htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -31,7 +31,7 @@
<tr align='center'>
<td>
<form class=form-inline action=ranklist.php>
<input class="form-control" name='prefix' value="<?php echo htmlentities(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" placeholder="<?php echo $MSG_USER?>">
<input class="form-control" name='prefix' value="<?php echo htmlspecialchars(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" placeholder="<?php echo $MSG_USER?>">
<button class="form-control" type='submit'><?php echo $MSG_SEARCH?></button>
</form>
</td>
@@ -90,10 +90,10 @@
echo "<center>";
$qs="";
if(isset($_GET['prefix'])){
$qs.="&prefix=".htmlentities($_GET['prefix'],ENT_QUOTES,"utf-8");
$qs.="&prefix=".htmlspecialchars($_GET['prefix'],ENT_QUOTES,"utf-8");
}
if(isset($scope)){
$qs.="&scope=".htmlentities($scope,ENT_QUOTES,"utf-8");
$qs.="&scope=".htmlspecialchars($scope,ENT_QUOTES,"utf-8");
}
for($i = 0; $i <$view_total ; $i += $page_size) {