htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -31,14 +31,14 @@ if($view_content)
echo "<center>
<table>
<tr>
<td class=blue>$from_user -&gt; $to_user[".htmlentities(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
<td class=blue>$from_user -&gt; $to_user[".htmlspecialchars(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." ]</td>
</tr>
<tr><td><pre>". htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
<tr><td><pre>". htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
</td></tr>
</table></center>";
?>
<table><form method=post action=mail.php>
<tr><td>From:<?php echo htmlentities($from_user,ENT_QUOTES,"UTF-8")?>
<tr><td>From:<?php echo htmlspecialchars($from_user,ENT_QUOTES,"UTF-8")?>
To:<input name=to_user size=10 value="<?php if ($from_user==$_SESSION[$OJ_NAME.'_user_id']||$from_user=="") echo $to_user ;else echo $from_user;?>">
Title:<input name=title size=20 value="<?php echo $title?>">
<input type=submit value=<?php echo $MSG_SUBMIT?>></td>