mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-04-02 01:52:10 +09:00
#66 install php version check
#16 install rewrite module usable check #48 htmlspecialchars function params add
This commit is contained in:
akasima
bnu
parent
51b6b21cf2
commit
736f382b27
93 changed files with 240 additions and 215 deletions
|
|
@ -490,10 +490,10 @@ if($called_position == 'before_module_proc')
|
|||
$post = new stdClass();
|
||||
$post->categories = array();
|
||||
$post->dateCreated = date("Ymd", $oDocument->getRegdateTime()) . 'T' . date("H:i:s", $oDocument->getRegdateTime());
|
||||
$post->description = htmlspecialchars($oEditorController->transComponent($oDocument->getContent(false, false, true, false)));
|
||||
$post->description = htmlspecialchars($oEditorController->transComponent($oDocument->getContent(false, false, true, false)), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$post->link = $post->permaLink = getFullUrl('', 'document_srl', $oDocument->document_srl);
|
||||
$post->postid = $oDocument->document_srl;
|
||||
$post->title = htmlspecialchars($oDocument->get('title'));
|
||||
$post->title = htmlspecialchars($oDocument->get('title'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$post->publish = 1;
|
||||
$post->userid = $oDocument->get('user_id');
|
||||
$post->mt_allow_pings = 0;
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ function getXmlRpcFailure($error, $message)
|
|||
{
|
||||
return
|
||||
sprintf(
|
||||
"<methodResponse>\n<fault><value><struct>\n<member>\n<name>faultCode</name>\n<value><int>%d</int></value>\n</member>\n<member>\n<name>faultString</name>\n<value><string>%s</string></value>\n</member>\n</struct></value></fault>\n</methodResponse>\n", $error, htmlspecialchars($message)
|
||||
"<methodResponse>\n<fault><value><struct>\n<member>\n<name>faultCode</name>\n<value><int>%d</int></value>\n</member>\n<member>\n<name>faultString</name>\n<value><string>%s</string></value>\n</member>\n</struct></value></fault>\n</methodResponse>\n", $error, htmlspecialchars($message, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -54,7 +54,7 @@ function _getEncodedVal($val, $is_sub_set = false)
|
|||
$buff = "<value><struct>";
|
||||
foreach($values as $k => $v)
|
||||
{
|
||||
$buff .= sprintf("<member>\n<name>%s</name>\n%s</member>\n", htmlspecialchars($k), _getEncodedVal($v, true));
|
||||
$buff .= sprintf("<member>\n<name>%s</name>\n%s</member>\n", htmlspecialchars($k, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), _getEncodedVal($v, true));
|
||||
}
|
||||
$buff .= "</struct></value>\n";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,13 +21,13 @@ class wap extends mobileXE
|
|||
{
|
||||
print("<html><head>\n");
|
||||
if($this->totalPage > $this->mobilePage) $titlePageStr = sprintf("(%d/%d)",$this->mobilePage, $this->totalPage);
|
||||
printf("<title>%s%s</title></head><body>\n", htmlspecialchars($this->title),htmlspecialchars($titlePageStr));
|
||||
printf("<title>%s%s</title></head><body>\n", htmlspecialchars($this->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false),htmlspecialchars($titlePageStr, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
}
|
||||
// Output title
|
||||
function printTitle()
|
||||
{
|
||||
if($this->totalPage > $this->mobilePage) $titlePageStr = sprintf("(%d/%d)",$this->mobilePage, $this->totalPage);
|
||||
printf('<%s%s><br>%s', htmlspecialchars($this->title),htmlspecialchars($titlePageStr),"\n");
|
||||
printf('<%s%s><br>%s', htmlspecialchars($this->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false),htmlspecialchars($titlePageStr, ENT_COMPAT | ENT_HTML401, 'UTF-8', false),"\n");
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ class wap extends mobileXE
|
|||
if($this->totalPage > $this->mobilePage) $titlePageStr = sprintf("(%d/%d)",$this->mobilePage, $this->totalPage);
|
||||
print("<?xml version=\"1.0\" encoding=\"".$this->charset."\"?><!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.1//EN\" \"http://www.wapforum.org/DTD/wml_1.1.xml\">\n");
|
||||
// Card Title
|
||||
printf("<wml>\n<card title=\"%s%s\">\n<p>\n",htmlspecialchars($this->title),htmlspecialchars($titlePageStr));
|
||||
printf("<wml>\n<card title=\"%s%s\">\n<p>\n",htmlspecialchars($this->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false),htmlspecialchars($titlePageStr, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -32,7 +32,7 @@ class wap extends mobileXE
|
|||
function printTitle()
|
||||
{
|
||||
if($this->totalPage > $this->mobilePage) $titlePageStr = sprintf("(%d/%d)",$this->mobilePage, $this->totalPage);
|
||||
printf('<%s%s><br/>%s', htmlspecialchars($this->title),htmlspecialchars($titlePageStr),"\n");
|
||||
printf('<%s%s><br/>%s', htmlspecialchars($this->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false),htmlspecialchars($titlePageStr, ENT_COMPAT | ENT_HTML401, 'UTF-8', false),"\n");
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -46,7 +46,7 @@ class wap extends mobileXE
|
|||
foreach($this->getChilds() as $key => $val)
|
||||
{
|
||||
if(!$val['link']) continue;
|
||||
printf('<do type="%s" label="%s"><go href="%s" /></do>%s', $this->getNo(), htmlspecialchars($val['text']), $val['href'], "\n");
|
||||
printf('<do type="%s" label="%s"><go href="%s" /></do>%s', $this->getNo(), htmlspecialchars($val['text'], ENT_COMPAT | ENT_HTML401, 'UTF-8', false), $val['href'], "\n");
|
||||
if($val['extra']) printf("%s\n",$val['extra']);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -746,7 +746,7 @@ class Context
|
|||
$oModuleController = getController('module');
|
||||
$oModuleController->replaceDefinedLangCode($self->site_title);
|
||||
|
||||
return htmlspecialchars($self->site_title);
|
||||
return htmlspecialchars($self->site_title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1259,7 +1259,7 @@ class Context
|
|||
}
|
||||
elseif($key === 'mid' || $key === 'vid' || $key === 'search_keyword')
|
||||
{
|
||||
$val[$k] = htmlspecialchars($v);
|
||||
$val[$k] = htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -1325,7 +1325,7 @@ class Context
|
|||
{
|
||||
continue;
|
||||
}
|
||||
$val['name'] = htmlspecialchars($val['name']);
|
||||
$val['name'] = htmlspecialchars($val['name'], ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$this->set($key, $val, true);
|
||||
$this->is_uploaded = true;
|
||||
}
|
||||
|
|
@ -1631,11 +1631,11 @@ class Context
|
|||
$encode_queries[] = $key . '=' . $value;
|
||||
}
|
||||
$encode_query = implode('&', $encode_queries);
|
||||
return htmlspecialchars($parsedUrl['path'] . '?' . $encode_query);
|
||||
return htmlspecialchars($parsedUrl['path'] . '?' . $encode_query, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
else
|
||||
{
|
||||
return htmlspecialchars($query);
|
||||
return htmlspecialchars($query, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -278,7 +278,7 @@ class HTMLDisplayHandler
|
|||
case 'number':
|
||||
case 'range':
|
||||
case 'color':
|
||||
$str = preg_replace('@\svalue="[^"]*?"@', ' ', $str) . ' value="' . @htmlspecialchars($INPUT_ERROR[$match[3]]) . '"';
|
||||
$str = preg_replace('@\svalue="[^"]*?"@', ' ', $str) . ' value="' . @htmlspecialchars($INPUT_ERROR[$match[3]], ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . '"';
|
||||
break;
|
||||
case 'password':
|
||||
$str = preg_replace('@\svalue="[^"]*?"@', ' ', $str);
|
||||
|
|
|
|||
|
|
@ -210,7 +210,7 @@ class ExtraItem
|
|||
{
|
||||
$value = 'http://' . $value;
|
||||
}
|
||||
return htmlspecialchars($value);
|
||||
return htmlspecialchars($value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
|
||||
case 'tel' :
|
||||
if(is_array($value))
|
||||
|
|
@ -253,7 +253,7 @@ class ExtraItem
|
|||
|
||||
for($i = 0; $i < count($values); $i++)
|
||||
{
|
||||
$values[$i] = htmlspecialchars($values[$i]);
|
||||
$values[$i] = htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
|
||||
return $values;
|
||||
|
|
@ -283,7 +283,7 @@ class ExtraItem
|
|||
//case 'text' :
|
||||
//case 'textarea' :
|
||||
default :
|
||||
return htmlspecialchars($value);
|
||||
return htmlspecialchars($value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -405,7 +405,7 @@ class ExtraItem
|
|||
// Temporary ID for labeling
|
||||
$tmp_id = $column_name . '-' . $id_num++;
|
||||
|
||||
$buff .='<li><input type="checkbox" name="' . $column_name . '[]" id="' . $tmp_id . '" value="' . htmlspecialchars($v) . '" ' . $checked . ' /><label for="' . $tmp_id . '">' . $v . '</label></li>';
|
||||
$buff .='<li><input type="checkbox" name="' . $column_name . '[]" id="' . $tmp_id . '" value="' . htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . '" ' . $checked . ' /><label for="' . $tmp_id . '">' . $v . '</label></li>';
|
||||
}
|
||||
$buff .= '</ul>';
|
||||
break;
|
||||
|
|
@ -490,7 +490,7 @@ class ExtraItem
|
|||
'<input type="text" name="addr_search_' . $column_name . '" class="address" value="" />' .
|
||||
'<a href="#" onclick="doSearchKrZip(this, \'' . $column_name . '\'); return false;" class="button green"><span>' . Context::getLang('cmd_search') . '</span></a>' .
|
||||
'</div>' .
|
||||
'<input type="text" name="' . $column_name . '[]" value="' . htmlspecialchars($value[1]) . '" class="address" />' .
|
||||
'<input type="text" name="' . $column_name . '[]" value="' . htmlspecialchars($value[1], ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . '" class="address" />' .
|
||||
'';
|
||||
break;
|
||||
// General text
|
||||
|
|
@ -500,7 +500,7 @@ class ExtraItem
|
|||
}
|
||||
if($this->desc)
|
||||
{
|
||||
$buff .= '<p>' . htmlspecialchars($this->desc) . '</p>';
|
||||
$buff .= '<p>' . htmlspecialchars($this->desc, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . '</p>';
|
||||
}
|
||||
|
||||
return $buff;
|
||||
|
|
|
|||
|
|
@ -355,7 +355,7 @@ class EmbedFilter
|
|||
|
||||
if(!$isWhiteDomain && !$isWhiteMimetype && !$isWhiteExt)
|
||||
{
|
||||
$content = str_replace($objectTag, htmlspecialchars($objectTag), $content);
|
||||
$content = str_replace($objectTag, htmlspecialchars($objectTag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), $content);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -408,7 +408,7 @@ class EmbedFilter
|
|||
|
||||
if(!$isWhiteDomain && !$isWhiteMimetype && !$isWhiteExt)
|
||||
{
|
||||
$content = str_replace($embedTag, htmlspecialchars($embedTag), $content);
|
||||
$content = str_replace($embedTag, htmlspecialchars($embedTag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), $content);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -451,7 +451,7 @@ class EmbedFilter
|
|||
|
||||
if(!$isWhiteDomain)
|
||||
{
|
||||
$content = str_replace($iframeTag, htmlspecialchars($iframeTag), $content);
|
||||
$content = str_replace($iframeTag, htmlspecialchars($iframeTag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), $content);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -491,7 +491,7 @@ class EmbedFilter
|
|||
|
||||
if(!$isWhiteDomain && !$isWhiteExt)
|
||||
{
|
||||
$content = str_replace($paramTag, htmlspecialchars($paramTag), $content);
|
||||
$content = str_replace($paramTag, htmlspecialchars($paramTag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), $content);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -115,7 +115,7 @@ class Security
|
|||
{
|
||||
if(!preg_match('/^\$user_lang->/', $var))
|
||||
{
|
||||
$var = htmlspecialchars($var);
|
||||
$var = htmlspecialchars($var, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
return $var;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform {
|
|||
public function __construct($attr) {
|
||||
$this->attr = $attr;
|
||||
if (!isset($this->css[$attr])) {
|
||||
trigger_error(htmlspecialchars($attr) . ' is not valid space attribute');
|
||||
trigger_error(htmlspecialchars($attr, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . ' is not valid space attribute');
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -302,7 +302,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
|||
// emit errors
|
||||
foreach ($allowed_properties as $name => $d) {
|
||||
// :TODO: Is this htmlspecialchars() call really necessary?
|
||||
$name = htmlspecialchars($name);
|
||||
$name = htmlspecialchars($name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -153,7 +153,7 @@ class HTMLPurifier_Config
|
|||
if (!$this->finalized) $this->autoFinalize();
|
||||
if (!isset($this->def->info[$key])) {
|
||||
// can't add % due to SimpleTest bug
|
||||
$this->triggerError('Cannot retrieve value of undefined directive ' . htmlspecialchars($key),
|
||||
$this->triggerError('Cannot retrieve value of undefined directive ' . htmlspecialchars($key, ENT_COMPAT | ENT_HTML401, 'UTF-8', false),
|
||||
E_USER_WARNING);
|
||||
return;
|
||||
}
|
||||
|
|
@ -181,7 +181,7 @@ class HTMLPurifier_Config
|
|||
if (!$this->finalized) $this->autoFinalize();
|
||||
$full = $this->getAll();
|
||||
if (!isset($full[$namespace])) {
|
||||
$this->triggerError('Cannot retrieve undefined namespace ' . htmlspecialchars($namespace),
|
||||
$this->triggerError('Cannot retrieve undefined namespace ' . htmlspecialchars($namespace, ENT_COMPAT | ENT_HTML401, 'UTF-8', false),
|
||||
E_USER_WARNING);
|
||||
return;
|
||||
}
|
||||
|
|
@ -246,7 +246,7 @@ class HTMLPurifier_Config
|
|||
}
|
||||
if ($this->isFinalized('Cannot set directive after finalization')) return;
|
||||
if (!isset($this->def->info[$key])) {
|
||||
$this->triggerError('Cannot set undefined directive ' . htmlspecialchars($key) . ' to value',
|
||||
$this->triggerError('Cannot set undefined directive ' . htmlspecialchars($key, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . ' to value',
|
||||
E_USER_WARNING);
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ class HTMLPurifier_DoctypeRegistry
|
|||
public function get($doctype) {
|
||||
if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype];
|
||||
if (!isset($this->doctypes[$doctype])) {
|
||||
trigger_error('Doctype ' . htmlspecialchars($doctype) . ' does not exist', E_USER_ERROR);
|
||||
trigger_error('Doctype ' . htmlspecialchars($doctype, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . ' does not exist', E_USER_ERROR);
|
||||
$anon = new HTMLPurifier_Doctype($doctype);
|
||||
return $anon;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -246,7 +246,7 @@ class HTMLPurifier_Generator
|
|||
// Workaround for APC bug on Mac Leopard reported by sidepodcast
|
||||
// http://htmlpurifier.org/phorum/read.php?3,4823,4846
|
||||
if ($quote === null) $quote = ENT_COMPAT;
|
||||
return htmlspecialchars($string, $quote, 'UTF-8');
|
||||
return htmlspecialchars($string, $quote, 'UTF-8', false);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -261,7 +261,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
|
|||
}
|
||||
// emit errors
|
||||
foreach ($allowed_elements as $element => $d) {
|
||||
$element = htmlspecialchars($element); // PHP doesn't escape errors, be careful!
|
||||
$element = htmlspecialchars($element, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); // PHP doesn't escape errors, be careful!
|
||||
trigger_error("Element '$element' is not supported $support", E_USER_WARNING);
|
||||
}
|
||||
}
|
||||
|
|
@ -315,8 +315,8 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
|
|||
switch ($c) {
|
||||
case 2:
|
||||
if ($bits[0] !== '*') {
|
||||
$element = htmlspecialchars($bits[0]);
|
||||
$attribute = htmlspecialchars($bits[1]);
|
||||
$element = htmlspecialchars($bits[0], ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$attribute = htmlspecialchars($bits[1], ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
if (!isset($this->info[$element])) {
|
||||
trigger_error("Cannot allow attribute '$attribute' if element '$element' is not allowed/supported $support");
|
||||
} else {
|
||||
|
|
@ -327,7 +327,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
|
|||
}
|
||||
// otherwise fall through
|
||||
case 1:
|
||||
$attribute = htmlspecialchars($bits[0]);
|
||||
$attribute = htmlspecialchars($bits[0], ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
trigger_error("Global attribute '$attribute' is not ".
|
||||
"supported in any elements $support",
|
||||
E_USER_WARNING);
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ class HTMLPurifier_Lexer
|
|||
$inst = new HTMLPurifier_Lexer_PH5P();
|
||||
break;
|
||||
default:
|
||||
throw new HTMLPurifier_Exception("Cannot instantiate unrecognized Lexer type " . htmlspecialchars($lexer));
|
||||
throw new HTMLPurifier_Exception("Cannot instantiate unrecognized Lexer type " . htmlspecialchars($lexer, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -252,7 +252,7 @@ class HTMLPurifier_Lexer
|
|||
*/
|
||||
protected static function CDATACallback($matches) {
|
||||
// not exactly sure why the character set is needed, but whatever
|
||||
return htmlspecialchars($matches[1], ENT_COMPAT, 'UTF-8');
|
||||
return htmlspecialchars($matches[1], ENT_COMPAT, 'UTF-8', false);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
|
|||
* @param $matches, in form of array(opening tag, contents, closing tag)
|
||||
*/
|
||||
protected function scriptCallback($matches) {
|
||||
return $matches[1] . htmlspecialchars($matches[2], ENT_COMPAT, 'UTF-8') . $matches[3];
|
||||
return $matches[1] . htmlspecialchars($matches[2], ENT_COMPAT, 'UTF-8', false) . $matches[3];
|
||||
}
|
||||
|
||||
public function tokenizeHTML($html, $config, $context) {
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ class HTMLPurifier_Printer
|
|||
*/
|
||||
protected function escape($string) {
|
||||
$string = HTMLPurifier_Encoder::cleanUTF8($string);
|
||||
$string = htmlspecialchars($string, ENT_COMPAT, 'UTF-8');
|
||||
$string = htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false);
|
||||
return $string;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -330,7 +330,7 @@ class TemplateHandler
|
|||
{
|
||||
preg_match('/<input[^>]*name="error_return_url"[^>]*>/is', $matches[2], $m3);
|
||||
if(!$m3[0])
|
||||
$matches[2] = '<input type="hidden" name="error_return_url" value="<?php echo htmlspecialchars(getRequestUriByServerEnviroment()) ?>" />' . $matches[2];
|
||||
$matches[2] = '<input type="hidden" name="error_return_url" value="<?php echo htmlspecialchars(getRequestUriByServerEnviroment(), ENT_COMPAT | ENT_HTML401, \'UTF-8\', false) ?>" />' . $matches[2];
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ class XmlGenerator
|
|||
{
|
||||
foreach($value as $attrName => $attrValue)
|
||||
{
|
||||
$attrs .= sprintf(' %s="%s"', $attrName, htmlspecialchars($attrValue));
|
||||
$attrs .= sprintf(' %s="%s"', $attrName, htmlspecialchars($attrValue, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -329,7 +329,7 @@ class PEAR_Exception extends Exception
|
|||
foreach ($causes as $i => $cause) {
|
||||
$html .= '<tr><td colspan="3" bgcolor="#ff9999">'
|
||||
. str_repeat('-', $i) . ' <b>' . $cause['class'] . '</b>: '
|
||||
. htmlspecialchars($cause['message']) . ' in <b>' . $cause['file'] . '</b> '
|
||||
. htmlspecialchars($cause['message'], ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . ' in <b>' . $cause['file'] . '</b> '
|
||||
. 'on line <b>' . $cause['line'] . '</b>'
|
||||
. "</td></tr>\n";
|
||||
}
|
||||
|
|
@ -355,7 +355,7 @@ class PEAR_Exception extends Exception
|
|||
elseif (is_int($arg) || is_double($arg)) $args[] = $arg;
|
||||
else {
|
||||
$arg = (string)$arg;
|
||||
$str = htmlspecialchars(substr($arg, 0, 16));
|
||||
$str = htmlspecialchars(substr($arg, 0, 16), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
if (strlen($arg) > 16) $str .= '…';
|
||||
$args[] = "'" . $str . "'";
|
||||
}
|
||||
|
|
@ -388,4 +388,4 @@ class PEAR_Exception extends Exception
|
|||
}
|
||||
}
|
||||
|
||||
?>
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -49,8 +49,8 @@
|
|||
</td>
|
||||
<td>{$addon->path}</td>
|
||||
<td><a href="{getUrl('act', 'dispAddonAdminSetup', 'selected_addon', $addon->addon_name)}">{$lang->cmd_setup}</a></td>
|
||||
<td><input type="checkbox" name="pc_on[]" title="PC" value="{htmlspecialchars($addon->addon_name)}" checked="checked"|cond="$addon->activated" /></td>
|
||||
<td><input type="checkbox" name="mobile_on[]" title="Mobile" value="{htmlspecialchars($addon->addon_name)}" checked="checked"|cond="$addon->mactivated" /></td>
|
||||
<td><input type="checkbox" name="pc_on[]" title="PC" value="{htmlspecialchars($addon->addon_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" checked="checked"|cond="$addon->activated" /></td>
|
||||
<td><input type="checkbox" name="mobile_on[]" title="Mobile" value="{htmlspecialchars($addon->addon_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" checked="checked"|cond="$addon->mactivated" /></td>
|
||||
<td><a cond="$addon->remove_url" href="{$addon->remove_url}&return_url={urlencode(getRequestUriByServerEnviroment())}">{$lang->cmd_delete}</a></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
|
|
|||
|
|
@ -51,8 +51,8 @@
|
|||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="{$var->name}"|cond="$var->type != 'textarea'" for="lang_{$var->name}"|cond="$var->type == 'textarea'">{$var->title}</label>
|
||||
<div class="x_controls">
|
||||
<input cond="$var->type == 'text'" type="text" name="{$var->name}" id="{$var->name}" value="{htmlspecialchars($var->value)}">
|
||||
<textarea cond="$var->type == 'textarea'" name="{$var->name}" id="{$var->name}" class="lang_code" rows="8" cols="42">{htmlspecialchars($var->value)}</textarea>
|
||||
<input cond="$var->type == 'text'" type="text" name="{$var->name}" id="{$var->name}" value="{htmlspecialchars($var->value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}">
|
||||
<textarea cond="$var->type == 'textarea'" name="{$var->name}" id="{$var->name}" class="lang_code" rows="8" cols="42">{htmlspecialchars($var->value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</textarea>
|
||||
<select cond="$var->type == 'select'" name="{$var->name}" id="{$var->name}">
|
||||
<option loop="$var->options => $option" value="{$option->value}" selected="selected"|cond="$var->value == $option->value">{$option->title}</option>
|
||||
</select>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<p class="power">
|
||||
Powered by <strong><a href="{_XE_LOCATION_SITE_}" target="_blank">XE</a></strong>. <span class="vr">|</span>
|
||||
<strong>Your version</strong>: {__XE_VERSION__} <span class="vr">|</span>
|
||||
<!--@if(isset($latestVersion))--><strong>Latest version</strong>: <a href="{htmlspecialchars(html_entity_decode($latestVersion->url))}" target="_blank" title="{zdate($latestVersion->date, 'Y-m-d')}">{$latestVersion->title}</a><!--@end-->
|
||||
<!--@if(isset($latestVersion))--><strong>Latest version</strong>: <a href="{htmlspecialchars(html_entity_decode($latestVersion->url), ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" target="_blank" title="{zdate($latestVersion->date, 'Y-m-d')}">{$latestVersion->title}</a><!--@end-->
|
||||
</p>
|
||||
<p class="cache">
|
||||
<button type="button" class="x_btn-link" onclick="doResetAdminMenu();">{$lang->cmd_admin_menu_reset}</button> <span class="vr">|</span>
|
||||
|
|
|
|||
|
|
@ -169,7 +169,7 @@
|
|||
</form>
|
||||
<form action="./" class="search x_input-append x_pull-right" no-error-return-url="true" cond="$act!=dispAutoinstallAdminInstalledPackages">
|
||||
<input loop="$param => $key, $val" cond="!in_array($key, array('mid', 'vid', 'act', 'page'))" type="hidden" name="{$key}" value="{$val}" />
|
||||
<input type="search" name="search_keyword" required title="Search" value="{htmlspecialchars($search_keyword)}">
|
||||
<input type="search" name="search_keyword" required title="Search" value="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}">
|
||||
<button class="x_btn x_btn-inverse" type="submit">{$lang->cmd_search}</button>
|
||||
<a href="{getUrl('page', '', 'search_keyword', '')}" class="x_btn">{$lang->cmd_cancel}</a>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -307,7 +307,7 @@ class commentController extends comment
|
|||
{
|
||||
if($obj->use_html != 'Y')
|
||||
{
|
||||
$obj->content = htmlspecialchars($obj->content);
|
||||
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
$obj->content = nl2br($obj->content);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -255,7 +255,7 @@ class commentItem extends Object
|
|||
$url = "http://" . $url;
|
||||
}
|
||||
|
||||
return htmlspecialchars($url);
|
||||
return htmlspecialchars($url, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
|
||||
function getMemberSrl()
|
||||
|
|
@ -265,17 +265,17 @@ class commentItem extends Object
|
|||
|
||||
function getUserID()
|
||||
{
|
||||
return htmlspecialchars($this->get('user_id'));
|
||||
return htmlspecialchars($this->get('user_id'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
|
||||
function getUserName()
|
||||
{
|
||||
return htmlspecialchars($this->get('user_name'));
|
||||
return htmlspecialchars($this->get('user_name'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
|
||||
function getNickName()
|
||||
{
|
||||
return htmlspecialchars($this->get('nick_name'));
|
||||
return htmlspecialchars($this->get('nick_name'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -296,7 +296,7 @@ class commentItem extends Object
|
|||
return cut_str(strip_tags($content), $strlen, '...');
|
||||
}
|
||||
|
||||
return htmlspecialchars($content);
|
||||
return htmlspecialchars($content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -120,7 +120,7 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
|
|||
<option value="{$key}" <!--@if($search_target==$key)-->selected="selected"<!--@end-->>{$val}</option>
|
||||
<!--@end-->
|
||||
</select>
|
||||
<input type="search" name="search_keyword" value="{htmlspecialchars($search_keyword)}" />
|
||||
<input type="search" name="search_keyword" value="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<button type="submit" class="x_btn x_btn-inverse">{$lang->cmd_search}</button>
|
||||
<a href="{getUrl('','module',$module,'act',$act)}" class="x_btn">{$lang->cmd_cancel}</a>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -162,7 +162,7 @@ class communicationController extends communication
|
|||
function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = TRUE)
|
||||
{
|
||||
$content = removeHackTag($content);
|
||||
$title = htmlspecialchars($title);
|
||||
$title = htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
|
||||
// messages to save in the sendor's message box
|
||||
$sender_args = new stdClass();
|
||||
|
|
@ -606,7 +606,7 @@ class communicationController extends communication
|
|||
$args->friend_group_srl = trim(Context::get('friend_group_srl'));
|
||||
$args->member_srl = $logged_info->member_srl;
|
||||
$args->title = Context::get('title');
|
||||
$args->title = htmlspecialchars($args->title);
|
||||
$args->title = htmlspecialchars($args->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
|
||||
if(!$args->title)
|
||||
{
|
||||
|
|
@ -682,7 +682,7 @@ class communicationController extends communication
|
|||
$args->friend_group_srl = Context::get('friend_group_srl');
|
||||
$args->member_srl = $logged_info->member_srl;
|
||||
$args->title = Context::get('title');
|
||||
$args->title = htmlspecialchars($args->title);
|
||||
$args->title = htmlspecialchars($args->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
|
||||
if(!$args->title)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
<input type="hidden" name="is_popup" value="Y" />
|
||||
<input type="hidden" name="act" value="procCommunicationSendMessage" />
|
||||
<input type="hidden" name="receiver_srl" value="{$receiver_info->member_srl}" />
|
||||
<input type="hidden" name="source_content" value="{htmlspecialchars($source_message->content)}" />
|
||||
<input type="hidden" name="source_content" value="{htmlspecialchars($source_message->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<input type="hidden" name="content" value="" />
|
||||
<input type="hidden" name="xe_validator_id" value="modules/communication/m.skins/default/send_message/1" />
|
||||
<ul>
|
||||
|
|
|
|||
|
|
@ -18,11 +18,11 @@
|
|||
<input type="hidden" name="xe_validator_id" value="modules/communication/skins/default/add_friend_group/1" />
|
||||
<div class="control-group">
|
||||
<label for="title" class="control-label">{$lang->msg_insert_group_name}</label>
|
||||
<div class="controls"><input name="title" id="title" type="text" value="{htmlspecialchars($friend_group->title)}"/></div>
|
||||
<div class="controls"><input name="title" id="title" type="text" value="{htmlspecialchars($friend_group->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}"/></div>
|
||||
</div>
|
||||
<div class="btnArea">
|
||||
<input cond="$friend_group->friend_group_srl" type="submit" value="{$lang->cmd_modify}" class="btn btn-inverse" />
|
||||
<input cond="!$friend_group->friend_group_srl" type="submit" value="{$lang->cmd_insert}" class="btn btn-inverse" />
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
<!--@end-->
|
||||
<tr>
|
||||
<th scope="row">{$lang->title}</th>
|
||||
<td>{htmlspecialchars($message->title)}</td>
|
||||
<td>{htmlspecialchars($message->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan="2" class="xe_content">{$message->content}</td>
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
<form ruleset="sendMessage" action="./" method="post">
|
||||
<input type="hidden" name="module" value="communication" />
|
||||
<input type="hidden" name="act" value="procCommunicationSendMessage" />
|
||||
<input type="hidden" name="content" value="{htmlspecialchars($source_message->content)}" />
|
||||
<input type="hidden" name="content" value="{htmlspecialchars($source_message->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<input type="hidden" name="receiver_srl" value="{$receiver_info->member_srl}" />
|
||||
<input type="hidden" name="xe_validator_id" value="modules/communication/skins/default/send_message/1" />
|
||||
<table class="table table-striped table-hover">
|
||||
|
|
|
|||
|
|
@ -260,7 +260,7 @@ class documentController extends document
|
|||
{
|
||||
if($obj->use_html != 'Y')
|
||||
{
|
||||
$obj->content = htmlspecialchars($obj->content);
|
||||
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
$obj->content = nl2br($obj->content);
|
||||
}
|
||||
|
|
@ -443,7 +443,7 @@ class documentController extends document
|
|||
{
|
||||
if($obj->use_html != 'Y')
|
||||
{
|
||||
$obj->content = htmlspecialchars($obj->content);
|
||||
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
$obj->content = nl2br($obj->content);
|
||||
}
|
||||
|
|
@ -1830,10 +1830,10 @@ class documentController extends document
|
|||
$title = $node->title;
|
||||
$oModuleAdminModel = &getAdminModel('module');
|
||||
$langs = $oModuleAdminModel->getLangCode($site_srl, $title);
|
||||
if(count($langs)) foreach($langs as $key => $val) $xml_header_buff .= sprintf('$_titles[%d]["%s"] = "%s"; ', $category_srl, $key, str_replace('"','\\"',htmlspecialchars($val)));
|
||||
if(count($langs)) foreach($langs as $key => $val) $xml_header_buff .= sprintf('$_titles[%d]["%s"] = "%s"; ', $category_srl, $key, str_replace('"','\\"',htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)));
|
||||
|
||||
$langx = $oModuleAdminModel->getLangCode($site_srl, $description);
|
||||
if(count($langx)) foreach($langx as $key => $val) $xml_header_buff .= sprintf('$_descriptions[%d]["%s"] = "%s"; ', $category_srl, $key, str_replace('"','\\"',htmlspecialchars($val)));
|
||||
if(count($langx)) foreach($langx as $key => $val) $xml_header_buff .= sprintf('$_descriptions[%d]["%s"] = "%s"; ', $category_srl, $key, str_replace('"','\\"',htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)));
|
||||
|
||||
$attribute = sprintf(
|
||||
'mid="%s" module_srl="%d" node_srl="%d" parent_srl="%d" category_srl="%d" text="<?php echo (%s?($_titles[%d][$lang_type]):"")?>" url="%s" expand="%s" color="%s" description="<?php echo (%s?($_descriptions[%d][$lang_type]):"")?>" document_count="%d" ',
|
||||
|
|
@ -1846,7 +1846,7 @@ class documentController extends document
|
|||
$category_srl,
|
||||
getUrl('','mid',$node->mid,'category',$category_srl),
|
||||
$expand,
|
||||
htmlspecialchars($color),
|
||||
htmlspecialchars($color, ENT_COMPAT | ENT_HTML401, 'UTF-8', false),
|
||||
$group_check_code,
|
||||
$category_srl,
|
||||
$node->document_count
|
||||
|
|
@ -1894,9 +1894,9 @@ class documentController extends document
|
|||
$description= $node->description;
|
||||
$oModuleAdminModel = &getAdminModel('module');
|
||||
$langs = $oModuleAdminModel->getLangCode($site_srl, $title);
|
||||
if(count($langs)) foreach($langs as $key => $val) $php_header_buff .= sprintf('$_titles[%d]["%s"] = "%s"; ', $category_srl, $key, str_replace('"','\\"',htmlspecialchars($val)));
|
||||
if(count($langs)) foreach($langs as $key => $val) $php_header_buff .= sprintf('$_titles[%d]["%s"] = "%s"; ', $category_srl, $key, str_replace('"','\\"',htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)));
|
||||
$langx = $oModuleAdminModel->getLangCode($site_srl, $description);
|
||||
if(count($langx)) foreach($langx as $key => $val) $php_header_buff .= sprintf('$_descriptions[%d]["%s"] = "%s"; ', $category_srl, $key, str_replace('"','\\"',htmlspecialchars($val)));
|
||||
if(count($langx)) foreach($langx as $key => $val) $php_header_buff .= sprintf('$_descriptions[%d]["%s"] = "%s"; ', $category_srl, $key, str_replace('"','\\"',htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)));
|
||||
// Create attributes(Use the category_srl_list to check whether to belong to the menu's node. It seems to be tricky but fast fast and powerful;)
|
||||
$attribute = sprintf(
|
||||
'"mid" => "%s", "module_srl" => "%d","node_srl"=>"%s","category_srl"=>"%s","parent_srl"=>"%s","text"=>$_titles[%d][$lang_type],"selected"=>(in_array(Context::get("category"),array(%s))?1:0),"expand"=>"%s","color"=>"%s","description"=>$_descriptions[%d][$lang_type],"list"=>array(%s),"document_count"=>"%d","grant"=>%s?true:false',
|
||||
|
|
|
|||
|
|
@ -307,22 +307,22 @@ class documentItem extends Object
|
|||
|
||||
function getUserID()
|
||||
{
|
||||
return htmlspecialchars($this->get('user_id'));
|
||||
return htmlspecialchars($this->get('user_id'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
|
||||
function getUserName()
|
||||
{
|
||||
return htmlspecialchars($this->get('user_name'));
|
||||
return htmlspecialchars($this->get('user_name'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
|
||||
function getNickName()
|
||||
{
|
||||
return htmlspecialchars($this->get('nick_name'));
|
||||
return htmlspecialchars($this->get('nick_name'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
|
||||
function getLastUpdater()
|
||||
{
|
||||
return htmlspecialchars($this->get('last_updater'));
|
||||
return htmlspecialchars($this->get('last_updater'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
|
||||
function getTitleText($cut_size = 0, $tail='...')
|
||||
|
|
@ -346,8 +346,8 @@ class documentItem extends Object
|
|||
if($this->get('title_bold')=='Y') $attrs[] = "font-weight:bold;";
|
||||
if($this->get('title_color') && $this->get('title_color') != 'N') $attrs[] = "color:#".$this->get('title_color');
|
||||
|
||||
if(count($attrs)) return sprintf("<span style=\"%s\">%s</span>", implode(';',$attrs), htmlspecialchars($title));
|
||||
else return htmlspecialchars($title);
|
||||
if(count($attrs)) return sprintf("<span style=\"%s\">%s</span>", implode(';',$attrs), htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
else return htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
|
||||
function getContentText($strlen = 0)
|
||||
|
|
@ -365,7 +365,7 @@ class documentItem extends Object
|
|||
|
||||
if($strlen) return cut_str(strip_tags($content),$strlen,'...');
|
||||
|
||||
return htmlspecialchars($content);
|
||||
return htmlspecialchars($content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
|
||||
function _addAllowScriptAccess($m)
|
||||
|
|
|
|||
|
|
@ -115,7 +115,7 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
|
|||
<option value="{$key}" <!--@if($search_target==$key)-->selected="selected"<!--@end-->>{$val}</option>
|
||||
<!--@end-->
|
||||
</select>
|
||||
<input type="search" name="search_keyword" value="{htmlspecialchars($search_keyword)}" title="{$lang->cmd_search}" />
|
||||
<input type="search" name="search_keyword" value="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" title="{$lang->cmd_search}" />
|
||||
<button type="submit" class="x_btn x_btn-inverse">{$lang->cmd_search}</button>
|
||||
<a href="{getUrl('','module',$module,'act',$act)}" class="x_btn">{$lang->cmd_cancel}</a>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@
|
|||
[{$oDocument->getTrackbackCount()}]
|
||||
<!--@end-->
|
||||
</td>
|
||||
<td><a href="#popup_menu_area" class="member_{$oDocument->get('trash_member_srl')}">{htmlspecialchars($oDocument->get('trash_nick_name'))}</a></td>
|
||||
<td><a href="#popup_menu_area" class="member_{$oDocument->get('trash_member_srl')}">{htmlspecialchars($oDocument->get('trash_nick_name'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</a></td>
|
||||
<td>{zdate($oDocument->get('trash_date'), "Y-m-d H:i:s")}</td>
|
||||
<td>{$oDocument->get('ipaddress')}</td>
|
||||
<td >{$oDocument->get('trash_description')}</td>
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@
|
|||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="lang_name">{$lang->column_name}</label>
|
||||
<div class="x_controls">
|
||||
<input type="text" name="name" id="name" value="<!--@if(strpos($selected_var->name, '$user_lang->') === false)-->{$selected_var->name}<!--@else-->{htmlspecialchars($selected_var->name)}<!--@end-->" class="lang_code" placeholder="Ex) Your favorite color." />
|
||||
<input type="text" name="name" id="name" value="<!--@if(strpos($selected_var->name, '$user_lang->') === false)-->{$selected_var->name}<!--@else-->{htmlspecialchars($selected_var->name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}<!--@end-->" class="lang_code" placeholder="Ex) Your favorite color." />
|
||||
</div>
|
||||
</div>
|
||||
<div class="x_control-group">
|
||||
|
|
|
|||
|
|
@ -26,8 +26,8 @@
|
|||
|
||||
<!-- 자동저장용 폼 -->
|
||||
<!--@if($enable_autosave)-->
|
||||
<input type="hidden" name="_saved_doc_title" value="{htmlspecialchars($saved_doc->title)}" />
|
||||
<input type="hidden" name="_saved_doc_content" value="{htmlspecialchars($saved_doc->content)}" />
|
||||
<input type="hidden" name="_saved_doc_title" value="{htmlspecialchars($saved_doc->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<input type="hidden" name="_saved_doc_content" value="{htmlspecialchars($saved_doc->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<input type="hidden" name="_saved_doc_message" value="{$lang->msg_load_saved_doc}" />
|
||||
<div style="display:none"><p class="editor_autosaved_message" id="editor_autosaved_message_{$editor_sequence}" style="display:none"></p></div>
|
||||
<!--@end-->
|
||||
|
|
|
|||
|
|
@ -32,8 +32,8 @@
|
|||
<!-- 자동저장용 폼 -->
|
||||
|
||||
<!--@if($enable_autosave)-->
|
||||
<input type="hidden" name="_saved_doc_title" value="{htmlspecialchars($saved_doc->title)}" />
|
||||
<input type="hidden" name="_saved_doc_content" value="{htmlspecialchars($saved_doc->content)}" />
|
||||
<input type="hidden" name="_saved_doc_title" value="{htmlspecialchars($saved_doc->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<input type="hidden" name="_saved_doc_content" value="{htmlspecialchars($saved_doc->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<input type="hidden" name="_saved_doc_message" value="{$lang->msg_load_saved_doc}" />
|
||||
<!--@end-->
|
||||
<!-- 에디터 -->
|
||||
|
|
@ -62,7 +62,7 @@
|
|||
<select class="xpress_xeditor_ui_fontName_select" disabled="disabled">
|
||||
<option value="">{$lang->edit->fontname}</option>
|
||||
<!--@foreach($lang->edit->fontlist as $key=>$obj)-->
|
||||
<option value="{htmlspecialchars($obj)}" style="font-family:{$obj}">{$obj}</option>
|
||||
<option value="{htmlspecialchars($obj, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" style="font-family:{$obj}">{$obj}</option>
|
||||
<!--@end-->
|
||||
</select>
|
||||
</li>
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
|
|||
<!--@endif-->
|
||||
<!-- one document end -->
|
||||
<tr>
|
||||
<td><a href="{$val->download_url}">{htmlspecialchars($val->source_filename)}</a></td>
|
||||
<td><a href="{$val->download_url}">{htmlspecialchars($val->source_filename, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</a></td>
|
||||
<td class="nowr">{FileHandler::filesize($val->file_size)}</td>
|
||||
<td class="nowr">{$val->download_count}</td>
|
||||
<td class="nowr">
|
||||
|
|
@ -149,7 +149,7 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
|
|||
<option value="{$key}" <!--@if($search_target==$key)-->selected="selected"<!--@end-->>{$val}</option>
|
||||
<!--@end-->
|
||||
</select>
|
||||
<input type="search" name="search_keyword" value="{htmlspecialchars($search_keyword)}" />
|
||||
<input type="search" name="search_keyword" value="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<button type="submit" class="x_btn x_btn-inverse">{$lang->cmd_search}</button>
|
||||
<a href="{getUrl('','module',$module,'act',$act)}" class="x_btn">{$lang->cmd_cancel}</a>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -329,9 +329,8 @@ class installController extends install
|
|||
{
|
||||
// Check each item
|
||||
$checklist = array();
|
||||
// 0. check your version of php (5.2.4 upper)
|
||||
$checkPHPVersion = phpversion();
|
||||
if(version_compare($checkPHPVersion, '5.2.4') == -1) $checklist['php_version'] = false;
|
||||
// 0. check your version of php (5.2.4 or higher)
|
||||
if(version_compare(PHP_VERSION, '5.2.4') == -1) $checklist['php_version'] = false;
|
||||
else $checklist['php_version'] = true;
|
||||
// 1. Check permission
|
||||
if(is_writable('./')||is_writable('./files')) $checklist['permission'] = true;
|
||||
|
|
@ -358,11 +357,50 @@ class installController extends install
|
|||
// Save the checked result to the Context
|
||||
Context::set('checklist', $checklist);
|
||||
Context::set('install_enable', $install_enable);
|
||||
Context::set('phpversion', $checkPHPVersion);
|
||||
Context::set('phpversion', PHP_VERSION);
|
||||
|
||||
|
||||
return $install_enable;
|
||||
}
|
||||
|
||||
/**
|
||||
* check this server can use rewrite module
|
||||
* make a file to files/config and check url approach by ".htaccess" rules
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
function checkRewriteUsable() {
|
||||
$checkString = "isApproached";
|
||||
$checkFilePath = 'files/config/tmpRewriteCheck.txt';
|
||||
|
||||
FileHandler::writeFile(_XE_PATH_.$checkFilePath, trim($checkString));
|
||||
|
||||
$hostname = $_SERVER['SERVER_NAME'];
|
||||
$port = $_SERVER['SERVER_PORT'];
|
||||
$query = "/JUST/CHECK/REWRITE/" . $checkFilePath;
|
||||
|
||||
$fp = @fsockopen($hostname, $port, $errno, $errstr);
|
||||
if(!$fp) return false;
|
||||
|
||||
fputs($fp, "GET {$query} HTTP/1.0\r\n");
|
||||
fputs($fp, "Host: {$hostname}\r\n\r\n");
|
||||
|
||||
$buff = '';
|
||||
while(!feof($fp)) {
|
||||
$str = fgets($fp, 1024);
|
||||
if(trim($str)=='') $start = true;
|
||||
if($start) $buff .= $str;
|
||||
}
|
||||
fclose($fp);
|
||||
$ret = trim($buff);
|
||||
|
||||
FileHandler::removeFile(_XE_PATH_.$checkFilePath);
|
||||
if( $ret == $checkString )
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Create files and subdirectories
|
||||
* Local evironment setting before installation by using DB information
|
||||
|
|
|
|||
|
|
@ -63,7 +63,8 @@ class installView extends install
|
|||
*/
|
||||
function dispInstallCheckEnv()
|
||||
{
|
||||
$useRewrite = $this->useRewriteModule() ? 'Y' : 'N';
|
||||
$oInstallController = &getController('install');
|
||||
$useRewrite = $oInstallController->checkRewriteUsable() ? 'Y' : 'N';
|
||||
$_SESSION['use_rewrite'] = $useRewrite;
|
||||
Context::set('use_rewrite', $useRewrite);
|
||||
|
||||
|
|
|
|||
|
|
@ -15,10 +15,8 @@
|
|||
<p>
|
||||
<i class="x_icon-ok-sign x_icon-white"></i>
|
||||
<strong>XE {__XE_VERSION__}</strong> {$lang->install_condition_enable}
|
||||
›
|
||||
<a href="#details" data-toggle style="text-decoration:underline">{$lang->install_details}</a>
|
||||
</p>
|
||||
<ul id="details" style="display:none;outline:none">
|
||||
<ul id="details">
|
||||
<li loop="$checklist => $key,$val">
|
||||
<strong>{$lang->install_checklist_title[$key]}<block cond="$key == 'php_version'">(Ver. {$phpversion})</block></strong>
|
||||
:
|
||||
|
|
@ -26,7 +24,7 @@
|
|||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div cond="$use_rewrite == 'N'">
|
||||
<div cond="$use_rewrite == 'N' && $checklist['permission'] == true">
|
||||
<p>
|
||||
<i class="x_icon-ok-sign x_icon-white"></i>
|
||||
{$lang->disable_rewrite}
|
||||
|
|
@ -43,15 +41,3 @@
|
|||
</div>
|
||||
</div>
|
||||
<include target="footer.html" />
|
||||
<script>
|
||||
jQuery(function($){
|
||||
$('a[href="#details"]').click(function(){
|
||||
var $this = $(this);
|
||||
if($($this.attr('href')).is(':hidden')){
|
||||
$this.text('{$lang->install_simply}');
|
||||
}else{
|
||||
$this.text('{$lang->install_details}');
|
||||
}
|
||||
});
|
||||
});
|
||||
</script>
|
||||
|
|
@ -63,7 +63,7 @@ class integration_searchAdminView extends integration_search
|
|||
$security->encodeHTML('skin_list..title');
|
||||
|
||||
// Sample Code
|
||||
Context::set('sample_code', htmlspecialchars('<form action="{getUrl()}" method="get"><input type="hidden" name="vid" value="{$vid}" /><input type="hidden" name="mid" value="{$mid}" /><input type="hidden" name="act" value="IS" /><input type="text" name="is_keyword" value="{$is_keyword}" /><input class="btn" type="submit" value="{$lang->cmd_search}" /></form>') );
|
||||
Context::set('sample_code', htmlspecialchars('<form action="{getUrl()}" method="get"><input type="hidden" name="vid" value="{$vid}" /><input type="hidden" name="mid" value="{$mid}" /><input type="hidden" name="act" value="IS" /><input type="text" name="is_keyword" value="{$is_keyword}" /><input class="btn" type="submit" value="{$lang->cmd_search}" /></form>', ENT_COMPAT | ENT_HTML401, 'UTF-8', false) );
|
||||
|
||||
$this->setTemplateFile("index");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -191,7 +191,7 @@ class integration_searchModel extends module
|
|||
$thumbnail_file = sprintf('%s%dx%d.%s.jpg', $thumbnail_path, 120, 120, 'crop');
|
||||
$thumbnail_url = Context::getRequestUri().$thumbnail_file;
|
||||
if(!file_exists($thumbnail_file)) FileHandler::createImageFile($val->uploaded_filename, $thumbnail_file, 120, 120, 'jpg', 'crop');
|
||||
$obj->src = sprintf('<img src="%s" alt="%s" width="%d" height="%d" />', $thumbnail_url, htmlspecialchars($obj->filename), 120, 120);
|
||||
$obj->src = sprintf('<img src="%s" alt="%s" width="%d" height="%d" />', $thumbnail_url, htmlspecialchars($obj->filename, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), 120, 120);
|
||||
// Videos
|
||||
}
|
||||
else if(preg_match('/\.(swf|flv|wmv|avi|mpg|mpeg|asx|asf|mp3)$/i', $val->source_filename))
|
||||
|
|
|
|||
|
|
@ -16,10 +16,10 @@
|
|||
<!--@foreach($output->data as $no => $trackback)-->
|
||||
<li>
|
||||
<dl>
|
||||
<dt><a href="{getUrl('','document_srl',$trackback->document_srl)}" onclick="window.open(this.href);return false;">{htmlspecialchars($trackback->title)}</a> </span></dt>
|
||||
<dd>{cut_str(htmlspecialchars($trackback->excerpt))}</dd>
|
||||
<dt><a href="{getUrl('','document_srl',$trackback->document_srl)}" onclick="window.open(this.href);return false;">{htmlspecialchars($trackback->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</a> </span></dt>
|
||||
<dd>{cut_str(htmlspecialchars($trackback->excerpt, ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</dd>
|
||||
</dl>
|
||||
<address><strong><a href="{$trackback->url}">{htmlspecialchars($trackback->blog_name)}</a></strong> | <span class="time">{zdate($trackback->regdate, "Y-m-d H:i")}</span> </address>
|
||||
<address><strong><a href="{$trackback->url}">{htmlspecialchars($trackback->blog_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</a></strong> | <span class="time">{zdate($trackback->regdate, "Y-m-d H:i")}</span> </address>
|
||||
|
||||
</li>
|
||||
<!--@end-->
|
||||
|
|
|
|||
|
|
@ -97,10 +97,10 @@
|
|||
<label class="x_control-label" for="{$val->name}"|cond="$val->type!='text'&&$val->type!='textarea'" for="lang_{$val->name}"|cond="$val->type=='text'||$val->type=='textarea'">{$val->title}</label>
|
||||
<div class="x_controls">
|
||||
<!--// text -->
|
||||
<input cond="$val->type == 'text'" type="text" name="{$val->name}" id="{$val->name}" value="{htmlspecialchars($val->value)}" class="lang_code" />
|
||||
<input cond="$val->type == 'text'" type="text" name="{$val->name}" id="{$val->name}" value="{htmlspecialchars($val->value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" class="lang_code" />
|
||||
|
||||
<!--// textarea -->
|
||||
<textarea cond="$val->type == 'textarea'" rows="8" cols="42" name="{$val->name}" id="{$val->name}" class="lang_code">{htmlspecialchars($val->value)}</textarea>
|
||||
<textarea cond="$val->type == 'textarea'" rows="8" cols="42" name="{$val->name}" id="{$val->name}" class="lang_code">{htmlspecialchars($val->value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</textarea>
|
||||
|
||||
<!--// select -->
|
||||
<select cond="$val->type == 'select'" name="{$val->name}" id="{$val->name}">
|
||||
|
|
|
|||
|
|
@ -77,12 +77,12 @@
|
|||
<label class="x_control-label" for="{$name}"|cond="$var->type!='text'&&$var->type!='textarea'" for="lang_{$name}"|cond="$var->type=='text'||$var->type=='textarea'">{$var->title}</label>
|
||||
<div class="x_controls">
|
||||
<div cond="$var->type == 'text'">
|
||||
<input type="text" name="{$name}" id="{$name}" class="lang_code" value="<!--@if(strpos($var->value, "$user_lang->") !== false)-->{htmlspecialchars($var->value)}<!--@else-->{$var->value}<!--@end-->" />
|
||||
<input type="text" name="{$name}" id="{$name}" class="lang_code" value="<!--@if(strpos($var->value, "$user_lang->") !== false)-->{htmlspecialchars($var->value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}<!--@else-->{$var->value}<!--@end-->" />
|
||||
</div>
|
||||
|
||||
<div cond="$var->type == 'textarea'">
|
||||
{@$use_multilang_textarea = true}
|
||||
<textarea name="{$name}" rows="4" cols="42" class="lang_code"><!--@if(strpos($var->value, "$user_lang->") !== false)-->{htmlspecialchars($var->value)}<!--@else-->{$var->value}<!--@end--></textarea>
|
||||
<textarea name="{$name}" rows="4" cols="42" class="lang_code"><!--@if(strpos($var->value, "$user_lang->") !== false)-->{htmlspecialchars($var->value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}<!--@else-->{$var->value}<!--@end--></textarea>
|
||||
</div>
|
||||
|
||||
<block cond="$var->type == 'image'">
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ class memberAdminModel extends member
|
|||
case 'nick_name' :
|
||||
if($search_keyword) $search_keyword = str_replace(' ','%',$search_keyword);
|
||||
$args->s_nick_name = $search_keyword;
|
||||
$args->html_nick_name = htmlspecialchars($search_keyword);
|
||||
$args->html_nick_name = htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
break;
|
||||
case 'email_address' :
|
||||
if($search_keyword) $search_keyword = str_replace(' ','%',$search_keyword);
|
||||
|
|
|
|||
|
|
@ -1874,9 +1874,9 @@ class memberController extends member
|
|||
$oDB->begin();
|
||||
// Insert data into the DB
|
||||
$args->list_order = -1 * $args->member_srl;
|
||||
$args->nick_name = htmlspecialchars($args->nick_name);
|
||||
$args->homepage = htmlspecialchars($args->homepage);
|
||||
$args->blog = htmlspecialchars($args->blog);
|
||||
$args->nick_name = htmlspecialchars($args->nick_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->homepage = htmlspecialchars($args->homepage, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->blog = htmlspecialchars($args->blog, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
|
||||
if($args->password && !$password_is_hashed) $args->password = md5($args->password);
|
||||
elseif(!$args->password) unset($args->password);
|
||||
|
|
|
|||
|
|
@ -141,16 +141,16 @@ class memberModel extends member
|
|||
// Send an email
|
||||
if($member_info->email_address)
|
||||
{
|
||||
$url = 'mailto:'.htmlspecialchars($member_info->email_address);
|
||||
$url = 'mailto:'.htmlspecialchars($member_info->email_address, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$oMemberController->addMemberPopupMenu($url,'cmd_send_email',$icon_path);
|
||||
}
|
||||
}
|
||||
// View homepage info
|
||||
if($member_info->homepage)
|
||||
$oMemberController->addMemberPopupMenu(htmlspecialchars($member_info->homepage), 'homepage', '', 'blank');
|
||||
$oMemberController->addMemberPopupMenu(htmlspecialchars($member_info->homepage, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), 'homepage', '', 'blank');
|
||||
// View blog info
|
||||
if($member_info->blog)
|
||||
$oMemberController->addMemberPopupMenu(htmlspecialchars($member_info->blog), 'blog', '', 'blank');
|
||||
$oMemberController->addMemberPopupMenu(htmlspecialchars($member_info->blog, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), 'blog', '', 'blank');
|
||||
// Call a trigger (after)
|
||||
ModuleHandler::triggerCall('member.getMemberMenu', 'after', $null);
|
||||
// Display a menu for editting member info to a top administrator
|
||||
|
|
|
|||
|
|
@ -416,7 +416,7 @@ class memberView extends member
|
|||
Context::set('identifier', $config->identifier);
|
||||
|
||||
// Set a template file
|
||||
Context::set('referer_url', htmlspecialchars($_SERVER['HTTP_REFERER']));
|
||||
Context::set('referer_url', htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
$this->setTemplateFile('login_form');
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<input type="hidden" name="act" value="procMemberModifyInfo" />
|
||||
<input type="hidden" name="module" value="member" />
|
||||
<input type="hidden" name="member_srl" value="{$member_info->member_srl}" />
|
||||
<input type="hidden" name="signature" value="{htmlspecialchars($member_info->signature)}" />
|
||||
<input type="hidden" name="signature" value="{htmlspecialchars($member_info->signature, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<input type="hidden" name="page" value="{$page}" />
|
||||
<input type="hidden" name="xe_validator_id" value="modules/member/skins/default/modify_info/1" />
|
||||
<div class="control-group">
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
<tbody>
|
||||
<tr loop="$document_list=>$no,$val">
|
||||
<td>{$no}</td>
|
||||
<td class="title"><a href="{getUrl('','document_srl',$val->document_srl)}" onclick="window.open(this.href);return false;">{htmlspecialchars($val->title)}</a></td>
|
||||
<td class="title"><a href="{getUrl('','document_srl',$val->document_srl)}" onclick="window.open(this.href);return false;">{htmlspecialchars($val->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</a></td>
|
||||
<td><a href="#popup_menu_area" class="member_{$val->target_member_srl}">{$val->nick_name}</a></td>
|
||||
<td>{zdate($val->regdate, "Y-m-d")}</td>
|
||||
<td><button type="button" class="text" onclick="doDeleteScrap({$val->document_srl});">{$lang->cmd_delete}</button></td>
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@
|
|||
<div class="wrap">
|
||||
<button type="button" class="dragBtn">Move to</button>
|
||||
<input type="hidden" name="group_srls[]" value="{$group_info->group_srl}" />
|
||||
<input type="text" name="group_titles[]" value="{htmlspecialchars($group_info->title)}" class="lang_code" title="{$lang->group_title}" />
|
||||
<input type="text" name="group_titles[]" value="{htmlspecialchars($group_info->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" class="lang_code" title="{$lang->group_title}" />
|
||||
<a class="x_icon-question-sign" href="./admin/help/index.html#UMAN_faq_administrator" target="_blank" cond="$group_info->title == '관리그룹'">{$lang->help}</a>
|
||||
</div>
|
||||
</td>
|
||||
|
|
@ -60,7 +60,7 @@
|
|||
<td><input type="radio" name="defaultGroup" value="{$group_info->group_srl}" title="Default" checked="checked"|cond="$group_info->is_default=='Y'" /></td>
|
||||
<td class="_imageMarkButton">
|
||||
<input type="hidden" name="image_marks[]" value="{$group_info->image_mark}" class="_imgMarkHidden" />
|
||||
<img src="{$group_info->image_mark}" alt="{htmlspecialchars($group_info->title)}" cond="$config->group_image_mark == 'Y' && $group_info->image_mark" />
|
||||
<img src="{$group_info->image_mark}" alt="{htmlspecialchars($group_info->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" cond="$config->group_image_mark == 'Y' && $group_info->image_mark" />
|
||||
<a href="#imageMark" class="modalAnchor _imageMark filebox">{$lang->cmd_modify}</a>
|
||||
</td>
|
||||
<td><div class="_deleteTD" style="display:none"|cond="$group_info->is_default == 'Y'"><a href="#{$group_srl}" class="_deleteGroup">{$lang->cmd_delete}</a></div></td>
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
<input type="hidden" name="module" value="member" />
|
||||
<input type="hidden" name="act" value="procMemberAdminInsert" />
|
||||
<input type="hidden" name="member_srl" value="{$member_srl}" />
|
||||
<input type="hidden" name="signature" value="{htmlspecialchars($member_info->signature)}" />
|
||||
<input type="hidden" name="signature" value="{htmlspecialchars($member_info->signature, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<input type="hidden" name="success_return_url" value="{getUrl('act', $act)}" cond="$member_srl" />
|
||||
<input type="hidden" name="success_return_url" value="{getUrl('act', 'dispMemberAdminList')}" cond="!$member_srl" />
|
||||
<input type="hidden" name="xe_validator_id" value="modules/member/tpl/insert_member/1" />
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@
|
|||
{@$lang->search_target_list = array_merge($lang->search_target_list, $usedIdentifiers)}
|
||||
<option value="{$key}" loop="$lang->search_target_list=>$key,$val" selected="selected"|cond="$search_target==$key">{$val}</option>
|
||||
</select>
|
||||
<input type="search" name="search_keyword" value="{htmlspecialchars($search_keyword)}" style="width:140px">
|
||||
<input type="search" name="search_keyword" value="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" style="width:140px">
|
||||
<button class="x_btn x_btn-inverse" type="submit">{$lang->cmd_search}</button>
|
||||
<a class="x_btn" href="{getUrl('', 'module', 'admin', 'act', 'dispMemberAdminList', 'page', $page)}">{$lang->cmd_cancel}</a>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -1731,7 +1731,7 @@ class menuAdminController extends menu
|
|||
$names = $oMenuAdminModel->getMenuItemNames($node->name, $site_srl);
|
||||
foreach($names as $key => $val)
|
||||
{
|
||||
$name_arr_str .= sprintf('"%s"=>"%s",',$key, str_replace('\\','\\\\',htmlspecialchars($val)));
|
||||
$name_arr_str .= sprintf('"%s"=>"%s",',$key, str_replace('\\','\\\\',htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)));
|
||||
}
|
||||
$name_str = sprintf('$_names = array(%s); print $_names[$lang_type];', $name_arr_str);
|
||||
|
||||
|
|
@ -1765,7 +1765,7 @@ class menuAdminController extends menu
|
|||
else $classname = '';
|
||||
if($hover_btn) $hover_str = sprintf('onmouseover="this.src=\'%s\'"', $hover_btn); else $hover_str = '';
|
||||
if($active_btn) $active_str = sprintf('onmousedown="this.src=\'%s\'"', $active_btn); else $active_str = '';
|
||||
$link = sprintf('<img src="%s" onmouseout="this.src=\'%s\'" alt="<?php print htmlspecialchars($_names[$lang_type]) ?>" %s %s %s />', $normal_btn, $normal_btn, $hover_str, $active_str, $classname);
|
||||
$link = sprintf('<img src="%s" onmouseout="this.src=\'%s\'" alt="<?php print htmlspecialchars($_names[$lang_type], ENT_COMPAT | ENT_HTML401, \'UTF-8\', false) ?>" %s %s %s />', $normal_btn, $normal_btn, $hover_str, $active_str, $classname);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@
|
|||
</td>
|
||||
<td>
|
||||
<p loop="$val->attributes => $name, $value">
|
||||
{htmlspecialchars($name)}: {$value}
|
||||
{htmlspecialchars($name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}: {$value}
|
||||
</p>
|
||||
</td>
|
||||
<td>
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
</td>
|
||||
<td>
|
||||
<p loop="$val->attributes => $name, $value">
|
||||
{htmlspecialchars($name)} : {$value}
|
||||
{htmlspecialchars($name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)} : {$value}
|
||||
</p>
|
||||
</td>
|
||||
<td cond="!$allow_multiple">
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@
|
|||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="description">{$lang->description}</label>
|
||||
<div class="x_controls">
|
||||
<textarea name="description" id="description" rows="8" cols="42">{htmlspecialchars($module_info->description)}</textarea>
|
||||
<textarea name="description" id="description" rows="8" cols="42">{htmlspecialchars($module_info->description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</textarea>
|
||||
<p class="x_help-inline">{$lang->about_description}</p>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@
|
|||
{@ $_idx =0; }
|
||||
<!--@foreach($val as $k => $v)-->
|
||||
<!--@if($_idx >0)--><tr><!--@end-->
|
||||
{@ $browser_title = str_replace("'", "\\'", htmlspecialchars($v->browser_title)); }
|
||||
{@ $browser_title = str_replace("'", "\\'", htmlspecialchars($v->browser_title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)); }
|
||||
<td>{$k}</td>
|
||||
<td>{$v->browser_title}</td>
|
||||
<td><a href="#" onclick="insertModule('{$id}', {$v->module_srl}, '{$k}', '{$browser_title}',{$type=='single'?'false':'true'}); return false;" class="button green"><span>{$type=='single'?$lang->cmd_select:$lang->cmd_insert}</span></a></td>
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@
|
|||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="header_text">{$lang->header_text}</label>
|
||||
<div class="x_controls">
|
||||
<textarea name="header_text" id="header_text" rows="4" cols="42">{htmlspecialchars($module_info->header_text)}</textarea>
|
||||
<textarea name="header_text" id="header_text" rows="4" cols="42">{htmlspecialchars($module_info->header_text, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</textarea>
|
||||
<a href="#aboutHeaderText" class="x_icon-question-sign" data-toggle>{$lang->help}</a>
|
||||
<p class="x_help-block" id="aboutHeaderText" hidden>{$lang->about_header_text}</p>
|
||||
</div>
|
||||
|
|
@ -57,7 +57,7 @@
|
|||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="footer_text">{$lang->footer_text}</label>
|
||||
<div class="x_controls">
|
||||
<textarea name="footer_text" rows="4" cols="42">{htmlspecialchars($module_info->footer_text)}</textarea>
|
||||
<textarea name="footer_text" rows="4" cols="42">{htmlspecialchars($module_info->footer_text, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</textarea>
|
||||
<a href="#aboutFooterText" class="x_icon-question-sign" data-toggle>{$lang->help}</a>
|
||||
<p class="x_help-block" id="aboutFooterText" hidden>{$lang->about_footer_text}</p>
|
||||
</div>
|
||||
|
|
@ -65,7 +65,7 @@
|
|||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="description">{$lang->description}</label>
|
||||
<div class="x_controls">
|
||||
<textarea name="description" id="description" rows="4" cols="42">{htmlspecialchars($module_info->description)}</textarea>
|
||||
<textarea name="description" id="description" rows="4" cols="42">{htmlspecialchars($module_info->description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</textarea>
|
||||
<a href="#aboutDescription" class="x_icon-question-sign" data-toggle>{$lang->help}</a>
|
||||
<p class="x_help-block" id="aboutDescription" hidden>{$lang->about_description}</p>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -25,9 +25,9 @@
|
|||
</form>
|
||||
</fieldset>
|
||||
<div class="x_clearfix">
|
||||
<form cond="$page_navigation" action="./" class="x_pagination x_pull-left" data-search_keyword="{htmlspecialchars($search_keyword)}" data-page="{$page}" data-current_lang="{$lang_code}" no-error-return-url="true">
|
||||
<form cond="$page_navigation" action="./" class="x_pagination x_pull-left" data-search_keyword="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" data-page="{$page}" data-current_lang="{$lang_code}" no-error-return-url="true">
|
||||
<ul>
|
||||
<li class="x_disabled"|cond="!$page || $page == 1"><a href="#" data-page="1" data-search_keyword="{htmlspecialchars($search_keyword)}">« {$lang->first_page}</a></li>
|
||||
<li class="x_disabled"|cond="!$page || $page == 1"><a href="#" data-page="1" data-search_keyword="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}">« {$lang->first_page}</a></li>
|
||||
<block cond="$page_navigation->first_page != 1 && $page_navigation->first_page + $page_navigation->page_count > $page_navigation->last_page - 1 && $page_navigation->page_count != $page_navigation->total_page">
|
||||
{@$isGoTo = true}
|
||||
<li>
|
||||
|
|
@ -40,7 +40,7 @@
|
|||
</block>
|
||||
<!--@while($page_no = $page_navigation->getNextPage())-->
|
||||
{@$last_page = $page_no}
|
||||
<li class="x_active"|cond="$page_no == $page"><a href="#" data-page="{$page_no}" data-search_keyword="{htmlspecialchars($search_keyword)}">{$page_no}</a></li>
|
||||
<li class="x_active"|cond="$page_no == $page"><a href="#" data-page="{$page_no}" data-search_keyword="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}">{$page_no}</a></li>
|
||||
<!--@end-->
|
||||
<block cond="$last_page != $page_navigation->last_page && $last_page + 1 != $page_navigation->last_page">
|
||||
{@$isGoTo = true}
|
||||
|
|
@ -52,14 +52,14 @@
|
|||
</span>
|
||||
</li>
|
||||
</block>
|
||||
<li class="x_disabled"|cond="$page == $page_navigation->last_page"><a href="#" data-page="{$page_navigation->last_page}" data-search_keyword="{htmlspecialchars($search_keyword)}" title="{$page_navigation->last_page}">{$lang->last_page} »</a></li>
|
||||
<li class="x_disabled"|cond="$page == $page_navigation->last_page"><a href="#" data-page="{$page_navigation->last_page}" data-search_keyword="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" title="{$page_navigation->last_page}">{$lang->last_page} »</a></li>
|
||||
</ul>
|
||||
</form>
|
||||
<form action="" class="search center x_input-append x_pull-right">
|
||||
<select name="lang_code" style="margin-right:4px">
|
||||
<option loop="$lang_supported => $code, $lname" value="{$code}" selected="selected"|cond="$code == $lang_code">{$lname}</option>
|
||||
</select>
|
||||
<input type="search" name="search_keyword" title="Search" value="<!--@if($name)-->{htmlspecialchars($lang_code_list[1]->value)}<!--@else-->{htmlspecialchars($search_keyword)}<!--@end-->">
|
||||
<input type="search" name="search_keyword" title="Search" value="<!--@if($name)-->{htmlspecialchars($lang_code_list[1]->value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}<!--@else-->{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}<!--@end-->">
|
||||
<button class="x_btn x_btn-inverse" type="submit">{$lang->cmd_search}</button>
|
||||
<button cond="$search_keyword || $name" id="search_cancel" class="x_btn" type="button">{$lang->cmd_cancel}</button>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -90,10 +90,10 @@
|
|||
<label class="x_control-label" for="{$val->name}"|cond="$val->type!='text'&&$val->type!='textarea'" for="lang_{$val->name}"|cond="$val->type=='text'||$val->type=='textarea'">{$val->title}</label>
|
||||
<div class="x_controls">
|
||||
<!--// text -->
|
||||
<input cond="$val->type == 'text'" type="text" name="{$val->name}" id="{$val->name}" value="<!--@if(strpos($val->value, '$user_lang->') === false)-->{$val->value}<!--@else-->{htmlspecialchars($val->value)}<!--@end-->" class="lang_code" />
|
||||
<input cond="$val->type == 'text'" type="text" name="{$val->name}" id="{$val->name}" value="<!--@if(strpos($val->value, '$user_lang->') === false)-->{$val->value}<!--@else-->{htmlspecialchars($val->value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}<!--@end-->" class="lang_code" />
|
||||
|
||||
<!--// textarea -->
|
||||
<textarea cond="$val->type == 'textarea'" rows="8" cols="42" name="{$val->name}" id="{$val->name}" class="lang_code"><!--@if(strpos($val->value, '$user_lang->') === false)-->{$val->value}<!--@else-->{htmlspecialchars($val->value)}<!--@end--></textarea>
|
||||
<textarea cond="$val->type == 'textarea'" rows="8" cols="42" name="{$val->name}" id="{$val->name}" class="lang_code"><!--@if(strpos($val->value, '$user_lang->') === false)-->{$val->value}<!--@else-->{htmlspecialchars($val->value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}<!--@end--></textarea>
|
||||
|
||||
<!--// select -->
|
||||
<select cond="$val->type == 'select'" name="{$val->name}" id="{$val->name}">
|
||||
|
|
|
|||
|
|
@ -5,13 +5,13 @@
|
|||
<input type="hidden" name="document_srl" value="{$document_srl}" />
|
||||
<input type="hidden" name="isMobile" value="{$isMobile}" />
|
||||
<div style="margin-right:10px">
|
||||
<input type="text" name="title" value="{htmlspecialchars($oDocument->getTitleText())}" title="{$lang->title}" style="width:100%" />
|
||||
<input type="text" name="title" value="{htmlspecialchars($oDocument->getTitleText(), ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" title="{$lang->title}" style="width:100%" />
|
||||
</div>
|
||||
|
||||
<div class="editor">{$oDocument->getEditor()}</div>
|
||||
|
||||
<div class="tag">
|
||||
<input type="text" name="tags" value="{htmlspecialchars($oDocument->get('tags'))}" class="iText" title="Tag" />
|
||||
<input type="text" name="tags" value="{htmlspecialchars($oDocument->get('tags'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" class="iText" title="Tag" />
|
||||
<p>{$lang->about_tag}</p>
|
||||
</div>
|
||||
<div class="btnArea">
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
<select name="module_category_srl" title="{$lang->module_category}" cond="$module_category" style="margin-right:4px">
|
||||
<option loop="$module_category => $key,$val" value="{$key}" selected="selected"|cond="$module_category_srl==$key">{$val->title}</option>
|
||||
</select>
|
||||
<input type="search" name="search_keyword" title="Search" value="{htmlspecialchars($search_keyword)}" required style="width:150px" />
|
||||
<input type="search" name="search_keyword" title="Search" value="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" required style="width:150px" />
|
||||
<button class="x_btn x_btn-inverse" type="submit">{$lang->cmd_search}</button>
|
||||
<a href="{getUrl('','module',$module,'act',$act)}" class="x_btn">{$lang->cmd_cancel}</a>
|
||||
</form>
|
||||
|
|
@ -156,4 +156,4 @@ jQuery(function($){
|
|||
}
|
||||
});
|
||||
});
|
||||
</script>
|
||||
</script>
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
<input type="hidden" name="module" value="page" />
|
||||
<input type="hidden" name="act" value="dispPageAdminContentModify" />
|
||||
<input type="hidden" name="module_srl" value="{$module_info->module_srl}" />
|
||||
<input type="hidden" name="content" value="{htmlspecialchars($content)}" />
|
||||
<input type="hidden" name="content" value="{htmlspecialchars($content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<div class="btnArea" id="pageBtnArea" hidden>
|
||||
<div class="etc">
|
||||
<span class="btn-group">
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@
|
|||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="lang_browser_title">{$lang->browser_title}</label>
|
||||
<div class="x_controls">
|
||||
<input type="text" name="browser_title" id="browser_title" value="<!--@if(strpos($module_info->browser_title, '$user_lang->') === false)-->{$module_info->browser_title}<!--@else-->{htmlspecialchars($module_info->browser_title)}<!--@end-->" class="lang_code" />
|
||||
<input type="text" name="browser_title" id="browser_title" value="<!--@if(strpos($module_info->browser_title, '$user_lang->') === false)-->{$module_info->browser_title}<!--@else-->{htmlspecialchars($module_info->browser_title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}<!--@end-->" class="lang_code" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="x_control-group">
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
<input type="hidden" name="module" value="page" />
|
||||
<input type="hidden" name="act" value="dispPageAdminContentModify" />
|
||||
<input type="hidden" name="module_srl" value="{$module_info->module_srl}" />
|
||||
<input type="hidden" name="content" value="{htmlspecialchars($content)}" />
|
||||
<input type="hidden" name="content" value="{htmlspecialchars($content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<input type="hidden" name="type" value="mobile" />
|
||||
<div class="btnArea" id="pageBtnArea" hidden>
|
||||
<div class="etc">
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@
|
|||
<option loop="$lang->search_target_list => $key,$val" value="{$key}" selected="selected"|cond="$search_target==$key">{$val}</option>
|
||||
</select>
|
||||
<span class="x_input-append">
|
||||
<input type="search" required name="search_keyword" required value="{htmlspecialchars($search_keyword)}" title="{$lang->cmd_search}" style="width:100px" />
|
||||
<input type="search" required name="search_keyword" required value="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" title="{$lang->cmd_search}" style="width:100px" />
|
||||
<button type="submit" class="x_btn x_btn-inverse">{$lang->cmd_search}</button>
|
||||
<a href="{getUrl('','module',$module,'act',$act)}" class="x_btn">{$lang->cmd_cancel}</a>
|
||||
</span>
|
||||
|
|
@ -128,7 +128,7 @@
|
|||
<option loop="$lang->search_target_list => $key,$val" value="{$key}" selected="selected"|cond="$search_target==$key">{$val}</option>
|
||||
</select>
|
||||
<span class="x_input-append">
|
||||
<input type="search" name="search_keyword" required value="{htmlspecialchars($search_keyword)}" title="{$lang->cmd_search}" style="width:100px" />
|
||||
<input type="search" name="search_keyword" required value="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" title="{$lang->cmd_search}" style="width:100px" />
|
||||
<button type="submit" class="x_btn x_btn-inverse">{$lang->cmd_search}</button>
|
||||
<a href="{getUrl('','module',$module,'act',$act)}" class="x_btn">{$lang->cmd_cancel}</a>
|
||||
</span>
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ class pollController extends poll
|
|||
|
||||
$poll_index = $tmp_arr[1];
|
||||
|
||||
if($logged_info->is_admin != 'Y') $val = htmlspecialchars($val);
|
||||
if($logged_info->is_admin != 'Y') $val = htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
|
||||
if($tmp_arr[0]=='title') $tmp_args[$poll_index]->title = $val;
|
||||
else if($tmp_arr[0]=='checkcount') $tmp_args[$poll_index]->checkcount = $val;
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
<td>
|
||||
<select name="skin" onchange="doDisplaySkinColorset(this);return false;">
|
||||
<!--@foreach($skin_list as $key => $val)-->
|
||||
<option value="{$key}" <!--@if($config->skin == $key)-->selected="selected"<!--@end-->>{$val->title} ({htmlspecialchars($key)})</option>
|
||||
<option value="{$key}" <!--@if($config->skin == $key)-->selected="selected"<!--@end-->>{$val->title} ({htmlspecialchars($key, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)})</option>
|
||||
<!--@end-->
|
||||
</select>
|
||||
</td>
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ xe.lang.confirm_poll_delete = '{$lang->confirm_poll_delete}';
|
|||
<select name="search_target" title="{$lang->search_target}" style="margin-right:4px">
|
||||
<option loop="$lang->search_poll_target_list => $key, $val" value="{$key}" selected="selected"|cond="$search_target==$key">{$val}</option>
|
||||
</select>
|
||||
<input type="search" name="search_keyword" value="{htmlspecialchars($search_keyword)}" />
|
||||
<input type="search" name="search_keyword" value="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<button class="x_btn x_btn-inverse" type="submit">{$lang->cmd_search}</button>
|
||||
<a class="x_btn" href="{getUrl('','module',$module,'act',$act)}">{$lang->cmd_cancel}</a>
|
||||
</form>
|
||||
|
|
@ -123,4 +123,4 @@ jQuery(function($){
|
|||
}
|
||||
});
|
||||
});
|
||||
</script>
|
||||
</script>
|
||||
|
|
|
|||
|
|
@ -104,17 +104,17 @@ class rssView extends rss
|
|||
$info->title = str_replace('\'', ''',$info->title);
|
||||
if($config->feed_description)
|
||||
{
|
||||
$info->description = str_replace('\'', ''', htmlspecialchars($config->feed_description));
|
||||
$info->description = str_replace('\'', ''', htmlspecialchars($config->feed_description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
}
|
||||
else
|
||||
{
|
||||
$info->description = str_replace('\'', ''', htmlspecialchars($this->module_info->description));
|
||||
$info->description = str_replace('\'', ''', htmlspecialchars($this->module_info->description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
}
|
||||
$info->link = getUrl('','mid',$mid);
|
||||
$info->feed_copyright = str_replace('\'', ''', htmlspecialchars($feed_config->feed_copyright));
|
||||
$info->feed_copyright = str_replace('\'', ''', htmlspecialchars($feed_config->feed_copyright, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
if(!$info->feed_copyright)
|
||||
{
|
||||
$info->feed_copyright = str_replace('\'', ''', htmlspecialchars($total_config->feed_copyright));
|
||||
$info->feed_copyright = str_replace('\'', ''', htmlspecialchars($total_config->feed_copyright, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -131,14 +131,14 @@ class rssView extends rss
|
|||
}
|
||||
|
||||
$oModuleController->replaceDefinedLangCode($info->title);
|
||||
$info->title = str_replace('\'', ''', htmlspecialchars($info->title));
|
||||
$info->description = str_replace('\'', ''', htmlspecialchars($total_config->feed_description));
|
||||
$info->title = str_replace('\'', ''', htmlspecialchars($info->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
$info->description = str_replace('\'', ''', htmlspecialchars($total_config->feed_description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
$info->link = Context::getRequestUri();
|
||||
$info->feed_copyright = str_replace('\'', ''', htmlspecialchars($total_config->feed_copyright));
|
||||
$info->feed_copyright = str_replace('\'', ''', htmlspecialchars($total_config->feed_copyright, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
}
|
||||
if($add_description) $info->description .= "\r\n".$add_description;
|
||||
|
||||
if($total_config->image) $info->image = Context::getRequestUri().str_replace('\'', ''', htmlspecialchars($total_config->image));
|
||||
if($total_config->image) $info->image = Context::getRequestUri().str_replace('\'', ''', htmlspecialchars($total_config->image, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
switch(Context::get('format'))
|
||||
{
|
||||
case 'atom':
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
<feed xmlns="http://www.w3.org/2005/Atom">
|
||||
<title type="text">{$info->title}</title>
|
||||
<!--@if($info->description)-->
|
||||
<subtitle type="html">{str_replace('\'', ''', htmlspecialchars($info->description))}</subtitle>
|
||||
<subtitle type="html">{str_replace('\'', ''', htmlspecialchars($info->description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</subtitle>
|
||||
<!--@end-->
|
||||
<updated>{$info->date}</updated>
|
||||
<id>{$info->id}</id>
|
||||
|
|
@ -11,7 +11,7 @@
|
|||
<link rel="self" type="application/atom+xml" href="{$info->id}"/>
|
||||
<generator uri="http://www.xpressengine.com/">XpressEngine</generator>
|
||||
<!--@foreach($document_list as $oDocument)--> <entry>
|
||||
<title>{str_replace('\'', ''',htmlspecialchars($oDocument->getTitleText()))}</title>
|
||||
<title>{str_replace('\'', ''',htmlspecialchars($oDocument->getTitleText(), ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</title>
|
||||
<id>{$oDocument->getPermanentUrl()}</id>
|
||||
<published>{$oDocument->getRegdate('Y-m-d\TH:i:sP')}</published>
|
||||
<updated>{zdate($oDocument->get('last_update'),'Y-m-d\TH:i:sP')}</updated>
|
||||
|
|
@ -24,12 +24,12 @@
|
|||
<!--@end-->
|
||||
</author>
|
||||
<!--@if($open_rss_config[$oDocument->get('module_srl')]=='Y')-->
|
||||
<content type="html">{str_replace('\'', ''', htmlspecialchars($oDocument->getTransContent(false,false,true)))}</content>
|
||||
<content type="html">{str_replace('\'', ''', htmlspecialchars($oDocument->getTransContent(false,false,true), ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</content>
|
||||
<!--@else-->
|
||||
<summary type="text">{str_replace('\'', ''', htmlspecialchars($oDocument->getContentText(100)))}</summary>
|
||||
<summary type="text">{str_replace('\'', ''', htmlspecialchars($oDocument->getContentText(100), ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</summary>
|
||||
<!--@end-->
|
||||
<!--@foreach($oDocument->get('tag_list') as $tag)-->
|
||||
<category term="{str_replace('\'', ''', htmlspecialchars($tag))}"/>
|
||||
<category term="{str_replace('\'', ''', htmlspecialchars($tag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}"/>
|
||||
<!--@end-->
|
||||
|
||||
</entry>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<channel rdf:about="{getUrl('','mid',$mid,'module','rss','act','rss','format','rss1.0','page',Context::get('page'),'start_date',Context::get('start_date'),'end_date',Context::get('end_date'))}">
|
||||
<title>{$info->title}</title>
|
||||
<link>{$info->link}</link>
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($info->description))}</description>
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($info->description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</description>
|
||||
<items>
|
||||
<rdf:Seq>
|
||||
<!--@foreach($document_list as $oDocument)-->
|
||||
|
|
@ -17,9 +17,9 @@
|
|||
</channel>
|
||||
<!--@foreach($document_list as $oDocument)-->
|
||||
<item rdf:about="{$oDocument->getPermanentUrl()}">
|
||||
<title>{str_replace('\'', ''',htmlspecialchars($oDocument->getTitleText()))}</title>
|
||||
<title>{str_replace('\'', ''',htmlspecialchars($oDocument->getTitleText(), ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</title>
|
||||
<link>{$oDocument->getPermanentUrl()}</link>
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($oDocument->getContentText(200)))}</description>
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($oDocument->getContentText(200), ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</description>
|
||||
<dc:date>{$oDocument->getRegdate('Y-m-d\TH:i:sP')}</dc:date>
|
||||
</item>
|
||||
<!--@end-->
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
<!--@end-->
|
||||
<!--@foreach($document_list as $oDocument)-->
|
||||
<item>
|
||||
<title>{str_replace('\'', ''',htmlspecialchars($oDocument->getTitleText()))}</title>
|
||||
<title>{str_replace('\'', ''',htmlspecialchars($oDocument->getTitleText(), ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</title>
|
||||
<dc:creator>{str_replace('\'', ''',$oDocument->getNickName())}</dc:creator>
|
||||
<link>{$oDocument->getPermanentUrl()}</link>
|
||||
<guid isPermaLink="true">{$oDocument->getPermanentUrl()}</guid>
|
||||
|
|
@ -29,13 +29,13 @@
|
|||
<comments>{$oDocument->getPermanentUrl()}#comment</comments>
|
||||
<!--@end-->
|
||||
<!--@if($open_rss_config[$oDocument->get('module_srl')]=='Y')-->
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($oDocument->getTransContent(false,false,true)))}</description>
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($oDocument->getTransContent(false,false,true), ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</description>
|
||||
<!--@else-->
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($oDocument->getContentText(100)))}</description>
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($oDocument->getContentText(100), ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</description>
|
||||
<!--@end-->
|
||||
<pubDate>{$oDocument->getRegdateGM()}</pubDate>
|
||||
<!--@foreach($oDocument->get('tag_list') as $tag)-->
|
||||
<category>{str_replace('\'', ''', htmlspecialchars($tag))}</category>
|
||||
<category>{str_replace('\'', ''', htmlspecialchars($tag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</category>
|
||||
<!--@end-->
|
||||
<!--@if($oDocument->getCommentcount()>0)-->
|
||||
<slash:comments>{$oDocument->getCommentcount()}</slash:comments>
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@
|
|||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="feed_title">{$lang->title}</label>
|
||||
<div class="x_controls">
|
||||
<input type="text" name="feed_title" value="{htmlspecialchars($total_config->feed_title)}" id="feed_title" />
|
||||
<input type="text" name="feed_title" value="{htmlspecialchars($total_config->feed_title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" id="feed_title" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="x_control-group">
|
||||
|
|
@ -57,7 +57,7 @@
|
|||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="feed_copyright">{$lang->feed_copyright}</label>
|
||||
<div class="x_controls">
|
||||
<input type="text" name="feed_copyright" value="{htmlspecialchars($total_config->feed_copyright)}" id="feed_copyright" />
|
||||
<input type="text" name="feed_copyright" value="{htmlspecialchars($total_config->feed_copyright, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" id="feed_copyright" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="x_control-group">
|
||||
|
|
|
|||
|
|
@ -28,14 +28,14 @@
|
|||
<div class="x_control-group">
|
||||
<label for="feed_description" class="x_control-label">{$lang->description}</label>
|
||||
<div class="x_controls">
|
||||
<textarea name="feed_description" id="feed_description" rows="4" cols="42" style="float:left;margin-right:8px">{htmlspecialchars($rss_config->feed_description)}</textarea>
|
||||
<textarea name="feed_description" id="feed_description" rows="4" cols="42" style="float:left;margin-right:8px">{htmlspecialchars($rss_config->feed_description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</textarea>
|
||||
<p class="x_help-block">{$lang->about_feed_description}</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="x_control-group">
|
||||
<label for="feed_copyright" class="x_control-label">{$lang->feed_copyright}</label>
|
||||
<div class="x_controls">
|
||||
<textarea name="feed_copyright" id="feed_copyright" rows="4" cols="42" style="float:left;margin-right:8px">{htmlspecialchars($rss_config->feed_copyright)}</textarea>
|
||||
<textarea name="feed_copyright" id="feed_copyright" rows="4" cols="42" style="float:left;margin-right:8px">{htmlspecialchars($rss_config->feed_copyright, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</textarea>
|
||||
<p class="x_help-block">{$lang->about_feed_copyright}</p>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -4,22 +4,22 @@
|
|||
<channel>
|
||||
<title>{$info->title}</title>
|
||||
<link>{$info->link}</link>
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($info->description))}</description>
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($info->description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</description>
|
||||
<language>{$info->language}</language>
|
||||
<pubDate>{$info->date}</pubDate>
|
||||
<totalCount>{$info->total_count}</totalCount>
|
||||
<totalPage>{$info->total_page}</totalPage>
|
||||
<!--@foreach($document_list as $oDocument)-->
|
||||
<item>
|
||||
<title>{str_replace('\'', ''',htmlspecialchars($oDocument->getTitleText()))}</title>
|
||||
<title>{str_replace('\'', ''',htmlspecialchars($oDocument->getTitleText(), ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</title>
|
||||
<author>{str_replace('\'', ''',$oDocument->getNickName())}</author>
|
||||
<link>{$oDocument->getPermanentUrl()}</link>
|
||||
<!--@if($open_rss_config[$oDocument->get('module_srl')]->open_rss=='Y')-->
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($oDocument->getTransContent(false,false,true)))}</description>
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($oDocument->getTransContent(false,false,true), ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</description>
|
||||
<!--@else-->
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($oDocument->getContentText(100)))}</description>
|
||||
<description>{str_replace('\'', ''', htmlspecialchars($oDocument->getContentText(100), ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</description>
|
||||
<!--@end-->
|
||||
<tags>{str_replace('\'', ''', htmlspecialchars($oDocument->get('tags')))}</tags>
|
||||
<tags>{str_replace('\'', ''', htmlspecialchars($oDocument->get('tags'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false))}</tags>
|
||||
<comment_count>{$oDocument->getCommentCount()}</comment_count>
|
||||
<trackback_count>{$oDocument->getTrackbackCount()}</trackback_count>
|
||||
<pubDate>{$oDocument->getRegdateGM()}</pubDate>
|
||||
|
|
|
|||
|
|
@ -29,10 +29,10 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
|
|||
<tbody>
|
||||
<tr loop="$trackback_list => $no, $val">
|
||||
<td>
|
||||
<a href="{getUrl('','document_srl',$val->document_srl)}#trackback_{$val->trackback_srl}" target="_blank">{htmlspecialchars($val->title)}</a>
|
||||
<a href="{getUrl('','document_srl',$val->document_srl)}#trackback_{$val->trackback_srl}" target="_blank">{htmlspecialchars($val->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</a>
|
||||
<p>{$val->excerpt}</p>
|
||||
</td>
|
||||
<td class="nowr"><a href="{$val->url}" target="_blank">{htmlspecialchars($val->blog_name)}</a></td>
|
||||
<td class="nowr"><a href="{$val->url}" target="_blank">{htmlspecialchars($val->blog_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</a></td>
|
||||
<td class="nowr">{zdate($val->regdate,"Y-m-d")}</td>
|
||||
<td class="nowr"><a href="{getUrl('search_target','ipaddress','search_keyword',$val->ipaddress)}">{$val->ipaddress}</a></td>
|
||||
<td><input type="checkbox" name="cart" value="{$val->trackback_srl}" /></td>
|
||||
|
|
@ -90,7 +90,7 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
|
|||
<option value="{$key}" <!--@if($search_target==$key)-->selected="selected"<!--@end-->>{$val}</option>
|
||||
<!--@end-->
|
||||
</select>
|
||||
<input type="search" name="search_keyword" value="{htmlspecialchars($search_keyword)}" />
|
||||
<input type="search" name="search_keyword" value="{htmlspecialchars($search_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<button type="submit" class="x_btn x_btn-inverse">{$lang->cmd_search}</button>
|
||||
<a class="x_btn" href="{getUrl('','module',$module,'act',$act)}">{$lang->cmd_cancel}</a>
|
||||
</form>
|
||||
|
|
@ -142,4 +142,4 @@ jQuery(function($){
|
|||
}
|
||||
});
|
||||
});
|
||||
</script>
|
||||
</script>
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ class TrashVO
|
|||
function getTitle()
|
||||
{
|
||||
if(empty($this->title)) return $lang->untitle;
|
||||
return htmlspecialchars($this->title);
|
||||
return htmlspecialchars($this->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
function setTitle($title)
|
||||
{
|
||||
|
|
@ -49,7 +49,7 @@ class TrashVO
|
|||
}
|
||||
function getDescription()
|
||||
{
|
||||
return htmlspecialchars($this->description);
|
||||
return htmlspecialchars($this->description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
function setDescription($description)
|
||||
{
|
||||
|
|
@ -81,7 +81,7 @@ class TrashVO
|
|||
}
|
||||
function getNickName()
|
||||
{
|
||||
return htmlspecialchars($this->nickName);
|
||||
return htmlspecialchars($this->nickName, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
function setNickName($nickName)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -530,7 +530,7 @@ class widgetController extends widget
|
|||
{
|
||||
if(in_array($key, array('class','style','widget_padding_top','widget_padding_right','widget_padding_bottom','widget_padding_left','widget','widgetstyle','document_srl'))) continue;
|
||||
if(strpos($val,'|@|')>0) $val = str_replace('|@|',',',$val);
|
||||
$attribute[] = sprintf('%s="%s"', $key, htmlspecialchars($val));
|
||||
$attribute[] = sprintf('%s="%s"', $key, htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -566,7 +566,7 @@ class widgetController extends widget
|
|||
if(in_array($key, array('class','style','widget_padding_top','widget_padding_right','widget_padding_bottom','widget_padding_left','widget','widgetstyle','document_srl'))) continue;
|
||||
if(!is_numeric($val) && (!is_string($val) || strlen($val)==0)) continue;
|
||||
if(strpos($val,'|@|')>0) $val = str_replace('|@|',',',$val);
|
||||
$attribute[] = sprintf('%s="%s"', $key, htmlspecialchars($val));
|
||||
$attribute[] = sprintf('%s="%s"', $key, htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -591,7 +591,7 @@ class widgetController extends widget
|
|||
if(in_array($key, $allowed_key)) continue;
|
||||
if(!is_numeric($val) && (!is_string($val) || strlen($val)==0)) continue;
|
||||
if(strpos($val,'|@|')>0) $val = str_replace('|@|',',',$val);
|
||||
$attribute[] = sprintf('%s="%s"', $key, htmlspecialchars($val));
|
||||
$attribute[] = sprintf('%s="%s"', $key, htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -763,7 +763,7 @@ class widgetController extends widget
|
|||
}
|
||||
if(strpos($val,'|@|') > 0) $val = str_replace('|@|', ',', $val);
|
||||
$vars->{$key} = Context::convertEncodingStr($val);
|
||||
$attribute[] = sprintf('%s="%s"', $key, htmlspecialchars(Context::convertEncodingStr($val)));
|
||||
$attribute[] = sprintf('%s="%s"', $key, htmlspecialchars(Context::convertEncodingStr($val), ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
}
|
||||
|
||||
return $attribute;
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@
|
|||
if(is_object($output)) {
|
||||
var_dump($output); return;
|
||||
}
|
||||
$output = htmlspecialchars($output);
|
||||
$output = htmlspecialchars($output, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
|
||||
$output = preg_replace('/select/i', 'SELECT', $output);
|
||||
$output = preg_replace('/from/i', '<br/>FROM', $output);
|
||||
|
|
|
|||
|
|
@ -611,14 +611,14 @@ class content extends WidgetHandler
|
|||
$item->description = preg_replace('!<a href=!is','<a onclick="window.open(this.href);return false" href=', $item->content);
|
||||
if($item->description)
|
||||
{
|
||||
if(stripos($value->content->attrs->type, "html") === FALSE) $item->description = htmlspecialchars($item->description);
|
||||
if(!preg_match("/html/i", $value->content->attrs->type)) $item->description = htmlspecialchars($item->description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
if(!$item->description)
|
||||
{
|
||||
$item->description = $item->summary;
|
||||
if($item->description)
|
||||
{
|
||||
if(stripos($value->summary->attrs->type, "html") === FALSE) $item->description = htmlspecialchars($item->description);
|
||||
if(!preg_match("/html/i", $value->summary->attrs->type)) $item->description = htmlspecialchars($item->description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
}
|
||||
$content_item->setContent($this->_getSummary($item->description, $args->content_cut_size));
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
<fieldset id="acField">
|
||||
<h2>{$lang->cmd_login}</h2>
|
||||
<input type="hidden" name="act" value="procMemberLogin" />
|
||||
<input type="hidden" name="success_return_url" value="{htmlspecialchars(getRequestUriByServerEnviroment())}" />
|
||||
<input type="hidden" name="success_return_url" value="{htmlspecialchars(getRequestUriByServerEnviroment(), ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<input type="hidden" name="xe_validator_id" value="widgets/login_info/skins/default/login_form/1" />
|
||||
<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'widgets/login_info/skins/default/login_form/1'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
|
||||
<p>{$XE_VALIDATOR_MESSAGE}</p>
|
||||
|
|
@ -30,4 +30,4 @@
|
|||
<li><a href="{getUrl('act','dispMemberFindAccount')}">{$lang->cmd_find_member_account}</a></li>
|
||||
</ul>
|
||||
</fieldset>
|
||||
</form>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
<legend>{$lang->cmd_login}</legend>
|
||||
<h2>Login</h2>
|
||||
<input type="hidden" name="act" value="procMemberLogin" />
|
||||
<input type="hidden" name="success_return_url" value="{htmlspecialchars(getRequestUriByServerEnviroment())}" />
|
||||
<input type="hidden" name="success_return_url" value="{htmlspecialchars(getRequestUriByServerEnviroment(), ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<div class="idpwWrap">
|
||||
<div class="idpw">
|
||||
<input name="user_id" type="text" title="<!--@if($member_config->identifier != 'email_address')-->{$lang->user_id}<!--@else-->{$lang->email_address}<!--@end-->" />
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
<fieldset id="login" class="login_{$colorset}">
|
||||
<legend>{$lang->cmd_login}</legend>
|
||||
<input type="hidden" name="act" value="procMemberLogin" />
|
||||
<input type="hidden" name="success_return_url" value="{htmlspecialchars(getRequestUriByServerEnviroment())}" />
|
||||
<input type="hidden" name="success_return_url" value="{htmlspecialchars(getRequestUriByServerEnviroment(), ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<h2>Login</h2>
|
||||
<div class="idpwWrap">
|
||||
<div class="idpw">
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
<form id="fo_login_widget" action="{getUrl('','act','procMemberLogin')}" method="post" ruleset="@login" class="login_{$colorset}">
|
||||
<fieldset>
|
||||
<input type="hidden" name="act" value="procMemberLogin" />
|
||||
<input type="hidden" name="success_return_url" value="{htmlspecialchars(getRequestUriByServerEnviroment())}" />
|
||||
<input type="hidden" name="success_return_url" value="{htmlspecialchars(getRequestUriByServerEnviroment(), ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<input type="hidden" name="xe_validator_id" value="widgets/login_info/skins/xe_official/login_form/1" />
|
||||
<div class="idpwWrap">
|
||||
<div class="idpw">
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ var keep_signed_msg = "{$lang->about_keep_signed}";
|
|||
<fieldset id="login">
|
||||
<legend>{$lang->cmd_login}</legend>
|
||||
<input type="hidden" name="act" value="procMemberLogin" />
|
||||
<input type="hidden" name="success_return_url" value="{htmlspecialchars(getRequestUriByServerEnviroment())}" />
|
||||
<input type="hidden" name="success_return_url" value="{htmlspecialchars(getRequestUriByServerEnviroment(), ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" />
|
||||
<div id="sign_box">
|
||||
<div class="txt sign_state1"><span class="label">Sign in</span></div>
|
||||
<div class="signin_window" style="display:none;">
|
||||
|
|
|
|||
|
|
@ -557,14 +557,14 @@ class mcontent extends WidgetHandler
|
|||
$item->description = preg_replace('!<a href=!is','<a onclick="window.open(this.href);return false" href=', $item->content);
|
||||
if($item->description)
|
||||
{
|
||||
if(stripos($value->summary->attrs->type, "html") === FALSE) $item->description = htmlspecialchars($item->description);
|
||||
if(!preg_match("/html/i", $value->content->attrs->type)) $item->description = htmlspecialchars($item->description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
if(!$item->description)
|
||||
{
|
||||
$item->description = $item->summary;
|
||||
if($item->description)
|
||||
{
|
||||
if(stripos($value->summary->attrs->type, "html") === FALSE) $item->description = htmlspecialchars($item->description);
|
||||
if(!preg_match("/html/i", $value->summary->attrs->type)) $item->description = htmlspecialchars($item->description, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
}
|
||||
}
|
||||
$content_item->setContent($this->_getSummary($item->description, $args->content_cut_size));
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue