Replace htmlspecialchars to hsc in core
This commit is contained in:
Phy
parent
6057f47313
commit
65cc1598e0
2
doku.php
2
doku.php
|
|
@ -62,7 +62,7 @@ if($DATE_AT) {
|
|||
} else { // check for UNIX Timestamp
|
||||
$date_parse = @date('Ymd',$DATE_AT);
|
||||
if(!$date_parse || $date_parse === '19700101') {
|
||||
msg(sprintf($lang['unable_to_parse_date'], htmlspecialchars($DATE_AT)));
|
||||
msg(sprintf($lang['unable_to_parse_date'], hsc($DATE_AT)));
|
||||
$DATE_AT = null;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -357,12 +357,12 @@ class Mailer {
|
|||
|
||||
// FIXME: is there a way to encode the localpart of a emailaddress?
|
||||
if(!utf8_isASCII($addr)) {
|
||||
msg(htmlspecialchars("E-Mail address <$addr> is not ASCII"), -1);
|
||||
msg(hsc("E-Mail address <$addr> is not ASCII"), -1);
|
||||
continue;
|
||||
}
|
||||
|
||||
if(!mail_isvalid($addr)) {
|
||||
msg(htmlspecialchars("E-Mail address <$addr> is not valid"), -1);
|
||||
msg(hsc("E-Mail address <$addr> is not valid"), -1);
|
||||
continue;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -253,7 +253,7 @@ function act_validate($act) {
|
|||
|
||||
// check if action is disabled
|
||||
if(!actionOK($act)){
|
||||
msg('Command disabled: '.htmlspecialchars($act),-1);
|
||||
msg('Command disabled: '.hsc($act),-1);
|
||||
return 'show';
|
||||
}
|
||||
|
||||
|
|
@ -261,7 +261,7 @@ function act_validate($act) {
|
|||
if(!$conf['useacl'] && in_array($act,array('login','logout','register','admin',
|
||||
'subscribe','unsubscribe','profile','revert',
|
||||
'resendpwd','profile_delete'))){
|
||||
msg('Command unavailable: '.htmlspecialchars($act),-1);
|
||||
msg('Command unavailable: '.hsc($act),-1);
|
||||
return 'show';
|
||||
}
|
||||
|
||||
|
|
@ -273,7 +273,7 @@ function act_validate($act) {
|
|||
'diff','recent','backlink','admin','subscribe','revert',
|
||||
'unsubscribe','profile','profile_delete','resendpwd','recover',
|
||||
'draftdel','sitemap','media')) && substr($act,0,7) != 'export_' ) {
|
||||
msg('Command unknown: '.htmlspecialchars($act),-1);
|
||||
msg('Command unknown: '.hsc($act),-1);
|
||||
return 'show';
|
||||
}
|
||||
return $act;
|
||||
|
|
|
|||
12
inc/html.php
12
inc/html.php
|
|
@ -210,14 +210,14 @@ function html_btn($name, $id, $akey, $params, $method='get', $tooltip='', $label
|
|||
if(is_array($params)){
|
||||
foreach($params as $key => $val) {
|
||||
$ret .= '<input type="hidden" name="'.$key.'" ';
|
||||
$ret .= 'value="'.htmlspecialchars($val).'" />';
|
||||
$ret .= 'value="'.hsc($val).'" />';
|
||||
}
|
||||
}
|
||||
|
||||
if ($tooltip!='') {
|
||||
$tip = htmlspecialchars($tooltip);
|
||||
$tip = hsc($tooltip);
|
||||
}else{
|
||||
$tip = htmlspecialchars($label);
|
||||
$tip = hsc($label);
|
||||
}
|
||||
|
||||
$ret .= '<button type="submit" ';
|
||||
|
|
@ -582,7 +582,7 @@ function html_revisions($first=0, $media_id = false){
|
|||
if($summary) {
|
||||
$form->addElement(form_makeOpenTag('span', array('class' => 'sum')));
|
||||
if(!$media_id) $form->addElement(' – ');
|
||||
$form->addElement('<bdi>' . htmlspecialchars($summary) . '</bdi>');
|
||||
$form->addElement('<bdi>' . hsc($summary) . '</bdi>');
|
||||
$form->addElement(form_makeCloseTag('span'));
|
||||
}
|
||||
|
||||
|
|
@ -665,7 +665,7 @@ function html_revisions($first=0, $media_id = false){
|
|||
if ($info['sum']) {
|
||||
$form->addElement(form_makeOpenTag('span', array('class' => 'sum')));
|
||||
if(!$media_id) $form->addElement(' – ');
|
||||
$form->addElement('<bdi>'.htmlspecialchars($info['sum']).'</bdi>');
|
||||
$form->addElement('<bdi>'.hsc($info['sum']).'</bdi>');
|
||||
$form->addElement(form_makeCloseTag('span'));
|
||||
}
|
||||
|
||||
|
|
@ -876,7 +876,7 @@ function html_recent($first = 0, $show_changes = 'both') {
|
|||
$form->addElement(html_wikilink(':' . $recent['id'], useHeading('navigation') ? null : $recent['id']));
|
||||
}
|
||||
$form->addElement(form_makeOpenTag('span', array('class' => 'sum')));
|
||||
$form->addElement(' – ' . htmlspecialchars($recent['sum']));
|
||||
$form->addElement(' – ' . hsc($recent['sum']));
|
||||
$form->addElement(form_makeCloseTag('span'));
|
||||
|
||||
$form->addElement(form_makeOpenTag('span', array('class' => 'user')));
|
||||
|
|
|
|||
|
|
@ -210,12 +210,12 @@ function mail_encode_address($string,$header='',$names=true){
|
|||
|
||||
// FIXME: is there a way to encode the localpart of a emailaddress?
|
||||
if(!utf8_isASCII($addr)){
|
||||
msg(htmlspecialchars("E-Mail address <$addr> is not ASCII"),-1);
|
||||
msg(hsc("E-Mail address <$addr> is not ASCII"),-1);
|
||||
continue;
|
||||
}
|
||||
|
||||
if(!mail_isvalid($addr)){
|
||||
msg(htmlspecialchars("E-Mail address <$addr> is not valid"),-1);
|
||||
msg(hsc("E-Mail address <$addr> is not valid"),-1);
|
||||
continue;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1734,9 +1734,9 @@ function media_printimgdetail($item, $fullscreen=false){
|
|||
// print EXIF/IPTC data
|
||||
if($t || $d || $k ){
|
||||
echo '<p>';
|
||||
if($t) echo '<strong>'.htmlspecialchars($t).'</strong><br />';
|
||||
if($d) echo htmlspecialchars($d).'<br />';
|
||||
if($t) echo '<em>'.htmlspecialchars($k).'</em>';
|
||||
if($t) echo '<strong>'.hsc($t).'</strong><br />';
|
||||
if($d) echo hsc($d).'<br />';
|
||||
if($t) echo '<em>'.hsc($k).'</em>';
|
||||
echo '</p>';
|
||||
}
|
||||
echo '</div>';
|
||||
|
|
|
|||
|
|
@ -866,7 +866,7 @@ function tpl_searchform($ajax = true, $autocomplete = true) {
|
|||
print '<form action="'.wl().'" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no">';
|
||||
print '<input type="hidden" name="do" value="search" />';
|
||||
print '<input type="text" ';
|
||||
if($ACT == 'search') print 'value="'.htmlspecialchars($QUERY).'" ';
|
||||
if($ACT == 'search') print 'value="'.hsc($QUERY).'" ';
|
||||
print 'placeholder="'.$lang['btn_search'].'" ';
|
||||
if(!$autocomplete) print 'autocomplete="off" ';
|
||||
print 'id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" />';
|
||||
|
|
|
|||
|
|
@ -161,7 +161,7 @@ function print_form($d){
|
|||
include(DOKU_CONF.'license.php');
|
||||
|
||||
if(!is_array($d)) $d = array();
|
||||
$d = array_map('htmlspecialchars',$d);
|
||||
$d = array_map('hsc',$d);
|
||||
|
||||
if(!isset($d['acl'])) $d['acl']=1;
|
||||
if(!isset($d['pop'])) $d['pop']=1;
|
||||
|
|
@ -216,9 +216,9 @@ function print_form($d){
|
|||
if(empty($d['license'])) $d['license'] = 'cc-by-sa';
|
||||
foreach($license as $key => $lic){
|
||||
echo '<label for="lic_'.$key.'">';
|
||||
echo '<input type="radio" name="d[license]" value="'.htmlspecialchars($key).'" id="lic_'.$key.'"'.
|
||||
echo '<input type="radio" name="d[license]" value="'.hsc($key).'" id="lic_'.$key.'"'.
|
||||
(($d['license'] === $key)?' checked="checked"':'').'>';
|
||||
echo htmlspecialchars($lic['name']);
|
||||
echo hsc($lic['name']);
|
||||
if($lic['url']) echo ' <a href="'.$lic['url'].'" target="_blank"><sup>[?]</sup></a>';
|
||||
echo '</label>';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ if(function_exists($callfn)){
|
|||
}else{
|
||||
$evt = new Doku_Event('AJAX_CALL_UNKNOWN', $call);
|
||||
if ($evt->advise_before()) {
|
||||
print "AJAX call '".htmlspecialchars($call)."' unknown!\n";
|
||||
print "AJAX call '".hsc($call)."' unknown!\n";
|
||||
exit;
|
||||
}
|
||||
$evt->advise_after();
|
||||
|
|
@ -422,13 +422,13 @@ function ajax_linkwiz(){
|
|||
if($item['type'] == 'u'){
|
||||
$name = $lang['upperns'];
|
||||
}else{
|
||||
$name = htmlspecialchars($item['id']);
|
||||
$name = hsc($item['id']);
|
||||
}
|
||||
|
||||
echo '<a href="'.$link.'" title="'.htmlspecialchars($item['id']).'" class="wikilink1">'.$name.'</a>';
|
||||
echo '<a href="'.$link.'" title="'.hsc($item['id']).'" class="wikilink1">'.$name.'</a>';
|
||||
|
||||
if(!blank($item['title'])){
|
||||
echo '<span>'.htmlspecialchars($item['title']).'</span>';
|
||||
echo '<span>'.hsc($item['title']).'</span>';
|
||||
}
|
||||
echo '</div>';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ if(file_exists(DOKU_INC.'favicon.ico')){
|
|||
header('Content-Type: application/opensearchdescription+xml; charset=utf-8');
|
||||
echo '<?xml version="1.0"?>'.NL;
|
||||
echo '<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">'.NL;
|
||||
echo ' <ShortName>'.htmlspecialchars($conf['title']).'</ShortName>'.NL;
|
||||
echo ' <ShortName>'.hsc($conf['title']).'</ShortName>'.NL;
|
||||
echo ' <Image width="16" height="16" type="image/x-icon">'.$ico.'</Image>'.NL;
|
||||
echo ' <Url type="text/html" template="'.DOKU_URL.DOKU_SCRIPT.'?do=search&id={searchTerms}" />'.NL;
|
||||
echo ' <Url type="application/x-suggestions+json" template="'.
|
||||
|
|
|
|||
|
|
@ -50,11 +50,11 @@ $ini = css_styleini($conf['template']);
|
|||
|
||||
if ($ini) {
|
||||
echo '<table>';
|
||||
echo "<caption>".htmlspecialchars($conf['template'])."'s style.ini</caption>";
|
||||
echo "<caption>".hsc($conf['template'])."'s style.ini</caption>";
|
||||
foreach($ini['replacements'] as $key => $val){
|
||||
echo '<tr>';
|
||||
echo '<td>'.htmlspecialchars($key).'</td>';
|
||||
echo '<td>'.htmlspecialchars($val).'</td>';
|
||||
echo '<td>'.hsc($key).'</td>';
|
||||
echo '<td>'.hsc($val).'</td>';
|
||||
echo '<td>';
|
||||
if(preg_match('/^#[0-f]{3,6}$/i',$val)){
|
||||
echo '<div class="color" style="background-color:'.$val.';"> </div>';
|
||||
|
|
@ -64,7 +64,7 @@ if ($ini) {
|
|||
}
|
||||
echo '</table>';
|
||||
} else {
|
||||
echo "<p>Non-existent or invalid template or style.ini: <strong>".htmlspecialchars($conf['template'])."</strong></p>";
|
||||
echo "<p>Non-existent or invalid template or style.ini: <strong>".hsc($conf['template'])."</strong></p>";
|
||||
}
|
||||
?>
|
||||
</body>
|
||||
|
|
|
|||
Loading…
Reference in New Issue