From: Jeroen L. <jl...@us...> - 2005-12-08 22:16:35
|
Update of /cvsroot/mantisbt/mantisbt/core In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv11236/core Modified Files: filter_api.php html_api.php print_api.php string_api.php Log Message: 6474: Calls to htmlspecialchars should take into account the current charset Index: html_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/html_api.php,v retrieving revision 1.185 retrieving revision 1.186 diff -u -d -r1.185 -r1.186 --- html_api.php 8 Dec 2005 14:21:50 -0000 1.185 +++ html_api.php 8 Dec 2005 22:16:20 -0000 1.186 @@ -414,9 +414,9 @@ $t_time = $g_queries_array[$i][1]; $t_total += $t_time; if ( true == $g_queries_array[$i][2] ) { - echo "\t", '<tr valign="top"><td style="color: red">', ($i+1), '</td><td style="color: red">', $t_time , '</td><td style="color: red">', htmlspecialchars($g_queries_array[$i][0]), '</td></tr>', "\n"; + echo "\t", '<tr valign="top"><td style="color: red">', ($i+1), '</td><td style="color: red">', $t_time , '</td><td style="color: red">', string_html_specialchars($g_queries_array[$i][0]), '</td></tr>', "\n"; } else { - echo "\t", '<tr valign="top"><td>', ($i+1), '</td><td>'. $t_time . '</td><td>', htmlspecialchars($g_queries_array[$i][0]), '</td></tr>', "\n"; + echo "\t", '<tr valign="top"><td>', ($i+1), '</td><td>'. $t_time . '</td><td>', string_html_specialchars($g_queries_array[$i][0]), '</td></tr>', "\n"; } } echo "\t", '<tr><td></td><td>', $t_total, '</td><td></td></tr>', "\n"; Index: filter_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/filter_api.php,v retrieving revision 1.126 retrieving revision 1.127 diff -u -d -r1.126 -r1.127 --- filter_api.php 6 Dec 2005 22:17:12 -0000 1.126 +++ filter_api.php 8 Dec 2005 22:16:20 -0000 1.127 @@ -2014,7 +2014,7 @@ collapse_icon( 'filter' ); echo lang_get( 'search' ); ?>: - <input type="text" size="16" name="search" value="<?php PRINT htmlspecialchars( $t_filter['search'] ); ?>" /> + <input type="text" size="16" name="search" value="<?php PRINT string_html_specialchars( $t_filter['search'] ); ?>" /> <input type="submit" name="filter" class="button-small" value="<?php PRINT lang_get( 'filter_button' ) ?>" /> </td> Index: string_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/string_api.php,v retrieving revision 1.77 retrieving revision 1.78 diff -u -d -r1.77 -r1.78 --- string_api.php 6 Dec 2005 23:47:51 -0000 1.77 +++ string_api.php 8 Dec 2005 22:16:20 -0000 1.78 @@ -84,7 +84,7 @@ # Prepare a string for display to HTML function string_display( $p_string ) { $p_string = string_strip_hrefs( $p_string ); - $p_string = htmlspecialchars( $p_string ); + $p_string = string_html_specialchars( $p_string ); $p_string = string_restore_valid_html_tags( $p_string ); $p_string = string_preserve_spaces_at_bol( $p_string ); $p_string = string_nl2br( $p_string ); @@ -113,7 +113,7 @@ # same steps as string_display_links() without the preservation of spaces since is undefined in XML. $t_string = string_strip_hrefs( $t_string ); - $t_string = htmlspecialchars( $t_string ); + $t_string = string_html_specialchars( $t_string ); $t_string = string_restore_valid_html_tags( $t_string ); $t_string = string_nl2br( $t_string ); $t_string = string_insert_hrefs( $t_string ); @@ -122,7 +122,7 @@ $t_string = string_process_cvs_link( $t_string ); # another escaping to escape the special characters created by the generated links - $t_string = htmlspecialchars( $t_string ); + $t_string = string_html_specialchars( $t_string ); return $t_string; } @@ -152,7 +152,7 @@ # -------------------- # Process a string for display in a textarea box function string_textarea( $p_string ) { - $p_string = htmlspecialchars( $p_string ); + $p_string = string_html_specialchars( $p_string ); return $p_string; } @@ -160,7 +160,7 @@ # -------------------- # Process a string for display in a text box function string_attribute( $p_string ) { - $p_string = htmlspecialchars( $p_string ); + $p_string = string_html_specialchars( $p_string ); return $p_string; } @@ -653,6 +653,17 @@ } # -------------------- + # Calls htmlspecialchars on the specified string, passing along + # the current charset, if the current PHP version supports it. + function string_html_specialchars( $p_string ) { + if ( php_version_at_least( '4.1.0' ) ) { + return htmlspecialchars( $p_string, ENT_COMPAT, lang_get( 'charset' ) ); + } else { + return htmlspecialchars( $p_string ); + } + } + + # -------------------- # Prepares a string to be used as part of header(). function string_prepare_header( $p_string ) { $t_string = $p_string; Index: print_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/print_api.php,v retrieving revision 1.145 retrieving revision 1.146 diff -u -d -r1.145 -r1.146 --- print_api.php 8 Dec 2005 14:21:50 -0000 1.145 +++ print_api.php 8 Dec 2005 22:16:20 -0000 1.146 @@ -1301,14 +1301,14 @@ # The names and values are passed through htmlspecialchars() before being displayed function print_hidden_inputs( $p_assoc_array ) { foreach ( $p_assoc_array as $key => $val ) { - $key = htmlspecialchars( $key ); + $key = string_html_specialchars( $key ); if ( is_array( $val ) ) { foreach ( $val as $val2 ) { - $val2 = htmlspecialchars( $val2 ); + $val2 = string_html_specialchars( $val2 ); PRINT "<input type=\"hidden\" name=\"$val\[\]\" value=\"$val2\" />\n"; } } else { - $val = htmlspecialchars( $val ); + $val = string_html_specialchars( $val ); PRINT "<input type=\"hidden\" name=\"$key\" value=\"$val\" />\n"; } } |