diff --git a/html/modules/xpwiki/skin/pukiwiki/pukiwiki.skin.php b/html/modules/xpwiki/skin/pukiwiki/pukiwiki.skin.php index 755d5ea4..d5e752f1 100644 --- a/html/modules/xpwiki/skin/pukiwiki/pukiwiki.skin.php +++ b/html/modules/xpwiki/skin/pukiwiki/pukiwiki.skin.php @@ -86,7 +86,7 @@ root->nofollow || ! $is_read) {?> cont['PKWK_ALLOW_JAVASCRIPT'] && isset($this->root->javascript)) {?> -
'.$this->root->_attach_messages[$err].'
'; $ref = ""; $img_info = ""; @@ -423,7 +423,7 @@ function info($err) { ' ' . 'Sorry, page \'' . htmlspecialchars($this->root->rule_page) . + return '
Sorry, page \'' . $this->htmlspecialchars($this->root->rule_page) . '\' unavailable.
'; } else { return $this->convert_html($this->get_source($this->root->rule_page)); @@ -2326,7 +2326,7 @@ function make_pagelink($page, $alias = '', $anchor = '', $refer = '', $class = ' static $popup_pos = array(); $_page = $page; - $s_page = htmlspecialchars($this->strip_bracket($page)); + $s_page = $this->htmlspecialchars($this->strip_bracket($page)); if ($this->root->page_case_insensitive) { $this->get_pagename_realcase($page); @@ -2363,14 +2363,14 @@ function make_pagelink($page, $alias = '', $anchor = '', $refer = '', $class = ' $s_alias = ($this->root->pagename_num2str && $this->is_page($page)) ? preg_replace('/\/(?:[0-9\-]+|[B0-9][A-Z0-9]{9})$/', '/'.str_replace('/', '/', $this->get_heading($page)), $s_page) : $s_page; } if ($compact_base) { - $s_alias = preg_replace('/^'.preg_quote(htmlspecialchars($compact_base).'/', '/').'/', '', $s_alias); + $s_alias = preg_replace('/^'.preg_quote($this->htmlspecialchars($compact_base).'/', '/').'/', '', $s_alias); } if ($this->root->hierarchy_insert) { $s_alias = preg_replace('#((?:^|\G|>)[^<]*?)/#', '$1' . $this->root->hierarchy_insert . '/', $s_alias); } // Remake - $s_page = htmlspecialchars($page); + $s_page = $this->htmlspecialchars($page); // Anchor only if ($page === '') return '' . $s_alias . ''; @@ -2391,7 +2391,7 @@ function make_pagelink($page, $alias = '', $anchor = '', $refer = '', $class = ' if ($compact_base && $compact_base === $_landing) { break; } - $element = htmlspecialchars(array_pop($parts)); + $element = $this->htmlspecialchars(array_pop($parts)); $topic_path[] = $this->make_pagelink($_landing, $element); } if ($topic_path) { @@ -2432,8 +2432,8 @@ function make_pagelink($page, $alias = '', $anchor = '', $refer = '', $class = ' } $options['popup']['position'] = $popup_pos[$this->root->mydirname]; } - $onclick = ' onclick="return XpWiki.pagePopup({dir:\'' . htmlspecialchars($this->root->mydirname, ENT_QUOTES) . - '\',page:\'' . htmlspecialchars(str_replace('\'', '\\\'', $page) . $anchor) . '\'' . + $onclick = ' onclick="return XpWiki.pagePopup({dir:\'' . $this->htmlspecialchars($this->root->mydirname, ENT_QUOTES) . + '\',page:\'' . $this->htmlspecialchars(str_replace('\'', '\\\'', $page) . $anchor) . '\'' . $options['popup']['position'] . '});"'; $class .= '_popup'; } @@ -2467,7 +2467,7 @@ function make_pagelink($page, $alias = '', $anchor = '', $refer = '', $class = ' // Dangling link if ($this->cont['PKWK_READONLY'] === 1 || ! $this->check_editable($page,false,false)) return $s_alias; // No dacorations - $title = htmlspecialchars(str_replace('$1', $page, $this->root->_title_edit)); + $title = $this->htmlspecialchars(str_replace('$1', $page, $this->root->_title_edit)); $retval = $basepath . '' . $s_alias . '' . $this->root->_symbol_noexists . ''; @@ -3027,7 +3027,7 @@ function check_editable($page, $auth_flag = TRUE, $exit_flag = TRUE) } else { // With exit $body = $title = str_replace('$1', - htmlspecialchars($this->strip_bracket($page)), $this->root->_title_cannotedit); + $this->htmlspecialchars($this->strip_bracket($page)), $this->root->_title_cannotedit); if ($this->is_freeze($page)) $body .= '(' . $this->root->_msg_unfreeze . ')'; @@ -3110,7 +3110,7 @@ function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot) } if ($exit_flag) { $body = $title = str_replace('$1', - htmlspecialchars($this->strip_bracket($page)), $title_cannot); + $this->htmlspecialchars($this->strip_bracket($page)), $title_cannot); $page = str_replace('$1', $this->make_search($page), $title_cannot); $this->catbody($title, $page, $body); exit; @@ -3183,7 +3183,7 @@ function make_backup($page, $delete = FALSE, $notimestamp = FALSE) $body = preg_replace("/\n*$/", "\n", $body); $fp = $this->_backup_fopen($page, 'wb') - or $this->die_message('Cannot open ' . htmlspecialchars($this->_backup_get_filename($page)) . + or $this->die_message('Cannot open ' . $this->htmlspecialchars($this->_backup_get_filename($page)) . 'config file '".htmlspecialchars($configname)."' is not exist."); + return array( 'msg' => 'addline error', 'body' => "
config file '".$this->func->htmlspecialchars($configname)."' is not exist."); } $config->config_name = $configname; $addline = join('', $this->addline_get_source($config->page)); diff --git a/xoops_trust_path/modules/xpwiki/plugin/ajaxtree.inc.php b/xoops_trust_path/modules/xpwiki/plugin/ajaxtree.inc.php index 7b1cd1c1..71f33455 100644 --- a/xoops_trust_path/modules/xpwiki/plugin/ajaxtree.inc.php +++ b/xoops_trust_path/modules/xpwiki/plugin/ajaxtree.inc.php @@ -227,7 +227,7 @@ function plugin_ajaxtree_get_html() $this->func->add_tag_head('ajaxtree.css'); $this->func->add_tag_head('ajaxtree.js'); - $html = '
|--> ".$this->func->make_pagelink($this->root->vars['page'])."
"; @@ -672,7 +672,7 @@ function plugin_areaedit_write($refer, $postdata_input, $postdata) } $retvars['msg'] = $this->root->_title_deleted; - $retvars['body'] = str_replace('$1',htmlspecialchars($refer),$this->root->_title_deleted); + $retvars['body'] = str_replace('$1',$this->func->htmlspecialchars($refer),$this->root->_title_deleted); $this->func->tb_delete($refer); } @@ -689,13 +689,13 @@ function areaedit_form($page, $postdata_input, $headdata, $taildata, $digest = 0 $checked_time = array_key_exists('notimestamp',$this->root->vars) ? ' checked="checked"' : ''; $r_page = rawurlencode($page); - $s_page = htmlspecialchars($page); + $s_page = $this->func->htmlspecialchars($page); $r_digest = rawurlencode($digest); - $s_digest = htmlspecialchars($digest); - $s_postdata_input = htmlspecialchars(str_replace("&br;","\n",$postdata_input)); - $s_headdata = htmlspecialchars( $headdata ); - $s_taildata = htmlspecialchars( $taildata ); - $s_original = array_key_exists('original',$this->root->vars) ? htmlspecialchars($this->root->vars['original']) : $s_headdata . $s_postdata_input . $s_taildata; + $s_digest = $this->func->htmlspecialchars($digest); + $s_postdata_input = $this->func->htmlspecialchars(str_replace("&br;","\n",$postdata_input)); + $s_headdata = $this->func->htmlspecialchars( $headdata ); + $s_taildata = $this->func->htmlspecialchars( $taildata ); + $s_original = array_key_exists('original',$this->root->vars) ? $this->func->htmlspecialchars($this->root->vars['original']) : $s_headdata . $s_postdata_input . $s_taildata; $b_preview = array_key_exists('preview',$this->root->vars); // プレビュー中TRUE $btn_preview = $b_preview ? $this->root->_btn_repreview : $this->root->_btn_preview; $timestamp_tag = ($this->root->userinfo['admin'] || (($this->root->userinfo['uid'] == $this->func->get_pg_auther($this->root->vars['page'])) && $this->root->userinfo['uid']))? diff --git a/xoops_trust_path/modules/xpwiki/plugin/article.inc.php b/xoops_trust_path/modules/xpwiki/plugin/article.inc.php index ac70debe..73f5208b 100644 --- a/xoops_trust_path/modules/xpwiki/plugin/article.inc.php +++ b/xoops_trust_path/modules/xpwiki/plugin/article.inc.php @@ -100,9 +100,9 @@ function plugin_article_action() $body = $this->root->_msg_collided . "\n"; - $s_refer = htmlspecialchars($this->root->post['refer']); - $s_digest = htmlspecialchars($this->root->post['digest']); - $s_postdata = htmlspecialchars($postdata_input); + $s_refer = $this->func->htmlspecialchars($this->root->post['refer']); + $s_digest = $this->func->htmlspecialchars($this->root->post['digest']); + $s_postdata = $this->func->htmlspecialchars($postdata_input); $script = $this->func->get_script_uri(); $body .= <<' . $this->func->diff_style_to_css(htmlspecialchars($str)) . '' . "\n"; + return $ul . '
' . $this->func->diff_style_to_css($this->func->htmlspecialchars($str)) . '' . "\n"; } function plugin_backup_get_list($page) { $script = $this->func->get_script_uri(); - $s_page = htmlspecialchars($page); + $s_page = $this->func->htmlspecialchars($page); $pgid = $this->func->get_pgid_by_name($page); $retval = array(); $page_link = $this->func->make_pagelink($page); @@ -482,7 +482,7 @@ function do_rewind($page, $age) { $this->func->touch_page($page, $time); //$this->root->rtf['page_touch'][$page][] = 'Rewound to ' . ($count - $age + 2) . ' ages ago.'; - $s_page = htmlspecialchars($page); + $s_page = $this->func->htmlspecialchars($page); return array( 'msg' => str_replace('$1', $age, $this->root->_msg_rewinded), 'body' => '' diff --git a/xoops_trust_path/modules/xpwiki/plugin/bitly.inc.php b/xoops_trust_path/modules/xpwiki/plugin/bitly.inc.php index 0af0df02..b394693e 100644 --- a/xoops_trust_path/modules/xpwiki/plugin/bitly.inc.php +++ b/xoops_trust_path/modules/xpwiki/plugin/bitly.inc.php @@ -29,7 +29,7 @@ function plugin_bitly_inline() { $url = array_shift($args); $title = preg_replace('#^https?://#i', '', $url); if ($title !== $url) { - $title = htmlspecialchars($title); + $title = $this->func->htmlspecialchars($title); $url = $this->func->bitly($url, FALSE); if (in_array('qrcode', $args)) { $body = ''; @@ -37,9 +37,9 @@ function plugin_bitly_inline() { if ($body) { $body = preg_replace('#?a[^>]*?>#i', '', $body); } else { - $body = htmlspecialchars($url); + $body = $this->func->htmlspecialchars($url); } - return '' . $body . ''; + return '' . $body . ''; } } return FALSE; diff --git a/xoops_trust_path/modules/xpwiki/plugin/boxdate.inc.php b/xoops_trust_path/modules/xpwiki/plugin/boxdate.inc.php index e9e353dd..34de3b69 100644 --- a/xoops_trust_path/modules/xpwiki/plugin/boxdate.inc.php +++ b/xoops_trust_path/modules/xpwiki/plugin/boxdate.inc.php @@ -47,7 +47,7 @@ function plugin_boxdate_convert() { $time = strtotime($date); if ($time === -1 || $time === FALSE) { - $s_page = htmlspecialchars($page); // Failed. Why? + $s_page = $this->func->htmlspecialchars($page); // Failed. Why? } else { $this->func->add_tag_head('calendar.css'); $week = $this->root->weeklabels[date('w', $time)]; diff --git a/xoops_trust_path/modules/xpwiki/plugin/bugtrack.inc.php b/xoops_trust_path/modules/xpwiki/plugin/bugtrack.inc.php index 5a85719e..6cdff9e0 100644 --- a/xoops_trust_path/modules/xpwiki/plugin/bugtrack.inc.php +++ b/xoops_trust_path/modules/xpwiki/plugin/bugtrack.inc.php @@ -75,14 +75,14 @@ function plugin_bugtrack_print_form($base, $category) $selected = ''; for ($i = 0; $i < $count; ++$i) { if ($i == ($count - 1)) $selected = ' selected="selected"'; // The last one - $priority_list = htmlspecialchars($this->root->_plugin_bugtrack['priority_list'][$i]); + $priority_list = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['priority_list'][$i]); $select_priority .= ' ' . "\n"; } $select_state = "\n"; for ($i = 0; $i < count($this->root->_plugin_bugtrack['state_list']); ++$i) { - $state_list = htmlspecialchars($this->root->_plugin_bugtrack['state_list'][$i]); + $state_list = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['state_list'][$i]); $select_state .= ' ' . "\n"; } @@ -93,7 +93,7 @@ function plugin_bugtrack_print_form($base, $category) } else { $encoded_category = '