htmlentities -> htmlspecialchars
This commit is contained in:
@@ -121,7 +121,7 @@ if(isset($_POST['startdate'])){
|
||||
$password = $row['password'];
|
||||
$langmask = $row['langmask'];
|
||||
$description = $row['description'];
|
||||
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
|
||||
|
||||
$plist = "";
|
||||
$sql = "SELECT `problem_id` FROM `contest_problem` WHERE `contest_id`=? ORDER BY `num`";
|
||||
@@ -173,7 +173,7 @@ if(isset($_POST['startdate'])){
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_CONTEST."-".$MSG_Description."</h4>"?>
|
||||
<textarea class=kindeditor rows=13 name=description cols=80>
|
||||
<?php echo htmlentities($description,ENT_QUOTES,'UTF-8')?>
|
||||
<?php echo htmlspecialchars($description,ENT_QUOTES,'UTF-8')?>
|
||||
</textarea>
|
||||
<br>
|
||||
<table width="100%">
|
||||
@@ -206,7 +206,7 @@ if(isset($_POST['startdate'])){
|
||||
<option value=1 <?php echo $private=='1'?'selected=selected':''?>><?php echo $MSG_Private?></option>
|
||||
</select>
|
||||
<?php echo $MSG_CONTEST."-".$MSG_PASSWORD?>:
|
||||
<input type=text name=password style="width:150px;" value='<?php echo htmlentities($password,ENT_QUOTES,'utf-8')?>'>
|
||||
<input type=text name=password style="width:150px;" value='<?php echo htmlspecialchars($password,ENT_QUOTES,'utf-8')?>'>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@@ -56,7 +56,7 @@ if(isset($_POST['news_id'])){
|
||||
|
||||
$row = $result[0];
|
||||
|
||||
$title = htmlentities($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$title = htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8");
|
||||
$content = $row['content'];
|
||||
}
|
||||
?>
|
||||
@@ -68,7 +68,7 @@ if(isset($_POST['news_id'])){
|
||||
</p>
|
||||
<p align=left>
|
||||
<textarea class=kindeditor name=content>
|
||||
<?php echo htmlentities($content,ENT_QUOTES,"UTF-8")?>
|
||||
<?php echo htmlspecialchars($content,ENT_QUOTES,"UTF-8")?>
|
||||
</textarea>
|
||||
</p>
|
||||
<?php require_once("../include/set_post_key.php");?>
|
||||
|
||||
@@ -30,7 +30,7 @@ if (isset($_POST['do'])) {
|
||||
|
||||
$sql = "insert into `privilege`(user_id,rightstr,valuestr,defunct) values(?,?,?,'N')";
|
||||
$rows = pdo_query($sql,$user_id,$rightstr,$valuestr);
|
||||
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Privilege Added!</h4></center>";
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -41,9 +41,9 @@ if (isset($_POST['do'])) {
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
@@ -100,9 +100,9 @@ if (isset($_POST['do'])) {
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
@@ -135,9 +135,9 @@ if (isset($_POST['do'])) {
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-3 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
|
||||
@@ -59,11 +59,11 @@ $_SESSION[$OJ_NAME.'_'."p$pid"]=true;
|
||||
$loj_id=intval($_POST['loj_id']);
|
||||
//print_r($_POST);
|
||||
echo "<br>".$loj_id."<br>";
|
||||
echo htmlentities("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
|
||||
echo htmlspecialchars("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
|
||||
echo system("wget https://loj.ac/problem/".$loj_id."/testdata/download -O $OJ_DATA/$pid/data.zip");
|
||||
echo system("/home/judge/src/install/ans2out $OJ_DATA/$pid/");
|
||||
echo "<br>";
|
||||
echo htmlentities("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
|
||||
echo htmlspecialchars("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
|
||||
echo system("unzip $OJ_DATA/$pid/data.zip -d $OJ_DATA/$pid");
|
||||
echo system("/usr/bin/loj.ac $OJ_DATA/$pid");
|
||||
echo "<br>";
|
||||
|
||||
@@ -34,38 +34,38 @@ include_once("kindeditor.php") ;
|
||||
<input type=hidden name=problem_id value='<?php echo $row['problem_id']?>'>
|
||||
<p align=left>
|
||||
<center><h3>
|
||||
<?php echo $row['problem_id']?>: <input class="input input-xxlarge" style='width:90%' type=text name=title value='<?php echo htmlentities($row['title'],ENT_QUOTES,"UTF-8")?>'>
|
||||
<?php echo $row['problem_id']?>: <input class="input input-xxlarge" style='width:90%' type=text name=title value='<?php echo htmlspecialchars($row['title'],ENT_QUOTES,"UTF-8")?>'>
|
||||
</h3></center>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo $MSG_Time_Limit?><br>
|
||||
<input class="input input-mini" type=text name=time_limit size=20 value='<?php echo htmlentities($row['time_limit'],ENT_QUOTES,"UTF-8")?>'> Sec<br><br>
|
||||
<input class="input input-mini" type=text name=time_limit size=20 value='<?php echo htmlspecialchars($row['time_limit'],ENT_QUOTES,"UTF-8")?>'> Sec<br><br>
|
||||
<?php echo $MSG_Memory_Limit?><br>
|
||||
<input class="input input-mini" type=text name=memory_limit size=20 value='<?php echo htmlentities($row['memory_limit'],ENT_QUOTES,"UTF-8")?>'> MB<br><br>
|
||||
<input class="input input-mini" type=text name=memory_limit size=20 value='<?php echo htmlspecialchars($row['memory_limit'],ENT_QUOTES,"UTF-8")?>'> MB<br><br>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Description."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=description cols=80><?php echo htmlentities($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=description cols=80><?php echo htmlspecialchars($row['description'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Input."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=input cols=80><?php echo htmlentities($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=input cols=80><?php echo htmlspecialchars($row['input'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Output."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=output cols=80><?php echo htmlentities($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=output cols=80><?php echo htmlspecialchars($row['output'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Sample_Input."</h4>"?>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_input><?php echo htmlentities($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_input><?php echo htmlspecialchars($row['sample_input'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_Sample_Output."</h4>"?>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_output><?php echo htmlentities($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
<textarea class="input input-large" style="width:100%;" rows=13 name=sample_output><?php echo htmlspecialchars($row['sample_output'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_HINT."</h4>"?>
|
||||
<textarea class="kindeditor" rows=13 name=hint cols=80><?php echo htmlentities($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea class="kindeditor" rows=13 name=hint cols=80><?php echo htmlspecialchars($row['hint'],ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
</p>
|
||||
<p>
|
||||
<?php echo "<h4>".$MSG_SPJ."</h4>"?>
|
||||
@@ -75,7 +75,7 @@ include_once("kindeditor.php") ;
|
||||
</p>
|
||||
<p align=left>
|
||||
<?php echo "<h4>".$MSG_SOURCE."</h4>"?>
|
||||
<textarea name=source style="width:100%;" rows=1><?php echo htmlentities($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
<textarea name=source style="width:100%;" rows=1><?php echo htmlspecialchars($row['source'],ENT_QUOTES,"UTF-8")?></textarea><br><br>
|
||||
</p>
|
||||
<div align=center>
|
||||
<?php require_once("../include/set_post_key.php");?>
|
||||
|
||||
@@ -106,7 +106,7 @@ function getSolution($pid,$lang){
|
||||
return $ret;
|
||||
}
|
||||
function fixurl($img_url){
|
||||
$img_url= html_entity_decode( $img_url,ENT_QUOTES,"UTF-8");
|
||||
$img_url= htmlspecialchars_decode( $img_url,ENT_QUOTES,"UTF-8");
|
||||
|
||||
if (substr($img_url,0,4)!="http"){
|
||||
if(substr($img_url,0,1)=="/"){
|
||||
|
||||
@@ -38,7 +38,7 @@ if (!(isset($_SESSION[$OJ_NAME.'_'.'administrator']))){
|
||||
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
|
||||
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
$tmp_ip=explode(',',$REMOTE_ADDR);
|
||||
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
$ip =(htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
|
||||
}
|
||||
$sql="INSERT INTO `users`("."`user_id`,`email`,`ip`,`accesstime`,`password`,`reg_time`,`nick`,`school`)".
|
||||
"VALUES(?,?,?,NOW(),?,NOW(),?,?)on DUPLICATE KEY UPDATE `email`=?,`ip`=?,`accesstime`=NOW(),`password`=?,`reg_time`=now(),nick=?,`school`=?";
|
||||
|
||||
@@ -15,7 +15,7 @@ if(isset($_POST['user_id'])){
|
||||
$ip=$_POST['ip'];
|
||||
$sql="insert into loginlog (user_id,password,ip,time) value(?,?,?,now())";
|
||||
$result=pdo_query($sql,$user_id,"set ip by ".$_SESSION[$OJ_NAME."_user_id"],$ip);
|
||||
echo "$MSG_USER ".htmlentities($user_id)." $MSG_SET_LOGIN_IP : ".htmlentities($ip);
|
||||
echo "$MSG_USER ".htmlspecialchars($user_id)." $MSG_SET_LOGIN_IP : ".htmlspecialchars($ip);
|
||||
}
|
||||
?>
|
||||
<form action=user_set_ip.php class=center method="post">
|
||||
|
||||
Reference in New Issue
Block a user