htmlentities -> htmlspecialchars
This commit is contained in:
@@ -8,13 +8,13 @@
|
||||
<meta name="author" content="">
|
||||
<link rel="icon" href="../../favicon.ico">
|
||||
|
||||
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Balloon Ticket</h1>
|
||||
<?php
|
||||
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "Problem ".$PID[$view_pid]."<br>";
|
||||
echo "Balloon Color: <font color='".$ball_color[$view_pid]."'>".$ball_name[$view_pid]."</font><br>";
|
||||
?>
|
||||
|
||||
@@ -38,7 +38,7 @@
|
||||
|
||||
foreach ($category as $cat){
|
||||
if(trim($cat)=="") continue;
|
||||
$my_category.= "<button class=\"layui-btn\"><a class='btn btn-primary' href='problemset.php?search=".htmlentities($cat,ENT_QUOTES,'UTF-8')."'>".$cat."</a></button>";
|
||||
$my_category.= "<button class=\"layui-btn\"><a class='btn btn-primary' href='problemset.php?search=".htmlspecialchars($cat,ENT_QUOTES,'UTF-8')."'>".$cat."</a></button>";
|
||||
}
|
||||
|
||||
$my_category.= "</div>";
|
||||
|
||||
@@ -59,7 +59,7 @@ $usolved=$U[$i]->solved;
|
||||
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
|
||||
else echo"<td>";
|
||||
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
|
||||
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
|
||||
echo "<td>".sec2str($U[$i]->time);
|
||||
echo "<td>".($U[$i]->total);
|
||||
|
||||
@@ -61,7 +61,7 @@ $usolved=$U[$i]->solved;
|
||||
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
|
||||
else echo"<td>";
|
||||
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
|
||||
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
|
||||
echo "<td>".sec2str($U[$i]->time);
|
||||
for ($j=0;$j<$pid_cnt;$j++){
|
||||
|
||||
@@ -48,7 +48,7 @@ $usolved=$U[$i]->solved;
|
||||
if(isset($_GET['user_id'])&&$uuid==$_GET['user_id']) echo "<td bgcolor=#ffff77>";
|
||||
else echo"<td>";
|
||||
echo "<a name=\"$uuid\" href=userinfo.php?user=$uuid>$uuid</a>";
|
||||
echo "<td><a href=userinfo.php?user=$uuid>".htmlentities($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "<td><a href=userinfo.php?user=$uuid>".htmlspecialchars($U[$i]->nick,ENT_QUOTES,"UTF-8")."</a>";
|
||||
echo "<td><a href=status.php?user_id=$uuid&cid=$cid>$usolved</a>";
|
||||
echo "<td>".sec2str($U[$i]->time);
|
||||
for ($j=0;$j<$pid_cnt;$j++){
|
||||
|
||||
@@ -31,9 +31,9 @@ if($view_content)
|
||||
echo "<center>
|
||||
<table>
|
||||
<tr>
|
||||
<td class=blue>$to_user:".htmlentities(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." </td>
|
||||
<td class=blue>$to_user:".htmlspecialchars(str_replace("\n\r","\n",$view_title),ENT_QUOTES,"UTF-8")." </td>
|
||||
</tr>
|
||||
<tr><td><pre>". htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
|
||||
<tr><td><pre>". htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"UTF-8")."</pre>
|
||||
</td></tr>
|
||||
</table></center>";
|
||||
?>
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_NICK?></label>
|
||||
<div class="col-sm-4"><input name="nick" class="form-control" value="<?php echo htmlentities($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
<div class="col-sm-4"><input name="nick" class="form-control" value="<?php echo htmlspecialchars($row['nick'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_PASSWORD?></label>
|
||||
@@ -51,12 +51,12 @@
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_SCHOOL?></label>
|
||||
<div class="col-sm-4"><input name="school" class="form-control" value="<?php echo htmlentities($row['school'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
<div class="col-sm-4"><input name="school" class="form-control" value="<?php echo htmlspecialchars($row['school'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
<?php if(isset($_SESSION[$OJ_NAME."_printer"])) echo "$MSG_HELP_BALLOON_SCHOOL";?>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-4 control-label"><?php echo $MSG_EMAIL?></label>
|
||||
<div class="col-sm-4"><input name="email" class="form-control" value="<?php echo htmlentities($row['email'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
<div class="col-sm-4"><input name="email" class="form-control" value="<?php echo htmlspecialchars($row['email'],ENT_QUOTES,"UTF-8")?>" type="text"></div>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<meta name="author" content="">
|
||||
<link rel="icon" href="../../favicon.ico">
|
||||
|
||||
<title><?php echo htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
<title><?php echo htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")?></title>
|
||||
</head>
|
||||
<body>
|
||||
<link href='<?php echo $OJ_CDN_URL?>highlight/styles/shCore.css' rel='stylesheet' type='text/css'/>
|
||||
@@ -27,9 +27,9 @@ function draw(){
|
||||
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
|
||||
<input onclick="location.href='printer.php?id=<?php echo $id?>';" type="button" value="<?php echo $MSG_PRINT_DONE?>"><br>
|
||||
<?php
|
||||
echo "<h2>".htmlentities(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlentities(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlentities(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "<pre class='brush:c'>".htmlentities(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
|
||||
echo "<h2>".htmlspecialchars(str_replace("\n\r","\n",$view_user),ENT_QUOTES,"utf-8")."\n";
|
||||
echo "-".htmlspecialchars(str_replace("\n\r","\n",$view_school),ENT_QUOTES,"utf-8")."-".htmlspecialchars(str_replace("\n\r","\n",$view_nick),ENT_QUOTES,"utf-8")."\n"."</h2>";
|
||||
echo "<pre class='brush:c'>".htmlspecialchars(str_replace("\n\r","\n",$view_content),ENT_QUOTES,"utf-8")."\n"."</pre>";
|
||||
?>
|
||||
<input onclick="draw()" type="button" value="Line Number">
|
||||
<input onclick="window.print();" type="button" value="<?php echo $MSG_PRINTER?>">
|
||||
|
||||
@@ -91,7 +91,7 @@
|
||||
echo "<h4>$MSG_SOURCE</h4><div class=content>";
|
||||
$cats=explode(" ",$row['source']);
|
||||
foreach($cats as $cat){
|
||||
echo "<a href='problemset.php?search=".urlencode(htmlentities($cat,ENT_QUOTES,'utf-8'))."'>".htmlentities($cat,ENT_QUOTES,'utf-8')."</a> ";
|
||||
echo "<a href='problemset.php?search=".urlencode(htmlspecialchars($cat,ENT_QUOTES,'utf-8'))."'>".htmlspecialchars($cat,ENT_QUOTES,'utf-8')."</a> ";
|
||||
}
|
||||
echo "</div><br>";
|
||||
}
|
||||
|
||||
@@ -27,7 +27,7 @@
|
||||
<div class="jumbotron">
|
||||
<tr><td colspan=3 align=left >
|
||||
<form class="form-inline" action="ranklist.php">
|
||||
<?php echo $MSG_USER?><input class="form-control" name="prefix" value="<?php echo htmlentities(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" >
|
||||
<?php echo $MSG_USER?><input class="form-control" name="prefix" value="<?php echo htmlspecialchars(isset($_GET['prefix'])?$_GET['prefix']:"",ENT_QUOTES,"utf-8") ?>" >
|
||||
<input type=submit class="form-control" value=Search >
|
||||
</form></td><td colspan=3 align=right>
|
||||
<a href=ranklist.php?scope=d>Day</a>
|
||||
|
||||
@@ -48,7 +48,7 @@ SyntaxHighlighter.all();
|
||||
<?php
|
||||
if ($ok==true){
|
||||
if($view_user_id!=$_SESSION[$OJ_NAME.'_'.'user_id'])
|
||||
echo "<a href='mail.php?to_user=".htmlentities($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
|
||||
echo "<a href='mail.php?to_user=".htmlspecialchars($view_user_id,ENT_QUOTES,"UTF-8")."&title=$MSG_SUBMIT $id'>Mail the author</a>";
|
||||
$brush=strtolower($language_name[$slanguage]);
|
||||
if ($brush=='pascal') $brush='delphi';
|
||||
if ($brush=='obj-c') $brush='c';
|
||||
@@ -66,7 +66,7 @@ echo "\tMemory:".$smemory." kb\n";
|
||||
echo "****************************************************************/\n\n";
|
||||
$auth=ob_get_contents();
|
||||
ob_end_clean();
|
||||
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
|
||||
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
|
||||
}else{
|
||||
echo $MSG_WARNING_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
@@ -18,7 +18,7 @@ echo "\tMemory:".$smemory." kb\n";
|
||||
echo "****************************************************************/\n\n";
|
||||
$auth=ob_get_contents();
|
||||
ob_end_clean();
|
||||
echo htmlentities(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
|
||||
echo htmlspecialchars(str_replace("\n\r","\n",$view_source),ENT_QUOTES,"utf-8")."\n".$auth."</pre>";
|
||||
}else{
|
||||
echo $MSG_WARNING_ACCESS_DENIED ;
|
||||
}
|
||||
|
||||
@@ -71,10 +71,10 @@ echo"<option value=$i ".( $lastlang==$i?"selected":"").">
|
||||
<br>
|
||||
</span>
|
||||
<?php if($OJ_ACE_EDITOR){ ?>
|
||||
<pre style="width:80%;height:600" cols=180 rows=20 id="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></pre><br>
|
||||
<pre style="width:80%;height:600" cols=180 rows=20 id="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></pre><br>
|
||||
<input type=hidden id="hide_source" name="source" value=""/>
|
||||
<?php }else{ ?>
|
||||
<textarea style="width:80%;height:600" cols=180 rows=20 id="source" name="source"><?php echo htmlentities($view_src,ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<textarea style="width:80%;height:600" cols=180 rows=20 id="source" name="source"><?php echo htmlspecialchars($view_src,ENT_QUOTES,"UTF-8")?></textarea><br>
|
||||
<?php }?>
|
||||
|
||||
<?php if (isset($OJ_TEST_RUN)&&$OJ_TEST_RUN){?>
|
||||
|
||||
@@ -29,7 +29,7 @@
|
||||
<center>
|
||||
<table class="table table-striped" id=statics width=70%>
|
||||
<caption>
|
||||
<?php echo $user."--".htmlentities($nick,ENT_QUOTES,"UTF-8")?>
|
||||
<?php echo $user."--".htmlspecialchars($nick,ENT_QUOTES,"UTF-8")?>
|
||||
<?php
|
||||
echo "<a href=mail.php?to_user=$user>$MSG_MAIL</a>";
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user