htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -7,8 +7,8 @@
<div class="content">
<h1>Balloon Ticket</h1>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "Problem ".$PID[$view_pid]."<br>";
if(isset($_GET['fb']) && intval($_GET['fb'])==1){
echo "Balloon Color: <font color='".$ball_color[$view_pid]."'>".$ball_name[$view_pid]." First Blood! </font><br>";

View File

@@ -176,7 +176,7 @@
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "</td>";
echo "<td><a href=userinfo.php?user=$uuid>" . htmlentities($U[$i]->nick, ENT_QUOTES, "UTF-8") . "</a></td>";
echo "<td><a href=userinfo.php?user=$uuid>" . htmlspecialchars($U[$i]->nick, ENT_QUOTES, "UTF-8") . "</a></td>";
$usolved = $U[$i]->solved;
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";

View File

@@ -174,7 +174,7 @@
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "</td>";
echo "<td><a href=userinfo.php?user=$uuid>" . htmlentities($U[$i]->nick, ENT_QUOTES, "UTF-8") . "</a></td>";
echo "<td><a href=userinfo.php?user=$uuid>" . htmlspecialchars($U[$i]->nick, ENT_QUOTES, "UTF-8") . "</a></td>";
$usolved = $U[$i]->solved;
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";

View File

@@ -46,7 +46,7 @@
else
echo "<td>";
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "<td><a href=userinfo.php?user=$uuid>" . htmlentities($U[$i]->nick, ENT_QUOTES, "UTF-8") . "</a>";
echo "<td><a href=userinfo.php?user=$uuid>" . htmlspecialchars($U[$i]->nick, ENT_QUOTES, "UTF-8") . "</a>";
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
echo "<td>" . sec2str($U[$i]->time);
for ($j = 0; $j < $pid_cnt; $j++) {

View File

@@ -96,7 +96,7 @@
<div class="ui action fluid input">
<input type="text" name="keyword"
value="<?php if (isset($_POST['keyword']))
echo htmlentities($_POST['keyword'], ENT_QUOTES, "UTF-8") ?>"
echo htmlspecialchars($_POST['keyword'], ENT_QUOTES, "UTF-8") ?>"
placeholder="<?php echo $MSG_CONTEST_NAME ?>">
<button type=submit class="ui button">
<?php echo $MSG_SEARCH; ?>

View File

@@ -201,7 +201,7 @@ A:Here is a list of the judge's replies and their meaning:<br>
Q:How to attend Online Contests?<br>
A:Can you submit programs for any practice problems on this Online Judge? If you can, then that is the account you use in an online contest. If you can't, then please <a href=registerpage.php>register</a> an id with password first.<br>
</div>
this page can be replaced by add a news which titled "<?php echo htmlentities($faqs_name,ENT_QUOTES,"UTF-8")?>";
this page can be replaced by add a news which titled "<?php echo htmlspecialchars($faqs_name,ENT_QUOTES,"UTF-8")?>";
</div>
</div>
<?php require("./template/bshark/footer.php");?>

View File

@@ -38,7 +38,7 @@
<?php echo $MSG_NICK; ?>
</label>
<input name="nick" placeholder="请<?php echo $MSG_Input; ?><?php echo $MSG_NICK; ?>"
type="text" value="<?php echo htmlentities($row['nick'], ENT_QUOTES, "UTF-8") ?>">
type="text" value="<?php echo htmlspecialchars($row['nick'], ENT_QUOTES, "UTF-8") ?>">
</div>
<div class="field">
<label class="ui header">
@@ -67,7 +67,7 @@
<div class="field">
<label for="username">个性签名</label>
<input name="school" placeholder="请<?php echo $MSG_Input; ?>个性签名" type="text"
value="<?php echo htmlentities($row['school'], ENT_QUOTES, "UTF-8") ?>">
value="<?php echo htmlspecialchars($row['school'], ENT_QUOTES, "UTF-8") ?>">
</div>
<div class="field">
<label for="email">
@@ -75,7 +75,7 @@
<?php echo $MSG_EMAIL; ?>
</label>
<input name="email" placeholder="请<?php echo $MSG_Input; ?><?php echo $MSG_EMAIL; ?>"
type="text" value="<?php echo htmlentities($row['email'], ENT_QUOTES, "UTF-8") ?>">
type="text" value="<?php echo htmlspecialchars($row['email'], ENT_QUOTES, "UTF-8") ?>">
</div>
<?php if ($OJ_VCODE) { ?>
<div class="field">

View File

@@ -162,7 +162,7 @@
echo "<h4>$MSG_Source</h4>";
$cats = explode(" ", $row['source']);
foreach ($cats as $cat) {
echo "<a href='problemset.php?search=" . urlencode(htmlentities($cat, ENT_QUOTES, 'utf-8')) . "'>" . htmlentities($cat, ENT_QUOTES, 'utf-8') . "</a>&nbsp;";
echo "<a href='problemset.php?search=" . urlencode(htmlspecialchars($cat, ENT_QUOTES, 'utf-8')) . "'>" . htmlspecialchars($cat, ENT_QUOTES, 'utf-8') . "</a>&nbsp;";
}
}
?>

View File

@@ -145,7 +145,7 @@
$label_theme = $color_theme[$hash_num % count($color_theme)];
if ($label_theme == "")
$label_theme = "default";
$view_category .= "<a class='badge badge-$label_theme' href='problemset.php?search=" . urlencode(htmlentities($cat, ENT_QUOTES, 'UTF-8')) . "'>" . $cat . "</a>&nbsp;";
$view_category .= "<a class='badge badge-$label_theme' href='problemset.php?search=" . urlencode(htmlspecialchars($cat, ENT_QUOTES, 'UTF-8')) . "'>" . $cat . "</a>&nbsp;";
}
}
echo $view_category;

View File

@@ -33,7 +33,7 @@
<div class="inline field">
<div class="ui action input">
<input type="text" name="prefix"
value="<?php echo htmlentities(isset($_GET['prefix']) ? $_GET['prefix'] : "", ENT_QUOTES, "utf-8") ?>"
value="<?php echo htmlspecialchars(isset($_GET['prefix']) ? $_GET['prefix'] : "", ENT_QUOTES, "utf-8") ?>"
placeholder="<?php echo $MSG_USER ?>">
<button class="ui button">
<?php echo $MSG_SEARCH; ?>
@@ -49,10 +49,10 @@
$nowStart = intval($_GET["start"]);
$qs = "";
if (isset($_GET['prefix'])) {
$qs .= "&prefix=" . htmlentities($_GET['prefix'], ENT_QUOTES, "utf-8");
$qs .= "&prefix=" . htmlspecialchars($_GET['prefix'], ENT_QUOTES, "utf-8");
}
if (isset($scope)) {
$qs .= "&scope=" . htmlentities($scope, ENT_QUOTES, "utf-8");
$qs .= "&scope=" . htmlspecialchars($scope, ENT_QUOTES, "utf-8");
}
for ($i = 0; $i < $view_total; $i += $page_size) {

View File

@@ -69,7 +69,7 @@ $color = array(
if ($ok != true)
echo $MSG_WARNING_ACCESS_DENIED;
else
echo htmlentities(str_replace("\n\r", "\n", $view_source), ENT_QUOTES, "utf-8") . "\n" . $auth;
echo htmlspecialchars(str_replace("\n\r", "\n", $view_source), ENT_QUOTES, "utf-8") . "\n" . $auth;
echo "</div></div></code></pre>";
?>
</div>

File diff suppressed because one or more lines are too long

View File

@@ -26,11 +26,11 @@
<div style="">
<?php if ($OJ_ACE_EDITOR) { ?>
<pre style="width:100%;height:600px;font-size:15px" cols=180 rows=20
id="source"><?php echo htmlentities($view_src, ENT_QUOTES, "UTF-8") ?></pre><br>
id="source"><?php echo htmlspecialchars($view_src, ENT_QUOTES, "UTF-8") ?></pre><br>
<input form="frmSolution" type=hidden id="hide_source" name="source" value="" />
<?php } else { ?>
<textarea form="frmSolution" style="width:100%;height:600px" cols=180 rows=20 id="source"
name="source"><?php echo htmlentities($view_src, ENT_QUOTES, "UTF-8") ?></textarea><br>
name="source"><?php echo htmlspecialchars($view_src, ENT_QUOTES, "UTF-8") ?></textarea><br>
<?php } ?>
</div>
</div>

View File

@@ -67,11 +67,11 @@
</label>
<?php if (isset($_GET['uid'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control"
value="<?php echo htmlentities($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>"
value="<?php echo htmlspecialchars($_GET['uid'], ENT_QUOTES, 'UTF-8'); ?>"
type="text" required></div>
<?php } else if (isset($_POST['user_id'])) { ?>
<div class="col-sm-3"><input name="user_id" class="form-control"
value="<?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>"
value="<?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?>"
type="text" required></div>
<?php } else { ?>
<div class="col-sm-3"><input name="user_id" class="form-control"
@@ -85,7 +85,7 @@
</label>
<?php if (isset($_POST['ip'])) { ?>
<div class="col-sm-3"><input name="ip" class="form-control"
value="<?php echo htmlentities($_POST['ip'], ENT_QUOTES, 'UTF-8') ?>"
value="<?php echo htmlspecialchars($_POST['ip'], ENT_QUOTES, 'UTF-8') ?>"
type="text" autocomplete="off" required></div>
<?php } else { ?>
<div class="col-sm-3"><input name="ip" class="form-control"
@@ -105,7 +105,7 @@
<?php
if ($result2 == "changed")
echo "<h2 style='color:#db2828'>User " . htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Login IP Changed to " . $ip . "</h2>";
echo "<h2 style='color:#db2828'>User " . htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8') . "'s Login IP Changed to " . $ip . "</h2>";
else
echo "<h2 style='color:#db2828'>Login IP Change</h2>";
?>