htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -102,7 +102,7 @@ if (isset($_SESSION[$OJ_NAME . '_' . 'administrator'])) { //all problems
pdo_query("SET sort_buffer_size = 1024*1024"); // Out of sort memory, consider increasing server sort buffer size
$sql = "SELECT `problem_id`,`title`,`source`,`submit`,`accepted`,defunct FROM problem A WHERE $filter_sql $order_by $limit_sql ";
$count_sql = "SELECT count(1) from problem where $filter_sql ";
//echo htmlentities( $sql);
//echo htmlspecialchars( $sql);
if (isset($_GET['search']) && trim($_GET['search']) != "") {
$total = pdo_query($count_sql, $search, $search);
$cnt = $total[0][0] / $page_cnt;
@@ -155,7 +155,7 @@ foreach ($result as $row) {
if ($label_theme == "")
$label_theme = "default";
$view_problemset[$i][3] .= "<a title='" . htmlentities($cat, ENT_QUOTES, 'UTF-8') . "' class='label label-$label_theme' style='display: inline-block;' href='problemset.php?search=" . htmlentities(urlencode($cat), ENT_QUOTES, 'UTF-8') . "'>" . mb_substr($cat, 0, 10, 'utf8') . "</a>&nbsp;";
$view_problemset[$i][3] .= "<a title='" . htmlspecialchars($cat, ENT_QUOTES, 'UTF-8') . "' class='label label-$label_theme' style='display: inline-block;' href='problemset.php?search=" . htmlspecialchars(urlencode($cat), ENT_QUOTES, 'UTF-8') . "'>" . mb_substr($cat, 0, 10, 'utf8') . "</a>&nbsp;";
}
$view_problemset[$i][3] .= "</div >";