htmlentities -> htmlspecialchars
This commit is contained in:
@@ -8,13 +8,13 @@
|
||||
<meta name="author" content="">
|
||||
<link rel="icon" href="../../favicon.ico">
|
||||
|
||||
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Balloon Ticket</h1>
|
||||
<?php
|
||||
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "Problem ".$PID[$view_pid]."<br>";
|
||||
if(isset($_GET['fb']) && intval($_GET['fb'])==1){
|
||||
echo "Balloon Color: <font color='".$ball_color[$view_pid]."'>".$ball_name[$view_pid]." First Blood! </font><br>";
|
||||
|
||||
@@ -347,7 +347,7 @@ if (isset($_GET['cid'])) {
|
||||
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
|
||||
echo "</td>";
|
||||
|
||||
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
|
||||
$usolved = $U[$i]->solved;
|
||||
echo "<td class='text-center'><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";
|
||||
|
||||
@@ -341,7 +341,7 @@
|
||||
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
|
||||
echo "</td>";
|
||||
|
||||
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
|
||||
|
||||
$usolved = $U[$i]->solved;
|
||||
echo "<td class='text-center'><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";
|
||||
|
||||
@@ -50,7 +50,7 @@ $usolved=$U[$i]->solved;
|
||||
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
|
||||
else echo"<td>";
|
||||
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
|
||||
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
|
||||
echo "<td>".sec2str($U[$i]->time);
|
||||
for ($j=0;$j<$pid_cnt;$j++){
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
<form method="post" action="contest.php">
|
||||
<div class="mdui-textfield" align="center" style="width: 100%">
|
||||
<input class="mdui-textfield-input" type="text" name="keyword" placeholder="竟赛/作业名称"
|
||||
value="<?php echo htmlentities($_POST['keyword'], ENT_QUOTES, "UTF-8")?>"
|
||||
value="<?php echo htmlspecialchars($_POST['keyword'], ENT_QUOTES, "UTF-8")?>"
|
||||
style="width: calc(70% - 40px); display: inline-block;">
|
||||
<button class="mdui-btn mdui-btn-icon" type="sumbit">
|
||||
<i class="mdui-icon material-icons" style="top: 35%; left: 40%;">search</i>
|
||||
|
||||
@@ -188,7 +188,7 @@ public class Main{
|
||||
</font>
|
||||
</center>
|
||||
<hr>
|
||||
this page can be replaced by add a news which titled "<?php echo htmlentities($faqs_name,ENT_QUOTES,"UTF-8")?>";
|
||||
this page can be replaced by add a news which titled "<?php echo htmlspecialchars($faqs_name,ENT_QUOTES,"UTF-8")?>";
|
||||
<hr>
|
||||
|
||||
<center>
|
||||
|
||||
@@ -31,14 +31,14 @@ if($view_content)
|
||||
echo "<center>
|
||||
<table>
|
||||
<tr>
|
||||
<td class=blue>$from_user -> $to_user[".htmlentities(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
|
||||
<td class=blue>$from_user -> $to_user[".htmlspecialchars(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
|
||||
</tr>
|
||||
<tr><td><pre>". htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
|
||||
<tr><td><pre>". htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
|
||||
</td></tr>
|
||||
</table></center>";
|
||||
?>
|
||||
<table><form method=post action=mail.php>
|
||||
<tr><td>From:<?php echo htmlentities($from_user,ENT_QUOTES,"UTF-8")?>
|
||||
<tr><td>From:<?php echo htmlspecialchars($from_user,ENT_QUOTES,"UTF-8")?>
|
||||
To:<input name=to_user size=10 value="<?php if ($from_user==$_SESSION[$OJ_NAME.'_user_id']||$from_user=="") echo $to_user ;else echo $from_user;?>">
|
||||
Title:<input name=title size=20 value="<?php echo $title?>">
|
||||
<input type=submit value=<?php echo $MSG_SUBMIT?>></td>
|
||||
|
||||
@@ -38,7 +38,7 @@
|
||||
style="width: calc(100% - 50px); display: inline-block; margin-left: 45px;">
|
||||
<label class="mdui-textfield-label">昵称</label>
|
||||
<input class="mdui-textfield-input" id="nick" name="nick"
|
||||
value="<?php echo htmlentities($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text" required />
|
||||
value="<?php echo htmlspecialchars($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text" required />
|
||||
<div class="mdui-textfield-error">请输入昵称</div>
|
||||
</div>
|
||||
</div>
|
||||
@@ -88,7 +88,7 @@
|
||||
style="width: calc(100% - 50px); display: inline-block; margin-left: 45px;">
|
||||
<label class="mdui-textfield-label">邮箱</label>
|
||||
<input class="mdui-textfield-input" id="email" name="email"
|
||||
type="email" value="<?php echo htmlentities($row['email'],ENT_QUOTES,"UTF-8")?>"/>
|
||||
type="email" value="<?php echo htmlspecialchars($row['email'],ENT_QUOTES,"UTF-8")?>"/>
|
||||
<div class="mdui-textfield-error">请输入一个合法的邮箱</div>
|
||||
</div>
|
||||
</div>
|
||||
@@ -100,7 +100,7 @@
|
||||
style="width: calc(100% - 50px); display: inline-block; margin-left: 45px;">
|
||||
<label class="mdui-textfield-label">个性签名</label>
|
||||
<input class="mdui-textfield-input" id="school" name="school" type="text"
|
||||
value="<?php echo htmlentities($row['school'], ENT_QUOTES, "UTF-8")?>" />
|
||||
value="<?php echo htmlspecialchars($row['school'], ENT_QUOTES, "UTF-8")?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="mdui-card-actions mdui-m-t-4">
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<meta name="author" content="">
|
||||
<link rel="icon" href="../../favicon.ico">
|
||||
|
||||
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
</head>
|
||||
<body>
|
||||
<link href='<?php echo $OJ_CDN_URL?>highlight/styles/shCore.css' rel='stylesheet' type='text/css'/>
|
||||
@@ -27,9 +27,9 @@ function draw(){
|
||||
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
|
||||
<input onclick="location.href='printer.php?id=<?php echo $id?>';" type="button" value="<?php echo $MSG_PRINT_DONE?>"><br>
|
||||
<?php
|
||||
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "<pre class='brush:c'>".htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
|
||||
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "<pre class='brush:c'>".htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
|
||||
?>
|
||||
<input onclick="draw()" type="button" value="Line Number">
|
||||
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
|
||||
|
||||
@@ -64,7 +64,7 @@
|
||||
<label class="mdui-textfield-label">题目搜索</label>
|
||||
<input class="mdui-textfield-input" name="search" type="text"
|
||||
style="width: calc(100% - 40px); display: inline-block;"
|
||||
value="<?php echo htmlentities($_GET["search"], ENT_QUOTES, 'UTF-8'); ?>">
|
||||
value="<?php echo htmlspecialchars($_GET["search"], ENT_QUOTES, 'UTF-8'); ?>">
|
||||
<button class="mdui-btn mdui-btn-icon" type="sumbit">
|
||||
<i class="mdui-icon material-icons" style="top: 35%; left: 40%;">search</i>
|
||||
</button>
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
<form action="ranklist.php">
|
||||
<div class="mdui-textfield" align="center" style="width: 100%">
|
||||
<input class="mdui-textfield-input" type="text" name="prefix" placeholder="用户"
|
||||
value="<?php echo htmlentities($_GET["prefix"], ENT_QUOTES, "UTF-8")?>"
|
||||
value="<?php echo htmlspecialchars($_GET["prefix"], ENT_QUOTES, "UTF-8")?>"
|
||||
style="width: calc(50% - 40px); display: inline-block;">
|
||||
<button class="mdui-btn mdui-btn-icon" type="sumbit">
|
||||
<i class="mdui-icon material-icons" style="top: 35%; left: 40%;">search</i>
|
||||
@@ -66,10 +66,10 @@
|
||||
$qs="";
|
||||
$nstart=isset($_GET["start"])?intval($_GET["start"]):0;
|
||||
if(isset($_GET['prefix'])){
|
||||
$qs.="&prefix=".htmlentities($_GET['prefix'],ENT_QUOTES,"utf-8");
|
||||
$qs.="&prefix=".htmlspecialchars($_GET['prefix'],ENT_QUOTES,"utf-8");
|
||||
}
|
||||
if(isset($scope)){
|
||||
$qs.="&scope=".htmlentities($scope,ENT_QUOTES,"utf-8");
|
||||
$qs.="&scope=".htmlspecialchars($scope,ENT_QUOTES,"utf-8");
|
||||
}
|
||||
for($i = 0; $i <$view_total ; $i += $page_size) {
|
||||
echo '<a class="mdui-btn'.($i == $nstart?" mdui-btn-active":"").'" href="./ranklist.php?start='.strval ( $i ).$qs. '">'
|
||||
|
||||
@@ -53,7 +53,7 @@
|
||||
<br>
|
||||
</span>
|
||||
|
||||
<pre id="code" cols=180 rows=20 class="ace_editor" style="min-height:600px;width: 80%"><textarea id="source" class="ace_text-input"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea></pre>
|
||||
<pre id="code" cols=180 rows=20 class="ace_editor" style="min-height:600px;width: 80%"><textarea id="source" class="ace_text-input"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea></pre>
|
||||
<?php if(!$readOnly){?>
|
||||
<button class="btn btn-info" type="button" onclick="submitCode()"><?php echo $MSG_SUBMIT?></button>
|
||||
<?php } ?>
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
<?php
|
||||
if ($ok==true){
|
||||
if($view_user_id!=$_SESSION[$OJ_NAME.'_'.'user_id'])
|
||||
echo "<a href='mail.php?to_user=".htmlentities($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
|
||||
echo "<a href='mail.php?to_user=".htmlspecialchars($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
|
||||
$brush=strtolower($language_name[$slanguage]);
|
||||
if ($brush=='pascal') $brush='delphi';
|
||||
if ($brush=='obj-c') $brush='c';
|
||||
@@ -35,7 +35,7 @@
|
||||
echo "****************************************************************/\n\n";
|
||||
$auth=ob_get_contents();
|
||||
ob_end_clean();
|
||||
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</code></pre>";
|
||||
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</code></pre>";
|
||||
} else {
|
||||
echo $MSG_WARNING_ACCESS_DENIED ;
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@ echo "\tMemory:".$smemory." kb\n";
|
||||
echo "****************************************************************/\n\n";
|
||||
$auth=ob_get_contents();
|
||||
ob_end_clean();
|
||||
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</code></pre>";
|
||||
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</code></pre>";
|
||||
}else{
|
||||
echo $MSG_WARNING_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
@@ -58,11 +58,11 @@
|
||||
|
||||
<?php if($OJ_ACE_EDITOR) { ?>
|
||||
<pre style="width: 90%; height: 600; font-size: 13pt;" cols=180 rows=20
|
||||
id="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></pre>
|
||||
id="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></pre>
|
||||
<input type=hidden id="hide_source" name="source" value="" />
|
||||
<?php } else { ?>
|
||||
<textarea style="width:80%; height:600" cols=180 rows=20 id="source"
|
||||
name="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea>
|
||||
name="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea>
|
||||
<?php }?>
|
||||
|
||||
<?php if (isset($OJ_TEST_RUN) && $OJ_TEST_RUN){?>
|
||||
|
||||
@@ -93,7 +93,7 @@
|
||||
<div class="mdui-card mdui-col-sm-6" style="text-align: left;">
|
||||
<div class="mdui-card-primary">
|
||||
<?php if ($result2 == "changed") { ?>
|
||||
<script> mdui.alert("成功将用户 <?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?> 的登录 IP 修改为 <?php echo $ip; ?> ."); </script>
|
||||
<script> mdui.alert("成功将用户 <?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?> 的登录 IP 修改为 <?php echo $ip; ?> ."); </script>
|
||||
<?php } ?>
|
||||
<div class="mdui-card-primary-title" style="text-align: center">指定登录 IP</div>
|
||||
<!-- <div class="mdui-card-primary-subtitle"></div> -->
|
||||
@@ -110,10 +110,10 @@
|
||||
<label class="mdui-textfield-label">用户名</label>
|
||||
<?php if (isset($_POST["user_id"])) { ?>
|
||||
<input class="mdui-textfield-input" name="user_id" type="text"
|
||||
value="<?php echo htmlentities($_POST["user_id"], ENT_QUOTES, 'UTF-8'); ?>" required />
|
||||
value="<?php echo htmlspecialchars($_POST["user_id"], ENT_QUOTES, 'UTF-8'); ?>" required />
|
||||
<?php } else if (isset($_GET["user_id"])) { ?>
|
||||
<input class="mdui-textfield-input" name="user_id" type="text"
|
||||
value="<?php echo htmlentities($_GET["user_id"],ENT_QUOTES,'UTF-8') ; ?>" required />
|
||||
value="<?php echo htmlspecialchars($_GET["user_id"],ENT_QUOTES,'UTF-8') ; ?>" required />
|
||||
<?php } else { ?>
|
||||
<input class="mdui-textfield-input" name="user_id" type="text" required />
|
||||
<?php } ?>
|
||||
|
||||
Reference in New Issue
Block a user