htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -8,13 +8,13 @@
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
</head>
<body>
<h1>Balloon Ticket</h1>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "Problem ".$PID[$view_pid]."<br>";
if(isset($_GET['fb']) && intval($_GET['fb'])==1){
echo "Balloon Color: <font color='".$ball_color[$view_pid]."'>".$ball_name[$view_pid]." First Blood! </font><br>";

View File

@@ -347,7 +347,7 @@ if (isset($_GET['cid'])) {
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "</td>";
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
$usolved = $U[$i]->solved;
echo "<td class='text-center'><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";

View File

@@ -341,7 +341,7 @@
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "</td>";
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
echo "<td class='text-center'><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a></td>";
$usolved = $U[$i]->solved;
echo "<td class='text-center'><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a></td>";

View File

@@ -50,7 +50,7 @@ $usolved=$U[$i]->solved;
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
else echo"<td>";
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
echo "<td>".sec2str($U[$i]->time);
for ($j=0;$j<$pid_cnt;$j++){

View File

@@ -13,7 +13,7 @@
<form method="post" action="contest.php">
<div class="mdui-textfield" align="center" style="width: 100%">
<input class="mdui-textfield-input" type="text" name="keyword" placeholder="竟赛/作业名称"
value="<?php echo htmlentities($_POST['keyword'], ENT_QUOTES, "UTF-8")?>"
value="<?php echo htmlspecialchars($_POST['keyword'], ENT_QUOTES, "UTF-8")?>"
style="width: calc(70% - 40px); display: inline-block;">
<button class="mdui-btn mdui-btn-icon" type="sumbit">
<i class="mdui-icon material-icons" style="top: 35%; left: 40%;">search</i>

View File

@@ -188,7 +188,7 @@ public class Main{
</font>
</center>
<hr>
this page can be replaced by add a news which titled "<?php echo htmlentities($faqs_name,ENT_QUOTES,"UTF-8")?>";
this page can be replaced by add a news which titled "<?php echo htmlspecialchars($faqs_name,ENT_QUOTES,"UTF-8")?>";
<hr>
<center>

View File

@@ -31,14 +31,14 @@ if($view_content)
echo "<center>
<table>
<tr>
<td class=blue>$from_user -&gt; $to_user[".htmlentities(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
<td class=blue>$from_user -&gt; $to_user[".htmlspecialchars(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
</tr>
<tr><td><pre>". htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
<tr><td><pre>". htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
</td></tr>
</table></center>";
?>
<table><form method=post action=mail.php>
<tr><td>From:<?php echo htmlentities($from_user,ENT_QUOTES,"UTF-8")?>
<tr><td>From:<?php echo htmlspecialchars($from_user,ENT_QUOTES,"UTF-8")?>
To:<input name=to_user size=10 value="<?php if ($from_user==$_SESSION[$OJ_NAME.'_user_id']||$from_user=="") echo $to_user ;else echo $from_user;?>">
Title:<input name=title size=20 value="<?php echo $title?>">
<input type=submit value=<?php echo $MSG_SUBMIT?>></td>

View File

@@ -38,7 +38,7 @@
style="width: calc(100% - 50px); display: inline-block; margin-left: 45px;">
<label class="mdui-textfield-label">昵称</label>
<input class="mdui-textfield-input" id="nick" name="nick"
value="<?php echo htmlentities($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text" required />
value="<?php echo htmlspecialchars($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text" required />
<div class="mdui-textfield-error">请输入昵称</div>
</div>
</div>
@@ -88,7 +88,7 @@
style="width: calc(100% - 50px); display: inline-block; margin-left: 45px;">
<label class="mdui-textfield-label">邮箱</label>
<input class="mdui-textfield-input" id="email" name="email"
type="email" value="<?php echo htmlentities($row['email'],ENT_QUOTES,"UTF-8")?>"/>
type="email" value="<?php echo htmlspecialchars($row['email'],ENT_QUOTES,"UTF-8")?>"/>
<div class="mdui-textfield-error">请输入一个合法的邮箱</div>
</div>
</div>
@@ -100,7 +100,7 @@
style="width: calc(100% - 50px); display: inline-block; margin-left: 45px;">
<label class="mdui-textfield-label">个性签名</label>
<input class="mdui-textfield-input" id="school" name="school" type="text"
value="<?php echo htmlentities($row['school'], ENT_QUOTES, "UTF-8")?>" />
value="<?php echo htmlspecialchars($row['school'], ENT_QUOTES, "UTF-8")?>" />
</div>
</div>
<div class="mdui-card-actions mdui-m-t-4">

View File

@@ -8,7 +8,7 @@
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
</head>
<body>
<link href='<?php echo $OJ_CDN_URL?>highlight/styles/shCore.css' rel='stylesheet' type='text/css'/>
@@ -27,9 +27,9 @@ function draw(){
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
<input onclick="location.href='printer.php?id=<?php echo $id?>';" type="button" value="<?php echo $MSG_PRINT_DONE?>"><br>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
?>
<input onclick="draw()" type="button" value="Line Number">
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">

View File

@@ -64,7 +64,7 @@
<label class="mdui-textfield-label">题目搜索</label>
<input class="mdui-textfield-input" name="search" type="text"
style="width: calc(100% - 40px); display: inline-block;"
value="<?php echo htmlentities($_GET["search"], ENT_QUOTES, 'UTF-8'); ?>">
value="<?php echo htmlspecialchars($_GET["search"], ENT_QUOTES, 'UTF-8'); ?>">
<button class="mdui-btn mdui-btn-icon" type="sumbit">
<i class="mdui-icon material-icons" style="top: 35%; left: 40%;">search</i>
</button>

View File

@@ -13,7 +13,7 @@
<form action="ranklist.php">
<div class="mdui-textfield" align="center" style="width: 100%">
<input class="mdui-textfield-input" type="text" name="prefix" placeholder="用户"
value="<?php echo htmlentities($_GET["prefix"], ENT_QUOTES, "UTF-8")?>"
value="<?php echo htmlspecialchars($_GET["prefix"], ENT_QUOTES, "UTF-8")?>"
style="width: calc(50% - 40px); display: inline-block;">
<button class="mdui-btn mdui-btn-icon" type="sumbit">
<i class="mdui-icon material-icons" style="top: 35%; left: 40%;">search</i>
@@ -66,10 +66,10 @@
$qs="";
$nstart=isset($_GET["start"])?intval($_GET["start"]):0;
if(isset($_GET['prefix'])){
$qs.="&prefix=".htmlentities($_GET['prefix'],ENT_QUOTES,"utf-8");
$qs.="&prefix=".htmlspecialchars($_GET['prefix'],ENT_QUOTES,"utf-8");
}
if(isset($scope)){
$qs.="&scope=".htmlentities($scope,ENT_QUOTES,"utf-8");
$qs.="&scope=".htmlspecialchars($scope,ENT_QUOTES,"utf-8");
}
for($i = 0; $i <$view_total ; $i += $page_size) {
echo '<a class="mdui-btn'.($i == $nstart?" mdui-btn-active":"").'" href="./ranklist.php?start='.strval ( $i ).$qs. '">'

View File

@@ -53,7 +53,7 @@
<br>
</span>
<pre id="code" cols=180 rows=20 class="ace_editor" style="min-height:600px;width: 80%"><textarea id="source" class="ace_text-input"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea></pre>
<pre id="code" cols=180 rows=20 class="ace_editor" style="min-height:600px;width: 80%"><textarea id="source" class="ace_text-input"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea></pre>
<?php if(!$readOnly){?>
<button class="btn btn-info" type="button" onclick="submitCode()"><?php echo $MSG_SUBMIT?></button>
<?php } ?>

View File

@@ -15,7 +15,7 @@
<?php
if ($ok==true){
if($view_user_id!=$_SESSION[$OJ_NAME.'_'.'user_id'])
echo "<a href='mail.php?to_user=".htmlentities($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
echo "<a href='mail.php?to_user=".htmlspecialchars($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
$brush=strtolower($language_name[$slanguage]);
if ($brush=='pascal') $brush='delphi';
if ($brush=='obj-c') $brush='c';
@@ -35,7 +35,7 @@
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</code></pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</code></pre>";
} else {
echo $MSG_WARNING_ACCESS_DENIED ;
}

View File

@@ -19,7 +19,7 @@ echo "\tMemory:".$smemory." kb\n";
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</code></pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</code></pre>";
}else{
echo $MSG_WARNING_ACCESS_DENIED;
}

View File

@@ -58,11 +58,11 @@
<?php if($OJ_ACE_EDITOR) { ?>
<pre style="width: 90%; height: 600; font-size: 13pt;" cols=180 rows=20
id="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></pre>
id="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></pre>
<input type=hidden id="hide_source" name="source" value="" />
<?php } else { ?>
<textarea style="width:80%; height:600" cols=180 rows=20 id="source"
name="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea>
name="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea>
<?php }?>
<?php if (isset($OJ_TEST_RUN) && $OJ_TEST_RUN){?>

View File

@@ -93,7 +93,7 @@
<div class="mdui-card mdui-col-sm-6" style="text-align: left;">
<div class="mdui-card-primary">
<?php if ($result2 == "changed") { ?>
<script> mdui.alert("成功将用户 <?php echo htmlentities($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?> 的登录 IP 修改为 <?php echo $ip; ?> ."); </script>
<script> mdui.alert("成功将用户 <?php echo htmlspecialchars($_POST['user_id'], ENT_QUOTES, 'UTF-8'); ?> 的登录 IP 修改为 <?php echo $ip; ?> ."); </script>
<?php } ?>
<div class="mdui-card-primary-title" style="text-align: center">指定登录 IP</div>
<!-- <div class="mdui-card-primary-subtitle"></div> -->
@@ -110,10 +110,10 @@
<label class="mdui-textfield-label">用户名</label>
<?php if (isset($_POST["user_id"])) { ?>
<input class="mdui-textfield-input" name="user_id" type="text"
value="<?php echo htmlentities($_POST["user_id"], ENT_QUOTES, 'UTF-8'); ?>" required />
value="<?php echo htmlspecialchars($_POST["user_id"], ENT_QUOTES, 'UTF-8'); ?>" required />
<?php } else if (isset($_GET["user_id"])) { ?>
<input class="mdui-textfield-input" name="user_id" type="text"
value="<?php echo htmlentities($_GET["user_id"],ENT_QUOTES,'UTF-8') ; ?>" required />
value="<?php echo htmlspecialchars($_GET["user_id"],ENT_QUOTES,'UTF-8') ; ?>" required />
<?php } else { ?>
<input class="mdui-textfield-input" name="user_id" type="text" required />
<?php } ?>