htmlentities -> htmlspecialchars
This commit is contained in:
@@ -8,13 +8,13 @@
|
||||
<meta name="author" content="">
|
||||
<link rel="icon" href="../../favicon.ico">
|
||||
|
||||
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Balloon Ticket</h1>
|
||||
<?php
|
||||
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "Problem ".$PID[$view_pid]."<br>";
|
||||
if(isset($_GET['fb']) && intval($_GET['fb'])==1){
|
||||
echo "Balloon Color: <font color='".$ball_color[$view_pid]."'>".$ball_name[$view_pid]." First Blood! </font><br>";
|
||||
|
||||
@@ -305,7 +305,7 @@
|
||||
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
|
||||
echo "</td>";
|
||||
|
||||
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
|
||||
$usolved = $U[$i]->solved;
|
||||
echo "<td class='text-center'><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";
|
||||
|
||||
@@ -304,7 +304,7 @@
|
||||
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
|
||||
echo "</td>";
|
||||
|
||||
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
|
||||
$usolved = $U[$i]->solved;
|
||||
echo "<td class='text-center'><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";
|
||||
@@ -355,7 +355,7 @@
|
||||
<div class="ui list">
|
||||
<?php
|
||||
foreach($absent as $a){
|
||||
$uid=htmlentities($a['user_id'],ENT_QUOTES,"UTF-8");
|
||||
$uid=htmlspecialchars($a['user_id'],ENT_QUOTES,"UTF-8");
|
||||
echo "<a href='userinfo.php?user=".$uid."' >$uid</a> ";
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -50,7 +50,7 @@ $usolved=$U[$i]->solved;
|
||||
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
|
||||
else echo"<td>";
|
||||
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
|
||||
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
|
||||
echo "<td>".sec2str($U[$i]->time);
|
||||
for ($j=0;$j<$pid_cnt;$j++){
|
||||
|
||||
@@ -28,7 +28,7 @@
|
||||
<tr align='center'>
|
||||
<td>
|
||||
<form class=form-inline method=post action=contest.php>
|
||||
<input class="form-control" name=keyword value="<?php if(isset($_POST['keyword'])) echo htmlentities($_POST['keyword'],ENT_QUOTES,"UTF-8")?>" placeholder="<?php echo $MSG_CONTEST_NAME?>">
|
||||
<input class="form-control" name=keyword value="<?php if(isset($_POST['keyword'])) echo htmlspecialchars($_POST['keyword'],ENT_QUOTES,"UTF-8")?>" placeholder="<?php echo $MSG_CONTEST_NAME?>">
|
||||
<button class="form-control" type=submit><?php echo $MSG_SEARCH?></button>
|
||||
<a href="contest.php" ><?php echo $MSG_VIEW_ALL_CONTESTS ?></a>
|
||||
</form>
|
||||
|
||||
@@ -189,7 +189,7 @@ public class Main{
|
||||
</font>
|
||||
</center>
|
||||
<hr>
|
||||
this page can be replaced by add a news which titled "<?php echo htmlentities($faqs_name,ENT_QUOTES,"UTF-8")?>";
|
||||
this page can be replaced by add a news which titled "<?php echo htmlspecialchars($faqs_name,ENT_QUOTES,"UTF-8")?>";
|
||||
<hr>
|
||||
|
||||
<center>
|
||||
|
||||
@@ -31,14 +31,14 @@ if($view_content)
|
||||
echo "<center>
|
||||
<table>
|
||||
<tr>
|
||||
<td class=blue>$from_user -> $to_user[".htmlentities(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
|
||||
<td class=blue>$from_user -> $to_user[".htmlspecialchars(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
|
||||
</tr>
|
||||
<tr><td><pre>". htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
|
||||
<tr><td><pre>". htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
|
||||
</td></tr>
|
||||
</table></center>";
|
||||
?>
|
||||
<table><form method=post action=mail.php>
|
||||
<tr><td>From:<?php echo htmlentities($from_user,ENT_QUOTES,"UTF-8")?>
|
||||
<tr><td>From:<?php echo htmlspecialchars($from_user,ENT_QUOTES,"UTF-8")?>
|
||||
To:<input name=to_user size=10 value="<?php if ($from_user==$_SESSION[$OJ_NAME.'_user_id']||$from_user=="") echo $to_user ;else echo $from_user;?>">
|
||||
Title:<input name=title size=20 value="<?php echo $title?>">
|
||||
<input type=submit value=<?php echo $MSG_SUBMIT?>></td>
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_NICK?></label>
|
||||
<div class="col-sm-4"><input name="nick" class="form-control" value="<?php echo htmlentities($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
<div class="col-sm-4"><input name="nick" class="form-control" value="<?php echo htmlspecialchars($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_PASSWORD?></label>
|
||||
@@ -51,12 +51,12 @@
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_SCHOOL?></label>
|
||||
<div class="col-sm-4"><input name="school" class="form-control" value="<?php echo htmlentities($row['school'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
<div class="col-sm-4"><input name="school" class="form-control" value="<?php echo htmlspecialchars($row['school'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
<?php if(isset($_SESSION[$OJ_NAME."_printer"])) echo "$MSG_HELP_BALLOON_SCHOOL";?>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_EMAIL?></label>
|
||||
<div class="col-sm-4"><input name="email" class="form-control" value="<?php echo htmlentities($row['email'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
<div class="col-sm-4"><input name="email" class="form-control" value="<?php echo htmlspecialchars($row['email'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_REFRESH_PRIVILEGE?></label>
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<meta name="author" content="">
|
||||
<link rel="icon" href="../../favicon.ico">
|
||||
|
||||
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
</head>
|
||||
<body>
|
||||
<link href='<?php echo $OJ_CDN_URL?>highlight/styles/shCore.css' rel='stylesheet' type='text/css'/>
|
||||
@@ -27,9 +27,9 @@ function draw(){
|
||||
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
|
||||
<input onclick="location.href='printer.php?id=<?php echo $id?>';" type="button" value="<?php echo $MSG_PRINT_DONE?>"><br>
|
||||
<?php
|
||||
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "<pre class='brush:c'>".htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
|
||||
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "<pre class='brush:c'>".htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
|
||||
?>
|
||||
<input onclick="draw()" type="button" value="Line Number">
|
||||
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
|
||||
|
||||
@@ -203,7 +203,7 @@
|
||||
$hash_num=hexdec(substr(md5($cat),0,7));
|
||||
$label_theme=$color_theme[$hash_num%count($color_theme)];
|
||||
if($label_theme=="") $label_theme="default";
|
||||
echo "<a class='label label-$label_theme' style='display: inline-block;' href='problemset.php?search=".urlencode(htmlentities($cat,ENT_QUOTES,'utf-8'))."'>".htmlentities($cat,ENT_QUOTES,'utf-8')."</a> ";
|
||||
echo "<a class='label label-$label_theme' style='display: inline-block;' href='problemset.php?search=".urlencode(htmlspecialchars($cat,ENT_QUOTES,'utf-8'))."'>".htmlspecialchars($cat,ENT_QUOTES,'utf-8')."</a> ";
|
||||
}?>
|
||||
</div>
|
||||
|
||||
|
||||
@@ -44,7 +44,7 @@ if(!isset($_GET['ajax'])){
|
||||
$start = $page > $section ? $page - $section : 1;
|
||||
$end = $page + $section > $view_total_page ? $view_total_page : $page + $section;
|
||||
for ( $i = $start; $i <= $end; $i++ ) {
|
||||
echo "<li class='" . ( $page == $i ? "active " : "" ) . "page-item'> <a href='problemset.php?page=" . $i .htmlentities($postfix,ENT_QUOTES,'UTF-8'). "'>" . $i . "</a></li>";
|
||||
echo "<li class='" . ( $page == $i ? "active " : "" ) . "page-item'> <a href='problemset.php?page=" . $i .htmlspecialchars($postfix,ENT_QUOTES,'UTF-8'). "'>" . $i . "</a></li>";
|
||||
}
|
||||
?>
|
||||
<li class="page-item"><a href="problemset.php?page=<?php echo $view_total_page?>">>></a>
|
||||
|
||||
@@ -31,7 +31,7 @@
|
||||
<tr align='center'>
|
||||
<td>
|
||||
<form class=form-inline action=ranklist.php>
|
||||
<input class="form-control" name='prefix' value="<?php echo htmlentities(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" placeholder="<?php echo $MSG_USER?>">
|
||||
<input class="form-control" name='prefix' value="<?php echo htmlspecialchars(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" placeholder="<?php echo $MSG_USER?>">
|
||||
<button class="form-control" type='submit'><?php echo $MSG_SEARCH?></button>
|
||||
</form>
|
||||
</td>
|
||||
@@ -90,10 +90,10 @@
|
||||
echo "<center>";
|
||||
$qs="";
|
||||
if(isset($_GET['prefix'])){
|
||||
$qs.="&prefix=".htmlentities($_GET['prefix'],ENT_QUOTES,"utf-8");
|
||||
$qs.="&prefix=".htmlspecialchars($_GET['prefix'],ENT_QUOTES,"utf-8");
|
||||
}
|
||||
if(isset($scope)){
|
||||
$qs.="&scope=".htmlentities($scope,ENT_QUOTES,"utf-8");
|
||||
$qs.="&scope=".htmlspecialchars($scope,ENT_QUOTES,"utf-8");
|
||||
}
|
||||
|
||||
for($i = 0; $i <$view_total ; $i += $page_size) {
|
||||
|
||||
@@ -48,7 +48,7 @@
|
||||
<br>
|
||||
</span>
|
||||
|
||||
<pre id="code" cols=180 rows=20 class="ace_editor" style="min-height:600px;width: 80%"><textarea id="source" class="ace_text-input"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea></pre>
|
||||
<pre id="code" cols=180 rows=20 class="ace_editor" style="min-height:600px;width: 80%"><textarea id="source" class="ace_text-input"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea></pre>
|
||||
<?php if(!$readOnly){?>
|
||||
<button class="btn btn-info" type="button" onclick="submitCode()"><?php echo $MSG_SUBMIT?></button>
|
||||
<?php } ?>
|
||||
|
||||
@@ -49,7 +49,7 @@ SyntaxHighlighter.all();
|
||||
<?php
|
||||
if ($ok==true){
|
||||
if($view_user_id!=$_SESSION[$OJ_NAME.'_'.'user_id'])
|
||||
echo "<a href='mail.php?to_user=".htmlentities($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
|
||||
echo "<a href='mail.php?to_user=".htmlspecialchars($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
|
||||
$brush=strtolower($language_name[$slanguage]);
|
||||
if ($brush=='pascal') $brush='delphi';
|
||||
if ($brush=='obj-c') $brush='c';
|
||||
@@ -68,7 +68,7 @@ echo "\tMemory:".$smemory." kb\n";
|
||||
echo "****************************************************************/\n\n";
|
||||
$auth=ob_get_contents();
|
||||
ob_end_clean();
|
||||
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
|
||||
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
|
||||
}else{
|
||||
echo $MSG_WARNING_ACCESS_DENIED ;
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@ echo "\tMemory:".$smemory." kb\n";
|
||||
echo "****************************************************************/\n\n";
|
||||
$auth=ob_get_contents();
|
||||
ob_end_clean();
|
||||
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
|
||||
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
|
||||
}else{
|
||||
echo $MSG_WARNING_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
@@ -78,10 +78,10 @@
|
||||
<?php if($OJ_ACE_EDITOR){
|
||||
if (isset($OJ_TEST_RUN)&&$OJ_TEST_RUN) $height="400px";else $height="550px";
|
||||
?>
|
||||
<pre style="width:80%;height:<?php echo $height?>;font-size:13pt" cols=180 rows=20 id="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></pre>
|
||||
<pre style="width:80%;height:<?php echo $height?>;font-size:13pt" cols=180 rows=20 id="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></pre>
|
||||
<input type=hidden id="hide_source" name="source" value=""/>
|
||||
<?php }else{ ?>
|
||||
<textarea style="width:80%;height:600" cols=180 rows=20 id="source" name="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea>
|
||||
<textarea style="width:80%;height:600" cols=180 rows=20 id="source" name="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea>
|
||||
<?php }?>
|
||||
|
||||
<?php if (isset($OJ_TEST_RUN)&&$OJ_TEST_RUN){?>
|
||||
|
||||
@@ -101,7 +101,7 @@
|
||||
|
||||
<?php
|
||||
if ($result2=="changed")
|
||||
echo "<center><h4 class='text-danger'>User ".htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed to ".$ip."</h4></center>";
|
||||
echo "<center><h4 class='text-danger'>User ".htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8')."'s Login IP Changed to ".$ip."</h4></center>";
|
||||
else
|
||||
echo "<center><h4 class='text-danger'>Login IP Change</h4></center>";
|
||||
?>
|
||||
@@ -111,9 +111,9 @@
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-2 col-sm-3 control-label"><?php echo $MSG_USER_ID?></label>
|
||||
<?php if(isset($_GET['uid'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else if(isset($_POST['user_id'])) { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8');?>" type="text" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="user_id" class="form-control" placeholder="<?php echo $MSG_USER_ID."*"?>" type="text" required ></div>
|
||||
<?php } ?>
|
||||
@@ -122,7 +122,7 @@
|
||||
<div class="form-group">
|
||||
<label class="col-sm-offset-2 col-sm-3 control-label"><?php echo "New IP"?></label>
|
||||
<?php if(isset($_POST['ip'])) { ?>
|
||||
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlentities($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
|
||||
<div class="col-sm-3"><input name="ip" class="form-control" value="<?php echo htmlspecialchars($_POST['ip'], ENT_QUOTES, 'UTF-8')?>" type="text" autocomplete="off" required ></div>
|
||||
<?php } else { ?>
|
||||
<div class="col-sm-3"><input name="ip" class="form-control" placeholder="<?php echo "?.?.?.?*"?>" type="text" autocomplete="off" required ></div>
|
||||
<?php } ?>
|
||||
|
||||
@@ -29,7 +29,7 @@
|
||||
<center>
|
||||
<table class="table table-striped" id=statics width=70%>
|
||||
<caption>
|
||||
<?php echo $user."--".htmlentities($nick,ENT_QUOTES,"UTF-8")?>
|
||||
<?php echo $user."--".htmlspecialchars($nick,ENT_QUOTES,"UTF-8")?>
|
||||
<?php
|
||||
echo "<a href=mail.php?to_user=$user>$MSG_MAIL</a>";
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user