Special Characters in GPX-/TXT-Files ; update #121 ; update #222

OpencachingDeutschland · Jul 8, 2013 · 99e638e · 99e638e
1 parent fd0548a
commit 99e638e
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 25 deletions.
diff --git a/htdocs/lib/search.gpx.inc.php b/htdocs/lib/search.gpx.inc.php
@@ -71,7 +71,7 @@
    *    <groundspeak:terrain>(.*?)<\/groundspeak:terrain>
    *    <groundspeak:country>(.*?)<\/groundspeak:country>
    *    <groundspeak:state>(.*?)<\/groundspeak:state>
-	 *    <groundspeak:short_description html="(.*?)".*?>(.*?)<\/groundspeak:short_description>
+   *    <groundspeak:short_description html="(.*?)".*?>(.*?)<\/groundspeak:short_description>
    *    <groundspeak:long_description html="(.*?)".*?>(.*?)<\/groundspeak:long_description>
    *    <groundspeak:encoded_hints>(.*?)<\/groundspeak:encoded_hints>
    */
@@ -182,7 +182,7 @@
 				$distance_unit = 'km';
 
 				$lon_rad = $record_coords['longitude'] * 3.14159 / 180;   
-        $lat_rad = $record_coords['latitude'] * 3.14159 / 180; 
+				$lat_rad = $record_coords['latitude'] * 3.14159 / 180;
 
 				$sql .= getSqlDistanceFormula($record_coords['longitude'], $record_coords['latitude'], 0, $multiplier[$distance_unit]) . ' `distance`, ';
 			}
@@ -201,15 +201,15 @@
 			$sAddJoin .= ' AND `cache_logs`.`user_id`=' . sql_escape($usr === false? 0 : $usr['userid']);
 		$sGroupBy = ' GROUP BY `caches`.`cache_id`';
 	}
-	$sql .= '`caches`.`cache_id` `cache_id`, `caches`.`status` `status`, `caches`.`type` `type`, `caches`.`size` `size`, `caches`.`longitude` `longitude`, `caches`.`latitude` `latitude`, `caches`.`user_id` `user_id`, 
+	$sql .= '`caches`.`cache_id` `cache_id`, `caches`.`status` `status`, `caches`.`type` `type`, `caches`.`size` `size`, `caches`.`longitude` `longitude`, `caches`.`latitude` `latitude`, `caches`.`user_id` `user_id`,
 	            IF(IFNULL(`stat_caches`.`toprating`,0)>3, 4, IFNULL(`stat_caches`.`toprating`, 0)) `ratingvalue`,
-		 `cache_location`.`adm2` `state`' . 
+		 `cache_location`.`adm2` `state`' .
 				      $sAddField
 		 . ' FROM `caches`
 	  LEFT JOIN `stat_caches` ON `caches`.`cache_id`=`stat_caches`.`cache_id`
 	  LEFT JOIN `cache_location` ON `caches`.`cache_id`=`cache_location`.`cache_id`' .
-				      $sAddJoin 
+				      $sAddJoin
-		. ' WHERE `caches`.`cache_id` IN (' . $sqlFilter . ')' . 
+		. ' WHERE `caches`.`cache_id` IN (' . $sqlFilter . ')' .
 				      $sGroupBy;
 	$sortby = $options['sort'];
 
@@ -352,7 +352,7 @@
 			$thisline = mb_ereg_replace('{hints}', '', $thisline);
 		else
 		  // Ocprop:  <groundspeak:encoded_hints>(.*?)<\/groundspeak:encoded_hints>
-			$thisline = mb_ereg_replace('{hints}', '      <groundspeak:encoded_hints>' . xmlentities(strip_tags($r['hint'])) . '</groundspeak:encoded_hints>
+			$thisline = mb_ereg_replace('{hints}', '      <groundspeak:encoded_hints>' . decodeEntities(strip_tags($r['hint'])) . '</groundspeak:encoded_hints>
 ', $thisline);
 
 		$thisline = mb_ereg_replace('{shortdesc}', xmlentities($r['short_desc']), $thisline);
@@ -362,7 +362,7 @@
 			$r['userid'], $r['username'], $r['data_license'], $r['cacheid'], $locale, true, true);
 		if ($license != "")
 			$desc .= "<p><em>$license</em></p>";
-		$thisline = mb_ereg_replace('{desc}', xmlentities($desc), $thisline);
+		$thisline = mb_ereg_replace('{desc}', xmlentities(decodeEntities($desc)), $thisline);
 
 		$thisline = mb_ereg_replace('{images}', xmlentities(getPictures($r['cacheid'])), $thisline);
 
@@ -443,7 +443,7 @@
 					$logtype = $gpxLogType[0];
 
 				$thislog = mb_ereg_replace('{type}', $logtype, $thislog);
-				$thislog = mb_ereg_replace('{text}', xmlentities($rLog['text']), $thislog);
+				$thislog = mb_ereg_replace('{text}', xmlentities(decodeEntities($rLog['text'])), $thislog);
 
 				$logentries .= $thislog . "\n";
 			}
@@ -467,7 +467,7 @@
 				$logtype = $gpxLogType[0];
 
 			$thislog = mb_ereg_replace('{type}', $logtype, $thislog);
-			$thislog = mb_ereg_replace('{text}', xmlentities($rLog['text']), $thislog);
+			$thislog = mb_ereg_replace('{text}', xmlentities(decodeEntities($rLog['text'])), $thislog);
 
 			$logentries .= $thislog . "\n";
 		}
@@ -570,18 +570,35 @@
 
 	exit;
 
-	function xmlentities($str)
+	function decodeEntities($str)
 	{
-		$from[0] = '&'; $to[0] = '&amp;';
+		$str = changePlaceholder($str);
-		$from[1] = '<'; $to[1] = '&lt;';
+		$str = html_entity_decode($str, ENT_COMPAT, "UTF-8");
-		$from[2] = '>'; $to[2] = '&gt;';
+		$str = changePlaceholder($str, true);
-		$from[3] = '"'; $to[3] = '&quot;';
+		return $str;
-		$from[4] = '\''; $to[4] = '&apos;';
+	}
-		$from[5] = ']]>'; $to[5] = ']] >';
 
-		for ($i = 0; $i <= 4; $i++)
+	function changePlaceholder($str, $inverse = true)
-			$str = mb_ereg_replace($from[$i], $to[$i], $str);
+	{
+		$placeholter[0] = '{oc-placeholder-lt}'; $entity[0] = '&lt;';
+		$placeholder[1] = '{oc-placeholder-gt}'; $entity[1] = '&gt;';
+		for ($i=0;$i<=1;$i++)
+		{
+			if (!$inverse)
+			{
+				$str = mb_ereg_replace($entity[$i], $placeholder[$i], $str);
+			}
+			else
+			{
+				$str = mb_ereg_replace($placeholder[$i], $entity[$i], $str);
+			}
+		}
+		return $str;
+	}
 
+	function xmlentities($str)
+	{
+		$str = htmlspecialchars($str, ENT_NOQUOTES, "UTF-8");
 		return filterevilchars($str);
 	}
 
@@ -612,8 +629,8 @@ function getCacheNote($userid, $cacheid)
 		return null;
 	}
 
-  // based on oc.pl code, but embedded thumbs instead of full pictures
+	// based on oc.pl code, but embedded thumbs instead of full pictures
-  // (also to hide spoilers first)
+	// (also to hide spoilers first)
 	function getPictures($cacheid)
 	{
 		global $translate, $absolute_server_URI;

diff --git a/htdocs/lib/search.txt.inc.php b/htdocs/lib/search.txt.inc.php
@@ -221,7 +221,7 @@
 		if ($r['hint'] == '')
 			$thisline = mb_ereg_replace('{hints}', '', $thisline);
 		else
-			$thisline = mb_ereg_replace('{hints}', str_rot13_html(strip_tags($r['hint'])), $thisline);
+			$thisline = mb_ereg_replace('{hints}', str_rot13_html(decodeEntities(strip_tags($r['hint']))), $thisline);
 
 		$thisline = mb_ereg_replace('{shortdesc}', $r['short_desc'], $thisline);
 
@@ -233,7 +233,7 @@
 		if ($r['html'] == 0)
 		{
 			$thisline = mb_ereg_replace('{htmlwarn}', '', $thisline);
-			$thisline = mb_ereg_replace('{desc}', strip_tags($r['desc']) . $license, $thisline);
+			$thisline = mb_ereg_replace('{desc}', decodeEntities(strip_tags($r['desc'])) . $license, $thisline);
 		}
 		else
 		{
@@ -272,7 +272,7 @@
 
 			$thislog = mb_ereg_replace('{type}', $logtype, $thislog);
 			if ($rLog['text_html'] == 0)
-				$thislog = mb_ereg_replace('{text}', $rLog['text'], $thislog);
+				$thislog = mb_ereg_replace('{text}', strip_tags($rLog['text']), $thislog);
 			else
 				$thislog = mb_ereg_replace('{text}', html2txt($rLog['text']), $thislog);
 
@@ -300,13 +300,20 @@
 	}
 
 	exit;
-
+
+	function decodeEntities($str)
+	{
+		$str = html_entity_decode($str, ENT_COMPAT, "UTF-8");
+		return $str;
+	}
+
 	function html2txt($html)
 	{
 		$str = mb_ereg_replace("\r\n", '', $html);
 		$str = mb_ereg_replace("\n", '', $str);
 		$str = mb_ereg_replace('<br />', "\n", $str);
 		$str = strip_tags($str);
+		$str = decodeEntities($str);
 		return $str;
 	}