htmlentities -> htmlspecialchars
This commit is contained in:
@@ -920,7 +920,7 @@ class PHPMailer
|
||||
break;
|
||||
case 'html':
|
||||
//Cleans up output a bit for a better looking, HTML-safe output
|
||||
echo htmlentities(
|
||||
echo htmlspecialchars(
|
||||
preg_replace('/[\r\n]+/', '', $str),
|
||||
ENT_QUOTES,
|
||||
'UTF-8'
|
||||
@@ -4512,7 +4512,7 @@ class PHPMailer
|
||||
return call_user_func($advanced, $html);
|
||||
}
|
||||
|
||||
return html_entity_decode(
|
||||
return htmlspecialchars_decode(
|
||||
trim(strip_tags(preg_replace('/<(head|title|style|script)[^>]*>.*?<\/\\1>/si', '', $html))),
|
||||
ENT_QUOTES,
|
||||
$this->CharSet
|
||||
|
||||
@@ -299,7 +299,7 @@ class SMTP
|
||||
break;
|
||||
case 'html':
|
||||
//Cleans up output a bit for a better looking, HTML-safe output
|
||||
echo gmdate('Y-m-d H:i:s'), ' ', htmlentities(
|
||||
echo gmdate('Y-m-d H:i:s'), ' ', htmlspecialchars(
|
||||
preg_replace('/[\r\n]+/', '', $str),
|
||||
ENT_QUOTES,
|
||||
'UTF-8'
|
||||
|
||||
@@ -307,8 +307,8 @@ class BBCode
|
||||
$url = $buffer;
|
||||
}
|
||||
if(!isset($colorIndex)) $colorIndex =0;
|
||||
$plist=html_entity_decode($url);
|
||||
$pnum= count(explode(",",html_entity_decode($url)));
|
||||
$plist=htmlspecialchars_decode($url);
|
||||
$pnum= count(explode(",",htmlspecialchars_decode($url)));
|
||||
//var_dump($colorIndex);
|
||||
// emit the tag 如果希望题单显示2列,修改下面的col-lg-12为col-lg-6
|
||||
$output = $output . '<div class="col-xs-12 col-lg-12"><div class="panel '.$plist_color[$colorIndex%count($plist_color)].'">'
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
$sid.=session_id().$ip;
|
||||
}
|
||||
|
||||
@@ -61,11 +61,11 @@ if(isset($_SESSION[$OJ_NAME.'_user_id'])&&isset($OJ_LIMIT_TO_1_IP)&& $OJ_LIMIT_T
|
||||
if( isset($_SERVER['HTTP_X_FORWARDED_FOR'] )&&!empty( trim( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
} else if(isset($_SERVER['HTTP_X_REAL_IP'])&& !empty( trim( $_SERVER['HTTP_X_REAL_IP'] ) ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_REAL_IP'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
$sql="select ip from loginlog where user_id=? order by time desc";
|
||||
$rows=pdo_query($sql,$_SESSION[$OJ_NAME.'_user_id'] );
|
||||
|
||||
@@ -16,11 +16,11 @@
|
||||
if( isset($_SERVER['HTTP_X_FORWARDED_FOR'] )&&!empty( trim( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
} else if(isset($_SERVER['HTTP_X_REAL_IP'])&& !empty( trim( $_SERVER['HTTP_X_REAL_IP'] ) ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_REAL_IP'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
if(isset($OJ_EXAM_CONTEST_ID)&&intval($OJ_EXAM_CONTEST_ID)>0){ //考试模式
|
||||
$ccid=$OJ_EXAM_CONTEST_ID;
|
||||
|
||||
@@ -56,7 +56,7 @@ function create_subdomain($user_id,$template="bs3",$friendly="0"){
|
||||
|
||||
$CONF_FILE=realpath(dirname(__FILE__)."/../")."/SaaS/$user_id.".$DOMAIN.".php";
|
||||
//if ($user_id=="zhblue") echo "<textarea>".$sql."</textarea>";
|
||||
// echo "<pre>".htmlentities($CONF_STR);
|
||||
// echo "<pre>".htmlspecialchars($CONF_STR);
|
||||
// echo "</pre>".$CONF_FILE;
|
||||
mkdir($FARMBASE."/$user_id/run0",0755,true);
|
||||
mkdir($FARMBASE."/$user_id/data",0700,true);
|
||||
@@ -75,7 +75,7 @@ function create_subdomain($user_id,$template="bs3",$friendly="0"){
|
||||
|
||||
|
||||
$CONF_FILE=$FARMBASE."/".$user_id."/etc/judge.conf";
|
||||
// echo "<pre>".htmlentities($CONF_STR);
|
||||
// echo "<pre>".htmlspecialchars($CONF_STR);
|
||||
// echo "</pre>".$CONF_FILE;
|
||||
file_put_contents($CONF_FILE,$CONF_STR);
|
||||
|
||||
@@ -87,7 +87,7 @@ grant {
|
||||
';
|
||||
|
||||
$CONF_FILE=$FARMBASE."/".$user_id."/etc/java0.policy";
|
||||
// echo "<pre>".htmlentities($CONF_STR);
|
||||
// echo "<pre>".htmlspecialchars($CONF_STR);
|
||||
// echo "</pre>".$CONF_FILE;
|
||||
file_put_contents($CONF_FILE,$CONF_STR);
|
||||
$DB_NAME="jol_".$user_id;
|
||||
|
||||
@@ -82,18 +82,18 @@ class online{
|
||||
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
|
||||
$this->ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$this->ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
|
||||
}
|
||||
|
||||
if(isset($_SESSION[$OJ_NAME.'_'.'user_id']))
|
||||
$this->ua = htmlentities($_SESSION[$OJ_NAME.'_'.'user_id'],ENT_QUOTES,"UTF-8");
|
||||
$this->ua = htmlspecialchars($_SESSION[$OJ_NAME.'_'.'user_id'],ENT_QUOTES,"UTF-8");
|
||||
else
|
||||
$this->ua ="guest";
|
||||
$this->ua .= "@".htmlentities($_SERVER['HTTP_USER_AGENT'],ENT_QUOTES,"UTF-8");
|
||||
$this->ua .= "@".htmlspecialchars($_SERVER['HTTP_USER_AGENT'],ENT_QUOTES,"UTF-8");
|
||||
$this->uri = ($_SERVER['PHP_SELF']);
|
||||
if(isset($_SERVER['HTTP_REFERER'])){
|
||||
$this->refer = (htmlentities($_SERVER['HTTP_REFERER'],ENT_QUOTES,"UTF-8"));
|
||||
$this->refer = (htmlspecialchars($_SERVER['HTTP_REFERER'],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
$this->hash = md5(session_id().$this->ip);
|
||||
|
||||
|
||||
@@ -43,13 +43,13 @@ function pdo_query($sql){
|
||||
}catch(PDOException $e){
|
||||
// echo "<span class=red>".$e->getMessage()."</span>"; // open this line to debug SQL fail problems
|
||||
// $view_errors="SQL:".$sql."\n".$e->getMessage();
|
||||
// echo htmlentities($view_errors."\n\n");
|
||||
// echo htmlspecialchars($view_errors."\n\n");
|
||||
GLOBAL $MSG_UPDATE_DATABASE,$MSG_HELP_UPDATE_DATABASE;
|
||||
GLOBAL $POP_UPED,$OJ_NAME,$_SESSION;
|
||||
if(!$POP_UPED&&isset($_SESSION[$OJ_NAME.'_administrator'])){
|
||||
echo " $MSG_HELP_UPDATE_DATABASE <a href='/admin/update_db.php'>$MSG_UPDATE_DATABASE</a>。";
|
||||
$view_errors="SQL:".$sql."\n".$e->getMessage();
|
||||
echo htmlentities($view_errors."\n\n");
|
||||
echo htmlspecialchars($view_errors."\n\n");
|
||||
$POP_UPED=true;
|
||||
}
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ function addproblem($title, $time_limit, $memory_limit, $description, $input, $o
|
||||
//echo $sql;
|
||||
$pid = pdo_query($sql, $title, $time_limit, $memory_limit, $description, $input, $output, $sample_input, $sample_output, $hint, $source, $spj);
|
||||
|
||||
echo "New Problem:<a target=_blank href='../problem.php?id=$pid'>$pid ".htmlentities($title,ENT_QUOTES)."</a> added!<br>";
|
||||
echo "New Problem:<a target=_blank href='../problem.php?id=$pid'>$pid ".htmlspecialchars($title,ENT_QUOTES)."</a> added!<br>";
|
||||
|
||||
if (isset($_POST['contest_id']) && intval($_POST['contest_id'])>0) {
|
||||
$cid = intval($_POST['contest_id']);
|
||||
|
||||
@@ -58,7 +58,7 @@ function do_submit_one($remote_site,$username,$password,$sid){
|
||||
}else{
|
||||
$sid=explode("\n",$data);
|
||||
$sid=intval($sid[1]);
|
||||
echo htmlentities($data)."--".$sid;
|
||||
echo htmlspecialchars($data)."--".$sid;
|
||||
}
|
||||
return $sid;
|
||||
}
|
||||
@@ -108,7 +108,7 @@ function do_result_one($remote_site,$username,$password,$sid,$rid){
|
||||
echo "previous submission failed , pending another submiting ";
|
||||
return -1;
|
||||
}
|
||||
echo "<br>==".htmlentities($html)."==";
|
||||
echo "<br>==".htmlspecialchars($html)."==";
|
||||
if($data[2]=="Waiting"||$data[2]=="Judging"){
|
||||
$sql="update solution set result=17,judgetime=now() where solution_id=?";
|
||||
pdo_query($sql,$sid);
|
||||
|
||||
@@ -23,7 +23,7 @@ function do_login($remote_site,$username,$password){
|
||||
);
|
||||
//echo "try login...";
|
||||
$data=curl_post_urlencoded($remote_site.'/userloginex.php?action=login&cid=0¬ice=0',$form);
|
||||
//echo htmlentities($remote_site.'/login');
|
||||
//echo htmlspecialchars($remote_site.'/login');
|
||||
if(str_contains($data,"No such user or wrong password.")) return false;
|
||||
else return true;
|
||||
}
|
||||
@@ -222,7 +222,7 @@ if(isset($_POST[$OJ_NAME.'_refer'])){
|
||||
do_submit($remote_site,$remote_user);
|
||||
}
|
||||
|
||||
//echo (htmlentities(curl_get($remote_site."/login0.php")));
|
||||
//echo (htmlspecialchars(curl_get($remote_site."/login0.php")));
|
||||
if (!is_login($remote_site)){
|
||||
var_dump(do_login($remote_site,$remote_user,$remote_pass));
|
||||
}else{
|
||||
|
||||
@@ -20,7 +20,7 @@ function do_login($remote_site,$username,$password){
|
||||
// );
|
||||
//echo "try login...";
|
||||
// $data=curl_post_urlencoded($remote_site.'/userloginex.php?action=login&cid=0¬ice=0',$form);
|
||||
//echo htmlentities($remote_site.'/login');
|
||||
//echo htmlspecialchars($remote_site.'/login');
|
||||
// if(str_contains($data,"No such user or wrong password.")) return false;
|
||||
return true;
|
||||
}
|
||||
@@ -247,7 +247,7 @@ if(isset($_POST[$OJ_NAME.'_refer'])){
|
||||
do_submit($remote_site,$remote_user);
|
||||
}
|
||||
|
||||
//echo (htmlentities(curl_get($remote_site."/login0.php")));
|
||||
//echo (htmlspecialchars(curl_get($remote_site."/login0.php")));
|
||||
if (!is_login($remote_site)){
|
||||
var_dump(do_login($remote_site,$remote_user,$remote_pass));
|
||||
}else{
|
||||
|
||||
@@ -26,7 +26,7 @@ function do_login($remote_site,$username,$password){
|
||||
);
|
||||
//echo "try login...";
|
||||
$data=curl_post_urlencoded($remote_site.'/login',$form);
|
||||
//echo htmlentities($remote_site.'/login');
|
||||
//echo htmlspecialchars($remote_site.'/login');
|
||||
if(str_contains($data,"Password")) return false;
|
||||
else return true;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user