correction of htmlspecialchars() for PHP 5.4 on non UTF-8

Author: nao-pon

html/modules/xpwiki/skin/pukiwiki/pukiwiki.skin.php

@@ -86,7 +86,7 @@
 <?php if ($this->root->nofollow || ! $is_read)  {?> <meta name="robots" content="NOINDEX,NOFOLLOW" /><?php }?>
 <?php if ($this->cont['PKWK_ALLOW_JAVASCRIPT'] && isset($this->root->javascript)) {?> <meta http-equiv="Content-Script-Type" content="text/javascript" /><?php }?>
 
- <title><?php echo htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
+ <title><?php echo htmlspecialchars($this->root->pagetitle, ENT_COMPAT, $this->cont['SOURCE_ENCODING']) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
 
 <?php echo $head_pre_tag?>
 <?php echo <<<EOD

xoops_trust_path/modules/xpwiki/ID/VerUp/3/skin/pukiwiki/pukiwiki.skin.php

@@ -88,7 +88,7 @@
 <?php if ($this->root->nofollow || ! $is_read)  {?> <meta name="robots" content="NOINDEX,NOFOLLOW" /><?php }?>
 <?php if ($this->cont['PKWK_ALLOW_JAVASCRIPT'] && isset($this->root->javascript)) {?> <meta http-equiv="Content-Script-Type" content="text/javascript" /><?php }?>
 
- <title><?php echo htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
+ <title><?php echo $this->htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
 
 <?php echo $head_pre_tag?>
 <?php echo <<<EOD

xoops_trust_path/modules/xpwiki/blocks/block_functions.php

@@ -42,7 +42,7 @@ function b_xpwiki_notification_edit( $options )
 	$form = "
 		<input type='hidden' name='options[0]' value='$mydirname' />
 		<label for='this_template'>"._MB_XPWIKI_THISTEMPLATE."</label>&nbsp;:
-		<input type='text' size='40' name='options[1]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES)."' /> ( {$defs[1]} )
+		<input type='text' size='40' name='options[1]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES,_CHARSET)."' /> ( {$defs[1]} )
 		<br />
 	\n" ;
 
@@ -162,13 +162,13 @@ function b_xpwiki_a_page_edit( $options )
 		<input type='text' size='20' name='options[2]' id='blockwidth' value='".$width."' /> ( {$defs[2]} )
 		<br />
 		<label for='this_template'>"._MB_XPWIKI_THISTEMPLATE."</label>&nbsp;:
-		<input type='text' size='40' name='options[3]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES)."' /> ( {$defs[3]} )
+		<input type='text' size='40' name='options[3]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES,_CHARSET)."' /> ( {$defs[3]} )
 		<br />
 		<label for='divclass'>"._MB_XPWIKI_DIVCLASS."</label>&nbsp;:
-		<input type='text' size='30' name='options[4]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES)."' /> ( {$defs[4]} )
+		<input type='text' size='30' name='options[4]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES,_CHARSET)."' /> ( {$defs[4]} )
 		<br />
 		<label for='this_css'>"._MB_XPWIKI_THISCSS."</label>&nbsp;:
-		<input type='text' size='30' name='options[5]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES)."' /> ( {$defs[5]} )
+		<input type='text' size='30' name='options[5]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES,_CHARSET)."' /> ( {$defs[5]} )
 		<br />
 		<label>"._MB_XPWIKI_DISABLEDPAGECACHE."</label>&nbsp;:
 		<input type='radio' name='options[6]' value='1'{$check_pagecache[0]} />Yes &nbsp; <input type='radio' name='options[6]' value='0'{$check_pagecache[1]} />No &nbsp; ( {$defs[6]} )
@@ -177,7 +177,7 @@ function b_xpwiki_a_page_edit( $options )
 		<input type='radio' name='options[7]' value='module'{$check_headtag['module']} id='headtag_module' /><label for='headtag_module'>xoops_module_header</label> &nbsp; <input type='radio' name='options[7]' value='block'{$check_headtag['block']} id='headtag_block' /><label for='headtag_block'>xoops_block_header</label> &nbsp; <input type='radio' name='options[7]' value='body'{$check_headtag['body']} id='headtag_body' /><label for='headtag_body'>&lt;body&gt;(Inline)</label>
 		<br />( {$defs[7]} )<br />
 		<label for='target_page'>"._MB_XPWIKI_TARGETPAGE."</label>&nbsp;:
-		<input type='text' size='30' name='options[8]' id='target_page' value='".htmlspecialchars($target_page,ENT_QUOTES)."' /><br />( \"PageName\" or \"xpWiki module dirname::PageName\" )
+		<input type='text' size='30' name='options[8]' id='target_page' value='".htmlspecialchars($target_page,ENT_QUOTES,_CHARSET)."' /><br />( \"PageName\" or \"xpWiki module dirname::PageName\" )
 		<br />
 		\n" ;
 	return $form;
@@ -283,13 +283,13 @@ function b_xpwiki_block_edit( $options )
 		<input type='text' size='20' name='options[1]' id='blockwidth' value='".$width."' /> ( {$defs[1]} )
 		<br />
 		<label for='this_template'>"._MB_XPWIKI_THISTEMPLATE."</label>&nbsp;:
-		<input type='text' size='40' name='options[2]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES)."' /> ( {$defs[2]} )
+		<input type='text' size='40' name='options[2]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES,_CHARSET)."' /> ( {$defs[2]} )
 		<br />
 		<label for='divclass'>"._MB_XPWIKI_DIVCLASS."</label>&nbsp;:
-		<input type='text' size='30' name='options[3]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES)."' /> ( {$defs[3]} )
+		<input type='text' size='30' name='options[3]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES,_CHARSET)."' /> ( {$defs[3]} )
 		<br />
 		<label for='this_css'>"._MB_XPWIKI_THISCSS."</label>&nbsp;:
-		<input type='text' size='30' name='options[4]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES)."' /> ( {$defs[4]} )
+		<input type='text' size='30' name='options[4]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES,_CHARSET)."' /> ( {$defs[4]} )
 		<br />
 		<label>"._MB_XPWIKI_HEAD_TAG_PLACE."</label>&nbsp;:
 		<input type='radio' name='options[5]' value='module'{$check_headtag['module']} id='headtag_module' /><label for='headtag_module'>xoops_module_header</label> &nbsp; <input type='radio' name='options[5]' value='block'{$check_headtag['block']} id='headtag_block' /><label for='headtag_block'>xoops_block_header</label> &nbsp; <input type='radio' name='options[5]' value='body'{$check_headtag['body']} id='headtag_body' /><label for='headtag_body'>&lt;body&gt;(Inline)</label>

xoops_trust_path/modules/xpwiki/class/attach.php

@@ -182,7 +182,7 @@ function getstatus()
 		$user = $user['uname_s'];
 		if (!$this->status['owner']) {
 			if ($this->status['uname']) {
-				$user = htmlspecialchars($this->status['uname']);
+				$user = $this->func->htmlspecialchars($this->status['uname']);
 			}
 			$user = $user . " [".$this->status['ucd'] . "]";
 		}
@@ -254,7 +254,7 @@ function toString($showicon,$showinfo,$mode="")
 		       . '&';
 		$param2 = 'file='.$file_e;
 		$title = $this->time_str.' '.$this->size_str;
-		$label = ($showicon ? $this->cont['FILE_ICON'] : '').htmlspecialchars($this->status['org_fname']);
+		$label = ($showicon ? $this->cont['FILE_ICON'] : '').$this->func->htmlspecialchars($this->status['org_fname']);
 		if ($this->age) {
 			if ($mode == "imglist"){
 				$label = 'backup No.'.$this->age;
@@ -275,7 +275,7 @@ function toString($showicon,$showinfo,$mode="")
 					if ($is_owner) $info .= ' &build_js(attachDel,'.str_replace('|', '|', $this->page).','.str_replace('|', '|', $this->file).','.$this->age.','.$returi.');';
 				} else {
 					$info = "\n<span class=\"small\">[<a href=\"{$this->root->script}?plugin=attach&amp;pcmd=info{$param}{$param2}\" title=\"$_title\">{$this->root->_attach_messages['btn_info']}</a>]</span>";
-					if ($is_owner) $info .= '<a href="'.$this->root->script.'?plugin=attach&pcmd=delete'.$param.$param2.'&amp;returi='.rawurlencode($returi).'" title="'.$this->root->_btn_delete.'" onclick="return confirm(\''.htmlspecialchars($this->file, ENT_QUOTES).': '.htmlspecialchars($this->root->_attach_messages['msg_delete'], ENT_QUOTES).'\')"><img src="'.$this->cont['LOADER_URL'].'?src=trash_16.gif" alt="'.$this->root->_btn_delete.'" /></a>';
+					if ($is_owner) $info .= '<a href="'.$this->root->script.'?plugin=attach&pcmd=delete'.$param.$param2.'&amp;returi='.rawurlencode($returi).'" title="'.$this->root->_btn_delete.'" onclick="return confirm(\''.$this->func->htmlspecialchars($this->file, ENT_QUOTES).': '.$this->func->htmlspecialchars($this->root->_attach_messages['msg_delete'], ENT_QUOTES).'\')"><img src="'.$this->cont['LOADER_URL'].'?src=trash_16.gif" alt="'.$this->root->_btn_delete.'" /></a>';
 				}
 			}
 			$count = ($showicon and !empty($this->status['count'][$this->age])) ?
@@ -308,8 +308,8 @@ function toString($showicon,$showinfo,$mode="")
 	function info($err) {
 
 		$r_page = rawurlencode($this->page);
-		$s_page = htmlspecialchars($this->page);
-		$s_file = htmlspecialchars($this->file);
+		$s_page = $this->func->htmlspecialchars($this->page);
+		$s_file = $this->func->htmlspecialchars($this->file);
 		$s_err = ($err == '') ? '' : '<p style="font-weight:bold">'.$this->root->_attach_messages[$err].'</p>';
 		$ref = "";
 		$img_info = "";
@@ -423,7 +423,7 @@ function info($err) {
 						'<label for="_p_attach_newname">' . $this->root->_attach_messages['msg_newname'] .
 						':</label> ' .
 						'<input type="text" name="newname" id="_p_attach_newname" size="40" value="' .
-						(htmlspecialchars(empty($this->status['org_fname'])? $this->file : $this->status['org_fname'])) . '" /><br />';
+						($this->func->htmlspecialchars(empty($this->status['org_fname'])? $this->file : $this->status['org_fname'])) . '" /><br />';
 				}
 				if ($this->status['copyright']) {
 					$msg_copyright  = '<input type="radio" id="pcmd_c" name="pcmd" value="copyright0" /><label for="pcmd_c">'.$this->root->_attach_messages['msg_copyright0'].'</label>';
@@ -447,7 +447,7 @@ function info($err) {
 		$info = $this->toString(TRUE,FALSE);
 		$copyright = ($this->status['copyright'])? ' checked=TRUE' : '';
 
-		$retval = array('msg'=>sprintf($this->root->_attach_messages['msg_info'],htmlspecialchars($this->file)));
+		$retval = array('msg'=>sprintf($this->root->_attach_messages['msg_info'],$this->func->htmlspecialchars($this->file)));
 		$page_link = $this->func->make_pagelink($s_page);
 		$ex_tags = '';
 		if ($this->status['imagesize']) {
@@ -609,7 +609,7 @@ function delete($pass)
 			$this->putstatus(TRUE);
 		}
 		if ($this->func->is_page($this->page)) {
-			$this->root->rtf['esummary'] = 'Deleted an attach file: ' . htmlspecialchars($this->file);
+			$this->root->rtf['esummary'] = 'Deleted an attach file: ' . $this->func->htmlspecialchars($this->file);
 			$this->func->touch_page($this->page, NULL, TRUE);
 		}
 
@@ -781,7 +781,7 @@ function reinfo() {
 			($this->age ? '&age='.$this->age : '');
 		$redirect = "{$this->root->script}?plugin=attach&pcmd=info$param";
 
-		$msg = str_replace('$1', htmlspecialchars($this->status['org_fname']), $this->root->_title_updated);
+		$msg = str_replace('$1', $this->func->htmlspecialchars($this->status['org_fname']), $this->root->_title_updated);
 
 		return array('msg' => $msg, 'redirect' => $redirect);
 
@@ -1109,7 +1109,7 @@ function toString($flat,$fromall=FALSE,$mode="")
 				if ($this->is_popup) {
 					continue;
 				}
-				$_files[0] = htmlspecialchars($file);
+				$_files[0] = $this->func->htmlspecialchars($file);
 			}
 			ksort($_files);
 			$_file = $_files[0];
@@ -1170,7 +1170,7 @@ function toString($flat,$fromall=FALSE,$mode="")
 		$showall = ($fromall && $this->max < $this->count)? " [&nbsp;<a href=\"{$showall_href}\">Show All</a>&nbsp;]" : "";
 		if ($this->is_popup) {
 			if ($fromall) {
-				$showall = "<div class=\"filelist_page\"><a href=\"{$showall_href}\">" . htmlspecialchars($this->page) . '</a>' . $filecount . '<small>' . $showall . '</small></div>';
+				$showall = "<div class=\"filelist_page\"><a href=\"{$showall_href}\">" . $this->func->htmlspecialchars($this->page) . '</a>' . $filecount . '<small>' . $showall . '</small></div>';
 			} else {
 				$showall = '';
 			}
@@ -1338,11 +1338,11 @@ function toString($page='',$flat=FALSE)
 		$hiddens = array();
 		$hiddens['plugin'] = 'attach';
 		$hiddens['pcmd'] = $pcmd;
-		$hiddens['refer'] = (isset($this->root->vars['refer']))? htmlspecialchars($this->root->vars['refer']) : '';
+		$hiddens['refer'] = (isset($this->root->vars['refer']))? $this->func->htmlspecialchars($this->root->vars['refer']) : '';
 		foreach($otherkeys as $key) {
 			if (isset($this->root->vars[$key])) {
 				$otherprams[] = rawurlencode($key) . '=' . rawurlencode($this->root->vars[$key]);
-				$hiddens[htmlspecialchars($key)] = htmlspecialchars($this->root->vars[$key]);
+				$hiddens[$this->func->htmlspecialchars($key)] = $this->func->htmlspecialchars($this->root->vars[$key]);
 			}
 		}
 
@@ -1372,7 +1372,7 @@ function toString($page='',$flat=FALSE)
 					if ($this->root->vars['basedir'] === $dir) {
 						$defaultpage = $this->root->vars['base'];
 					}
-					$otherDirs[] = '<option value="' . $dir . '#' . htmlspecialchars($defaultpage) . '"' . $selected . '>' . htmlspecialchars($val['title']) . '</option>';
+					$otherDirs[] = '<option value="' . $dir . '#' . $this->func->htmlspecialchars($defaultpage) . '"' . $selected . '>' . $this->func->htmlspecialchars($val['title']) . '</option>';
 				}
 				$otherDir = '<form><img src="' . $this->cont['LOADER_URL'] . '?src=folder_go.png" alt="Dir" /> <select name="otherdir" style="max-width:85%;" onchange="xpwiki_dir_selector_change(this.options[this.selectedIndex].value)">' . join('', $otherDirs) . '</select></form>';
 			}
@@ -1412,7 +1412,7 @@ function toString($page='',$flat=FALSE)
 							$_class = 'attachable';
 							if ($this->cont['UA_PROFILE'] !== 'default') $_attachable = '&uarr;';
 						}
-						$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . htmlspecialchars($_page) . $count . '</option>';
+						$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . $this->func->htmlspecialchars($_page) . $count . '</option>';
 					}
 				}
 				$otherPages[] = '</optgroup>';
@@ -1425,14 +1425,14 @@ function toString($page='',$flat=FALSE)
 					if ($this->func->check_readable($row[0], false, false)) {
 						if (in_array($row[0], $shown)) continue;
 						$selected = ($row[0] === $page)? ' selected="selected"' : '';
-						$_page = htmlspecialchars($row[0]);
+						$_page = $this->func->htmlspecialchars($row[0]);
 						$_attachable = '';
 						$_class = 'readable';
 						if ($attach->attachable($_page)) {
 							$_class = 'attachable';
 							if ($this->cont['UA_PROFILE'] !== 'default') $_attachable = '&uarr;';
 						}
-						$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . htmlspecialchars($_page) . ' (' . $row[1] . ')</option>';
+						$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . $this->func->htmlspecialchars($_page) . ' (' . $row[1] . ')</option>';
 					}
 				}
 				$otherPages[] = '</optgroup>';
@@ -1441,7 +1441,7 @@ function toString($page='',$flat=FALSE)
 				$thisPage = '<option value="">--- ' . $this->root->_attach_messages['msg_page_select'] . ' ---</option>';
 				if ($this->root->vars['basedir'] === $this->root->mydirname) {
 					$selected = ($this->root->vars['base'] === $page)? ' selected="selected"' : '';
-					$thisPage .= '<option value="'.rawurlencode($this->root->vars['base']).'"' . $selected . '>' . htmlspecialchars($this->root->vars['base']) . $this->root->_attach_messages['msg_select_current'] . '</option>';
+					$thisPage .= '<option value="'.rawurlencode($this->root->vars['base']).'"' . $selected . '>' . $this->func->htmlspecialchars($this->root->vars['base']) . $this->root->_attach_messages['msg_select_current'] . '</option>';
 				}
 				if (! empty($this->root->vars['refer'])) $thisPage .= '<option value="#">'.$this->root->_attach_messages['msg_show_all_pages'].'</option>';
 				$base = rawurlencode($this->root->vars['base']);
@@ -1470,7 +1470,7 @@ function xpwiki_dir_selector_change(dir) {
 EOD;
 		}
 
-		$sword = (isset($this->root->vars['word']))? htmlspecialchars($this->root->vars['word']) : '';
+		$sword = (isset($this->root->vars['word']))? $this->func->htmlspecialchars($this->root->vars['word']) : '';
 		$hidden = '';
 		unset($hiddens['word']);
 		foreach($hiddens as $key=> $val) {

xoops_trust_path/modules/xpwiki/class/convert_html.php

@@ -391,11 +391,11 @@ function XpWikiTableCell(& $xpwiki, $text, $is_template = FALSE) {
 			} else
 				if ($matches[3]) {
 					$name = $matches[2] ? 'background-color' : 'color';
-					$this->style[$name] = $name.':'.htmlspecialchars($matches[3]).';';
+					$this->style[$name] = $name.':'.$this->func->htmlspecialchars($matches[3]).';';
 					$text = $matches[5];
 				} else
 					if ($matches[4]) {
-						$this->style['size'] = 'font-size:'.htmlspecialchars($matches[4]).'px;';
+						$this->style['size'] = 'font-size:'.$this->func->htmlspecialchars($matches[4]).'px;';
 						$text = $matches[5];
 					}
 		}
@@ -504,7 +504,7 @@ function get_cell_style($string) {
 		// セル背景画
 		if (preg_match("/(?:[SCB]C):\(([^),]*)(,once|,1)?\) ?/i",$cells[0],$tmp)) {
 			if (strpos($tmp[1], $this->cont['ROOT_URL']) === 0) {
-				$tmp[1] = htmlspecialchars($tmp[1]);
+				$tmp[1] = $this->func->htmlspecialchars($tmp[1]);
 				$this->style['background-image'] .= "background-image: url(".$tmp[1].");";
 				if (!empty($tmp[2])) $this->style['background-image'] .= "background-repeat: no-repeat;";
 			}
@@ -813,7 +813,7 @@ function get_table_style($string) {
 		// テーブル背景画像指定
 		if (preg_match("/TC:\(([^),]*)(,(?:no|one(?:ce)?|1))?\) ?/i",$string,$reg)) {
 			if (strpos($reg[1], $this->cont['ROOT_URL']) === 0) {
-				$reg[1] = htmlspecialchars($reg[1]);
+				$reg[1] = $this->func->htmlspecialchars($reg[1]);
 				$this->table_sheet .= "background-image: url(".$reg[1].");";
 				if (!empty($reg[2])) $this->table_sheet .= "background-repeat: no-repeat;";
 			}
@@ -926,7 +926,7 @@ function toString() {
 class XpWikiPre extends XpWikiElement {
 	function XpWikiPre(& $root, $text) {
 		parent :: XpWikiElement($root->xpwiki);
-		$this->elements[] = htmlspecialchars((!$this->root->preformat_ltrim || $text === '' || $text {
+		$this->elements[] = $this->func->htmlspecialchars((!$this->root->preformat_ltrim || $text === '' || $text {
 			0}
 		!= ' ') ? $text : substr($text, 1));
 	}

xoops_trust_path/modules/xpwiki/class/ext_autolink.php

@@ -49,7 +49,7 @@ function ext_autolink_replace($match) {
 		if (strlen($name) < $this->ext_autolink_len) {return $match[0];}
 
 		$page = $this->ext_autolink_base.$name;
-		$title = htmlspecialchars(str_replace('[KEY]', $this->ext_autolink_base.$name, $this->ext_autolink_title));
+		$title = $this->func->htmlspecialchars(str_replace('[KEY]', $this->ext_autolink_base.$name, $this->ext_autolink_title));
 
 		if ($this->ext_autolink_own !== false) {
 			// own site
@@ -69,9 +69,9 @@ function ext_autolink_replace($match) {
 				if (isset($this->ext_autolink_replace['from'])) {
 					$_url = str_replace($this->ext_autolink_replace['from'], $this->ext_autolink_replace['func']($page), $this->ext_autolink_pat);
 				}
-				return '<a href="'.$_url.'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.htmlspecialchars($name).'</a>';
+				return '<a href="'.$_url.'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.$this->func->htmlspecialchars($name).'</a>';
 			} else {
-				return '<a href="'.$this->ext_autolink_url.'?'.rawurlencode($page).'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.htmlspecialchars($name).'</a>';
+				return '<a href="'.$this->ext_autolink_url.'?'.rawurlencode($page).'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.$this->func->htmlspecialchars($name).'</a>';
 			}
 		}
 	}

xoops_trust_path/modules/xpwiki/class/extension/xoopsSearch.php

@@ -89,7 +89,7 @@ function get ($keywords , $andor , $limit , $offset , $userid) {
 			$link = $this->func->get_page_uri($myrow['name']);
 			$ret[] = array(
 				'link'    => $link . ((strpos($link, '?') === false)? '?' : '&') . 'word=' . $sword,
-				'title'   => htmlspecialchars($myrow['name'].$title, ENT_QUOTES),
+				'title'   => htmlspecialchars($myrow['name'].$title, ENT_QUOTES ,_CHARSET),
 				'image'   => 'skin/loader.php?src=xoops_search.png',
 				'time'    => $myrow['editedtime'] + $this->cont['LOCALZONE'],
 				'uid'     => $myrow['uid'],

xoops_trust_path/modules/xpwiki/class/func/base_func.php

@@ -44,7 +44,7 @@ function get_userinfo_by_id ($uid, $defname=NULL) {
 			'admin' => FALSE,
 			'uid' => 0,
 			'uname' => $defname,
-			'uname_s' => htmlspecialchars($defname),
+			'uname_s' => $this->htmlspecialchars($defname),
 			'email' => '',
 			'gids' => array(),
 			);