htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -33,7 +33,7 @@
<div class="inline field">
<div class="ui action input">
<input type="text" name="prefix"
value="<?php echo htmlentities(isset($_GET['prefix']) ? $_GET['prefix'] : "", ENT_QUOTES, "utf-8") ?>"
value="<?php echo htmlspecialchars(isset($_GET['prefix']) ? $_GET['prefix'] : "", ENT_QUOTES, "utf-8") ?>"
placeholder="<?php echo $MSG_USER ?>">
<button class="ui button">
<?php echo $MSG_SEARCH; ?>
@@ -49,10 +49,10 @@
$nowStart = intval($_GET["start"]);
$qs = "";
if (isset($_GET['prefix'])) {
$qs .= "&prefix=" . htmlentities($_GET['prefix'], ENT_QUOTES, "utf-8");
$qs .= "&prefix=" . htmlspecialchars($_GET['prefix'], ENT_QUOTES, "utf-8");
}
if (isset($scope)) {
$qs .= "&scope=" . htmlentities($scope, ENT_QUOTES, "utf-8");
$qs .= "&scope=" . htmlspecialchars($scope, ENT_QUOTES, "utf-8");
}
for ($i = 0; $i < $view_total; $i += $page_size) {