fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-01 16:22:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

#66 install php version check

Browse source 
#16 install rewrite module usable check
#48 htmlspecialchars function params add
This commit is contained in:
akasima 2013-11-18 16:54:17 +09:00 committed by bnu
parent 51b6b21cf2
commit 736f382b27
93 changed files with 240 additions and 215 deletions
Download patch file Download diff file Expand all files Collapse all files

10
classes/context/Context.class.php
View file

@ -746,7 +746,7 @@ class Context
$oModuleController = getController('module');
$oModuleController->replaceDefinedLangCode($self->site_title);
return htmlspecialchars($self->site_title);
return htmlspecialchars($self->site_title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
/**
@ -1259,7 +1259,7 @@ class Context
}
elseif($key === 'mid' || $key === 'vid' || $key === 'search_keyword')
{
$val[$k] = htmlspecialchars($v);
$val[$k] = htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
else
{
@ -1325,7 +1325,7 @@ class Context
{
continue;
}
$val['name'] = htmlspecialchars($val['name']);
$val['name'] = htmlspecialchars($val['name'], ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$this->set($key, $val, true);
$this->is_uploaded = true;
}
@ -1631,11 +1631,11 @@ class Context
$encode_queries[] = $key . '=' . $value;
}
$encode_query = implode('&', $encode_queries);
return htmlspecialchars($parsedUrl['path'] . '?' . $encode_query);
return htmlspecialchars($parsedUrl['path'] . '?' . $encode_query, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
else
{
return htmlspecialchars($query);
return htmlspecialchars($query, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
}
else

2
classes/display/HTMLDisplayHandler.php
View file

@ -278,7 +278,7 @@ class HTMLDisplayHandler
case 'number':
case 'range':
case 'color':
$str = preg_replace('@\svalue="[^"]*?"@', ' ', $str) . ' value="' . @htmlspecialchars($INPUT_ERROR[$match[3]]) . '"';
$str = preg_replace('@\svalue="[^"]*?"@', ' ', $str) . ' value="' . @htmlspecialchars($INPUT_ERROR[$match[3]], ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . '"';
break;
case 'password':
$str = preg_replace('@\svalue="[^"]*?"@', ' ', $str);

12
classes/extravar/Extravar.class.php
View file

@ -210,7 +210,7 @@ class ExtraItem
{
$value = 'http://' . $value;
}
return htmlspecialchars($value);
return htmlspecialchars($value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
case 'tel' :
if(is_array($value))
@ -253,7 +253,7 @@ class ExtraItem
for($i = 0; $i < count($values); $i++)
{
$values[$i] = htmlspecialchars($values[$i]);
$values[$i] = htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
return $values;
@ -283,7 +283,7 @@ class ExtraItem
//case 'text' :
//case 'textarea' :
default :
return htmlspecialchars($value);
return htmlspecialchars($value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
}
@ -405,7 +405,7 @@ class ExtraItem
// Temporary ID for labeling
$tmp_id = $column_name . '-' . $id_num++;
$buff .='<li><input type="checkbox" name="' . $column_name . '[]" id="' . $tmp_id . '" value="' . htmlspecialchars($v) . '" ' . $checked . ' /><label for="' . $tmp_id . '">' . $v . '</label></li>';
$buff .='<li><input type="checkbox" name="' . $column_name . '[]" id="' . $tmp_id . '" value="' . htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . '" ' . $checked . ' /><label for="' . $tmp_id . '">' . $v . '</label></li>';
}
$buff .= '</ul>';
break;
@ -490,7 +490,7 @@ class ExtraItem
'<input type="text" name="addr_search_' . $column_name . '" class="address" value="" />' .
'<a href="#" onclick="doSearchKrZip(this, \'' . $column_name . '\'); return false;" class="button green"><span>' . Context::getLang('cmd_search') . '</span></a>' .
'</div>' .
'<input type="text" name="' . $column_name . '[]" value="' . htmlspecialchars($value[1]) . '" class="address" />' .
'<input type="text" name="' . $column_name . '[]" value="' . htmlspecialchars($value[1], ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . '" class="address" />' .
'';
break;
// General text
@ -500,7 +500,7 @@ class ExtraItem
}
if($this->desc)
{
$buff .= '<p>' . htmlspecialchars($this->desc) . '</p>';
$buff .= '<p>' . htmlspecialchars($this->desc, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . '</p>';
}
return $buff;

8
classes/security/EmbedFilter.class.php
View file

@ -355,7 +355,7 @@ class EmbedFilter
if(!$isWhiteDomain && !$isWhiteMimetype && !$isWhiteExt)
{
$content = str_replace($objectTag, htmlspecialchars($objectTag), $content);
$content = str_replace($objectTag, htmlspecialchars($objectTag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), $content);
}
}
}
@ -408,7 +408,7 @@ class EmbedFilter
if(!$isWhiteDomain && !$isWhiteMimetype && !$isWhiteExt)
{
$content = str_replace($embedTag, htmlspecialchars($embedTag), $content);
$content = str_replace($embedTag, htmlspecialchars($embedTag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), $content);
}
}
}
@ -451,7 +451,7 @@ class EmbedFilter
if(!$isWhiteDomain)
{
$content = str_replace($iframeTag, htmlspecialchars($iframeTag), $content);
$content = str_replace($iframeTag, htmlspecialchars($iframeTag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), $content);
}
}
}
@ -491,7 +491,7 @@ class EmbedFilter
if(!$isWhiteDomain && !$isWhiteExt)
{
$content = str_replace($paramTag, htmlspecialchars($paramTag), $content);
$content = str_replace($paramTag, htmlspecialchars($paramTag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), $content);
}
}
}

2
classes/security/Security.class.php
View file

@ -115,7 +115,7 @@ class Security
{
if(!preg_match('/^\$user_lang->/', $var))
{
$var = htmlspecialchars($var);
$var = htmlspecialchars($var, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
return $var;
}

2
classes/security/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php
View file

@ -14,7 +14,7 @@ class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform {
public function __construct($attr) {
$this->attr = $attr;
if (!isset($this->css[$attr])) {
trigger_error(htmlspecialchars($attr) . ' is not valid space attribute');
trigger_error(htmlspecialchars($attr, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . ' is not valid space attribute');
}
}

2
classes/security/htmlpurifier/library/HTMLPurifier/CSSDefinition.php
View file

@ -302,7 +302,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
// emit errors
foreach ($allowed_properties as $name => $d) {
// :TODO: Is this htmlspecialchars() call really necessary?
$name = htmlspecialchars($name);
$name = htmlspecialchars($name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
}
}

6
classes/security/htmlpurifier/library/HTMLPurifier/Config.php
View file

@ -153,7 +153,7 @@ class HTMLPurifier_Config
if (!$this->finalized) $this->autoFinalize();
if (!isset($this->def->info[$key])) {
// can't add % due to SimpleTest bug
$this->triggerError('Cannot retrieve value of undefined directive ' . htmlspecialchars($key),
$this->triggerError('Cannot retrieve value of undefined directive ' . htmlspecialchars($key, ENT_COMPAT | ENT_HTML401, 'UTF-8', false),
E_USER_WARNING);
return;
}
@ -181,7 +181,7 @@ class HTMLPurifier_Config
if (!$this->finalized) $this->autoFinalize();
$full = $this->getAll();
if (!isset($full[$namespace])) {
$this->triggerError('Cannot retrieve undefined namespace ' . htmlspecialchars($namespace),
$this->triggerError('Cannot retrieve undefined namespace ' . htmlspecialchars($namespace, ENT_COMPAT | ENT_HTML401, 'UTF-8', false),
E_USER_WARNING);
return;
}
@ -246,7 +246,7 @@ class HTMLPurifier_Config
}
if ($this->isFinalized('Cannot set directive after finalization')) return;
if (!isset($this->def->info[$key])) {
$this->triggerError('Cannot set undefined directive ' . htmlspecialchars($key) . ' to value',
$this->triggerError('Cannot set undefined directive ' . htmlspecialchars($key, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . ' to value',
E_USER_WARNING);
return;
}

2
classes/security/htmlpurifier/library/HTMLPurifier/DoctypeRegistry.php
View file

@ -56,7 +56,7 @@ class HTMLPurifier_DoctypeRegistry
public function get($doctype) {
if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype];
if (!isset($this->doctypes[$doctype])) {
trigger_error('Doctype ' . htmlspecialchars($doctype) . ' does not exist', E_USER_ERROR);
trigger_error('Doctype ' . htmlspecialchars($doctype, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . ' does not exist', E_USER_ERROR);
$anon = new HTMLPurifier_Doctype($doctype);
return $anon;
}

2
classes/security/htmlpurifier/library/HTMLPurifier/Generator.php
View file

@ -246,7 +246,7 @@ class HTMLPurifier_Generator
// Workaround for APC bug on Mac Leopard reported by sidepodcast
// http://htmlpurifier.org/phorum/read.php?3,4823,4846
if ($quote === null) $quote = ENT_COMPAT;
return htmlspecialchars($string, $quote, 'UTF-8');
return htmlspecialchars($string, $quote, 'UTF-8', false);
}
}

8
classes/security/htmlpurifier/library/HTMLPurifier/HTMLDefinition.php
View file

@ -261,7 +261,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
}
// emit errors
foreach ($allowed_elements as $element => $d) {
$element = htmlspecialchars($element); // PHP doesn't escape errors, be careful!
$element = htmlspecialchars($element, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); // PHP doesn't escape errors, be careful!
trigger_error("Element '$element' is not supported $support", E_USER_WARNING);
}
}
@ -315,8 +315,8 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
switch ($c) {
case 2:
if ($bits[0] !== '*') {
$element = htmlspecialchars($bits[0]);
$attribute = htmlspecialchars($bits[1]);
$element = htmlspecialchars($bits[0], ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$attribute = htmlspecialchars($bits[1], ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
if (!isset($this->info[$element])) {
trigger_error("Cannot allow attribute '$attribute' if element '$element' is not allowed/supported $support");
} else {
@ -327,7 +327,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
}
// otherwise fall through
case 1:
$attribute = htmlspecialchars($bits[0]);
$attribute = htmlspecialchars($bits[0], ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
trigger_error("Global attribute '$attribute' is not ".
"supported in any elements $support",
E_USER_WARNING);

4
classes/security/htmlpurifier/library/HTMLPurifier/Lexer.php
View file

@ -121,7 +121,7 @@ class HTMLPurifier_Lexer
$inst = new HTMLPurifier_Lexer_PH5P();
break;
default:
throw new HTMLPurifier_Exception("Cannot instantiate unrecognized Lexer type " . htmlspecialchars($lexer));
throw new HTMLPurifier_Exception("Cannot instantiate unrecognized Lexer type " . htmlspecialchars($lexer, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
}
}
@ -252,7 +252,7 @@ class HTMLPurifier_Lexer
*/
protected static function CDATACallback($matches) {
// not exactly sure why the character set is needed, but whatever
return htmlspecialchars($matches[1], ENT_COMPAT, 'UTF-8');
return htmlspecialchars($matches[1], ENT_COMPAT, 'UTF-8', false);
}
/**

2
classes/security/htmlpurifier/library/HTMLPurifier/Lexer/DirectLex.php
View file

@ -25,7 +25,7 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
* @param $matches, in form of array(opening tag, contents, closing tag)
*/
protected function scriptCallback($matches) {
return $matches[1] . htmlspecialchars($matches[2], ENT_COMPAT, 'UTF-8') . $matches[3];
return $matches[1] . htmlspecialchars($matches[2], ENT_COMPAT, 'UTF-8', false) . $matches[3];
}
public function tokenizeHTML($html, $config, $context) {

2
classes/security/htmlpurifier/library/HTMLPurifier/Printer.php
View file

@ -104,7 +104,7 @@ class HTMLPurifier_Printer
*/
protected function escape($string) {
$string = HTMLPurifier_Encoder::cleanUTF8($string);
$string = htmlspecialchars($string, ENT_COMPAT, 'UTF-8');
$string = htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false);
return $string;
}

2
classes/template/TemplateHandler.class.php
View file

@ -330,7 +330,7 @@ class TemplateHandler
{
preg_match('/<input[^>]*name="error_return_url"[^>]*>/is', $matches[2], $m3);
if(!$m3[0])
$matches[2] = '<input type="hidden" name="error_return_url" value="<?php echo htmlspecialchars(getRequestUriByServerEnviroment()) ?>" />' . $matches[2];
$matches[2] = '<input type="hidden" name="error_return_url" value="<?php echo htmlspecialchars(getRequestUriByServerEnviroment(), ENT_COMPAT | ENT_HTML401, \'UTF-8\', false) ?>" />' . $matches[2];
}
else
{

2
classes/xml/XmlGenerator.class.php
View file

@ -45,7 +45,7 @@ class XmlGenerator
{
foreach($value as $attrName => $attrValue)
{
$attrs .= sprintf(' %s="%s"', $attrName, htmlspecialchars($attrValue));
$attrs .= sprintf(' %s="%s"', $attrName, htmlspecialchars($attrValue, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
}
}
}