htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -8,13 +8,13 @@
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
</head>
<body>
<h1>Balloon Ticket</h1>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "Problem ".$PID[$view_pid]."<br>";
echo "Balloon Color: <font color='".$ball_color[$view_pid]."'>".$ball_name[$view_pid]."</font><br>";
?>

View File

@@ -38,7 +38,7 @@
foreach ($category as $cat){
if(trim($cat)=="") continue;
$my_category.= "<button class=\"layui-btn\"><a class='btn btn-primary' href='problemset.php?search=".htmlentities($cat,ENT_QUOTES,'UTF-8')."'>".$cat."</a></button>";
$my_category.= "<button class=\"layui-btn\"><a class='btn btn-primary' href='problemset.php?search=".htmlspecialchars($cat,ENT_QUOTES,'UTF-8')."'>".$cat."</a></button>";
}
$my_category.= "</div>";

View File

@@ -59,7 +59,7 @@ $usolved=$U[$i]->solved;
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
else echo"<td>";
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
echo "<td>".sec2str($U[$i]->time);
echo "<td>".($U[$i]->total);

View File

@@ -61,7 +61,7 @@ $usolved=$U[$i]->solved;
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
else echo"<td>";
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
echo "<td>".sec2str($U[$i]->time);
for ($j=0;$j<$pid_cnt;$j++){

View File

@@ -48,7 +48,7 @@ $usolved=$U[$i]->solved;
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
else echo"<td>";
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
echo "<td>".sec2str($U[$i]->time);
for ($j=0;$j<$pid_cnt;$j++){

View File

@@ -31,9 +31,9 @@ if($view_content)
echo "<center>
<table>
<tr>
<td class=blue>$to_user:".htmlentities(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." </td>
<td class=blue>$to_user:".htmlspecialchars(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." </td>
</tr>
<tr><td><pre>". htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
<tr><td><pre>". htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
</td></tr>
</table></center>";
?>

View File

@@ -35,7 +35,7 @@
</div>
<div class="form-group">
<label class="col-sm-4 control-label"><?php echo $MSG_NICK?></label>
<div class="col-sm-4"><input name="nick" class="form-control" value="<?php echo htmlentities($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
<div class="col-sm-4"><input name="nick" class="form-control" value="<?php echo htmlspecialchars($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
</div>
<div class="form-group">
<label class="col-sm-4 control-label"><?php echo $MSG_PASSWORD?></label>
@@ -51,12 +51,12 @@
</div>
<div class="form-group">
<label class="col-sm-4 control-label"><?php echo $MSG_SCHOOL?></label>
<div class="col-sm-4"><input name="school" class="form-control" value="<?php echo htmlentities($row['school'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
<div class="col-sm-4"><input name="school" class="form-control" value="<?php echo htmlspecialchars($row['school'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
<?php if(isset($_SESSION[$OJ_NAME."_printer"])) echo "$MSG_HELP_BALLOON_SCHOOL";?>
</div>
<div class="form-group">
<label class="col-sm-4 control-label"><?php echo $MSG_EMAIL?></label>
<div class="col-sm-4"><input name="email" class="form-control" value="<?php echo htmlentities($row['email'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
<div class="col-sm-4"><input name="email" class="form-control" value="<?php echo htmlspecialchars($row['email'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
</div>
<div class="form-group">

View File

@@ -8,7 +8,7 @@
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
</head>
<body>
<link href='<?php echo $OJ_CDN_URL?>highlight/styles/shCore.css' rel='stylesheet' type='text/css'/>
@@ -27,9 +27,9 @@ function draw(){
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
<input onclick="location.href='printer.php?id=<?php echo $id?>';" type="button" value="<?php echo $MSG_PRINT_DONE?>"><br>
<?php
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
echo "<pre class='brush:c'>".htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
?>
<input onclick="draw()" type="button" value="Line Number">
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">

View File

@@ -91,7 +91,7 @@
echo "<h4>$MSG_SOURCE</h4><div class=content>";
$cats=explode(" ",$row['source']);
foreach($cats as $cat){
echo "<a href='problemset.php?search=".urlencode(htmlentities($cat,ENT_QUOTES,'utf-8'))."'>".htmlentities($cat,ENT_QUOTES,'utf-8')."</a>&nbsp;";
echo "<a href='problemset.php?search=".urlencode(htmlspecialchars($cat,ENT_QUOTES,'utf-8'))."'>".htmlspecialchars($cat,ENT_QUOTES,'utf-8')."</a>&nbsp;";
}
echo "</div><br>";
}

View File

@@ -27,7 +27,7 @@
<div class="jumbotron">
<tr><td colspan=3 align=left >
<form class="form-inline" action="ranklist.php">
<?php echo $MSG_USER?><input class="form-control" name="prefix" value="<?php echo htmlentities(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" >
<?php echo $MSG_USER?><input class="form-control" name="prefix" value="<?php echo htmlspecialchars(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" >
<input type=submit class="form-control" value=Search >
</form></td><td colspan=3 align=right>
<a href=ranklist.php?scope=d>Day</a>

View File

@@ -48,7 +48,7 @@ SyntaxHighlighter.all();
<?php
if ($ok==true){
if($view_user_id!=$_SESSION[$OJ_NAME.'_'.'user_id'])
echo "<a href='mail.php?to_user=".htmlentities($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
echo "<a href='mail.php?to_user=".htmlspecialchars($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
$brush=strtolower($language_name[$slanguage]);
if ($brush=='pascal') $brush='delphi';
if ($brush=='obj-c') $brush='c';
@@ -66,7 +66,7 @@ echo "\tMemory:".$smemory." kb\n";
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
}else{
echo $MSG_WARNING_ACCESS_DENIED;
}

View File

@@ -18,7 +18,7 @@ echo "\tMemory:".$smemory." kb\n";
echo "****************************************************************/\n\n";
$auth=ob_get_contents();
ob_end_clean();
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
}else{
echo $MSG_WARNING_ACCESS_DENIED ;
}

View File

@@ -71,10 +71,10 @@ echo"<option value=$i ".( $lastlang==$i?"selected":"").">
<br>
</span>
<?php if($OJ_ACE_EDITOR){ ?>
<pre style="width:80%;height:600" cols=180 rows=20 id="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></pre><br>
<pre style="width:80%;height:600" cols=180 rows=20 id="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></pre><br>
<input type=hidden id="hide_source" name="source" value=""/>
<?php }else{ ?>
<textarea style="width:80%;height:600" cols=180 rows=20 id="source" name="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea><br>
<textarea style="width:80%;height:600" cols=180 rows=20 id="source" name="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea><br>
<?php }?>
<?php if (isset($OJ_TEST_RUN)&&$OJ_TEST_RUN){?>

View File

@@ -29,7 +29,7 @@
<center>
<table class="table table-striped" id=statics width=70%>
<caption>
<?php echo $user."--".htmlentities($nick,ENT_QUOTES,"UTF-8")?>
<?php echo $user."--".htmlspecialchars($nick,ENT_QUOTES,"UTF-8")?>
<?php
echo "<a href=mail.php?to_user=$user>$MSG_MAIL</a>";
?>