htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -8,13 +8,13 @@
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
</head>
<body>
<h1>Balloon Ticket</h1>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "Problem ".$PID[$view_pid]."<br>";
if(isset($_GET['fb']) && intval($_GET['fb'])==1){
echo "Balloon Color: <font color='".$ball_color[$view_pid]."'>".$ball_name[$view_pid]." First Blood! </font><br>";

View File

@@ -305,7 +305,7 @@
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "</td>";
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
$usolved = $U[$i]->solved;
echo "<td class='text-center'><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";

View File

@@ -304,7 +304,7 @@
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "</td>";
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
$usolved = $U[$i]->solved;
echo "<td class='text-center'><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";
@@ -355,7 +355,7 @@
<div class="ui list">
<?php
foreach($absent as $a){
$uid=htmlentities($a['user_id'],ENT_QUOTES,"UTF-8");
$uid=htmlspecialchars($a['user_id'],ENT_QUOTES,"UTF-8");
echo "<a href='userinfo.php?user=".$uid."' >$uid</a> &nbsp;";
}
?>

View File

@@ -50,7 +50,7 @@ $usolved=$U[$i]->solved;
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
else echo"<td>";
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
echo "<td>".sec2str($U[$i]->time);
for ($j=0;$j<$pid_cnt;$j++){

View File

@@ -28,7 +28,7 @@
<tr align='center'>
<td>
<form class=form-inline method=post action=contest.php>
<input class="form-control" name=keyword value="<?php if(isset($_POST['keyword'])) echo htmlentities($_POST['keyword'],ENT_QUOTES,"UTF-8")?>" placeholder="<?php echo $MSG_CONTEST_NAME?>">
<input class="form-control" name=keyword value="<?php if(isset($_POST['keyword'])) echo htmlspecialchars($_POST['keyword'],ENT_QUOTES,"UTF-8")?>" placeholder="<?php echo $MSG_CONTEST_NAME?>">
<button class="form-control" type=submit><?php echo $MSG_SEARCH?></button>
<a href="contest.php" ><?php echo $MSG_VIEW_ALL_CONTESTS ?></a>
</form>

View File

@@ -189,7 +189,7 @@ public class Main{
</font>
</center>
<hr>
this page can be replaced by add a news which titled "<?php echo htmlentities($faqs_name,ENT_QUOTES,"UTF-8")?>";
this page can be replaced by add a news which titled "<?php echo htmlspecialchars($faqs_name,ENT_QUOTES,"UTF-8")?>";
<hr>
<center>

View File

@@ -31,14 +31,14 @@ if($view_content)
echo "<center>
<table>
<tr>
<td class=blue>$from_user -&gt; $to_user[".htmlentities(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
<td class=blue>$from_user -&gt; $to_user[".htmlspecialchars(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
</tr>
<tr><td><pre>". htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
<tr><td><pre>". htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
</td></tr>
</table></center>";
?>
<table><form method=post action=mail.php>
<tr><td>From:<?php echo htmlentities($from_user,ENT_QUOTES,"UTF-8")?>
<tr><td>From:<?php echo htmlspecialchars($from_user,ENT_QUOTES,"UTF-8")?>
To:<input name=to_user size=10 value="<?php if ($from_user==$_SESSION[$OJ_NAME.'_user_id']||$from_user=="") echo $to_user ;else echo $from_user;?>">
Title:<input name=title size=20 value="<?php echo $title?>">
<input type=submit value=<?php echo $MSG_SUBMIT?>></td>

View File

@@ -35,7 +35,7 @@
</div>
<div class="form-group">
<label class="col-sm-4 control-label"><?php echo $MSG_NICK?></label>
<div class="col-sm-4"><input name="nick" class="form-control" value="<?php echo htmlentities($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
<div class="col-sm-4"><input name="nick" class="form-control" value="<?php echo htmlspecialchars($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
</div>
<div class="form-group">
<label class="col-sm-4 control-label"><?php echo $MSG_PASSWORD?></label>
@@ -51,12 +51,12 @@
</div>
<div class="form-group">
<label class="col-sm-4 control-label"><?php echo $MSG_SCHOOL?></label>
<div class="col-sm-4"><input name="school" class="form-control" value="<?php echo htmlentities($row['school'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
<div class="col-sm-4"><input name="school" class="form-control" value="<?php echo htmlspecialchars($row['school'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
<?php if(isset($_SESSION[$OJ_NAME."_printer"])) echo "$MSG_HELP_BALLOON_SCHOOL";?>
</div>
<div class="form-group">
<label class="col-sm-4 control-label"><?php echo $MSG_EMAIL?></label>
<div class="col-sm-4"><input name="email" class="form-control" value="<?php echo htmlentities($row['email'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
<div class="col-sm-4"><input name="email" class="form-control" value="<?php echo htmlspecialchars($row['email'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
</div>
<div class="form-group">
<label class="col-sm-4 control-label"><?php echo $MSG_REFRESH_PRIVILEGE?></label>

View File

@@ -8,7 +8,7 @@
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
</head>
<body>
<link href='<?php echo $OJ_CDN_URL?>highlight/styles/shCore.css' rel='stylesheet' type='text/css'/>
@@ -27,9 +27,9 @@ function draw(){
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
<input onclick="location.href='printer.php?id=<?php echo $id?>';" type="button" value="<?php echo $MSG_PRINT_DONE?>"><br>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
?>
<input onclick="draw()" type="button" value="Line Number">
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">

View File

@@ -203,7 +203,7 @@
$hash_num=hexdec(substr(md5($cat),0,7));
$label_theme=$color_theme[$hash_num%count($color_theme)];
if($label_theme=="") $label_theme="default";
echo "<a class='label label-$label_theme' style='display: inline-block;' href='problemset.php?search=".urlencode(htmlentities($cat,ENT_QUOTES,'utf-8'))."'>".htmlentities($cat,ENT_QUOTES,'utf-8')."</a>&nbsp;";
echo "<a class='label label-$label_theme' style='display: inline-block;' href='problemset.php?search=".urlencode(htmlspecialchars($cat,ENT_QUOTES,'utf-8'))."'>".htmlspecialchars($cat,ENT_QUOTES,'utf-8')."</a>&nbsp;";
}?>
</div>

View File

@@ -44,7 +44,7 @@ if(!isset($_GET['ajax'])){
$start = $page > $section ? $page - $section : 1;
$end = $page + $section > $view_total_page ? $view_total_page : $page + $section;
for ( $i = $start; $i <= $end; $i++ ) {
echo "<li class='" . ( $page == $i ? "active " : "" ) . "page-item'> <a href='problemset.php?page=" . $i .htmlentities($postfix,ENT_QUOTES,'UTF-8'). "'>" . $i . "</a></li>";
echo "<li class='" . ( $page == $i ? "active " : "" ) . "page-item'> <a href='problemset.php?page=" . $i .htmlspecialchars($postfix,ENT_QUOTES,'UTF-8'). "'>" . $i . "</a></li>";
}
?>
<li class="page-item"><a href="problemset.php?page=<?php echo $view_total_page?>">&gt;&gt;</a>

View File

@@ -31,7 +31,7 @@
<tr align='center'>
<td>
<form class=form-inline action=ranklist.php>
<input class="form-control" name='prefix' value="<?php echo htmlentities(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" placeholder="<?php echo $MSG_USER?>">
<input class="form-control" name='prefix' value="<?php echo htmlspecialchars(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" placeholder="<?php echo $MSG_USER?>">
<button class="form-control" type='submit'><?php echo $MSG_SEARCH?></button>
</form>
</td>
@@ -90,10 +90,10 @@
echo "<center>";
$qs="";
if(isset($_GET['prefix'])){
$qs.="&prefix=".htmlentities($_GET['prefix'],ENT_QUOTES,"utf-8");
$qs.="&prefix=".htmlspecialchars($_GET['prefix'],ENT_QUOTES,"utf-8");
}
if(isset($scope)){
$qs.="&scope=".htmlentities($scope,ENT_QUOTES,"utf-8");
$qs.="&scope=".htmlspecialchars($scope,ENT_QUOTES,"utf-8");
}
for($i = 0; $i <$view_total ; $i += $page_size) {

View File

@@ -48,7 +48,7 @@
<br>
</span>
<pre id="code" cols=180 rows=20 class="ace_editor" style="min-height:600px;width: 80%"><textarea id="source" class="ace_text-input"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea></pre>
<pre id="code" cols=180 rows=20 class="ace_editor" style="min-height:600px;width: 80%"><textarea id="source" class="ace_text-input"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea></pre>
<?php if(!$readOnly){?>
<button class="btn btn-info" type="button" onclick="submitCode()"><?php echo $MSG_SUBMIT?></button>
<?php } ?>

View File

@@ -49,7 +49,7 @@ SyntaxHighlighter.all();
<?php
if ($ok==true){
if($view_user_id!=$_SESSION[$OJ_NAME.'_'.'user_id'])
echo "<a href='mail.php?to_user=".htmlentities($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
echo "<a href='mail.php?to_user=".htmlspecialchars($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
$brush=strtolower($language_name[$slanguage]);
if ($brush=='pascal') $brush='delphi';
if ($brush=='obj-c') $brush='c';
@@ -68,7 +68,7 @@ echo "\tMemory:".$smemory." kb\n";
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
}else{
echo $MSG_WARNING_ACCESS_DENIED ;
}

View File

@@ -19,7 +19,7 @@ echo "\tMemory:".$smemory." kb\n";
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
}else{
echo $MSG_WARNING_ACCESS_DENIED;
}

View File

@@ -78,10 +78,10 @@
<?php if($OJ_ACE_EDITOR){
if (isset($OJ_TEST_RUN)&&$OJ_TEST_RUN) $height="400px";else $height="550px";
?>
<pre style="width:80%;height:<?php echo $height?>;font-size:13pt" cols=180 rows=20 id="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></pre>
<pre style="width:80%;height:<?php echo $height?>;font-size:13pt" cols=180 rows=20 id="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></pre>
<input type=hidden id="hide_source" name="source" value=""/>
<?php }else{ ?>
<textarea style="width:80%;height:600" cols=180 rows=20 id="source" name="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea>
<textarea style="width:80%;height:600" cols=180 rows=20 id="source" name="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea>
<?php }?>
<?php if (isset($OJ_TEST_RUN)&&$OJ_TEST_RUN){?>

View File

@@ -101,7 +101,7 @@
<?php
if ($result2=="changed")
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed to ".$ip."</h4></center>";
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed to ".$ip."</h4></center>";
else
echo "<center><h4 class='text-danger'>Login IP Change</h4></center>";
?>
@@ -111,9 +111,9 @@
<div class="form-group">
<label class="col-sm-offset-2 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
<?php if(isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else if(isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
<?php } ?>
@@ -122,7 +122,7 @@
<div class="form-group">
<label class="col-sm-offset-2 col-sm-3 control-label"><?php echo "New IP"?></label>
<?php if(isset($_POST['ip'])) { ?>
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlentities($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlspecialchars($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="ip" class="form-control" placeholder="<?php echo "?.?.?.?*"?>" type="text" autocomplete="off" required ></div>
<?php } ?>

View File

@@ -29,7 +29,7 @@
<center>
<table class="table table-striped" id=statics width=70%>
<caption>
<?php echo $user."--".htmlentities($nick,ENT_QUOTES,"UTF-8")?>
<?php echo $user."--".htmlspecialchars($nick,ENT_QUOTES,"UTF-8")?>
<?php
echo "<a href=mail.php?to_user=$user>$MSG_MAIL</a>";
?>

View File

@@ -7,8 +7,8 @@
<div class="content">
<h1>Balloon Ticket</h1>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "Problem ".$PID[$view_pid]."<br>";
if(isset($_GET['fb']) && intval($_GET['fb'])==1){
echo "Balloon Color: <font color='".$ball_color[$view_pid]."'>".$ball_name[$view_pid]." First Blood! </font><br>";

View File

@@ -176,7 +176,7 @@
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "</td>";
echo "<td><a href=userinfo.php?user=$uuid>" . htmlentities($U[$i]->nick, ENT_QUOTES, "UTF-8") . "</a></td>";
echo "<td><a href=userinfo.php?user=$uuid>" . htmlspecialchars($U[$i]->nick, ENT_QUOTES, "UTF-8") . "</a></td>";
$usolved = $U[$i]->solved;
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";

View File

@@ -174,7 +174,7 @@
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "</td>";
echo "<td><a href=userinfo.php?user=$uuid>" . htmlentities($U[$i]->nick, ENT_QUOTES, "UTF-8") . "</a></td>";
echo "<td><a href=userinfo.php?user=$uuid>" . htmlspecialchars($U[$i]->nick, ENT_QUOTES, "UTF-8") . "</a></td>";
$usolved = $U[$i]->solved;
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";

View File

@@ -46,7 +46,7 @@
else
echo "<td>";
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "<td><a href=userinfo.php?user=$uuid>" . htmlentities($U[$i]->nick, ENT_QUOTES, "UTF-8") . "</a>";
echo "<td><a href=userinfo.php?user=$uuid>" . htmlspecialchars($U[$i]->nick, ENT_QUOTES, "UTF-8") . "</a>";
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
echo "<td>" . sec2str($U[$i]->time);
for ($j = 0; $j < $pid_cnt; $j++) {

View File

@@ -96,7 +96,7 @@
<div class="ui action fluid input">
<input type="text" name="keyword"
value="<?php if (isset($_POST['keyword']))
echo htmlentities($_POST['keyword'], ENT_QUOTES, "UTF-8") ?>"
echo htmlspecialchars($_POST['keyword'], ENT_QUOTES, "UTF-8") ?>"
placeholder="<?php echo $MSG_CONTEST_NAME ?>">
<button type=submit class="ui button">
<?php echo $MSG_SEARCH; ?>

View File

@@ -201,7 +201,7 @@ A:Here is a list of the judge's replies and their meaning:<br>
Q:How to attend Online Contests?<br>
A:Can you submit programs for any practice problems on this Online Judge? If you can, then that is the account you use in an online contest. If you can't, then please <a href=registerpage.php>register</a> an id with password first.<br>
</div>
this page can be replaced by add a news which titled "<?php echo htmlentities($faqs_name,ENT_QUOTES,"UTF-8")?>";
this page can be replaced by add a news which titled "<?php echo htmlspecialchars($faqs_name,ENT_QUOTES,"UTF-8")?>";
</div>
</div>
<?php require("./template/bshark/footer.php");?>

View File

@@ -38,7 +38,7 @@
<?php echo $MSG_NICK; ?>
</label>
<input name="nick" placeholder="请<?php echo $MSG_Input; ?><?php echo $MSG_NICK; ?>"
type="text" value="<?php echo htmlentities($row['nick'], ENT_QUOTES, "UTF-8") ?>">
type="text" value="<?php echo htmlspecialchars($row['nick'], ENT_QUOTES, "UTF-8") ?>">
</div>
<div class="field">
<label class="ui header">
@@ -67,7 +67,7 @@
<div class="field">
<label for="username">个性签名</label>
<input name="school" placeholder="请<?php echo $MSG_Input; ?>个性签名" type="text"
value="<?php echo htmlentities($row['school'], ENT_QUOTES, "UTF-8") ?>">
value="<?php echo htmlspecialchars($row['school'], ENT_QUOTES, "UTF-8") ?>">
</div>
<div class="field">
<label for="email">
@@ -75,7 +75,7 @@
<?php echo $MSG_EMAIL; ?>
</label>
<input name="email" placeholder="请<?php echo $MSG_Input; ?><?php echo $MSG_EMAIL; ?>"
type="text" value="<?php echo htmlentities($row['email'], ENT_QUOTES, "UTF-8") ?>">
type="text" value="<?php echo htmlspecialchars($row['email'], ENT_QUOTES, "UTF-8") ?>">
</div>
<?php if ($OJ_VCODE) { ?>
<div class="field">

View File

@@ -162,7 +162,7 @@
echo "<h4>$MSG_Source</h4>";
$cats = explode(" ", $row['source']);
foreach ($cats as $cat) {
echo "<a href='problemset.php?search=" . urlencode(htmlentities($cat, ENT_QUOTES, 'utf-8')) . "'>" . htmlentities($cat, ENT_QUOTES, 'utf-8') . "</a>&nbsp;";
echo "<a href='problemset.php?search=" . urlencode(htmlspecialchars($cat, ENT_QUOTES, 'utf-8')) . "'>" . htmlspecialchars($cat, ENT_QUOTES, 'utf-8') . "</a>&nbsp;";
}
}
?>

View File

@@ -145,7 +145,7 @@
$label_theme = $color_theme[$hash_num % count($color_theme)];
if ($label_theme == "")
$label_theme = "default";
$view_category .= "<a class='badge badge-$label_theme' href='problemset.php?search=" . urlencode(htmlentities($cat, ENT_QUOTES, 'UTF-8')) . "'>" . $cat . "</a>&nbsp;";
$view_category .= "<a class='badge badge-$label_theme' href='problemset.php?search=" . urlencode(htmlspecialchars($cat, ENT_QUOTES, 'UTF-8')) . "'>" . $cat . "</a>&nbsp;";
}
}
echo $view_category;

View File

@@ -33,7 +33,7 @@
<div class="inline field">
<div class="ui action input">
<input type="text" name="prefix"
value="<?php echo htmlentities(isset($_GET['prefix']) ? $_GET['prefix'] : "", ENT_QUOTES, "utf-8") ?>"
value="<?php echo htmlspecialchars(isset($_GET['prefix']) ? $_GET['prefix'] : "", ENT_QUOTES, "utf-8") ?>"
placeholder="<?php echo $MSG_USER ?>">
<button class="ui button">
<?php echo $MSG_SEARCH; ?>
@@ -49,10 +49,10 @@
$nowStart = intval($_GET["start"]);
$qs = "";
if (isset($_GET['prefix'])) {
$qs .= "&prefix=" . htmlentities($_GET['prefix'], ENT_QUOTES, "utf-8");
$qs .= "&prefix=" . htmlspecialchars($_GET['prefix'], ENT_QUOTES, "utf-8");
}
if (isset($scope)) {
$qs .= "&scope=" . htmlentities($scope, ENT_QUOTES, "utf-8");
$qs .= "&scope=" . htmlspecialchars($scope, ENT_QUOTES, "utf-8");
}
for ($i = 0; $i < $view_total; $i += $page_size) {

View File

@@ -69,7 +69,7 @@ $color = array(
if ($ok != true)
echo $MSG_WARNING_ACCESS_DENIED;
else
echo htmlentities(str_replace("\n\r", "\n", $view_source), ENT_QUOTES, "utf-8") . "\n" . $auth;
echo htmlspecialchars(str_replace("\n\r", "\n", $view_source), ENT_QUOTES, "utf-8") . "\n" . $auth;
echo "</div></div></code></pre>";
?>
</div>

File diff suppressed because one or more lines are too long

View File

@@ -26,11 +26,11 @@
<div style="">
<?php if ($OJ_ACE_EDITOR) { ?>
<pre style="width:100%;height:600px;font-size:15px" cols=180 rows=20
id="source"><?php echo htmlentities($view_src, ENT_QUOTES, "UTF-8") ?></pre><br>
id="source"><?php echo htmlspecialchars($view_src, ENT_QUOTES, "UTF-8") ?></pre><br>
<input form="frmSolution" type=hidden id="hide_source" name="source" value="" />
<?php } else { ?>
<textarea form="frmSolution" style="width:100%;height:600px" cols=180 rows=20 id="source"
name="source"><?php echo htmlentities($view_src, ENT_QUOTES, "UTF-8") ?></textarea><br>
name="source"><?php echo htmlspecialchars($view_src, ENT_QUOTES, "UTF-8") ?></textarea><br>
<?php } ?>
</div>
</div>

View File

@@ -67,11 +67,11 @@
</label>
<?php if (isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control"
value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>"
value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>"
type="text" required></div>
<?php } else if (isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control"
value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>"
value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>"
type="text" required></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control"
@@ -85,7 +85,7 @@
</label>
<?php if (isset($_POST['ip'])) { ?>
<div class="col-sm-3"><input name="ip" class="form-control"
value="<?php echo htmlentities($_POST['ip'], ENT_QUOTES, 'UTF-8') ?>"
value="<?php echo htmlspecialchars($_POST['ip'], ENT_QUOTES, 'UTF-8') ?>"
type="text" autocomplete="off" required></div>
<?php } else { ?>
<div class="col-sm-3"><input name="ip" class="form-control"
@@ -105,7 +105,7 @@
<?php
if ($result2 == "changed")
echo "<h2 style='color:#db2828'>User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Login IP Changed to " . $ip . "</h2>";
echo "<h2 style='color:#db2828'>User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Login IP Changed to " . $ip . "</h2>";
else
echo "<h2 style='color:#db2828'>Login IP Change</h2>";
?>

View File

@@ -8,13 +8,13 @@
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
</head>
<body>
<h1>Balloon Ticket</h1>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "Problem ".$PID[$view_pid]."<br>";
if(isset($_GET['fb']) && intval($_GET['fb'])==1){
echo "Balloon Color: <font color='".$ball_color[$view_pid]."'>".$ball_name[$view_pid]." First Blood! </font><br>";

View File

@@ -347,7 +347,7 @@ if (isset($_GET['cid'])) {
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "</td>";
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
$usolved = $U[$i]->solved;
echo "<td class='text-center'><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";

View File

@@ -341,7 +341,7 @@
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "</td>";
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
$usolved = $U[$i]->solved;
echo "<td class='text-center'><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";

View File

@@ -50,7 +50,7 @@ $usolved=$U[$i]->solved;
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
else echo"<td>";
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
echo "<td>".sec2str($U[$i]->time);
for ($j=0;$j<$pid_cnt;$j++){

View File

@@ -13,7 +13,7 @@
<form method="post" action="contest.php">
<div class="mdui-textfield" align="center" style="width: 100%">
<input class="mdui-textfield-input" type="text" name="keyword" placeholder="竟赛/作业名称"
value="<?php echo htmlentities($_POST['keyword'], ENT_QUOTES, "UTF-8")?>"
value="<?php echo htmlspecialchars($_POST['keyword'], ENT_QUOTES, "UTF-8")?>"
style="width: calc(70% - 40px); display: inline-block;">
<button class="mdui-btn mdui-btn-icon" type="sumbit">
<i class="mdui-icon material-icons" style="top: 35%; left: 40%;">search</i>

View File

@@ -188,7 +188,7 @@ public class Main{
</font>
</center>
<hr>
this page can be replaced by add a news which titled "<?php echo htmlentities($faqs_name,ENT_QUOTES,"UTF-8")?>";
this page can be replaced by add a news which titled "<?php echo htmlspecialchars($faqs_name,ENT_QUOTES,"UTF-8")?>";
<hr>
<center>

View File

@@ -31,14 +31,14 @@ if($view_content)
echo "<center>
<table>
<tr>
<td class=blue>$from_user -&gt; $to_user[".htmlentities(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
<td class=blue>$from_user -&gt; $to_user[".htmlspecialchars(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
</tr>
<tr><td><pre>". htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
<tr><td><pre>". htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
</td></tr>
</table></center>";
?>
<table><form method=post action=mail.php>
<tr><td>From:<?php echo htmlentities($from_user,ENT_QUOTES,"UTF-8")?>
<tr><td>From:<?php echo htmlspecialchars($from_user,ENT_QUOTES,"UTF-8")?>
To:<input name=to_user size=10 value="<?php if ($from_user==$_SESSION[$OJ_NAME.'_user_id']||$from_user=="") echo $to_user ;else echo $from_user;?>">
Title:<input name=title size=20 value="<?php echo $title?>">
<input type=submit value=<?php echo $MSG_SUBMIT?>></td>

View File

@@ -38,7 +38,7 @@
style="width: calc(100% - 50px); display: inline-block; margin-left: 45px;">
<label class="mdui-textfield-label">昵称</label>
<input class="mdui-textfield-input" id="nick" name="nick"
value="<?php echo htmlentities($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text" required />
value="<?php echo htmlspecialchars($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text" required />
<div class="mdui-textfield-error">请输入昵称</div>
</div>
</div>
@@ -88,7 +88,7 @@
style="width: calc(100% - 50px); display: inline-block; margin-left: 45px;">
<label class="mdui-textfield-label">邮箱</label>
<input class="mdui-textfield-input" id="email" name="email"
type="email" value="<?php echo htmlentities($row['email'],ENT_QUOTES,"UTF-8")?>"/>
type="email" value="<?php echo htmlspecialchars($row['email'],ENT_QUOTES,"UTF-8")?>"/>
<div class="mdui-textfield-error">请输入一个合法的邮箱</div>
</div>
</div>
@@ -100,7 +100,7 @@
style="width: calc(100% - 50px); display: inline-block; margin-left: 45px;">
<label class="mdui-textfield-label">个性签名</label>
<input class="mdui-textfield-input" id="school" name="school" type="text"
value="<?php echo htmlentities($row['school'], ENT_QUOTES, "UTF-8")?>" />
value="<?php echo htmlspecialchars($row['school'], ENT_QUOTES, "UTF-8")?>" />
</div>
</div>
<div class="mdui-card-actions mdui-m-t-4">

View File

@@ -8,7 +8,7 @@
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
</head>
<body>
<link href='<?php echo $OJ_CDN_URL?>highlight/styles/shCore.css' rel='stylesheet' type='text/css'/>
@@ -27,9 +27,9 @@ function draw(){
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
<input onclick="location.href='printer.php?id=<?php echo $id?>';" type="button" value="<?php echo $MSG_PRINT_DONE?>"><br>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
?>
<input onclick="draw()" type="button" value="Line Number">
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">

View File

@@ -64,7 +64,7 @@
<label class="mdui-textfield-label">题目搜索</label>
<input class="mdui-textfield-input" name="search" type="text"
style="width: calc(100% - 40px); display: inline-block;"
value="<?php echo htmlentities($_GET["search"], ENT_QUOTES, 'UTF-8'); ?>">
value="<?php echo htmlspecialchars($_GET["search"], ENT_QUOTES, 'UTF-8'); ?>">
<button class="mdui-btn mdui-btn-icon" type="sumbit">
<i class="mdui-icon material-icons" style="top: 35%; left: 40%;">search</i>
</button>

View File

@@ -13,7 +13,7 @@
<form action="ranklist.php">
<div class="mdui-textfield" align="center" style="width: 100%">
<input class="mdui-textfield-input" type="text" name="prefix" placeholder="用户"
value="<?php echo htmlentities($_GET["prefix"], ENT_QUOTES, "UTF-8")?>"
value="<?php echo htmlspecialchars($_GET["prefix"], ENT_QUOTES, "UTF-8")?>"
style="width: calc(50% - 40px); display: inline-block;">
<button class="mdui-btn mdui-btn-icon" type="sumbit">
<i class="mdui-icon material-icons" style="top: 35%; left: 40%;">search</i>
@@ -66,10 +66,10 @@
$qs="";
$nstart=isset($_GET["start"])?intval($_GET["start"]):0;
if(isset($_GET['prefix'])){
$qs.="&prefix=".htmlentities($_GET['prefix'],ENT_QUOTES,"utf-8");
$qs.="&prefix=".htmlspecialchars($_GET['prefix'],ENT_QUOTES,"utf-8");
}
if(isset($scope)){
$qs.="&scope=".htmlentities($scope,ENT_QUOTES,"utf-8");
$qs.="&scope=".htmlspecialchars($scope,ENT_QUOTES,"utf-8");
}
for($i = 0; $i <$view_total ; $i += $page_size) {
echo '<a class="mdui-btn'.($i == $nstart?" mdui-btn-active":"").'" href="./ranklist.php?start='.strval ( $i ).$qs. '">'

View File

@@ -53,7 +53,7 @@
<br>
</span>
<pre id="code" cols=180 rows=20 class="ace_editor" style="min-height:600px;width: 80%"><textarea id="source" class="ace_text-input"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea></pre>
<pre id="code" cols=180 rows=20 class="ace_editor" style="min-height:600px;width: 80%"><textarea id="source" class="ace_text-input"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea></pre>
<?php if(!$readOnly){?>
<button class="btn btn-info" type="button" onclick="submitCode()"><?php echo $MSG_SUBMIT?></button>
<?php } ?>

View File

@@ -15,7 +15,7 @@
<?php
if ($ok==true){
if($view_user_id!=$_SESSION[$OJ_NAME.'_'.'user_id'])
echo "<a href='mail.php?to_user=".htmlentities($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
echo "<a href='mail.php?to_user=".htmlspecialchars($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
$brush=strtolower($language_name[$slanguage]);
if ($brush=='pascal') $brush='delphi';
if ($brush=='obj-c') $brush='c';
@@ -35,7 +35,7 @@
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</code></pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</code></pre>";
} else {
echo $MSG_WARNING_ACCESS_DENIED ;
}

View File

@@ -19,7 +19,7 @@ echo "\tMemory:".$smemory." kb\n";
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</code></pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</code></pre>";
}else{
echo $MSG_WARNING_ACCESS_DENIED;
}

View File

@@ -58,11 +58,11 @@
<?php if($OJ_ACE_EDITOR) { ?>
<pre style="width: 90%; height: 600; font-size: 13pt;" cols=180 rows=20
id="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></pre>
id="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></pre>
<input type=hidden id="hide_source" name="source" value="" />
<?php } else { ?>
<textarea style="width:80%; height:600" cols=180 rows=20 id="source"
name="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea>
name="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea>
<?php }?>
<?php if (isset($OJ_TEST_RUN) && $OJ_TEST_RUN){?>

View File

@@ -93,7 +93,7 @@
<div class="mdui-card mdui-col-sm-6" style="text-align: left;">
<div class="mdui-card-primary">
<?php if ($result2 == "changed") { ?>
<script> mdui.alert("成功将用户 <?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?> 的登录 IP 修改为 <?php echo $ip; ?> ."); </script>
<script> mdui.alert("成功将用户 <?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?> 的登录 IP 修改为 <?php echo $ip; ?> ."); </script>
<?php } ?>
<div class="mdui-card-primary-title" style="text-align: center">指定登录 IP</div>
<!-- <div class="mdui-card-primary-subtitle"></div> -->
@@ -110,10 +110,10 @@
<label class="mdui-textfield-label">用户名</label>
<?php if (isset($_POST["user_id"])) { ?>
<input class="mdui-textfield-input" name="user_id" type="text"
value="<?php echo htmlentities($_POST["user_id"], ENT_QUOTES, 'UTF-8'); ?>" required />
value="<?php echo htmlspecialchars($_POST["user_id"], ENT_QUOTES, 'UTF-8'); ?>" required />
<?php } else if (isset($_GET["user_id"])) { ?>
<input class="mdui-textfield-input" name="user_id" type="text"
value="<?php echo htmlentities($_GET["user_id"],ENT_QUOTES,'UTF-8') ; ?>" required />
value="<?php echo htmlspecialchars($_GET["user_id"],ENT_QUOTES,'UTF-8') ; ?>" required />
<?php } else { ?>
<input class="mdui-textfield-input" name="user_id" type="text" required />
<?php } ?>

View File

@@ -7,8 +7,8 @@
<div class="content">
<h1>Balloon Ticket</h1>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "Problem ".$PID[$view_pid]."<br>";
if(isset($_GET['fb']) && intval($_GET['fb'])==1){
echo "Balloon Color: <font color='".$ball_color[$view_pid]."'>".$ball_name[$view_pid]." First Blood! </font><br>";

View File

@@ -70,11 +70,11 @@
echo "</td>";
echo "<td>";
echo htmlentities($U[$i]->nick, ENT_QUOTES, "UTF-8");
echo htmlspecialchars($U[$i]->nick, ENT_QUOTES, "UTF-8");
echo "</td>";
echo "<td>";
echo htmlentities($U[$i]->solved, ENT_QUOTES, "UTF-8");
echo htmlspecialchars($U[$i]->solved, ENT_QUOTES, "UTF-8");
echo "</td>";
echo "<td>";

View File

@@ -70,7 +70,7 @@
echo "</td>";
echo "<td>";
echo "<a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "</td>";
echo "<td>";
@@ -153,7 +153,7 @@
<div class="ui list">
<?php
foreach($absent as $a){
$uid=htmlentities($a['user_id'],ENT_QUOTES,"UTF-8");
$uid=htmlspecialchars($a['user_id'],ENT_QUOTES,"UTF-8");
echo "<a href='userinfo.php?user=".$uid."' >$uid</a> &nbsp;";
}
?>

View File

@@ -50,7 +50,7 @@ $usolved=$U[$i]->solved;
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
else echo"<td>";
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
echo "<td>".sec2str($U[$i]->time);
for ($j=0;$j<$pid_cnt;$j++){

View File

@@ -67,7 +67,7 @@
echo "</td>";
echo "<td>";
echo "<a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "</td>";
echo "<td>";

View File

@@ -65,11 +65,11 @@
echo "</td>";
echo "<td>";
echo htmlentities($U[$i]->nick, ENT_QUOTES, "UTF-8");
echo htmlspecialchars($U[$i]->nick, ENT_QUOTES, "UTF-8");
echo "</td>";
echo "<td>";
echo htmlentities($U[$i]->solved, ENT_QUOTES, "UTF-8");
echo htmlspecialchars($U[$i]->solved, ENT_QUOTES, "UTF-8");
echo "</td>";
echo "<td>";

View File

@@ -44,7 +44,7 @@ if($NOIP_flag[0]==0)$view_month_rank=mysql_query_cache("select user_id,nick,coun
<?php
foreach ( $view_month_rank as $row ) {
echo "<tr>".
"<td><a target='_blank' href='userinfo.php?user=".htmlentities($row[0],ENT_QUOTES,"UTF-8")."'>".htmlentities($row[0],ENT_QUOTES,"UTF-8")."</a></td>".
"<td><a target='_blank' href='userinfo.php?user=".htmlspecialchars($row[0],ENT_QUOTES,"UTF-8")."'>".htmlspecialchars($row[0],ENT_QUOTES,"UTF-8")."</a></td>".
"<td>".($row[1])."</td>".
"<td>".($row[2])."</td>".
"</tr>";

View File

@@ -8,14 +8,14 @@ if($view_content)
echo "<center>
<table>
<tr>
<td class=blue>$from_user -&gt; $to_user [".htmlentities(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
<td class=blue>$from_user -&gt; $to_user [".htmlspecialchars(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
</tr>
<tr><td><pre>". htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
<tr><td><pre>". htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
</td></tr>
</table></center>";
?>
<table><form method=post action=mail.php>
<tr><td>From:<?php echo htmlentities($from_user,ENT_QUOTES,"UTF-8")?>
<tr><td>From:<?php echo htmlspecialchars($from_user,ENT_QUOTES,"UTF-8")?>
To:<input name=to_user size=10 value="<?php if ($from_user==$_SESSION[$OJ_NAME.'_user_id']||$from_user=="") echo $to_user ;else echo $from_user;?>">
Title:<input name=title size=20 value="<?php echo $title?>">
<input type=submit value=<?php echo $MSG_SUBMIT?>></td>

View File

@@ -12,7 +12,7 @@
<?php require_once('./include/set_post_key.php');?>
<div class="field">
<label for="username"><?php echo $MSG_NICK?>*</label>
<input name="nick" placeholder="<?php echo $MSG_Input.$MSG_NICK?>" type="text" value="<?php echo htmlentities($row['nick'],ENT_QUOTES,"UTF-8")?>">
<input name="nick" placeholder="<?php echo $MSG_Input.$MSG_NICK?>" type="text" value="<?php echo htmlspecialchars($row['nick'],ENT_QUOTES,"UTF-8")?>">
</div>
<div class="field">
<label class="ui header"><?php echo $MSG_PASSWORD?>*</label>
@@ -30,11 +30,11 @@
</div>
<div class="field">
<label for="username"><?php echo $MSG_SCHOOL?></label>
<input name="school" placeholder="<?php echo $MSG_SCHOOL?>" type="text" value="<?php echo htmlentities($row['school'],ENT_QUOTES,"UTF-8")?>">
<input name="school" placeholder="<?php echo $MSG_SCHOOL?>" type="text" value="<?php echo htmlspecialchars($row['school'],ENT_QUOTES,"UTF-8")?>">
</div>
<div class="field">
<label for="email"><?php echo $MSG_EMAIL?>*</label>
<input name="email" placeholder="<?php echo $MSG_EMAIL?>" type="text" value="<?php echo htmlentities($row['email'],ENT_QUOTES,"UTF-8")?>">
<input name="email" placeholder="<?php echo $MSG_EMAIL?>" type="text" value="<?php echo htmlspecialchars($row['email'],ENT_QUOTES,"UTF-8")?>">
</div>
<?php if($OJ_VCODE){?>
<div class="field">

View File

@@ -8,7 +8,7 @@
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
</head>
<body onload="draw()">
<link href='<?php echo $OJ_CDN_URL?>highlight/styles/shCore.css' rel='stylesheet' type='text/css'/>
@@ -27,9 +27,9 @@ function draw(){
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
<input onclick="location.href='printer.php?id=<?php echo $id?>';" type="button" value="<?php echo $MSG_PRINT_DONE?>"><br>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
?>
<input onclick="draw()" type="button" value="Line Number">
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">

View File

@@ -145,7 +145,7 @@ div[class*=ace_br] {
<div class="row">
<div class="column">
<h4 class="ui top attached block header"><?php echo $MSG_Sample_Input?>
<span class="copy" id="copyin" data-clipboard-text="<?php echo htmlentities($sinput, ENT_QUOTES, 'UTF-8'); ?>"><?php echo $MSG_COPY; ?></span>
<span class="copy" id="copyin" data-clipboard-text="<?php echo htmlspecialchars($sinput, ENT_QUOTES, 'UTF-8'); ?>"><?php echo $MSG_COPY; ?></span>
</h4>
<!-- <span class=copy id=\"copyin\" data-clipboard-text=\"".($sinput)."\"><?php echo $MSG_COPY; ?></span> -->
<div class="ui bottom attached segment font-content">
@@ -159,7 +159,7 @@ div[class*=ace_br] {
<div class="row">
<div class="column">
<h4 class="ui top attached block header"><?php echo $MSG_Sample_Output?>
<span class="copy" id="copyout" data-clipboard-text="<?php echo htmlentities($soutput, ENT_QUOTES, 'UTF-8'); ?>"><?php echo $MSG_COPY; ?></span>
<span class="copy" id="copyout" data-clipboard-text="<?php echo htmlspecialchars($soutput, ENT_QUOTES, 'UTF-8'); ?>"><?php echo $MSG_COPY; ?></span>
</h4>
<!-- <span class=copy id=\"copyout\" data-clipboard-text=\"".($soutput)."\"><?php echo $MSG_COPY; ?></span> -->
<div class="ui bottom attached segment font-content">
@@ -199,11 +199,11 @@ div[class*=ace_br] {
?>
<a href="<?php
if(mb_ereg("^http",$cat)) // remote oj pop links
echo htmlentities($cat,ENT_QUOTES,'utf-8').'" target="_blank' ;
echo htmlspecialchars($cat,ENT_QUOTES,'utf-8').'" target="_blank' ;
else
echo "problemset.php?search=".urlencode(htmlentities($cat,ENT_QUOTES,'utf-8')) ;
echo "problemset.php?search=".urlencode(htmlspecialchars($cat,ENT_QUOTES,'utf-8')) ;
?>" class="ui medium <?php echo $label_theme; ?> label">
<?php echo htmlentities($cat,ENT_QUOTES,'utf-8'); ?>
<?php echo htmlspecialchars($cat,ENT_QUOTES,'utf-8'); ?>
</a>
<?php } ?>

View File

@@ -97,7 +97,7 @@
echo "<h4>$MSG_SOURCE</h4><div class=content>";
$cats=explode(" ",$row['source']);
foreach($cats as $cat){
echo "<a href='problemset.php?search=".htmlentities($cat,ENT_QUOTES,'utf-8')."'>".htmlentities($cat,ENT_QUOTES,'utf-8')."</a>&nbsp;";
echo "<a href='problemset.php?search=".htmlspecialchars($cat,ENT_QUOTES,'utf-8')."'>".htmlspecialchars($cat,ENT_QUOTES,'utf-8')."</a>&nbsp;";
}
echo "</div><br>";
}

View File

@@ -91,7 +91,7 @@
echo "<h4>$MSG_SOURCE</h4><div class=content>";
$cats=explode(" ",$row['source']);
foreach($cats as $cat){
echo "<a href='problemset.php?search=".htmlentities($cat,ENT_QUOTES,'utf-8')."'>".htmlentities($cat,ENT_QUOTES,'utf-8')."</a>&nbsp;";
echo "<a href='problemset.php?search=".htmlspecialchars($cat,ENT_QUOTES,'utf-8')."'>".htmlspecialchars($cat,ENT_QUOTES,'utf-8')."</a>&nbsp;";
}
echo "</div><br>";
}

View File

@@ -9,7 +9,7 @@
<div class="ui search" style="width: 280px; height: 28px; margin-top: -5.3px;float:left ">
<div class="ui left icon input" style="width: 100%; ">
<input class="prompt" style="width: 100%; " type="text" placeholder=" <?php echo $MSG_TITLE;?> …" name="search"
value="<?php if(isset($_GET['search']))echo htmlentities($_GET['search'],ENT_QUOTES,'UTF-8') ?>"
value="<?php if(isset($_GET['search']))echo htmlspecialchars($_GET['search'],ENT_QUOTES,'UTF-8') ?>"
>
<i class="search icon"></i>
@@ -83,15 +83,15 @@
?>
<div style="text-align: center; ">
<div class="ui pagination menu" style="box-shadow: none; ">
<a class="<?php if($page==1) echo "disabled "; ?>icon item" href="<?php if($page<>1) echo "problemset.php?page=".($page-1).htmlentities($postfix,ENT_QUOTES,'UTF-8'); ?>" id="page_prev">
<a class="<?php if($page==1) echo "disabled "; ?>icon item" href="<?php if($page<>1) echo "problemset.php?page=".($page-1).htmlspecialchars($postfix,ENT_QUOTES,'UTF-8'); ?>" id="page_prev">
<i class="left chevron icon"></i>
</a>
<?php
for ($i=$start;$i<=$end;$i++){
echo "<a class=\"".($page==$i?"active ":"")."item\" href=\"problemset.php?page=".$i.htmlentities($postfix,ENT_QUOTES,'UTF-8')."\">".$i."</a>";
echo "<a class=\"".($page==$i?"active ":"")."item\" href=\"problemset.php?page=".$i.htmlspecialchars($postfix,ENT_QUOTES,'UTF-8')."\">".$i."</a>";
}
?>
<a class="<?php if($page==$view_total_page) echo "disabled "; ?> icon item" href="<?php if($page<>$view_total_page) echo "problemset.php?page=".($page+1).htmlentities($postfix,ENT_QUOTES,'UTF-8'); ?>" id="page_next">
<a class="<?php if($page==$view_total_page) echo "disabled "; ?> icon item" href="<?php if($page<>$view_total_page) echo "problemset.php?page=".($page+1).htmlspecialchars($postfix,ENT_QUOTES,'UTF-8'); ?>" id="page_next">
<i class="right chevron icon"></i>
</a>
</div>
@@ -176,15 +176,15 @@
?>
<div style="text-align: center; ">
<div class="ui pagination menu" style="box-shadow: none; ">
<a class="<?php if($page==1) echo "disabled "; ?>icon item" href="<?php if($page<>1) echo "problemset.php?page=".($page-1).htmlentities($postfix,ENT_QUOTES,'UTF-8'); ?>" id="page_prev">
<a class="<?php if($page==1) echo "disabled "; ?>icon item" href="<?php if($page<>1) echo "problemset.php?page=".($page-1).htmlspecialchars($postfix,ENT_QUOTES,'UTF-8'); ?>" id="page_prev">
<i class="left chevron icon"></i>
</a>
<?php
for ($i=$start;$i<=$end;$i++){
echo "<a class=\"".($page==$i?"active ":"")."item\" href=\"problemset.php?page=".$i.htmlentities($postfix,ENT_QUOTES,'UTF-8')."\">".$i."</a>";
echo "<a class=\"".($page==$i?"active ":"")."item\" href=\"problemset.php?page=".$i.htmlspecialchars($postfix,ENT_QUOTES,'UTF-8')."\">".$i."</a>";
}
?>
<a class="<?php if($page==$view_total_page) echo "disabled "; ?> icon item" href="<?php if($page<>$view_total_page) echo "problemset.php?page=".($page+1).htmlentities($postfix,ENT_QUOTES,'UTF-8'); ?>" id="page_next">
<a class="<?php if($page==$view_total_page) echo "disabled "; ?> icon item" href="<?php if($page<>$view_total_page) echo "problemset.php?page=".($page+1).htmlspecialchars($postfix,ENT_QUOTES,'UTF-8'); ?>" id="page_next">
<i class="right chevron icon"></i>
</a>
</div>

View File

@@ -8,11 +8,11 @@
<a href="ranklist.php?scope=y">Year</a>
<form action="ranklist.php" class="ui mini form" method="get" role="form" style="margin-bottom: 25px; text-align: right; ">
<div class="ui action left icon input inline" style="width: 180px; margin-right: 77px; ">
<i class="search icon"></i><input name="prefix" placeholder="<?php echo $MSG_USER?>" type="text" value="<?php echo htmlentities(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>">
<i class="search icon"></i><input name="prefix" placeholder="<?php echo $MSG_USER?>" type="text" value="<?php echo htmlspecialchars(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>">
<button class="ui mini button" type="submit"><?php echo $MSG_SEARCH?></button>
</div>
<div class="ui action left icon input inline" style="width: 180px; margin-right: 77px; ">
<i class="search icon"></i><input name="group_name" placeholder="<?php echo $MSG_GROUP_NAME ?>" type="text" value="<?php echo htmlentities(isset($_GET['group_name']) ? $_GET['group_name'] : "", ENT_QUOTES, "utf-8") ?>">
<i class="search icon"></i><input name="group_name" placeholder="<?php echo $MSG_GROUP_NAME ?>" type="text" value="<?php echo htmlspecialchars(isset($_GET['group_name']) ? $_GET['group_name'] : "", ENT_QUOTES, "utf-8") ?>">
<button class="ui mini button" type="submit"><?php echo $MSG_SEARCH ?></button>
</div>
</form>

View File

@@ -42,7 +42,7 @@ echo "\tMemory:".$smemory." kb\n";
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
}else{
echo "I am sorry, You could not view this code!";
}

View File

@@ -22,7 +22,7 @@ echo "\tMemory:".$smemory." kb\n";
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
}else{
echo "I am sorry, You could not view this code!";
}

View File

@@ -90,11 +90,11 @@ echo"<option value=$i ".( $lastlang==$i?"selected":"").">
else
$height="500px";
?>
<pre style="width:90%;height:<?php echo $height?>" cols=180 rows=16 id="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></pre>
<pre style="width:90%;height:<?php echo $height?>" cols=180 rows=16 id="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></pre>
<input type=hidden id="hide_source" name="source" value=""/>
<?php }else{ ?>
<textarea style="width:80%;height:600" cols=180 rows=30 id="source" name="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea>
<textarea style="width:80%;height:600" cols=180 rows=30 id="source" name="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea>
<?php }
}else{
@@ -146,7 +146,7 @@ echo"<option value=$i ".( $lastlang==$i?"selected":"").">
<textarea style="
width:100%;background-color: white;
" cols=10 rows=5 id="out" name="out" disabled="true" placeholder='<?php echo htmlentities($view_sample_output,ENT_QUOTES,'UTF-8')?>' ></textarea>
" cols=10 rows=5 id="out" name="out" disabled="true" placeholder='<?php echo htmlspecialchars($view_sample_output,ENT_QUOTES,'UTF-8')?>' ></textarea>
</div>
<?php } ?>
<?php if (isset($OJ_TEST_RUN)&&$OJ_TEST_RUN && $spj<=1 && !$solution_name ){?>

View File

@@ -80,7 +80,7 @@
<?php
if ($result2=="changed")
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed to ".$ip."</h4></center>";
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed to ".$ip."</h4></center>";
else
echo "<center><h4 class='text-danger'>Login IP Change</h4></center>";
?>
@@ -90,9 +90,9 @@
<div class="form-group">
<label class="col-sm-offset-2 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
<?php if(isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else if(isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
<?php } ?>
@@ -101,7 +101,7 @@
<div class="form-group">
<label class="col-sm-offset-2 col-sm-3 control-label"><?php echo "New IP"?></label>
<?php if(isset($_POST['ip'])) { ?>
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlentities($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlspecialchars($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="ip" class="form-control" placeholder="<?php echo "?.?.?.?*"?>" type="text" autocomplete="off" required ></div>
<?php } ?>

View File

@@ -8,13 +8,13 @@
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
</head>
<body>
<h1>Balloon Ticket</h1>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "Problem ".$PID[$view_pid]."<br>";
echo "Balloon Color: <font color='".$ball_color[$view_pid]."'>".$ball_name[$view_pid]."</font><br>";
?>

View File

@@ -38,7 +38,7 @@
foreach ($category as $cat){
if(trim($cat)=="") continue;
$my_category.= "<button class=\"layui-btn\"><a class='btn btn-primary' href='problemset.php?search=".htmlentities($cat,ENT_QUOTES,'UTF-8')."'>".$cat."</a></button>";
$my_category.= "<button class=\"layui-btn\"><a class='btn btn-primary' href='problemset.php?search=".htmlspecialchars($cat,ENT_QUOTES,'UTF-8')."'>".$cat."</a></button>";
}
$my_category.= "</div>";

View File

@@ -59,7 +59,7 @@ $usolved=$U[$i]->solved;
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
else echo"<td>";
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
echo "<td>".sec2str($U[$i]->time);
echo "<td>".($U[$i]->total);

View File

@@ -61,7 +61,7 @@ $usolved=$U[$i]->solved;
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
else echo"<td>";
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
echo "<td>".sec2str($U[$i]->time);
for ($j=0;$j<$pid_cnt;$j++){

View File

@@ -48,7 +48,7 @@ $usolved=$U[$i]->solved;
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
else echo"<td>";
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
echo "<td>".sec2str($U[$i]->time);
for ($j=0;$j<$pid_cnt;$j++){

View File

@@ -31,9 +31,9 @@ if($view_content)
echo "<center>
<table>
<tr>
<td class=blue>$to_user:".htmlentities(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." </td>
<td class=blue>$to_user:".htmlspecialchars(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." </td>
</tr>
<tr><td><pre>". htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
<tr><td><pre>". htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
</td></tr>
</table></center>";
?>

View File

@@ -35,7 +35,7 @@
</div>
<div class="form-group">
<label class="col-sm-4 control-label"><?php echo $MSG_NICK?></label>
<div class="col-sm-4"><input name="nick" class="form-control" value="<?php echo htmlentities($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
<div class="col-sm-4"><input name="nick" class="form-control" value="<?php echo htmlspecialchars($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
</div>
<div class="form-group">
<label class="col-sm-4 control-label"><?php echo $MSG_PASSWORD?></label>
@@ -51,12 +51,12 @@
</div>
<div class="form-group">
<label class="col-sm-4 control-label"><?php echo $MSG_SCHOOL?></label>
<div class="col-sm-4"><input name="school" class="form-control" value="<?php echo htmlentities($row['school'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
<div class="col-sm-4"><input name="school" class="form-control" value="<?php echo htmlspecialchars($row['school'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
<?php if(isset($_SESSION[$OJ_NAME."_printer"])) echo "$MSG_HELP_BALLOON_SCHOOL";?>
</div>
<div class="form-group">
<label class="col-sm-4 control-label"><?php echo $MSG_EMAIL?></label>
<div class="col-sm-4"><input name="email" class="form-control" value="<?php echo htmlentities($row['email'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
<div class="col-sm-4"><input name="email" class="form-control" value="<?php echo htmlspecialchars($row['email'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
</div>
<div class="form-group">

View File

@@ -8,7 +8,7 @@
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
</head>
<body>
<link href='<?php echo $OJ_CDN_URL?>highlight/styles/shCore.css' rel='stylesheet' type='text/css'/>
@@ -27,9 +27,9 @@ function draw(){
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
<input onclick="location.href='printer.php?id=<?php echo $id?>';" type="button" value="<?php echo $MSG_PRINT_DONE?>"><br>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
?>
<input onclick="draw()" type="button" value="Line Number">
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">

View File

@@ -91,7 +91,7 @@
echo "<h4>$MSG_SOURCE</h4><div class=content>";
$cats=explode(" ",$row['source']);
foreach($cats as $cat){
echo "<a href='problemset.php?search=".urlencode(htmlentities($cat,ENT_QUOTES,'utf-8'))."'>".htmlentities($cat,ENT_QUOTES,'utf-8')."</a>&nbsp;";
echo "<a href='problemset.php?search=".urlencode(htmlspecialchars($cat,ENT_QUOTES,'utf-8'))."'>".htmlspecialchars($cat,ENT_QUOTES,'utf-8')."</a>&nbsp;";
}
echo "</div><br>";
}

View File

@@ -27,7 +27,7 @@
<div class="jumbotron">
<tr><td colspan=3 align=left >
<form class="form-inline" action="ranklist.php">
<?php echo $MSG_USER?><input class="form-control" name="prefix" value="<?php echo htmlentities(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" >
<?php echo $MSG_USER?><input class="form-control" name="prefix" value="<?php echo htmlspecialchars(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" >
<input type=submit class="form-control" value=Search >
</form></td><td colspan=3 align=right>
<a href=ranklist.php?scope=d>Day</a>

View File

@@ -48,7 +48,7 @@ SyntaxHighlighter.all();
<?php
if ($ok==true){
if($view_user_id!=$_SESSION[$OJ_NAME.'_'.'user_id'])
echo "<a href='mail.php?to_user=".htmlentities($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
echo "<a href='mail.php?to_user=".htmlspecialchars($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
$brush=strtolower($language_name[$slanguage]);
if ($brush=='pascal') $brush='delphi';
if ($brush=='obj-c') $brush='c';
@@ -66,7 +66,7 @@ echo "\tMemory:".$smemory." kb\n";
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
}else{
echo $MSG_WARNING_ACCESS_DENIED;
}

View File

@@ -18,7 +18,7 @@ echo "\tMemory:".$smemory." kb\n";
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
}else{
echo $MSG_WARNING_ACCESS_DENIED ;
}

View File

@@ -71,10 +71,10 @@ echo"<option value=$i ".( $lastlang==$i?"selected":"").">
<br>
</span>
<?php if($OJ_ACE_EDITOR){ ?>
<pre style="width:80%;height:600" cols=180 rows=20 id="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></pre><br>
<pre style="width:80%;height:600" cols=180 rows=20 id="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></pre><br>
<input type=hidden id="hide_source" name="source" value=""/>
<?php }else{ ?>
<textarea style="width:80%;height:600" cols=180 rows=20 id="source" name="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea style="width:80%;height:600" cols=180 rows=20 id="source" name="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea><br>
<?php }?>
<?php if (isset($OJ_TEST_RUN)&&$OJ_TEST_RUN){?>

View File

@@ -29,7 +29,7 @@
<center>
<table class="table table-striped" id=statics width=70%>
<caption>
<?php echo $user."--".htmlentities($nick,ENT_QUOTES,"UTF-8")?>
<?php echo $user."--".htmlspecialchars($nick,ENT_QUOTES,"UTF-8")?>
<?php
echo "<a href=mail.php?to_user=$user>$MSG_MAIL</a>";
?>

View File

@@ -7,8 +7,8 @@
<div class="content">
<h1>Balloon Ticket</h1>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "Problem ".$PID[$view_pid]."<br>";
if(isset($_GET['fb']) && intval($_GET['fb'])==1){
echo "Balloon Color: <font color='".$ball_color[$view_pid]."'>".$ball_name[$view_pid]." First Blood! </font><br>";

View File

@@ -70,11 +70,11 @@
echo "</td>";
echo "<td>";
echo htmlentities($U[$i]->nick, ENT_QUOTES, "UTF-8");
echo htmlspecialchars($U[$i]->nick, ENT_QUOTES, "UTF-8");
echo "</td>";
echo "<td>";
echo htmlentities($U[$i]->solved, ENT_QUOTES, "UTF-8");
echo htmlspecialchars($U[$i]->solved, ENT_QUOTES, "UTF-8");
echo "</td>";
echo "<td>";

View File

@@ -70,7 +70,7 @@
echo "</td>";
echo "<td>";
echo "<a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "</td>";
echo "<td>";
@@ -153,7 +153,7 @@
<div class="ui list">
<?php
foreach($absent as $a){
$uid=htmlentities($a['user_id'],ENT_QUOTES,"UTF-8");
$uid=htmlspecialchars($a['user_id'],ENT_QUOTES,"UTF-8");
echo "<a href='userinfo.php?user=".$uid."' >$uid</a> &nbsp;";
}
?>

View File

@@ -50,7 +50,7 @@ $usolved=$U[$i]->solved;
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
else echo"<td>";
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
echo "<td>".sec2str($U[$i]->time);
for ($j=0;$j<$pid_cnt;$j++){

View File

@@ -67,7 +67,7 @@
echo "</td>";
echo "<td>";
echo "<a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "</td>";
echo "<td>";

View File

@@ -65,11 +65,11 @@
echo "</td>";
echo "<td>";
echo htmlentities($U[$i]->nick, ENT_QUOTES, "UTF-8");
echo htmlspecialchars($U[$i]->nick, ENT_QUOTES, "UTF-8");
echo "</td>";
echo "<td>";
echo htmlentities($U[$i]->solved, ENT_QUOTES, "UTF-8");
echo htmlspecialchars($U[$i]->solved, ENT_QUOTES, "UTF-8");
echo "</td>";
echo "<td>";

View File

@@ -44,7 +44,7 @@ if($NOIP_flag[0]==0)$view_month_rank=mysql_query_cache("select user_id,nick,coun
<?php
foreach ( $view_month_rank as $row ) {
echo "<tr>".
"<td><a target='_blank' href='userinfo.php?user=".htmlentities($row[0],ENT_QUOTES,"UTF-8")."'>".htmlentities($row[0],ENT_QUOTES,"UTF-8")."</a></td>".
"<td><a target='_blank' href='userinfo.php?user=".htmlspecialchars($row[0],ENT_QUOTES,"UTF-8")."'>".htmlspecialchars($row[0],ENT_QUOTES,"UTF-8")."</a></td>".
"<td>".($row[1])."</td>".
"<td>".($row[2])."</td>".
"</tr>";

View File

@@ -8,14 +8,14 @@ if($view_content)
echo "<center>
<table>
<tr>
<td class=blue>$from_user -&gt; $to_user [".htmlentities(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
<td class=blue>$from_user -&gt; $to_user [".htmlspecialchars(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
</tr>
<tr><td><pre>". htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
<tr><td><pre>". htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
</td></tr>
</table></center>";
?>
<table><form method=post action=mail.php>
<tr><td>From:<?php echo htmlentities($from_user,ENT_QUOTES,"UTF-8")?>
<tr><td>From:<?php echo htmlspecialchars($from_user,ENT_QUOTES,"UTF-8")?>
To:<input name=to_user size=10 value="<?php if ($from_user==$_SESSION[$OJ_NAME.'_user_id']||$from_user=="") echo $to_user ;else echo $from_user;?>">
Title:<input name=title size=20 value="<?php echo $title?>">
<input type=submit value=<?php echo $MSG_SUBMIT?>></td>

View File

@@ -12,7 +12,7 @@
<?php require_once('./include/set_post_key.php');?>
<div class="field">
<label for="username"><?php echo $MSG_NICK?>*</label>
<input disabled="disabled" name="nick" placeholder="<?php echo $MSG_Input.$MSG_NICK?>" type="text" value="<?php echo htmlentities($row['nick'],ENT_QUOTES,"UTF-8")?>">
<input disabled="disabled" name="nick" placeholder="<?php echo $MSG_Input.$MSG_NICK?>" type="text" value="<?php echo htmlspecialchars($row['nick'],ENT_QUOTES,"UTF-8")?>">
</div>
<div class="field">
<label class="ui header"><?php echo $MSG_PASSWORD?>*</label>
@@ -30,11 +30,11 @@
</div>
<div class="field">
<label for="username"><?php echo $MSG_SCHOOL?></label>
<input name="school" placeholder="<?php echo $MSG_SCHOOL?>" type="text" value="<?php echo htmlentities($row['school'],ENT_QUOTES,"UTF-8")?>">
<input name="school" placeholder="<?php echo $MSG_SCHOOL?>" type="text" value="<?php echo htmlspecialchars($row['school'],ENT_QUOTES,"UTF-8")?>">
</div>
<div class="field">
<label for="email"><?php echo $MSG_EMAIL?>*</label>
<input name="email" placeholder="<?php echo $MSG_EMAIL?>" type="text" value="<?php echo htmlentities($row['email'],ENT_QUOTES,"UTF-8")?>">
<input name="email" placeholder="<?php echo $MSG_EMAIL?>" type="text" value="<?php echo htmlspecialchars($row['email'],ENT_QUOTES,"UTF-8")?>">
</div>
<?php if($OJ_VCODE){?>
<div class="field">

View File

@@ -8,7 +8,7 @@
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
</head>
<body onload="draw()">
<link href='<?php echo $OJ_CDN_URL?>highlight/styles/shCore.css' rel='stylesheet' type='text/css'/>
@@ -27,9 +27,9 @@ function draw(){
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
<input onclick="location.href='printer.php?id=<?php echo $id?>';" type="button" value="<?php echo $MSG_PRINT_DONE?>"><br>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
?>
<input onclick="draw()" type="button" value="Line Number">
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">

View File

@@ -171,7 +171,7 @@ div[class*=ace_br] {
<div class="row">
<div class="column">
<h4 class="ui top attached block header"><?php echo $MSG_Sample_Input?>
<span class="copy" id="copyin" data-clipboard-text="<?php echo htmlentities($sinput, ENT_QUOTES, 'UTF-8'); ?>"><?php echo $MSG_COPY; ?></span>
<span class="copy" id="copyin" data-clipboard-text="<?php echo htmlspecialchars($sinput, ENT_QUOTES, 'UTF-8'); ?>"><?php echo $MSG_COPY; ?></span>
</h4>
<!-- <span class=copy id=\"copyin\" data-clipboard-text=\"".($sinput)."\"><?php echo $MSG_COPY; ?></span> -->
<div class="ui bottom attached segment font-content">
@@ -185,7 +185,7 @@ div[class*=ace_br] {
<div class="row">
<div class="column">
<h4 class="ui top attached block header"><?php echo $MSG_Sample_Output?>
<span class="copy" id="copyout" data-clipboard-text="<?php echo htmlentities($soutput, ENT_QUOTES, 'UTF-8'); ?>"><?php echo $MSG_COPY; ?></span>
<span class="copy" id="copyout" data-clipboard-text="<?php echo htmlspecialchars($soutput, ENT_QUOTES, 'UTF-8'); ?>"><?php echo $MSG_COPY; ?></span>
</h4>
<!-- <span class=copy id=\"copyout\" data-clipboard-text=\"".($soutput)."\"><?php echo $MSG_COPY; ?></span> -->
<div class="ui bottom attached segment font-content">
@@ -234,11 +234,11 @@ div[class*=ace_br] {
?>
<a href="<?php
if(mb_ereg("^http",$cat)) // remote oj pop links
echo htmlentities($cat,ENT_QUOTES,'utf-8').'" target="_blank' ;
echo htmlspecialchars($cat,ENT_QUOTES,'utf-8').'" target="_blank' ;
else
echo "problemset.php?search=".urlencode(htmlentities($cat,ENT_QUOTES,'utf-8')) ;
echo "problemset.php?search=".urlencode(htmlspecialchars($cat,ENT_QUOTES,'utf-8')) ;
?>" class="ui medium <?php echo $label_theme; ?> label">
<?php echo htmlentities($cat,ENT_QUOTES,'utf-8'); ?>
<?php echo htmlspecialchars($cat,ENT_QUOTES,'utf-8'); ?>
</a>
<?php } ?>

View File

@@ -10,7 +10,7 @@
<div class="ui left icon input" style="width: 100%; ">
<input class="prompt" style="width: 100%; " type="text" placeholder=" <?php echo $MSG_TITLE; ?> …"
name="search" value="<?php if (isset($_GET['search']))
echo htmlentities($_GET['search'], ENT_QUOTES, 'UTF-8') ?>">
echo htmlspecialchars($_GET['search'], ENT_QUOTES, 'UTF-8') ?>">
<i class="search icon"></i>
</div>
@@ -23,7 +23,7 @@
<div class="ui search" style="width: 120px; height: 28px; margin-top: -5.3px; ">
<div class="ui icon input" style="width: 100%; ">
<input class="prompt" style="width: 100%; " type="text" placeholder="用户ID" name="query_user_id" value="<?php if (isset($_GET['query_user_id']))
echo htmlentities($_GET['query_user_id'], ENT_QUOTES, 'UTF-8') ?>">
echo htmlspecialchars($_GET['query_user_id'], ENT_QUOTES, 'UTF-8') ?>">
<i class="search icon"></i>
</div>
<div class="results" style="width: 100%; "></div>
@@ -95,7 +95,7 @@
function get_href($page, $postfix, $query_user_id)
{
return "problemset.php?page=" . $page .
htmlentities($postfix, ENT_QUOTES, 'UTF-8') .
htmlspecialchars($postfix, ENT_QUOTES, 'UTF-8') .
get_query_user_id($query_user_id);
}
?>

View File

@@ -8,11 +8,11 @@
<a href="ranklist.php?scope=y">Year</a>
<form action="ranklist.php" class="ui mini form" method="get" role="form" style="margin-bottom: 25px; text-align: right; ">
<div class="ui action left icon input inline" style="width: 180px; margin-right: 77px; ">
<i class="search icon"></i><input name="prefix" placeholder="<?php echo $MSG_USER?>" type="text" value="<?php echo htmlentities(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>">
<i class="search icon"></i><input name="prefix" placeholder="<?php echo $MSG_USER?>" type="text" value="<?php echo htmlspecialchars(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>">
<button class="ui mini button" type="submit"><?php echo $MSG_SEARCH?></button>
</div>
<div class="ui action left icon input inline" style="width: 180px; margin-right: 77px; ">
<i class="search icon"></i><input name="group_name" placeholder="<?php echo $MSG_GROUP_NAME ?>" type="text" value="<?php echo htmlentities(isset($_GET['group_name']) ? $_GET['group_name'] : "", ENT_QUOTES, "utf-8") ?>">
<i class="search icon"></i><input name="group_name" placeholder="<?php echo $MSG_GROUP_NAME ?>" type="text" value="<?php echo htmlspecialchars(isset($_GET['group_name']) ? $_GET['group_name'] : "", ENT_QUOTES, "utf-8") ?>">
<button class="ui mini button" type="submit"><?php echo $MSG_SEARCH ?></button>
</div>
</form>

View File

@@ -42,7 +42,7 @@ echo "\tMemory:".$smemory." kb\n";
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
}else{
echo "I am sorry, You could not view this code!";
}

View File

@@ -22,7 +22,7 @@ echo "\tMemory:".$smemory." kb\n";
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
}else{
echo "I am sorry, You could not view this code!";
}

View File

@@ -90,11 +90,11 @@ echo"<option value=$i ".( $lastlang==$i?"selected":"").">
else
$height="500px";
?>
<pre style="width:90%;height:<?php echo $height?>" cols=180 rows=16 id="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></pre>
<pre style="width:90%;height:<?php echo $height?>" cols=180 rows=16 id="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></pre>
<input type=hidden id="hide_source" name="source" value=""/>
<?php }else{ ?>
<textarea style="width:80%;height:600" cols=180 rows=30 id="source" name="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea>
<textarea style="width:80%;height:600" cols=180 rows=30 id="source" name="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea>
<?php }
}else{
@@ -146,7 +146,7 @@ echo"<option value=$i ".( $lastlang==$i?"selected":"").">
<textarea style="
width:100%;background-color: white;
" cols=10 rows=5 id="out" name="out" disabled="true" placeholder='<?php echo htmlentities($view_sample_output,ENT_QUOTES,'UTF-8')?>' ></textarea>
" cols=10 rows=5 id="out" name="out" disabled="true" placeholder='<?php echo htmlspecialchars($view_sample_output,ENT_QUOTES,'UTF-8')?>' ></textarea>
</div>
<?php } ?>
<?php if (isset($OJ_TEST_RUN)&&$OJ_TEST_RUN && $spj<=1 && !$solution_name ){?>

View File

@@ -80,7 +80,7 @@
<?php
if ($result2=="changed")
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed to ".$ip."</h4></center>";
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed to ".$ip."</h4></center>";
else
echo "<center><h4 class='text-danger'>Login IP Change</h4></center>";
?>
@@ -90,9 +90,9 @@
<div class="form-group">
<label class="col-sm-offset-2 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
<?php if(isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else if(isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
<?php } ?>
@@ -101,7 +101,7 @@
<div class="form-group">
<label class="col-sm-offset-2 col-sm-3 control-label"><?php echo "New IP"?></label>
<?php if(isset($_POST['ip'])) { ?>
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlentities($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlspecialchars($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
<?php } else { ?>
<div class="col-sm-3"><input name="ip" class="form-control" placeholder="<?php echo "?.?.?.?*"?>" type="text" autocomplete="off" required ></div>
<?php } ?>