mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-04-29 15:22:15 +09:00
Use escape more consistently
여기저기 htmlspecialchars가 들어 있는 것을 escape로 통일
This commit is contained in:
Kijin Sung
parent
d63da57045
commit
c54fa8dab1
14 changed files with 44 additions and 45 deletions
|
|
@ -794,7 +794,7 @@ class Context
|
|||
return '';
|
||||
}
|
||||
getController('module')->replaceDefinedLangCode(self::$_instance->browser_title);
|
||||
return htmlspecialchars(self::$_instance->browser_title, ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
|
||||
return htmlspecialchars(self::$_instance->browser_title, ENT_QUOTES, 'UTF-8', FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1733,7 +1733,7 @@ class Context
|
|||
|
||||
if(!$autoEncode)
|
||||
{
|
||||
return htmlspecialchars($query, ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
|
||||
return htmlspecialchars($query, ENT_QUOTES, 'UTF-8', FALSE);
|
||||
}
|
||||
|
||||
$output = array();
|
||||
|
|
@ -1749,7 +1749,7 @@ class Context
|
|||
$encode_queries[] = $key . '=' . $value;
|
||||
}
|
||||
|
||||
return htmlspecialchars($parsedUrl['path'] . '?' . join('&', $encode_queries), ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
|
||||
return htmlspecialchars($parsedUrl['path'] . '?' . join('&', $encode_queries), ENT_QUOTES, 'UTF-8', FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -209,7 +209,7 @@ class ExtraItem
|
|||
{
|
||||
$value = 'http://' . $value;
|
||||
}
|
||||
return htmlspecialchars($value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
return escape($value, false);
|
||||
|
||||
case 'tel' :
|
||||
if(is_array($value))
|
||||
|
|
@ -232,7 +232,7 @@ class ExtraItem
|
|||
$values = array_values($values);
|
||||
for($i = 0, $c = count($values); $i < $c; $i++)
|
||||
{
|
||||
$values[$i] = trim(htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
$values[$i] = trim(escape($values[$i], false));
|
||||
}
|
||||
return $values;
|
||||
|
||||
|
|
@ -259,7 +259,7 @@ class ExtraItem
|
|||
$values = array_values($values);
|
||||
for($i = 0, $c = count($values); $i < $c; $i++)
|
||||
{
|
||||
$values[$i] = trim(htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
$values[$i] = trim(escape($values[$i], false));
|
||||
}
|
||||
return $values;
|
||||
|
||||
|
|
@ -280,7 +280,7 @@ class ExtraItem
|
|||
$values = array_values($values);
|
||||
for($i = 0, $c = count($values); $i < $c; $i++)
|
||||
{
|
||||
$values[$i] = trim(htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
$values[$i] = trim(escape($values[$i], false));
|
||||
}
|
||||
return $values;
|
||||
|
||||
|
|
@ -290,7 +290,7 @@ class ExtraItem
|
|||
//case 'textarea' :
|
||||
//case 'password' :
|
||||
default :
|
||||
return htmlspecialchars($value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
return escape($value, false);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -404,7 +404,7 @@ class ExtraItem
|
|||
// Temporary ID for labeling
|
||||
$tmp_id = $column_name . '-' . $id_num++;
|
||||
|
||||
$buff[] =' <li><input type="checkbox" name="' . $column_name . '[]" id="' . $tmp_id . '" value="' . htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . '" ' . $checked . ' /><label for="' . $tmp_id . '">' . $v . '</label></li>';
|
||||
$buff[] =' <li><input type="checkbox" name="' . $column_name . '[]" id="' . $tmp_id . '" value="' . escape($v, false) . '" ' . $checked . ' /><label for="' . $tmp_id . '">' . $v . '</label></li>';
|
||||
}
|
||||
$buff[] = '</ul>';
|
||||
break;
|
||||
|
|
@ -485,7 +485,7 @@ class ExtraItem
|
|||
{
|
||||
$oModuleController = getController('module');
|
||||
$oModuleController->replaceDefinedLangCode($this->desc);
|
||||
$buff[] = '<p>' . htmlspecialchars($this->desc, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . '</p>';
|
||||
$buff[] = '<p>' . escape($this->desc, false) . '</p>';
|
||||
}
|
||||
|
||||
return join(PHP_EOL, $buff);
|
||||
|
|
|
|||
|
|
@ -115,7 +115,7 @@ class Security
|
|||
{
|
||||
if(strncmp('$user_lang->', $var, 12) !== 0)
|
||||
{
|
||||
$var = htmlspecialchars($var, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$var = escape($var, false);
|
||||
}
|
||||
|
||||
return $var;
|
||||
|
|
|
|||
|
|
@ -327,7 +327,7 @@ class TemplateHandler
|
|||
{
|
||||
preg_match('/<input[^>]*name="error_return_url"[^>]*>/is', $matches[2], $m3);
|
||||
if(!$m3[0])
|
||||
$matches[2] = '<input type="hidden" name="error_return_url" value="<?php echo htmlspecialchars(getRequestUriByServerEnviroment(), ENT_COMPAT | ENT_HTML401, \'UTF-8\', false) ?>" />' . $matches[2];
|
||||
$matches[2] = '<input type="hidden" name="error_return_url" value="<?php echo escape(getRequestUriByServerEnviroment(), false); ?>" />' . $matches[2];
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue