Skip to content
Permalink
Browse files

correction of htmlspecialchars() for PHP 5.4 on non UTF-8

  • Loading branch information
nao-pon committed Aug 24, 2013
1 parent d4da4da commit f14b0f4962c37571d20e91db78667f6b124ef38d
Showing with 765 additions and 722 deletions.
  1. +1 −1 html/modules/xpwiki/skin/pukiwiki/pukiwiki.skin.php
  2. +1 −1 xoops_trust_path/modules/xpwiki/ID/VerUp/3/skin/pukiwiki/pukiwiki.skin.php
  3. +8 −8 xoops_trust_path/modules/xpwiki/blocks/block_functions.php
  4. +19 −19 xoops_trust_path/modules/xpwiki/class/attach.php
  5. +5 −5 xoops_trust_path/modules/xpwiki/class/convert_html.php
  6. +3 −3 xoops_trust_path/modules/xpwiki/class/ext_autolink.php
  7. +1 −1 xoops_trust_path/modules/xpwiki/class/extension/xoopsSearch.php
  8. +1 −1 xoops_trust_path/modules/xpwiki/class/func/base_func.php
  9. +60 −60 xoops_trust_path/modules/xpwiki/class/func/pukiwiki_func.php
  10. +5 −5 xoops_trust_path/modules/xpwiki/class/func/xoops_wrapper.php
  11. +39 −25 xoops_trust_path/modules/xpwiki/class/func/xpwiki_func.php
  12. +7 −6 xoops_trust_path/modules/xpwiki/class/include/init.php
  13. +15 −15 xoops_trust_path/modules/xpwiki/class/make_link.php
  14. +9 −7 xoops_trust_path/modules/xpwiki/class/xpwiki.php
  15. +1 −1 xoops_trust_path/modules/xpwiki/include/DifferenceEngine.php
  16. +1 −1 xoops_trust_path/modules/xpwiki/include/check.func.php
  17. +2 −2 xoops_trust_path/modules/xpwiki/include/stand_alone_functions.php
  18. +1 −1 xoops_trust_path/modules/xpwiki/ini/rules.ini.php
  19. +1 −1 xoops_trust_path/modules/xpwiki/loader.php
  20. +9 −9 xoops_trust_path/modules/xpwiki/oninstall.php
  21. +3 −3 xoops_trust_path/modules/xpwiki/onuninstall.php
  22. +9 −9 xoops_trust_path/modules/xpwiki/onupdate.php
  23. +6 −6 xoops_trust_path/modules/xpwiki/plugin/addline.inc.php
  24. +6 −6 xoops_trust_path/modules/xpwiki/plugin/ajaxtree.inc.php
  25. +5 −5 xoops_trust_path/modules/xpwiki/plugin/amazon.inc.php
  26. +4 −4 xoops_trust_path/modules/xpwiki/plugin/aname.inc.php
  27. +11 −11 xoops_trust_path/modules/xpwiki/plugin/areaedit.inc.php
  28. +5 −5 xoops_trust_path/modules/xpwiki/plugin/article.inc.php
  29. +11 −11 xoops_trust_path/modules/xpwiki/plugin/attach.inc.php
  30. +1 −1 xoops_trust_path/modules/xpwiki/plugin/aws.inc.php
  31. +1 −1 xoops_trust_path/modules/xpwiki/plugin/back.inc.php
  32. +15 −15 xoops_trust_path/modules/xpwiki/plugin/backup.inc.php
  33. +3 −3 xoops_trust_path/modules/xpwiki/plugin/bitly.inc.php
  34. +1 −1 xoops_trust_path/modules/xpwiki/plugin/boxdate.inc.php
  35. +20 −20 xoops_trust_path/modules/xpwiki/plugin/bugtrack.inc.php
  36. +2 −2 xoops_trust_path/modules/xpwiki/plugin/build_js.inc.php
  37. +1 −1 xoops_trust_path/modules/xpwiki/plugin/calendar.inc.php
  38. +6 −6 xoops_trust_path/modules/xpwiki/plugin/calendar2.inc.php
  39. +7 −7 xoops_trust_path/modules/xpwiki/plugin/calendar9.inc.php
  40. +6 −6 xoops_trust_path/modules/xpwiki/plugin/calendar_viewer.inc.php
  41. +10 −10 xoops_trust_path/modules/xpwiki/plugin/code.inc.php
  42. +26 −26 xoops_trust_path/modules/xpwiki/plugin/code/codehighlight.php
  43. +3 −3 xoops_trust_path/modules/xpwiki/plugin/color.inc.php
  44. +1 −1 xoops_trust_path/modules/xpwiki/plugin/comment.inc.php
  45. +4 −4 xoops_trust_path/modules/xpwiki/plugin/conf.inc.php
  46. +2 −2 xoops_trust_path/modules/xpwiki/plugin/dbsync.inc.php
  47. +14 −14 xoops_trust_path/modules/xpwiki/plugin/deldel.inc.php
  48. +4 −4 xoops_trust_path/modules/xpwiki/plugin/diff.inc.php
  49. +8 −8 xoops_trust_path/modules/xpwiki/plugin/dump.inc.php
  50. +12 −12 xoops_trust_path/modules/xpwiki/plugin/edit.inc.php
  51. +1 −1 xoops_trust_path/modules/xpwiki/plugin/exifshowcase.inc.php
  52. +7 −7 xoops_trust_path/modules/xpwiki/plugin/font.inc.php
  53. +1 −1 xoops_trust_path/modules/xpwiki/plugin/footnotes.inc.php
  54. +1 −1 xoops_trust_path/modules/xpwiki/plugin/freeze.inc.php
  55. +3 −3 xoops_trust_path/modules/xpwiki/plugin/fusen.inc.php
  56. +7 −7 xoops_trust_path/modules/xpwiki/plugin/gmap.inc.php
  57. +1 −1 xoops_trust_path/modules/xpwiki/plugin/gmap_draw.inc.php
  58. +1 −1 xoops_trust_path/modules/xpwiki/plugin/gmap_icon.inc.php
  59. +7 −7 xoops_trust_path/modules/xpwiki/plugin/gmap_insertmarker.inc.php
  60. +2 −2 xoops_trust_path/modules/xpwiki/plugin/gmap_mark.inc.php
  61. +1 −1 xoops_trust_path/modules/xpwiki/plugin/gmap_street.inc.php
  62. +5 −5 xoops_trust_path/modules/xpwiki/plugin/googlemaps2.inc.php
  63. +1 −1 xoops_trust_path/modules/xpwiki/plugin/googlemaps2_draw.inc.php
  64. +1 −1 xoops_trust_path/modules/xpwiki/plugin/googlemaps2_icon.inc.php
  65. +7 −7 xoops_trust_path/modules/xpwiki/plugin/googlemaps2_insertmarker.inc.php
  66. +2 −2 xoops_trust_path/modules/xpwiki/plugin/googlemaps2_mark.inc.php
  67. +6 −6 xoops_trust_path/modules/xpwiki/plugin/gsearch.inc.php
  68. +1 −1 xoops_trust_path/modules/xpwiki/plugin/html.inc.php
  69. +3 −3 xoops_trust_path/modules/xpwiki/plugin/iframe.inc.php
  70. +6 −6 xoops_trust_path/modules/xpwiki/plugin/import.inc.php
  71. +2 −2 xoops_trust_path/modules/xpwiki/plugin/include.inc.php
  72. +1 −1 xoops_trust_path/modules/xpwiki/plugin/includesubmenu.inc.php
  73. +5 −5 xoops_trust_path/modules/xpwiki/plugin/insert.inc.php
  74. +1 −1 xoops_trust_path/modules/xpwiki/plugin/interwiki.inc.php
  75. +6 −6 xoops_trust_path/modules/xpwiki/plugin/isbn.inc.php
  76. +2 −2 xoops_trust_path/modules/xpwiki/plugin/jsmath.inc.php
  77. +5 −5 xoops_trust_path/modules/xpwiki/plugin/lookup.inc.php
  78. +5 −5 xoops_trust_path/modules/xpwiki/plugin/ls2.inc.php
  79. +12 −6 xoops_trust_path/modules/xpwiki/plugin/lsx.inc.php
  80. +1 −1 xoops_trust_path/modules/xpwiki/plugin/map.inc.php
  81. +1 −1 xoops_trust_path/modules/xpwiki/plugin/md5.inc.php
  82. +6 −6 xoops_trust_path/modules/xpwiki/plugin/memo.inc.php
  83. +4 −4 xoops_trust_path/modules/xpwiki/plugin/menu.inc.php
  84. +8 −8 xoops_trust_path/modules/xpwiki/plugin/navi.inc.php
  85. +1 −1 xoops_trust_path/modules/xpwiki/plugin/new.inc.php
  86. +4 −4 xoops_trust_path/modules/xpwiki/plugin/newpage.inc.php
  87. +1 −1 xoops_trust_path/modules/xpwiki/plugin/page_comments.inc.php
  88. +3 −3 xoops_trust_path/modules/xpwiki/plugin/paint.inc.php
  89. +7 −7 xoops_trust_path/modules/xpwiki/plugin/pcomment.inc.php
  90. +6 −6 xoops_trust_path/modules/xpwiki/plugin/pginfo.inc.php
  91. +1 −1 xoops_trust_path/modules/xpwiki/plugin/random.inc.php
  92. +1 −1 xoops_trust_path/modules/xpwiki/plugin/read.inc.php
  93. +1 −1 xoops_trust_path/modules/xpwiki/plugin/recent.inc.php
  94. +1 −1 xoops_trust_path/modules/xpwiki/plugin/recentchanges.inc.php
  95. +7 −3 xoops_trust_path/modules/xpwiki/plugin/redirect.inc.php
  96. +24 −24 xoops_trust_path/modules/xpwiki/plugin/ref.inc.php
  97. +4 −4 xoops_trust_path/modules/xpwiki/plugin/referer.inc.php
  98. +1 −1 xoops_trust_path/modules/xpwiki/plugin/related.inc.php
  99. +1 −1 xoops_trust_path/modules/xpwiki/plugin/relatedview.inc.php
  100. +16 −16 xoops_trust_path/modules/xpwiki/plugin/rename.inc.php
  101. +5 −5 xoops_trust_path/modules/xpwiki/plugin/replacer.inc.php
  102. +9 −9 xoops_trust_path/modules/xpwiki/plugin/rss.inc.php
  103. +2 −2 xoops_trust_path/modules/xpwiki/plugin/rsslink.inc.php
  104. +1 −1 xoops_trust_path/modules/xpwiki/plugin/ruby.inc.php
  105. +1 −1 xoops_trust_path/modules/xpwiki/plugin/rws.inc.php
  106. +3 −3 xoops_trust_path/modules/xpwiki/plugin/search.inc.php
  107. +1 −1 xoops_trust_path/modules/xpwiki/plugin/setlinebreak.inc.php
  108. +6 −6 xoops_trust_path/modules/xpwiki/plugin/showrss.inc.php
  109. +2 −2 xoops_trust_path/modules/xpwiki/plugin/siteimage.inc.php
  110. +1 −1 xoops_trust_path/modules/xpwiki/plugin/sitemap.inc.php
  111. +9 −5 xoops_trust_path/modules/xpwiki/plugin/skin_changer.inc.php
  112. +1 −1 xoops_trust_path/modules/xpwiki/plugin/skype.inc.php
  113. +1 −1 xoops_trust_path/modules/xpwiki/plugin/source.inc.php
  114. +2 −2 xoops_trust_path/modules/xpwiki/plugin/stationary.inc.php
  115. +1 −1 xoops_trust_path/modules/xpwiki/plugin/sub.inc.php
  116. +4 −4 xoops_trust_path/modules/xpwiki/plugin/subnote.inc.php
  117. +1 −1 xoops_trust_path/modules/xpwiki/plugin/sup.inc.php
  118. +2 −2 xoops_trust_path/modules/xpwiki/plugin/tag.inc.php
  119. +2 −2 xoops_trust_path/modules/xpwiki/plugin/tb.inc.php
  120. +3 −3 xoops_trust_path/modules/xpwiki/plugin/template.inc.php
  121. +3 −3 xoops_trust_path/modules/xpwiki/plugin/topicpath.inc.php
  122. +31 −31 xoops_trust_path/modules/xpwiki/plugin/tracker.inc.php
  123. +1 −1 xoops_trust_path/modules/xpwiki/plugin/twitter.inc.php
  124. +1 −1 xoops_trust_path/modules/xpwiki/plugin/ucomedit.inc.php
  125. +1 −1 xoops_trust_path/modules/xpwiki/plugin/unfreeze.inc.php
  126. +1 −1 xoops_trust_path/modules/xpwiki/plugin/urlbookmark.inc.php
  127. +5 −5 xoops_trust_path/modules/xpwiki/plugin/user_pref.inc.php
  128. +2 −2 xoops_trust_path/modules/xpwiki/plugin/versionlist.inc.php
  129. +4 −4 xoops_trust_path/modules/xpwiki/plugin/vote.inc.php
  130. +1 −1 xoops_trust_path/modules/xpwiki/plugin/xoopsblock.inc.php
  131. +7 −7 xoops_trust_path/modules/xpwiki/plugin/yahoo.inc.php
  132. +2 −2 xoops_trust_path/modules/xpwiki/plugin/yetlist.inc.php
  133. +2 −2 xoops_trust_path/modules/xpwiki/skin/keitai.skin.php
  134. +4 −4 xoops_trust_path/modules/xpwiki/skin/print.skin.php
  135. +2 −2 xoops_trust_path/modules/xpwiki/skin/pukiwiki.skin.php
  136. +5 −5 xoops_trust_path/modules/xpwiki/skin/tdiary.skin.php
  137. +6 −3 xoops_trust_path/modules/xpwiki/util/plugin_conv/index.php
  138. +2 −1 xoops_trust_path/modules/xpwiki/util/skin_conv/index.php
  139. +1 −1 xoops_trust_path/modules/xpwiki/ways/redirect_SJIS.php
  140. +29 −21 xoops_trust_path/modules/xpwiki/ways/w2x_php5.php
@@ -86,7 +86,7 @@
<?php if ($this->root->nofollow || ! $is_read) {?> <meta name="robots" content="NOINDEX,NOFOLLOW" /><?php }?>
<?php if ($this->cont['PKWK_ALLOW_JAVASCRIPT'] && isset($this->root->javascript)) {?> <meta http-equiv="Content-Script-Type" content="text/javascript" /><?php }?>

<title><?php echo htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
<title><?php echo htmlspecialchars($this->root->pagetitle, ENT_COMPAT, $this->cont['SOURCE_ENCODING']) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>

<?php echo $head_pre_tag?>
<?php echo <<<EOD
@@ -88,7 +88,7 @@
<?php if ($this->root->nofollow || ! $is_read) {?> <meta name="robots" content="NOINDEX,NOFOLLOW" /><?php }?>
<?php if ($this->cont['PKWK_ALLOW_JAVASCRIPT'] && isset($this->root->javascript)) {?> <meta http-equiv="Content-Script-Type" content="text/javascript" /><?php }?>

<title><?php echo htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
<title><?php echo $this->htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>

<?php echo $head_pre_tag?>
<?php echo <<<EOD
@@ -42,7 +42,7 @@ function b_xpwiki_notification_edit( $options )
$form = "
<input type='hidden' name='options[0]' value='$mydirname' />
<label for='this_template'>"._MB_XPWIKI_THISTEMPLATE."</label>&nbsp;:
<input type='text' size='40' name='options[1]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES)."' /> ( {$defs[1]} )
<input type='text' size='40' name='options[1]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES,_CHARSET)."' /> ( {$defs[1]} )
<br />
\n" ;

@@ -162,13 +162,13 @@ function b_xpwiki_a_page_edit( $options )
<input type='text' size='20' name='options[2]' id='blockwidth' value='".$width."' /> ( {$defs[2]} )
<br />
<label for='this_template'>"._MB_XPWIKI_THISTEMPLATE."</label>&nbsp;:
<input type='text' size='40' name='options[3]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES)."' /> ( {$defs[3]} )
<input type='text' size='40' name='options[3]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES,_CHARSET)."' /> ( {$defs[3]} )
<br />
<label for='divclass'>"._MB_XPWIKI_DIVCLASS."</label>&nbsp;:
<input type='text' size='30' name='options[4]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES)."' /> ( {$defs[4]} )
<input type='text' size='30' name='options[4]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES,_CHARSET)."' /> ( {$defs[4]} )
<br />
<label for='this_css'>"._MB_XPWIKI_THISCSS."</label>&nbsp;:
<input type='text' size='30' name='options[5]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES)."' /> ( {$defs[5]} )
<input type='text' size='30' name='options[5]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES,_CHARSET)."' /> ( {$defs[5]} )
<br />
<label>"._MB_XPWIKI_DISABLEDPAGECACHE."</label>&nbsp;:
<input type='radio' name='options[6]' value='1'{$check_pagecache[0]} />Yes &nbsp; <input type='radio' name='options[6]' value='0'{$check_pagecache[1]} />No &nbsp; ( {$defs[6]} )
@@ -177,7 +177,7 @@ function b_xpwiki_a_page_edit( $options )
<input type='radio' name='options[7]' value='module'{$check_headtag['module']} id='headtag_module' /><label for='headtag_module'>xoops_module_header</label> &nbsp; <input type='radio' name='options[7]' value='block'{$check_headtag['block']} id='headtag_block' /><label for='headtag_block'>xoops_block_header</label> &nbsp; <input type='radio' name='options[7]' value='body'{$check_headtag['body']} id='headtag_body' /><label for='headtag_body'>&lt;body&gt;(Inline)</label>
<br />( {$defs[7]} )<br />
<label for='target_page'>"._MB_XPWIKI_TARGETPAGE."</label>&nbsp;:
<input type='text' size='30' name='options[8]' id='target_page' value='".htmlspecialchars($target_page,ENT_QUOTES)."' /><br />( \"PageName\" or \"xpWiki module dirname::PageName\" )
<input type='text' size='30' name='options[8]' id='target_page' value='".htmlspecialchars($target_page,ENT_QUOTES,_CHARSET)."' /><br />( \"PageName\" or \"xpWiki module dirname::PageName\" )
<br />
\n" ;
return $form;
@@ -283,13 +283,13 @@ function b_xpwiki_block_edit( $options )
<input type='text' size='20' name='options[1]' id='blockwidth' value='".$width."' /> ( {$defs[1]} )
<br />
<label for='this_template'>"._MB_XPWIKI_THISTEMPLATE."</label>&nbsp;:
<input type='text' size='40' name='options[2]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES)."' /> ( {$defs[2]} )
<input type='text' size='40' name='options[2]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES,_CHARSET)."' /> ( {$defs[2]} )
<br />
<label for='divclass'>"._MB_XPWIKI_DIVCLASS."</label>&nbsp;:
<input type='text' size='30' name='options[3]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES)."' /> ( {$defs[3]} )
<input type='text' size='30' name='options[3]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES,_CHARSET)."' /> ( {$defs[3]} )
<br />
<label for='this_css'>"._MB_XPWIKI_THISCSS."</label>&nbsp;:
<input type='text' size='30' name='options[4]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES)."' /> ( {$defs[4]} )
<input type='text' size='30' name='options[4]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES,_CHARSET)."' /> ( {$defs[4]} )
<br />
<label>"._MB_XPWIKI_HEAD_TAG_PLACE."</label>&nbsp;:
<input type='radio' name='options[5]' value='module'{$check_headtag['module']} id='headtag_module' /><label for='headtag_module'>xoops_module_header</label> &nbsp; <input type='radio' name='options[5]' value='block'{$check_headtag['block']} id='headtag_block' /><label for='headtag_block'>xoops_block_header</label> &nbsp; <input type='radio' name='options[5]' value='body'{$check_headtag['body']} id='headtag_body' /><label for='headtag_body'>&lt;body&gt;(Inline)</label>
@@ -182,7 +182,7 @@ function getstatus()
$user = $user['uname_s'];
if (!$this->status['owner']) {
if ($this->status['uname']) {
$user = htmlspecialchars($this->status['uname']);
$user = $this->func->htmlspecialchars($this->status['uname']);
}
$user = $user . " [".$this->status['ucd'] . "]";
}
@@ -254,7 +254,7 @@ function toString($showicon,$showinfo,$mode="")
. '&amp;';
$param2 = 'file='.$file_e;
$title = $this->time_str.' '.$this->size_str;
$label = ($showicon ? $this->cont['FILE_ICON'] : '').htmlspecialchars($this->status['org_fname']);
$label = ($showicon ? $this->cont['FILE_ICON'] : '').$this->func->htmlspecialchars($this->status['org_fname']);
if ($this->age) {
if ($mode == "imglist"){
$label = 'backup No.'.$this->age;
@@ -275,7 +275,7 @@ function toString($showicon,$showinfo,$mode="")
if ($is_owner) $info .= ' &build_js(attachDel,'.str_replace('|', '&#124;', $this->page).','.str_replace('|', '&#124;', $this->file).','.$this->age.','.$returi.');';
} else {
$info = "\n<span class=\"small\">[<a href=\"{$this->root->script}?plugin=attach&amp;pcmd=info{$param}{$param2}\" title=\"$_title\">{$this->root->_attach_messages['btn_info']}</a>]</span>";
if ($is_owner) $info .= '<a href="'.$this->root->script.'?plugin=attach&pcmd=delete'.$param.$param2.'&amp;returi='.rawurlencode($returi).'" title="'.$this->root->_btn_delete.'" onclick="return confirm(\''.htmlspecialchars($this->file, ENT_QUOTES).': '.htmlspecialchars($this->root->_attach_messages['msg_delete'], ENT_QUOTES).'\')"><img src="'.$this->cont['LOADER_URL'].'?src=trash_16.gif" alt="'.$this->root->_btn_delete.'" /></a>';
if ($is_owner) $info .= '<a href="'.$this->root->script.'?plugin=attach&pcmd=delete'.$param.$param2.'&amp;returi='.rawurlencode($returi).'" title="'.$this->root->_btn_delete.'" onclick="return confirm(\''.$this->func->htmlspecialchars($this->file, ENT_QUOTES).': '.$this->func->htmlspecialchars($this->root->_attach_messages['msg_delete'], ENT_QUOTES).'\')"><img src="'.$this->cont['LOADER_URL'].'?src=trash_16.gif" alt="'.$this->root->_btn_delete.'" /></a>';
}
}
$count = ($showicon and !empty($this->status['count'][$this->age])) ?
@@ -308,8 +308,8 @@ function toString($showicon,$showinfo,$mode="")
function info($err) {

$r_page = rawurlencode($this->page);
$s_page = htmlspecialchars($this->page);
$s_file = htmlspecialchars($this->file);
$s_page = $this->func->htmlspecialchars($this->page);
$s_file = $this->func->htmlspecialchars($this->file);
$s_err = ($err == '') ? '' : '<p style="font-weight:bold">'.$this->root->_attach_messages[$err].'</p>';
$ref = "";
$img_info = "";
@@ -423,7 +423,7 @@ function info($err) {
'<label for="_p_attach_newname">' . $this->root->_attach_messages['msg_newname'] .
':</label> ' .
'<input type="text" name="newname" id="_p_attach_newname" size="40" value="' .
(htmlspecialchars(empty($this->status['org_fname'])? $this->file : $this->status['org_fname'])) . '" /><br />';
($this->func->htmlspecialchars(empty($this->status['org_fname'])? $this->file : $this->status['org_fname'])) . '" /><br />';
}
if ($this->status['copyright']) {
$msg_copyright = '<input type="radio" id="pcmd_c" name="pcmd" value="copyright0" /><label for="pcmd_c">'.$this->root->_attach_messages['msg_copyright0'].'</label>';
@@ -447,7 +447,7 @@ function info($err) {
$info = $this->toString(TRUE,FALSE);
$copyright = ($this->status['copyright'])? ' checked=TRUE' : '';

$retval = array('msg'=>sprintf($this->root->_attach_messages['msg_info'],htmlspecialchars($this->file)));
$retval = array('msg'=>sprintf($this->root->_attach_messages['msg_info'],$this->func->htmlspecialchars($this->file)));
$page_link = $this->func->make_pagelink($s_page);
$ex_tags = '';
if ($this->status['imagesize']) {
@@ -609,7 +609,7 @@ function delete($pass)
$this->putstatus(TRUE);
}
if ($this->func->is_page($this->page)) {
$this->root->rtf['esummary'] = 'Deleted an attach file: ' . htmlspecialchars($this->file);
$this->root->rtf['esummary'] = 'Deleted an attach file: ' . $this->func->htmlspecialchars($this->file);
$this->func->touch_page($this->page, NULL, TRUE);
}

@@ -781,7 +781,7 @@ function reinfo() {
($this->age ? '&age='.$this->age : '');
$redirect = "{$this->root->script}?plugin=attach&pcmd=info$param";

$msg = str_replace('$1', htmlspecialchars($this->status['org_fname']), $this->root->_title_updated);
$msg = str_replace('$1', $this->func->htmlspecialchars($this->status['org_fname']), $this->root->_title_updated);

return array('msg' => $msg, 'redirect' => $redirect);

@@ -1109,7 +1109,7 @@ function toString($flat,$fromall=FALSE,$mode="")
if ($this->is_popup) {
continue;
}
$_files[0] = htmlspecialchars($file);
$_files[0] = $this->func->htmlspecialchars($file);
}
ksort($_files);
$_file = $_files[0];
@@ -1170,7 +1170,7 @@ function toString($flat,$fromall=FALSE,$mode="")
$showall = ($fromall && $this->max < $this->count)? " [&nbsp;<a href=\"{$showall_href}\">Show All</a>&nbsp;]" : "";
if ($this->is_popup) {
if ($fromall) {
$showall = "<div class=\"filelist_page\"><a href=\"{$showall_href}\">" . htmlspecialchars($this->page) . '</a>' . $filecount . '<small>' . $showall . '</small></div>';
$showall = "<div class=\"filelist_page\"><a href=\"{$showall_href}\">" . $this->func->htmlspecialchars($this->page) . '</a>' . $filecount . '<small>' . $showall . '</small></div>';
} else {
$showall = '';
}
@@ -1338,11 +1338,11 @@ function toString($page='',$flat=FALSE)
$hiddens = array();
$hiddens['plugin'] = 'attach';
$hiddens['pcmd'] = $pcmd;
$hiddens['refer'] = (isset($this->root->vars['refer']))? htmlspecialchars($this->root->vars['refer']) : '';
$hiddens['refer'] = (isset($this->root->vars['refer']))? $this->func->htmlspecialchars($this->root->vars['refer']) : '';
foreach($otherkeys as $key) {
if (isset($this->root->vars[$key])) {
$otherprams[] = rawurlencode($key) . '=' . rawurlencode($this->root->vars[$key]);
$hiddens[htmlspecialchars($key)] = htmlspecialchars($this->root->vars[$key]);
$hiddens[$this->func->htmlspecialchars($key)] = $this->func->htmlspecialchars($this->root->vars[$key]);
}
}

@@ -1372,7 +1372,7 @@ function toString($page='',$flat=FALSE)
if ($this->root->vars['basedir'] === $dir) {
$defaultpage = $this->root->vars['base'];
}
$otherDirs[] = '<option value="' . $dir . '#' . htmlspecialchars($defaultpage) . '"' . $selected . '>' . htmlspecialchars($val['title']) . '</option>';
$otherDirs[] = '<option value="' . $dir . '#' . $this->func->htmlspecialchars($defaultpage) . '"' . $selected . '>' . $this->func->htmlspecialchars($val['title']) . '</option>';
}
$otherDir = '<form><img src="' . $this->cont['LOADER_URL'] . '?src=folder_go.png" alt="Dir" /> <select name="otherdir" style="max-width:85%;" onchange="xpwiki_dir_selector_change(this.options[this.selectedIndex].value)">' . join('', $otherDirs) . '</select></form>';
}
@@ -1412,7 +1412,7 @@ function toString($page='',$flat=FALSE)
$_class = 'attachable';
if ($this->cont['UA_PROFILE'] !== 'default') $_attachable = '&uarr;';
}
$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . htmlspecialchars($_page) . $count . '</option>';
$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . $this->func->htmlspecialchars($_page) . $count . '</option>';
}
}
$otherPages[] = '</optgroup>';
@@ -1425,14 +1425,14 @@ function toString($page='',$flat=FALSE)
if ($this->func->check_readable($row[0], false, false)) {
if (in_array($row[0], $shown)) continue;
$selected = ($row[0] === $page)? ' selected="selected"' : '';
$_page = htmlspecialchars($row[0]);
$_page = $this->func->htmlspecialchars($row[0]);
$_attachable = '';
$_class = 'readable';
if ($attach->attachable($_page)) {
$_class = 'attachable';
if ($this->cont['UA_PROFILE'] !== 'default') $_attachable = '&uarr;';
}
$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . htmlspecialchars($_page) . ' (' . $row[1] . ')</option>';
$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . $this->func->htmlspecialchars($_page) . ' (' . $row[1] . ')</option>';
}
}
$otherPages[] = '</optgroup>';
@@ -1441,7 +1441,7 @@ function toString($page='',$flat=FALSE)
$thisPage = '<option value="">--- ' . $this->root->_attach_messages['msg_page_select'] . ' ---</option>';
if ($this->root->vars['basedir'] === $this->root->mydirname) {
$selected = ($this->root->vars['base'] === $page)? ' selected="selected"' : '';
$thisPage .= '<option value="'.rawurlencode($this->root->vars['base']).'"' . $selected . '>' . htmlspecialchars($this->root->vars['base']) . $this->root->_attach_messages['msg_select_current'] . '</option>';
$thisPage .= '<option value="'.rawurlencode($this->root->vars['base']).'"' . $selected . '>' . $this->func->htmlspecialchars($this->root->vars['base']) . $this->root->_attach_messages['msg_select_current'] . '</option>';
}
if (! empty($this->root->vars['refer'])) $thisPage .= '<option value="#">'.$this->root->_attach_messages['msg_show_all_pages'].'</option>';
$base = rawurlencode($this->root->vars['base']);
@@ -1470,7 +1470,7 @@ function xpwiki_dir_selector_change(dir) {
EOD;
}

$sword = (isset($this->root->vars['word']))? htmlspecialchars($this->root->vars['word']) : '';
$sword = (isset($this->root->vars['word']))? $this->func->htmlspecialchars($this->root->vars['word']) : '';
$hidden = '';
unset($hiddens['word']);
foreach($hiddens as $key=> $val) {
@@ -391,11 +391,11 @@ function XpWikiTableCell(& $xpwiki, $text, $is_template = FALSE) {
} else
if ($matches[3]) {
$name = $matches[2] ? 'background-color' : 'color';
$this->style[$name] = $name.':'.htmlspecialchars($matches[3]).';';
$this->style[$name] = $name.':'.$this->func->htmlspecialchars($matches[3]).';';
$text = $matches[5];
} else
if ($matches[4]) {
$this->style['size'] = 'font-size:'.htmlspecialchars($matches[4]).'px;';
$this->style['size'] = 'font-size:'.$this->func->htmlspecialchars($matches[4]).'px;';
$text = $matches[5];
}
}
@@ -504,7 +504,7 @@ function get_cell_style($string) {
// セル背景画
if (preg_match("/(?:[SCB]C):\(([^),]*)(,once|,1)?\) ?/i",$cells[0],$tmp)) {
if (strpos($tmp[1], $this->cont['ROOT_URL']) === 0) {
$tmp[1] = htmlspecialchars($tmp[1]);
$tmp[1] = $this->func->htmlspecialchars($tmp[1]);
$this->style['background-image'] .= "background-image: url(".$tmp[1].");";
if (!empty($tmp[2])) $this->style['background-image'] .= "background-repeat: no-repeat;";
}
@@ -813,7 +813,7 @@ function get_table_style($string) {
// テーブル背景画像指定
if (preg_match("/TC:\(([^),]*)(,(?:no|one(?:ce)?|1))?\) ?/i",$string,$reg)) {
if (strpos($reg[1], $this->cont['ROOT_URL']) === 0) {
$reg[1] = htmlspecialchars($reg[1]);
$reg[1] = $this->func->htmlspecialchars($reg[1]);
$this->table_sheet .= "background-image: url(".$reg[1].");";
if (!empty($reg[2])) $this->table_sheet .= "background-repeat: no-repeat;";
}
@@ -926,7 +926,7 @@ function toString() {
class XpWikiPre extends XpWikiElement {
function XpWikiPre(& $root, $text) {
parent :: XpWikiElement($root->xpwiki);
$this->elements[] = htmlspecialchars((!$this->root->preformat_ltrim || $text === '' || $text {
$this->elements[] = $this->func->htmlspecialchars((!$this->root->preformat_ltrim || $text === '' || $text {
0}
!= ' ') ? $text : substr($text, 1));
}
@@ -49,7 +49,7 @@ function ext_autolink_replace($match) {
if (strlen($name) < $this->ext_autolink_len) {return $match[0];}

$page = $this->ext_autolink_base.$name;
$title = htmlspecialchars(str_replace('[KEY]', $this->ext_autolink_base.$name, $this->ext_autolink_title));
$title = $this->func->htmlspecialchars(str_replace('[KEY]', $this->ext_autolink_base.$name, $this->ext_autolink_title));

if ($this->ext_autolink_own !== false) {
// own site
@@ -69,9 +69,9 @@ function ext_autolink_replace($match) {
if (isset($this->ext_autolink_replace['from'])) {
$_url = str_replace($this->ext_autolink_replace['from'], $this->ext_autolink_replace['func']($page), $this->ext_autolink_pat);
}
return '<a href="'.$_url.'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.htmlspecialchars($name).'</a>';
return '<a href="'.$_url.'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.$this->func->htmlspecialchars($name).'</a>';
} else {
return '<a href="'.$this->ext_autolink_url.'?'.rawurlencode($page).'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.htmlspecialchars($name).'</a>';
return '<a href="'.$this->ext_autolink_url.'?'.rawurlencode($page).'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.$this->func->htmlspecialchars($name).'</a>';
}
}
}
@@ -89,7 +89,7 @@ function get ($keywords , $andor , $limit , $offset , $userid) {
$link = $this->func->get_page_uri($myrow['name']);
$ret[] = array(
'link' => $link . ((strpos($link, '?') === false)? '?' : '&amp;') . 'word=' . $sword,
'title' => htmlspecialchars($myrow['name'].$title, ENT_QUOTES),
'title' => htmlspecialchars($myrow['name'].$title, ENT_QUOTES ,_CHARSET),
'image' => 'skin/loader.php?src=xoops_search.png',
'time' => $myrow['editedtime'] + $this->cont['LOCALZONE'],
'uid' => $myrow['uid'],
@@ -44,7 +44,7 @@ function get_userinfo_by_id ($uid, $defname=NULL) {
'admin' => FALSE,
'uid' => 0,
'uname' => $defname,
'uname_s' => htmlspecialchars($defname),
'uname_s' => $this->htmlspecialchars($defname),
'email' => '',
'gids' => array(),
);

0 comments on commit f14b0f4

Please sign in to comment.
You can’t perform that action at this time.