htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -121,7 +121,7 @@ if(isset($_POST['startdate'])){
$password = $row['password'];
$langmask = $row['langmask'];
$description = $row['description'];
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
$plist = "";
$sql = "SELECT `problem_id` FROM `contest_problem` WHERE `contest_id`=? ORDER BY `num`";
@@ -173,7 +173,7 @@ if(isset($_POST['startdate'])){
<p align=left>
<?php echo "<h4>".$MSG_CONTEST."-".$MSG_Description."</h4>"?>
<textarea class=kindeditor rows=13 name=description cols=80>
<?php echo htmlentities($description,ENT_QUOTES,'UTF-8')?>
<?php echo htmlspecialchars($description,ENT_QUOTES,'UTF-8')?>
</textarea>
<br>
<table width="100%">
@@ -206,7 +206,7 @@ if(isset($_POST['startdate'])){
<option value=1 <?php echo $private=='1'?'selected=selected':''?>><?php echo $MSG_Private?></option>
</select>
<?php echo $MSG_CONTEST."-".$MSG_PASSWORD?>:
<input type=text name=password style="width:150px;" value='<?php echo htmlentities($password,ENT_QUOTES,'utf-8')?>'>
<input type=text name=password style="width:150px;" value='<?php echo htmlspecialchars($password,ENT_QUOTES,'utf-8')?>'>
</p>
</td>
</tr>

View File

@@ -56,7 +56,7 @@ if(isset($_POST['news_id'])){
$row = $result[0];
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
$content = $row['content'];
}
?>
@@ -68,7 +68,7 @@ if(isset($_POST['news_id'])){
</p>
<p align=left>
<textarea class=kindeditor name=content>
<?php echo htmlentities($content,ENT_QUOTES,"UTF-8")?>
<?php echo htmlspecialchars($content,ENT_QUOTES,"UTF-8")?>
</textarea>
</p>
<?php require_once("../include/set_post_key.php");?>

View File

@@ -30,7 +30,7 @@ if (isset($_POST['do'])) {
$sql = "insert into `privilege`(user_id,rightstr,valuestr,defunct) values(?,?,?,'N')";
$rows = pdo_query($sql,$user_id,$rightstr,$valuestr);
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
}
?>
@@ -41,9 +41,9 @@ if (isset($_POST['do'])) {
<div class="form-group">
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
<?php if(isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else if(isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
<?php } ?>
@@ -100,9 +100,9 @@ if (isset($_POST['do'])) {
<div class="form-group">
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
<?php if(isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else if(isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
<?php } ?>
@@ -135,9 +135,9 @@ if (isset($_POST['do'])) {
<div class="form-group">
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
<?php if(isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else if(isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
<?php } ?>

View File

@@ -59,11 +59,11 @@ $_SESSION[$OJ_NAME.'_'."p$pid"]=true;
$loj_id=intval($_POST['loj_id']);
//print_r($_POST);
echo "<br>".$loj_id."<br>";
echo htmlentities("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
echo htmlspecialchars("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
echo system("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
echo system("/home/judge/src/install/ans2out $OJ_DATA/$pid/");
echo "<br>";
echo htmlentities("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
echo htmlspecialchars("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
echo system("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
echo system("/usr/bin/loj.ac $OJ_DATA/$pid");
echo "<br>";

View File

@@ -34,38 +34,38 @@ include_once("kindeditor.php") ;
<input type=hidden name=problem_id value='<?php echo $row['problem_id']?>'>
<p align=left>
<center><h3>
<?php echo $row['problem_id']?>: <input class="input input-xxlarge" style='width:90%' type=text name=title value='<?php echo htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>'>
<?php echo $row['problem_id']?>: <input class="input input-xxlarge" style='width:90%' type=text name=title value='<?php echo htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>'>
</h3></center>
</p>
<p align=left>
<?php echo $MSG_Time_Limit?><br>
<input class="input input-mini" type=text name=time_limit size=20 value='<?php echo htmlentities($row['time_limit'],ENT_QUOTES,"UTF-8")?>'> Sec<br><br>
<input class="input input-mini" type=text name=time_limit size=20 value='<?php echo htmlspecialchars($row['time_limit'],ENT_QUOTES,"UTF-8")?>'> Sec<br><br>
<?php echo $MSG_Memory_Limit?><br>
<input class="input input-mini" type=text name=memory_limit size=20 value='<?php echo htmlentities($row['memory_limit'],ENT_QUOTES,"UTF-8")?>'> MB<br><br>
<input class="input input-mini" type=text name=memory_limit size=20 value='<?php echo htmlspecialchars($row['memory_limit'],ENT_QUOTES,"UTF-8")?>'> MB<br><br>
</p>
<p align=left>
<?php echo "<h4>".$MSG_Description."</h4>"?>
<textarea class="kindeditor" rows=13 name=description cols=80><?php echo htmlentities($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea class="kindeditor" rows=13 name=description cols=80><?php echo htmlspecialchars($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
</p>
<p align=left>
<?php echo "<h4>".$MSG_Input."</h4>"?>
<textarea class="kindeditor" rows=13 name=input cols=80><?php echo htmlentities($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea class="kindeditor" rows=13 name=input cols=80><?php echo htmlspecialchars($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
</p>
<p align=left>
<?php echo "<h4>".$MSG_Output."</h4>"?>
<textarea class="kindeditor" rows=13 name=output cols=80><?php echo htmlentities($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea class="kindeditor" rows=13 name=output cols=80><?php echo htmlspecialchars($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
</p>
<p align=left>
<?php echo "<h4>".$MSG_Sample_Input."</h4>"?>
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_input><?php echo htmlentities($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_input><?php echo htmlspecialchars($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
</p>
<p align=left>
<?php echo "<h4>".$MSG_Sample_Output."</h4>"?>
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_output><?php echo htmlentities($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_output><?php echo htmlspecialchars($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
</p>
<p align=left>
<?php echo "<h4>".$MSG_HINT."</h4>"?>
<textarea class="kindeditor" rows=13 name=hint cols=80><?php echo htmlentities($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea class="kindeditor" rows=13 name=hint cols=80><?php echo htmlspecialchars($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
</p>
<p>
<?php echo "<h4>".$MSG_SPJ."</h4>"?>
@@ -75,7 +75,7 @@ include_once("kindeditor.php") ;
</p>
<p align=left>
<?php echo "<h4>".$MSG_SOURCE."</h4>"?>
<textarea name=source style="width:100%;" rows=1><?php echo htmlentities($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
<textarea name=source style="width:100%;" rows=1><?php echo htmlspecialchars($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
</p>
<div align=center>
<?php require_once("../include/set_post_key.php");?>

View File

@@ -106,7 +106,7 @@ function getSolution($pid,$lang){
return $ret;
}
function fixurl($img_url){
$img_url= html_entity_decode( $img_url,ENT_QUOTES,"UTF-8");
$img_url= htmlspecialchars_decode( $img_url,ENT_QUOTES,"UTF-8");
if (substr($img_url,0,4)!="http"){
if(substr($img_url,0,1)=="/"){

View File

@@ -38,7 +38,7 @@ if (!(isset($_SESSION[$OJ_NAME.'_'.'administrator']))){
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
$tmp_ip=explode(',',$REMOTE_ADDR);
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
}
$sql="INSERT INTO `users`("."`user_id`,`email`,`ip`,`accesstime`,`password`,`reg_time`,`nick`,`school`)".
"VALUES(?,?,?,NOW(),?,NOW(),?,?)on DUPLICATE KEY UPDATE `email`=?,`ip`=?,`accesstime`=NOW(),`password`=?,`reg_time`=now(),nick=?,`school`=?";

View File

@@ -15,7 +15,7 @@ if(isset($_POST['user_id'])){
$ip=$_POST['ip'];
$sql="insert into loginlog (user_id,password,ip,time) value(?,?,?,now())";
$result=pdo_query($sql,$user_id,"set ip by ".$_SESSION[$OJ_NAME."_user_id"],$ip);
echo "$MSG_USER ".htmlentities($user_id)." $MSG_SET_LOGIN_IP : ".htmlentities($ip);
echo "$MSG_USER ".htmlspecialchars($user_id)." $MSG_SET_LOGIN_IP : ".htmlspecialchars($ip);
}
?>
<form action=user_set_ip.php class=center method="post">