndex%count($plist_color)].'">'

View File

@@ -9,7 +9,7 @@
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
$tmp_ip=explode(',',$REMOTE_ADDR);
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
}
$sid.=session_id().$ip;
}

View File

@@ -61,11 +61,11 @@ if(isset($_SESSION[$OJ_NAME.'_user_id'])&&isset($OJ_LIMIT_TO_1_IP)&& $OJ_LIMIT_T
if( isset($_SERVER['HTTP_X_FORWARDED_FOR'] )&&!empty( trim( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ){
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
$tmp_ip=explode(',',$REMOTE_ADDR);
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
} else if(isset($_SERVER['HTTP_X_REAL_IP'])&& !empty( trim( $_SERVER['HTTP_X_REAL_IP'] ) ) ){
$REMOTE_ADDR = $_SERVER['HTTP_X_REAL_IP'];
$tmp_ip=explode(',',$REMOTE_ADDR);
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
}
$sql="select ip from loginlog where user_id=? order by time desc";
$rows=pdo_query($sql,$_SESSION[$OJ_NAME.'_user_id'] );

View File

@@ -16,11 +16,11 @@
if( isset($_SERVER['HTTP_X_FORWARDED_FOR'] )&&!empty( trim( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ){
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
$tmp_ip=explode(',',$REMOTE_ADDR);
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
} else if(isset($_SERVER['HTTP_X_REAL_IP'])&& !empty( trim( $_SERVER['HTTP_X_REAL_IP'] ) ) ){
$REMOTE_ADDR = $_SERVER['HTTP_X_REAL_IP'];
$tmp_ip=explode(',',$REMOTE_ADDR);
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
}
if(isset($OJ_EXAM_CONTEST_ID)&&intval($OJ_EXAM_CONTEST_ID)>0){ //考试模式
$ccid=$OJ_EXAM_CONTEST_ID;

View File

@@ -56,7 +56,7 @@ function create_subdomain($user_id,$template="bs3",$friendly="0"){
$CONF_FILE=realpath(dirname(__FILE__)."/../")."/SaaS/$user_id.".$DOMAIN.".php";
//if ($user_id=="zhblue") echo "<textarea>".$sql."</textarea>";
// echo "<pre>".htmlentities($CONF_STR);
// echo "<pre>".htmlspecialchars($CONF_STR);
// echo "</pre>".$CONF_FILE;
mkdir($FARMBASE."/$user_id/run0",0755,true);
mkdir($FARMBASE."/$user_id/data",0700,true);
@@ -75,7 +75,7 @@ function create_subdomain($user_id,$template="bs3",$friendly="0"){
$CONF_FILE=$FARMBASE."/".$user_id."/etc/judge.conf";
// echo "<pre>".htmlentities($CONF_STR);
// echo "<pre>".htmlspecialchars($CONF_STR);
// echo "</pre>".$CONF_FILE;
file_put_contents($CONF_FILE,$CONF_STR);
@@ -87,7 +87,7 @@ grant {
';
$CONF_FILE=$FARMBASE."/".$user_id."/etc/java0.policy";
// echo "<pre>".htmlentities($CONF_STR);
// echo "<pre>".htmlspecialchars($CONF_STR);
// echo "</pre>".$CONF_FILE;
file_put_contents($CONF_FILE,$CONF_STR);
$DB_NAME="jol_".$user_id;

View File

@@ -82,18 +82,18 @@ class online{
$tmp_ip=explode(',',$REMOTE_ADDR);
$this->ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
$this->ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
}
if(isset($_SESSION[$OJ_NAME.'_'.'user_id']))
$this->ua = htmlentities($_SESSION[$OJ_NAME.'_'.'user_id'],ENT_QUOTES,"UTF-8");
$this->ua = htmlspecialchars($_SESSION[$OJ_NAME.'_'.'user_id'],ENT_QUOTES,"UTF-8");
else
$this->ua ="guest";
$this->ua .= "@".htmlentities($_SERVER['HTTP_USER_AGENT'],ENT_QUOTES,"UTF-8");
$this->ua .= "@".htmlspecialchars($_SERVER['HTTP_USER_AGENT'],ENT_QUOTES,"UTF-8");
$this->uri = ($_SERVER['PHP_SELF']);
if(isset($_SERVER['HTTP_REFERER'])){
$this->refer = (htmlentities($_SERVER['HTTP_REFERER'],ENT_QUOTES,"UTF-8"));
$this->refer = (htmlspecialchars($_SERVER['HTTP_REFERER'],ENT_QUOTES,"UTF-8"));
}
$this->hash = md5(session_id().$this->ip);

View File

@@ -43,13 +43,13 @@ function pdo_query($sql){
}catch(PDOException $e){
// echo "<span class=red>".$e->getMessage()."</span>"; // open this line to debug SQL fail problems
// $view_errors="SQL:".$sql."\n".$e->getMessage();
// echo htmlentities($view_errors."\n\n");
// echo htmlspecialchars($view_errors."\n\n");
GLOBAL $MSG_UPDATE_DATABASE,$MSG_HELP_UPDATE_DATABASE;
GLOBAL $POP_UPED,$OJ_NAME,$_SESSION;
if(!$POP_UPED&&isset($_SESSION[$OJ_NAME.'_administrator'])){
echo " $MSG_HELP_UPDATE_DATABASE <a href='/admin/update_db.php'>$MSG_UPDATE_DATABASE</a>。";
$view_errors="SQL:".$sql."\n".$e->getMessage();
echo htmlentities($view_errors."\n\n");
echo htmlspecialchars($view_errors."\n\n");
$POP_UPED=true;
}

View File

@@ -5,7 +5,7 @@ function addproblem($title, $time_limit, $memory_limit, $description, $input, $o
//echo $sql;
$pid = pdo_query($sql, $title, $time_limit, $memory_limit, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj);
echo "New Problem:<a target=_blank href='../problem.php?id=$pid'>$pid ".htmlentities($title,ENT_QUOTES)."</a> added!<br>";
echo "New Problem:<a target=_blank href='../problem.php?id=$pid'>$pid ".htmlspecialchars($title,ENT_QUOTES)."</a> added!<br>";
if (isset($_POST['contest_id']) && intval($_POST['contest_id'])>0) {
$cid = intval($_POST['contest_id']);

View File

@@ -58,7 +58,7 @@ function do_submit_one($remote_site,$username,$password,$sid){
}else{
$sid=explode("\n",$data);
$sid=intval($sid[1]);
echo htmlentities($data)."--".$sid;
echo htmlspecialchars($data)."--".$sid;
}
return $sid;
}
@@ -108,7 +108,7 @@ function do_result_one($remote_site,$username,$password,$sid,$rid){
echo "previous submission failed , pending another submiting ";
return -1;
}
echo "<br>==".htmlentities($html)."==";
echo "<br>==".htmlspecialchars($html)."==";
if($data[2]=="Waiting"||$data[2]=="Judging"){
$sql="update solution set result=17,judgetime=now() where solution_id=?";
pdo_query($sql,$sid);

View File

@@ -23,7 +23,7 @@ function do_login($remote_site,$username,$password){
);
//echo "try login...";
$data=curl_post_urlencoded($remote_site.'/userloginex.php?action=login&cid=0&notice=0',$form);
//echo htmlentities($remote_site.'/login');
//echo htmlspecialchars($remote_site.'/login');
if(str_contains($data,"No such user or wrong password.")) return false;
else return true;
}
@@ -222,7 +222,7 @@ if(isset($_POST[$OJ_NAME.'_refer'])){
do_submit($remote_site,$remote_user);
}
//echo (htmlentities(curl_get($remote_site."/login0.php")));
//echo (htmlspecialchars(curl_get($remote_site."/login0.php")));
if (!is_login($remote_site)){
var_dump(do_login($remote_site,$remote_user,$remote_pass));
}else{

View File

@@ -20,7 +20,7 @@ function do_login($remote_site,$username,$password){
// );
//echo "try login...";
// $data=curl_post_urlencoded($remote_site.'/userloginex.php?action=login&cid=0&notice=0',$form);
//echo htmlentities($remote_site.'/login');
//echo htmlspecialchars($remote_site.'/login');
// if(str_contains($data,"No such user or wrong password.")) return false;
return true;
}
@@ -247,7 +247,7 @@ if(isset($_POST[$OJ_NAME.'_refer'])){
do_submit($remote_site,$remote_user);
}
//echo (htmlentities(curl_get($remote_site."/login0.php")));
//echo (htmlspecialchars(curl_get($remote_site."/login0.php")));
if (!is_login($remote_site)){
var_dump(do_login($remote_site,$remote_user,$remote_pass));
}else{

View File

@@ -26,7 +26,7 @@ function do_login($remote_site,$username,$password){
);
//echo "try login...";
$data=curl_post_urlencoded($remote_site.'/login',$form);
//echo htmlentities($remote_site.'/login');
//echo htmlspecialchars($remote_site.'/login');
if(str_contains($data,"Password")) return false;
else return true;
}