Skip to content

Commit f14b0f4

Browse files
committed
correction of htmlspecialchars() for PHP 5.4 on non UTF-8
1 parent d4da4da commit f14b0f4

File tree

140 files changed

+765
-722
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

140 files changed

+765
-722
lines changed

html/modules/xpwiki/skin/pukiwiki/pukiwiki.skin.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@
8686
<?php if ($this->root->nofollow || ! $is_read) {?> <meta name="robots" content="NOINDEX,NOFOLLOW" /><?php }?>
8787
<?php if ($this->cont['PKWK_ALLOW_JAVASCRIPT'] && isset($this->root->javascript)) {?> <meta http-equiv="Content-Script-Type" content="text/javascript" /><?php }?>
8888

89-
<title><?php echo htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
89+
<title><?php echo htmlspecialchars($this->root->pagetitle, ENT_COMPAT, $this->cont['SOURCE_ENCODING']) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
9090

9191
<?php echo $head_pre_tag?>
9292
<?php echo <<<EOD

xoops_trust_path/modules/xpwiki/ID/VerUp/3/skin/pukiwiki/pukiwiki.skin.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@
8888
<?php if ($this->root->nofollow || ! $is_read) {?> <meta name="robots" content="NOINDEX,NOFOLLOW" /><?php }?>
8989
<?php if ($this->cont['PKWK_ALLOW_JAVASCRIPT'] && isset($this->root->javascript)) {?> <meta http-equiv="Content-Script-Type" content="text/javascript" /><?php }?>
9090

91-
<title><?php echo htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
91+
<title><?php echo $this->htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
9292

9393
<?php echo $head_pre_tag?>
9494
<?php echo <<<EOD

xoops_trust_path/modules/xpwiki/blocks/block_functions.php

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ function b_xpwiki_notification_edit( $options )
4242
$form = "
4343
<input type='hidden' name='options[0]' value='$mydirname' />
4444
<label for='this_template'>"._MB_XPWIKI_THISTEMPLATE."</label>&nbsp;:
45-
<input type='text' size='40' name='options[1]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES)."' /> ( {$defs[1]} )
45+
<input type='text' size='40' name='options[1]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES,_CHARSET)."' /> ( {$defs[1]} )
4646
<br />
4747
\n" ;
4848

@@ -162,13 +162,13 @@ function b_xpwiki_a_page_edit( $options )
162162
<input type='text' size='20' name='options[2]' id='blockwidth' value='".$width."' /> ( {$defs[2]} )
163163
<br />
164164
<label for='this_template'>"._MB_XPWIKI_THISTEMPLATE."</label>&nbsp;:
165-
<input type='text' size='40' name='options[3]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES)."' /> ( {$defs[3]} )
165+
<input type='text' size='40' name='options[3]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES,_CHARSET)."' /> ( {$defs[3]} )
166166
<br />
167167
<label for='divclass'>"._MB_XPWIKI_DIVCLASS."</label>&nbsp;:
168-
<input type='text' size='30' name='options[4]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES)."' /> ( {$defs[4]} )
168+
<input type='text' size='30' name='options[4]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES,_CHARSET)."' /> ( {$defs[4]} )
169169
<br />
170170
<label for='this_css'>"._MB_XPWIKI_THISCSS."</label>&nbsp;:
171-
<input type='text' size='30' name='options[5]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES)."' /> ( {$defs[5]} )
171+
<input type='text' size='30' name='options[5]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES,_CHARSET)."' /> ( {$defs[5]} )
172172
<br />
173173
<label>"._MB_XPWIKI_DISABLEDPAGECACHE."</label>&nbsp;:
174174
<input type='radio' name='options[6]' value='1'{$check_pagecache[0]} />Yes &nbsp; <input type='radio' name='options[6]' value='0'{$check_pagecache[1]} />No &nbsp; ( {$defs[6]} )
@@ -177,7 +177,7 @@ function b_xpwiki_a_page_edit( $options )
177177
<input type='radio' name='options[7]' value='module'{$check_headtag['module']} id='headtag_module' /><label for='headtag_module'>xoops_module_header</label> &nbsp; <input type='radio' name='options[7]' value='block'{$check_headtag['block']} id='headtag_block' /><label for='headtag_block'>xoops_block_header</label> &nbsp; <input type='radio' name='options[7]' value='body'{$check_headtag['body']} id='headtag_body' /><label for='headtag_body'>&lt;body&gt;(Inline)</label>
178178
<br />( {$defs[7]} )<br />
179179
<label for='target_page'>"._MB_XPWIKI_TARGETPAGE."</label>&nbsp;:
180-
<input type='text' size='30' name='options[8]' id='target_page' value='".htmlspecialchars($target_page,ENT_QUOTES)."' /><br />( \"PageName\" or \"xpWiki module dirname::PageName\" )
180+
<input type='text' size='30' name='options[8]' id='target_page' value='".htmlspecialchars($target_page,ENT_QUOTES,_CHARSET)."' /><br />( \"PageName\" or \"xpWiki module dirname::PageName\" )
181181
<br />
182182
\n" ;
183183
return $form;
@@ -283,13 +283,13 @@ function b_xpwiki_block_edit( $options )
283283
<input type='text' size='20' name='options[1]' id='blockwidth' value='".$width."' /> ( {$defs[1]} )
284284
<br />
285285
<label for='this_template'>"._MB_XPWIKI_THISTEMPLATE."</label>&nbsp;:
286-
<input type='text' size='40' name='options[2]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES)."' /> ( {$defs[2]} )
286+
<input type='text' size='40' name='options[2]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES,_CHARSET)."' /> ( {$defs[2]} )
287287
<br />
288288
<label for='divclass'>"._MB_XPWIKI_DIVCLASS."</label>&nbsp;:
289-
<input type='text' size='30' name='options[3]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES)."' /> ( {$defs[3]} )
289+
<input type='text' size='30' name='options[3]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES,_CHARSET)."' /> ( {$defs[3]} )
290290
<br />
291291
<label for='this_css'>"._MB_XPWIKI_THISCSS."</label>&nbsp;:
292-
<input type='text' size='30' name='options[4]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES)."' /> ( {$defs[4]} )
292+
<input type='text' size='30' name='options[4]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES,_CHARSET)."' /> ( {$defs[4]} )
293293
<br />
294294
<label>"._MB_XPWIKI_HEAD_TAG_PLACE."</label>&nbsp;:
295295
<input type='radio' name='options[5]' value='module'{$check_headtag['module']} id='headtag_module' /><label for='headtag_module'>xoops_module_header</label> &nbsp; <input type='radio' name='options[5]' value='block'{$check_headtag['block']} id='headtag_block' /><label for='headtag_block'>xoops_block_header</label> &nbsp; <input type='radio' name='options[5]' value='body'{$check_headtag['body']} id='headtag_body' /><label for='headtag_body'>&lt;body&gt;(Inline)</label>

xoops_trust_path/modules/xpwiki/class/attach.php

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -182,7 +182,7 @@ function getstatus()
182182
$user = $user['uname_s'];
183183
if (!$this->status['owner']) {
184184
if ($this->status['uname']) {
185-
$user = htmlspecialchars($this->status['uname']);
185+
$user = $this->func->htmlspecialchars($this->status['uname']);
186186
}
187187
$user = $user . " [".$this->status['ucd'] . "]";
188188
}
@@ -254,7 +254,7 @@ function toString($showicon,$showinfo,$mode="")
254254
. '&amp;';
255255
$param2 = 'file='.$file_e;
256256
$title = $this->time_str.' '.$this->size_str;
257-
$label = ($showicon ? $this->cont['FILE_ICON'] : '').htmlspecialchars($this->status['org_fname']);
257+
$label = ($showicon ? $this->cont['FILE_ICON'] : '').$this->func->htmlspecialchars($this->status['org_fname']);
258258
if ($this->age) {
259259
if ($mode == "imglist"){
260260
$label = 'backup No.'.$this->age;
@@ -275,7 +275,7 @@ function toString($showicon,$showinfo,$mode="")
275275
if ($is_owner) $info .= ' &build_js(attachDel,'.str_replace('|', '&#124;', $this->page).','.str_replace('|', '&#124;', $this->file).','.$this->age.','.$returi.');';
276276
} else {
277277
$info = "\n<span class=\"small\">[<a href=\"{$this->root->script}?plugin=attach&amp;pcmd=info{$param}{$param2}\" title=\"$_title\">{$this->root->_attach_messages['btn_info']}</a>]</span>";
278-
if ($is_owner) $info .= '<a href="'.$this->root->script.'?plugin=attach&pcmd=delete'.$param.$param2.'&amp;returi='.rawurlencode($returi).'" title="'.$this->root->_btn_delete.'" onclick="return confirm(\''.htmlspecialchars($this->file, ENT_QUOTES).': '.htmlspecialchars($this->root->_attach_messages['msg_delete'], ENT_QUOTES).'\')"><img src="'.$this->cont['LOADER_URL'].'?src=trash_16.gif" alt="'.$this->root->_btn_delete.'" /></a>';
278+
if ($is_owner) $info .= '<a href="'.$this->root->script.'?plugin=attach&pcmd=delete'.$param.$param2.'&amp;returi='.rawurlencode($returi).'" title="'.$this->root->_btn_delete.'" onclick="return confirm(\''.$this->func->htmlspecialchars($this->file, ENT_QUOTES).': '.$this->func->htmlspecialchars($this->root->_attach_messages['msg_delete'], ENT_QUOTES).'\')"><img src="'.$this->cont['LOADER_URL'].'?src=trash_16.gif" alt="'.$this->root->_btn_delete.'" /></a>';
279279
}
280280
}
281281
$count = ($showicon and !empty($this->status['count'][$this->age])) ?
@@ -308,8 +308,8 @@ function toString($showicon,$showinfo,$mode="")
308308
function info($err) {
309309

310310
$r_page = rawurlencode($this->page);
311-
$s_page = htmlspecialchars($this->page);
312-
$s_file = htmlspecialchars($this->file);
311+
$s_page = $this->func->htmlspecialchars($this->page);
312+
$s_file = $this->func->htmlspecialchars($this->file);
313313
$s_err = ($err == '') ? '' : '<p style="font-weight:bold">'.$this->root->_attach_messages[$err].'</p>';
314314
$ref = "";
315315
$img_info = "";
@@ -423,7 +423,7 @@ function info($err) {
423423
'<label for="_p_attach_newname">' . $this->root->_attach_messages['msg_newname'] .
424424
':</label> ' .
425425
'<input type="text" name="newname" id="_p_attach_newname" size="40" value="' .
426-
(htmlspecialchars(empty($this->status['org_fname'])? $this->file : $this->status['org_fname'])) . '" /><br />';
426+
($this->func->htmlspecialchars(empty($this->status['org_fname'])? $this->file : $this->status['org_fname'])) . '" /><br />';
427427
}
428428
if ($this->status['copyright']) {
429429
$msg_copyright = '<input type="radio" id="pcmd_c" name="pcmd" value="copyright0" /><label for="pcmd_c">'.$this->root->_attach_messages['msg_copyright0'].'</label>';
@@ -447,7 +447,7 @@ function info($err) {
447447
$info = $this->toString(TRUE,FALSE);
448448
$copyright = ($this->status['copyright'])? ' checked=TRUE' : '';
449449

450-
$retval = array('msg'=>sprintf($this->root->_attach_messages['msg_info'],htmlspecialchars($this->file)));
450+
$retval = array('msg'=>sprintf($this->root->_attach_messages['msg_info'],$this->func->htmlspecialchars($this->file)));
451451
$page_link = $this->func->make_pagelink($s_page);
452452
$ex_tags = '';
453453
if ($this->status['imagesize']) {
@@ -609,7 +609,7 @@ function delete($pass)
609609
$this->putstatus(TRUE);
610610
}
611611
if ($this->func->is_page($this->page)) {
612-
$this->root->rtf['esummary'] = 'Deleted an attach file: ' . htmlspecialchars($this->file);
612+
$this->root->rtf['esummary'] = 'Deleted an attach file: ' . $this->func->htmlspecialchars($this->file);
613613
$this->func->touch_page($this->page, NULL, TRUE);
614614
}
615615

@@ -781,7 +781,7 @@ function reinfo() {
781781
($this->age ? '&age='.$this->age : '');
782782
$redirect = "{$this->root->script}?plugin=attach&pcmd=info$param";
783783

784-
$msg = str_replace('$1', htmlspecialchars($this->status['org_fname']), $this->root->_title_updated);
784+
$msg = str_replace('$1', $this->func->htmlspecialchars($this->status['org_fname']), $this->root->_title_updated);
785785

786786
return array('msg' => $msg, 'redirect' => $redirect);
787787

@@ -1109,7 +1109,7 @@ function toString($flat,$fromall=FALSE,$mode="")
11091109
if ($this->is_popup) {
11101110
continue;
11111111
}
1112-
$_files[0] = htmlspecialchars($file);
1112+
$_files[0] = $this->func->htmlspecialchars($file);
11131113
}
11141114
ksort($_files);
11151115
$_file = $_files[0];
@@ -1170,7 +1170,7 @@ function toString($flat,$fromall=FALSE,$mode="")
11701170
$showall = ($fromall && $this->max < $this->count)? " [&nbsp;<a href=\"{$showall_href}\">Show All</a>&nbsp;]" : "";
11711171
if ($this->is_popup) {
11721172
if ($fromall) {
1173-
$showall = "<div class=\"filelist_page\"><a href=\"{$showall_href}\">" . htmlspecialchars($this->page) . '</a>' . $filecount . '<small>' . $showall . '</small></div>';
1173+
$showall = "<div class=\"filelist_page\"><a href=\"{$showall_href}\">" . $this->func->htmlspecialchars($this->page) . '</a>' . $filecount . '<small>' . $showall . '</small></div>';
11741174
} else {
11751175
$showall = '';
11761176
}
@@ -1338,11 +1338,11 @@ function toString($page='',$flat=FALSE)
13381338
$hiddens = array();
13391339
$hiddens['plugin'] = 'attach';
13401340
$hiddens['pcmd'] = $pcmd;
1341-
$hiddens['refer'] = (isset($this->root->vars['refer']))? htmlspecialchars($this->root->vars['refer']) : '';
1341+
$hiddens['refer'] = (isset($this->root->vars['refer']))? $this->func->htmlspecialchars($this->root->vars['refer']) : '';
13421342
foreach($otherkeys as $key) {
13431343
if (isset($this->root->vars[$key])) {
13441344
$otherprams[] = rawurlencode($key) . '=' . rawurlencode($this->root->vars[$key]);
1345-
$hiddens[htmlspecialchars($key)] = htmlspecialchars($this->root->vars[$key]);
1345+
$hiddens[$this->func->htmlspecialchars($key)] = $this->func->htmlspecialchars($this->root->vars[$key]);
13461346
}
13471347
}
13481348

@@ -1372,7 +1372,7 @@ function toString($page='',$flat=FALSE)
13721372
if ($this->root->vars['basedir'] === $dir) {
13731373
$defaultpage = $this->root->vars['base'];
13741374
}
1375-
$otherDirs[] = '<option value="' . $dir . '#' . htmlspecialchars($defaultpage) . '"' . $selected . '>' . htmlspecialchars($val['title']) . '</option>';
1375+
$otherDirs[] = '<option value="' . $dir . '#' . $this->func->htmlspecialchars($defaultpage) . '"' . $selected . '>' . $this->func->htmlspecialchars($val['title']) . '</option>';
13761376
}
13771377
$otherDir = '<form><img src="' . $this->cont['LOADER_URL'] . '?src=folder_go.png" alt="Dir" /> <select name="otherdir" style="max-width:85%;" onchange="xpwiki_dir_selector_change(this.options[this.selectedIndex].value)">' . join('', $otherDirs) . '</select></form>';
13781378
}
@@ -1412,7 +1412,7 @@ function toString($page='',$flat=FALSE)
14121412
$_class = 'attachable';
14131413
if ($this->cont['UA_PROFILE'] !== 'default') $_attachable = '&uarr;';
14141414
}
1415-
$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . htmlspecialchars($_page) . $count . '</option>';
1415+
$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . $this->func->htmlspecialchars($_page) . $count . '</option>';
14161416
}
14171417
}
14181418
$otherPages[] = '</optgroup>';
@@ -1425,14 +1425,14 @@ function toString($page='',$flat=FALSE)
14251425
if ($this->func->check_readable($row[0], false, false)) {
14261426
if (in_array($row[0], $shown)) continue;
14271427
$selected = ($row[0] === $page)? ' selected="selected"' : '';
1428-
$_page = htmlspecialchars($row[0]);
1428+
$_page = $this->func->htmlspecialchars($row[0]);
14291429
$_attachable = '';
14301430
$_class = 'readable';
14311431
if ($attach->attachable($_page)) {
14321432
$_class = 'attachable';
14331433
if ($this->cont['UA_PROFILE'] !== 'default') $_attachable = '&uarr;';
14341434
}
1435-
$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . htmlspecialchars($_page) . ' (' . $row[1] . ')</option>';
1435+
$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . $this->func->htmlspecialchars($_page) . ' (' . $row[1] . ')</option>';
14361436
}
14371437
}
14381438
$otherPages[] = '</optgroup>';
@@ -1441,7 +1441,7 @@ function toString($page='',$flat=FALSE)
14411441
$thisPage = '<option value="">--- ' . $this->root->_attach_messages['msg_page_select'] . ' ---</option>';
14421442
if ($this->root->vars['basedir'] === $this->root->mydirname) {
14431443
$selected = ($this->root->vars['base'] === $page)? ' selected="selected"' : '';
1444-
$thisPage .= '<option value="'.rawurlencode($this->root->vars['base']).'"' . $selected . '>' . htmlspecialchars($this->root->vars['base']) . $this->root->_attach_messages['msg_select_current'] . '</option>';
1444+
$thisPage .= '<option value="'.rawurlencode($this->root->vars['base']).'"' . $selected . '>' . $this->func->htmlspecialchars($this->root->vars['base']) . $this->root->_attach_messages['msg_select_current'] . '</option>';
14451445
}
14461446
if (! empty($this->root->vars['refer'])) $thisPage .= '<option value="#">'.$this->root->_attach_messages['msg_show_all_pages'].'</option>';
14471447
$base = rawurlencode($this->root->vars['base']);
@@ -1470,7 +1470,7 @@ function xpwiki_dir_selector_change(dir) {
14701470
EOD;
14711471
}
14721472

1473-
$sword = (isset($this->root->vars['word']))? htmlspecialchars($this->root->vars['word']) : '';
1473+
$sword = (isset($this->root->vars['word']))? $this->func->htmlspecialchars($this->root->vars['word']) : '';
14741474
$hidden = '';
14751475
unset($hiddens['word']);
14761476
foreach($hiddens as $key=> $val) {

xoops_trust_path/modules/xpwiki/class/convert_html.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -391,11 +391,11 @@ function XpWikiTableCell(& $xpwiki, $text, $is_template = FALSE) {
391391
} else
392392
if ($matches[3]) {
393393
$name = $matches[2] ? 'background-color' : 'color';
394-
$this->style[$name] = $name.':'.htmlspecialchars($matches[3]).';';
394+
$this->style[$name] = $name.':'.$this->func->htmlspecialchars($matches[3]).';';
395395
$text = $matches[5];
396396
} else
397397
if ($matches[4]) {
398-
$this->style['size'] = 'font-size:'.htmlspecialchars($matches[4]).'px;';
398+
$this->style['size'] = 'font-size:'.$this->func->htmlspecialchars($matches[4]).'px;';
399399
$text = $matches[5];
400400
}
401401
}
@@ -504,7 +504,7 @@ function get_cell_style($string) {
504504
// セル背景画
505505
if (preg_match("/(?:[SCB]C):\(([^),]*)(,once|,1)?\) ?/i",$cells[0],$tmp)) {
506506
if (strpos($tmp[1], $this->cont['ROOT_URL']) === 0) {
507-
$tmp[1] = htmlspecialchars($tmp[1]);
507+
$tmp[1] = $this->func->htmlspecialchars($tmp[1]);
508508
$this->style['background-image'] .= "background-image: url(".$tmp[1].");";
509509
if (!empty($tmp[2])) $this->style['background-image'] .= "background-repeat: no-repeat;";
510510
}
@@ -813,7 +813,7 @@ function get_table_style($string) {
813813
// テーブル背景画像指定
814814
if (preg_match("/TC:\(([^),]*)(,(?:no|one(?:ce)?|1))?\) ?/i",$string,$reg)) {
815815
if (strpos($reg[1], $this->cont['ROOT_URL']) === 0) {
816-
$reg[1] = htmlspecialchars($reg[1]);
816+
$reg[1] = $this->func->htmlspecialchars($reg[1]);
817817
$this->table_sheet .= "background-image: url(".$reg[1].");";
818818
if (!empty($reg[2])) $this->table_sheet .= "background-repeat: no-repeat;";
819819
}
@@ -926,7 +926,7 @@ function toString() {
926926
class XpWikiPre extends XpWikiElement {
927927
function XpWikiPre(& $root, $text) {
928928
parent :: XpWikiElement($root->xpwiki);
929-
$this->elements[] = htmlspecialchars((!$this->root->preformat_ltrim || $text === '' || $text {
929+
$this->elements[] = $this->func->htmlspecialchars((!$this->root->preformat_ltrim || $text === '' || $text {
930930
0}
931931
!= ' ') ? $text : substr($text, 1));
932932
}

xoops_trust_path/modules/xpwiki/class/ext_autolink.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ function ext_autolink_replace($match) {
4949
if (strlen($name) < $this->ext_autolink_len) {return $match[0];}
5050

5151
$page = $this->ext_autolink_base.$name;
52-
$title = htmlspecialchars(str_replace('[KEY]', $this->ext_autolink_base.$name, $this->ext_autolink_title));
52+
$title = $this->func->htmlspecialchars(str_replace('[KEY]', $this->ext_autolink_base.$name, $this->ext_autolink_title));
5353

5454
if ($this->ext_autolink_own !== false) {
5555
// own site
@@ -69,9 +69,9 @@ function ext_autolink_replace($match) {
6969
if (isset($this->ext_autolink_replace['from'])) {
7070
$_url = str_replace($this->ext_autolink_replace['from'], $this->ext_autolink_replace['func']($page), $this->ext_autolink_pat);
7171
}
72-
return '<a href="'.$_url.'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.htmlspecialchars($name).'</a>';
72+
return '<a href="'.$_url.'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.$this->func->htmlspecialchars($name).'</a>';
7373
} else {
74-
return '<a href="'.$this->ext_autolink_url.'?'.rawurlencode($page).'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.htmlspecialchars($name).'</a>';
74+
return '<a href="'.$this->ext_autolink_url.'?'.rawurlencode($page).'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.$this->func->htmlspecialchars($name).'</a>';
7575
}
7676
}
7777
}

xoops_trust_path/modules/xpwiki/class/extension/xoopsSearch.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -89,7 +89,7 @@ function get ($keywords , $andor , $limit , $offset , $userid) {
8989
$link = $this->func->get_page_uri($myrow['name']);
9090
$ret[] = array(
9191
'link' => $link . ((strpos($link, '?') === false)? '?' : '&amp;') . 'word=' . $sword,
92-
'title' => htmlspecialchars($myrow['name'].$title, ENT_QUOTES),
92+
'title' => htmlspecialchars($myrow['name'].$title, ENT_QUOTES ,_CHARSET),
9393
'image' => 'skin/loader.php?src=xoops_search.png',
9494
'time' => $myrow['editedtime'] + $this->cont['LOCALZONE'],
9595
'uid' => $myrow['uid'],

xoops_trust_path/modules/xpwiki/class/func/base_func.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ function get_userinfo_by_id ($uid, $defname=NULL) {
4444
'admin' => FALSE,
4545
'uid' => 0,
4646
'uname' => $defname,
47-
'uname_s' => htmlspecialchars($defname),
47+
'uname_s' => $this->htmlspecialchars($defname),
4848
'email' => '',
4949
'gids' => array(),
5050
);

0 commit comments

Comments
 (0)