Update of /cvsroot/php-blog/serendipity In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17845 Modified Files: comment.php index.php serendipity_admin.php serendipity_admin_category.inc.php serendipity_admin_entries.inc.php serendipity_admin_image_selector.php serendipity_admin_plugins.inc.php serendipity_admin_users.inc.php serendipity_entries.php serendipity_functions.inc.php serendipity_functions_installer.inc.php serendipity_genpage.inc.php serendipity_layout_table.inc.php serendipity_sidebar_items.php Log Message: Merged changes: htmlspecialchars instead of htmlentities for preserving native charsets. Index: serendipity_admin.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_admin.php,v retrieving revision 1.35 retrieving revision 1.36 diff -u -d -r1.35 -r1.36 --- serendipity_admin.php 4 Apr 2004 16:23:29 -0000 1.35 +++ serendipity_admin.php 7 Apr 2004 12:42:42 -0000 1.36 @@ -4,6 +4,7 @@ define('IN_installer', true); define('IN_upgrader', true); include('serendipity_config.inc.php'); +header('Content-Type: text/html; charset=' . LANG_CHARSET); if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'logout'){ serendipity_logout(); @@ -16,6 +17,7 @@ <html> <head> <title><?php echo SERENDIPITY_ADMIN_SUITE; ?></title> + <meta http-equiv="Content-Type" content="text/html; charset=<?php echo LANG_CHARSET; ?>" /> <link rel="stylesheet" type="text/css" href="<?php echo (isset($serendipity['serendipityHTTPPath']) ? $serendipity['serendipityHTTPPath'] : ''); ?>serendipity.css.php" /> <?php if (!empty($serendipity['extCSS']) && strtolower($serendipity['extCSS']) != 'none') { Index: serendipity_entries.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_entries.php,v retrieving revision 1.28 retrieving revision 1.29 diff -u -d -r1.28 -r1.29 --- serendipity_entries.php 4 Apr 2004 16:24:47 -0000 1.28 +++ serendipity_entries.php 7 Apr 2004 12:42:42 -0000 1.29 @@ -10,6 +10,8 @@ $_SESSION['serendipityAuthedUser'] = true; } +header('Content-Type: text/html; charset=' . LANG_CHARSET); + if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'logout'){ serendipity_logout(); } else { @@ -20,6 +22,7 @@ <html> <head> <title><?php echo SERENDIPITY_AUTHORING_SUITE; ?></title> + <meta http-equiv="Content-Type" content="text/html; charset=<?php echo LANG_CHARSET; ?>" /> <link rel="stylesheet" type="text/css" href="<?php echo $serendipity['serendipityHTTPPath']; ?>serendipity.css.php" /> <?php if (strtolower($serendipity['extCSS']) != 'none' && $serendipity['extCSS'] != '') { Index: serendipity_genpage.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_genpage.inc.php,v retrieving revision 1.26 retrieving revision 1.27 diff -u -d -r1.26 -r1.27 --- serendipity_genpage.inc.php 21 Mar 2004 16:47:18 -0000 1.26 +++ serendipity_genpage.inc.php 7 Apr 2004 12:42:42 -0000 1.27 @@ -15,7 +15,8 @@ ?> <html> <head> - <title><?php echo htmlentities($serendipity['blogTitle']); ?></title> + <title><?php echo htmlspecialchars($serendipity['blogTitle']); ?></title> + <meta http-equiv="Content-Type" content="text/html; charset=<?php echo LANG_CHARSET; ?>" /> <meta name="Powered-By" content="Serendipity v.<?php echo $serendipity['version'] ?>" /> <link rel="stylesheet" type="text/css" href="<?php echo $serendipity['serendipityHTTPPath']; ?>serendipity.css.php" /> <link rel="alternate" type="application/rss+xml" title="RSS" href="<?php echo $serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : ''); ?>feeds/index.rss2" /> Index: serendipity_admin_image_selector.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_image_selector.php,v retrieving revision 1.18 retrieving revision 1.19 diff -u -d -r1.18 -r1.19 --- serendipity_admin_image_selector.php 3 Mar 2004 09:07:00 -0000 1.18 +++ serendipity_admin_image_selector.php 7 Apr 2004 12:42:42 -0000 1.19 @@ -16,6 +16,8 @@ die ("Don't hack!"); } +header('Content-Type: text/html; charset=' . LANG_CHARSET); + if ($_SESSION['serendipityAuthedUser'] !== true) { die(HAVE_TO_BE_LOGGED_ON); } @@ -24,6 +26,7 @@ <html> <head> <title><?php echo SELECT_IMAGE; ?></title> + <meta http-equiv="Content-Type" content="text/html; charset=<?php echo LANG_CHARSET; ?>" /> <link rel="stylesheet" type="text/css" href="<?php echo $serendipity['serendipityHTTPPath']; ?>serendipity.css.php"> </head> <body id="serendipity_admin_image_page"> Index: serendipity_layout_table.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_layout_table.inc.php,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- serendipity_layout_table.inc.php 21 Mar 2004 16:35:32 -0000 1.10 +++ serendipity_layout_table.inc.php 7 Apr 2004 12:42:43 -0000 1.11 @@ -14,7 +14,7 @@ ?> <div id="serendipity_banner"> - <h1><?php echo htmlentities($serendipity['blogTitle']) ; ?></h1> + <h1><?php echo htmlspecialchars($serendipity['blogTitle']) ; ?></h1> <?php $sub = isset($serendipity['blogSubTitle']) ? $serendipity['blogSubTitle'] : $serendipity['blogDescription']; if (strlen($sub)) { Index: index.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/index.php,v retrieving revision 1.37 retrieving revision 1.38 diff -u -d -r1.37 -r1.38 --- index.php 21 Mar 2004 16:35:31 -0000 1.37 +++ index.php 7 Apr 2004 12:42:42 -0000 1.38 @@ -9,7 +9,8 @@ session_start(); include_once('serendipity_config.inc.php'); serendipity_login(); - +header('Content-Type: text/html; charset='. LANG_CHARSET); + $track_referer = true; $uri = $_SERVER['REQUEST_URI']; @@ -19,7 +20,6 @@ } if (preg_match(PAT_ARCHIVES, $uri, $matches)) { - header('Content-Type: text/html; charset='. LANG_CHARSET); $range = $matches[1]; $_GET['serendipity']['action'] = 'read'; $_GET['serendipity']['range'] = $range; @@ -45,7 +45,6 @@ echo $data; } else if (preg_match(PAT_ARCHIVES_SHORT, $uri, $matches)) { - header('Content-Type: text/html; charset='. LANG_CHARSET); $range = $matches[1]; $_GET['serendipity']['action'] = 'read'; $_GET['serendipity']['range'] = $range; @@ -91,7 +90,6 @@ } } - header('Content-Type: text/html; charset='. LANG_CHARSET); $id = $matches[1]; serendipity_track_referrer($id); @@ -146,15 +144,12 @@ header("Location: {$serendipity['serendipityHTTPPath']}serendipity_entries.php"); exit; } else if (preg_match(PAT_ARCHIVE, $uri)) { - header('Content-Type: text/html; charset='. LANG_CHARSET); $serendipity['GET']['action'] = 'archives'; include_once(S9Y_INCLUDE_PATH . 'serendipity_genpage.inc.php'); } else if (preg_match(PAT_CATEGORIES, $uri, $matches) || preg_match('@/(index\.(php|html))?@', $uri) || preg_match('@/(' . preg_quote($serendipity['indexFile']) . ')?@', $uri)) { - header('Content-Type: text/html; charset='. LANG_CHARSET); - if (count($serendipity['GET']) == 2) { if (isset($matches) && is_array($matches) && isset($matches[1])) { $serendipity['GET']['category'] = $matches[1]; Index: serendipity_functions.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_functions.inc.php,v retrieving revision 1.249 retrieving revision 1.250 diff -u -d -r1.249 -r1.250 --- serendipity_functions.inc.php 4 Apr 2004 16:24:47 -0000 1.249 +++ serendipity_functions.inc.php 7 Apr 2004 12:42:42 -0000 1.250 @@ -867,7 +867,7 @@ } ?> - <h4 class="serendipity_title"><a href="<?php echo $entryLink; ?>"><?php echo htmlentities($entry['title']); ?></a></h4> + <h4 class="serendipity_title"><a href="<?php echo $entryLink; ?>"><?php echo htmlspecialchars($entry['title']); ?></a></h4> <div class="serendipity_entry"> <span class="<?php echo $extended_css; ?>"><?php echo $entry['body']; ?></span> @@ -875,7 +875,7 @@ <div class='serendipity_entryFooter'> <?php - echo ' ' . POSTED_BY . ' ' . htmlentities($entry['username']) . (!empty($entry['category_name']) ? ' ' . IN . ' <a href="' . $serendipity['serendipityHTTPPath'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'categories/' . $entry['categoryid'] . '_' . serendipity_makeFilename($entry['category_name']) . '">' . $entry['category_name'] . '</a> ' : ' ') . AT . ' <a href="' . $entryLink . '">' . date('H:i', $entry['timestamp']) . '</a>'. "\n"; + echo ' ' . POSTED_BY . ' ' . htmlspecialchars($entry['username']) . (!empty($entry['category_name']) ? ' ' . IN . ' <a href="' . $serendipity['serendipityHTTPPath'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'categories/' . $entry['categoryid'] . '_' . serendipity_makeFilename($entry['category_name']) . '">' . $entry['category_name'] . '</a> ' : ' ') . AT . ' <a href="' . $entryLink . '">' . date('H:i', $entry['timestamp']) . '</a>'. "\n"; if (serendipity_db_bool($entry['allow_comments']) || !isset($entry['allow_comments']) || $entry['comments'] > 0) { if (!isset($serendipity['GET']['id'])) { @@ -1123,7 +1123,7 @@ } $name = empty($comment['author']) ? ANONYMOUS : $comment['author']; - $temp = array('comment' => htmlentities(strip_tags($comment['body'])) ); + $temp = array('comment' => htmlspecialchars(strip_tags($comment['body'])) ); serendipity_plugin_api::hook_event('frontend_display', $temp); $body = $temp['comment']; @@ -1137,14 +1137,14 @@ <?php /* Link to the user's email */ if (!empty($comment['email'])) { - echo '<a href="mailto:' . htmlentities($comment['email']) . '" title="' . SEND_MAIL_TO . ' ' . htmlentities($name) . ' (' . $comment['email'] . ')">' . htmlentities($name) . '</a>'; + echo '<a href="mailto:' . htmlspecialchars($comment['email']) . '" title="' . SEND_MAIL_TO . ' ' . htmlspecialchars($name) . ' (' . $comment['email'] . ')">' . htmlspecialchars($name) . '</a>'; } else { - echo htmlentities($name); + echo htmlspecialchars($name); } /* Link to the user's website, if the URL is valid */ if ((!isset($comment['type']) || $comment['type'] != 'trackback') && !empty($comment['url']) && $comment['url'] != 'http://' && eregi('^http://', $comment['url'])) { - echo ' (<a href="' . str_replace('"', '"', $comment['url']) . '" ' . serendipity_xhtml_target('_blank') . ' title="' . htmlentities($comment['url']) . '">Link</a>)'; + echo ' (<a href="' . str_replace('"', '"', $comment['url']) . '" ' . serendipity_xhtml_target('_blank') . ' title="' . htmlspecialchars($comment['url']) . '">Link</a>)'; } /* Show when the entry was made */ @@ -1201,7 +1201,7 @@ <td class="serendipity_comment"> <a href="<?php echo strip_tags($link); ?>" <?php echo serendipity_xhtml_target('_blank'); ?>><?php echo $title; ?></a><br /> <b><?php echo EXCERPT; ?>: </b> - <?php echo htmlentities(strip_tags($comment['body'])); ?><br /> + <?php echo htmlspecialchars(strip_tags($comment['body'])); ?><br /> <div class="serendipity_comment_source"> <b>Weblog: </b> <?php echo strip_tags($name); ?><br /> <b><?php echo TRACKED; ?>: </b> <?php echo date('M d, h:i', $comment['timestamp']); ?> @@ -2032,9 +2032,9 @@ foreach ($cats as $cat_data) { $selected = (isset($entry['categoryid']) && $cat_data['categoryid'] == $entry['categoryid'] ? ' selected="selected"' : ''); $cat_list .= ' <option value="' . $cat_data['categoryid'] . '" ' . $selected . '>' - . htmlentities($cat_data['category_name']) + . htmlspecialchars($cat_data['category_name']) . ' - ' - . htmlentities($cat_data['category_description']) + . htmlspecialchars($cat_data['category_description']) . '</option>' . $n; } } @@ -2060,7 +2060,7 @@ <td colspan="2"> <table width="100%" cellspacing="0" cellpadding="0" border="0"> <tr> - <td><input type="text" name="serendipity[title]" value="<?php echo isset($entry['title']) ? htmlentities($entry['title']) : ''; ?>" size="72" /></td> + <td><input type="text" name="serendipity[title]" value="<?php echo isset($entry['title']) ? htmlspecialchars($entry['title']) : ''; ?>" size="72" /></td> <td align="right"><select name="serendipity[isdraft]"> <option value="false" <?php echo $draftP; ?>><?php echo PUBLISH; ?></option> <option value="true" <?php echo $draftD; ?>><?php echo DRAFT; ?></option> @@ -2127,7 +2127,7 @@ <tr> <td colspan="3"> - <textarea style="width: 100%" name="serendipity[body]" id="serendipity[body]" cols="80" rows="20"><?php echo isset($entry['body']) ? htmlentities($entry['body']) : ''; ?></textarea> + <textarea style="width: 100%" name="serendipity[body]" id="serendipity[body]" cols="80" rows="20"><?php echo isset($entry['body']) ? htmlspecialchars($entry['body']) : ''; ?></textarea> </td> </tr> @@ -2154,7 +2154,7 @@ <tr> <td colspan="3"> - <textarea style="width: 100%" name="serendipity[extended]" id="serendipity[extended]" cols="80" rows="20"><?php echo isset($entry['extended']) ? htmlentities($entry['extended']) : ''; ?></textarea> + <textarea style="width: 100%" name="serendipity[extended]" id="serendipity[extended]" cols="80" rows="20"><?php echo isset($entry['extended']) ? htmlspecialchars($entry['extended']) : ''; ?></textarea> </td> </tr> Index: serendipity_admin_users.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_users.inc.php,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- serendipity_admin_users.inc.php 4 Apr 2004 16:24:46 -0000 1.1 +++ serendipity_admin_users.inc.php 7 Apr 2004 12:42:42 -0000 1.2 @@ -96,7 +96,7 @@ foreach($users AS $user) { if ($user['userlevel'] < $serendipity['serendipityUserlevel'] || $user['authorid'] == $serendipity['authorid']) { ?> - <option value="<?php echo $user['authorid']; ?>"<?php echo ($user['authorid'] == $serendipity['POST']['user'] ? ' selected="selected"' : ''); ?>><?php echo htmlentities($user['username']); ?> (<?php printf(USER_LEVEL, $user['userlevel']); ?>) </option> + <option value="<?php echo $user['authorid']; ?>"<?php echo ($user['authorid'] == $serendipity['POST']['user'] ? ' selected="selected"' : ''); ?>><?php echo htmlspecialchars($user['username']); ?> (<?php printf(USER_LEVEL, $user['userlevel']); ?>) </option> <?php } } Index: serendipity_admin_plugins.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_plugins.inc.php,v retrieving revision 1.22 retrieving revision 1.23 diff -u -d -r1.22 -r1.23 --- serendipity_admin_plugins.inc.php 7 Apr 2004 06:53:42 -0000 1.22 +++ serendipity_admin_plugins.inc.php 7 Apr 2004 12:42:42 -0000 1.23 @@ -102,8 +102,8 @@ $bag = new serendipity_property_bag; $plugin->introspect($bag); - $name = htmlentities($bag->get('name')); - $desc = htmlentities($bag->get('description')); + $name = htmlspecialchars($bag->get('name')); + $desc = htmlspecialchars($bag->get('description')); if ($event_only) { $place = '<input type="hidden" name="serendipity[placement][' . $plugin_data['name'] . ']" value="event" />'; } else { @@ -192,10 +192,10 @@ foreach($users AS $user) { if ($readonly && $user['authorid'] == $authorid) { - $username = htmlentities($user['username']); + $username = htmlspecialchars($user['username']); } elseif (!$readonly) { ?> - <option value="<?php echo $user['authorid']; ?>"<?php echo ($user['authorid'] == $authorid ? ' selected="selected"' : ''); ?>><?php echo htmlentities($user['username']); ?></option> + <option value="<?php echo $user['authorid']; ?>"<?php echo ($user['authorid'] == $authorid ? ' selected="selected"' : ''); ?>><?php echo htmlspecialchars($user['username']); ?></option> <?php } } @@ -275,8 +275,8 @@ $bag = new serendipity_property_bag; $plugin->introspect($bag); - $name = htmlentities($bag->get('name')); - $desc = htmlentities($bag->get('description')); + $name = htmlspecialchars($bag->get('name')); + $desc = htmlspecialchars($bag->get('description')); $config_names = $bag->get('configuration'); @@ -312,10 +312,10 @@ $cbag = new serendipity_property_bag; $plugin->introspect_config_item($config_item, $cbag); - $cname = htmlentities($cbag->get('name')); - $cdesc = htmlentities($cbag->get('description')); + $cname = htmlspecialchars($cbag->get('name')); + $cdesc = htmlspecialchars($cbag->get('description')); $value = $plugin->get_config($config_item); - $hvalue = (isset($_POST['serendipity']['plugin'][$config_item]) ? htmlentities($_POST['serendipity']['plugin'][$config_item]) : htmlentities($value)); + $hvalue = (isset($_POST['serendipity']['plugin'][$config_item]) ? htmlspecialchars($_POST['serendipity']['plugin'][$config_item]) : htmlspecialchars($value)); $radio = array(); $select = array(); @@ -346,8 +346,8 @@ foreach($select AS $select_value => $select_desc) { $id = htmlspecialchars($config_item . $select_value); ?> - <option value="<?php echo $select_value; ?>" <?php echo ($select_value == $hvalue ? 'selected="selected"' : ''); ?> title="<?php echo htmlentities($select_desc); ?>" /> - <?php echo htmlentities($select_desc); ?> + <option value="<?php echo $select_value; ?>" <?php echo ($select_value == $hvalue ? 'selected="selected"' : ''); ?> title="<?php echo htmlspecialchars($select_desc); ?>" /> + <?php echo htmlspecialchars($select_desc); ?> </option> <?php } @@ -398,8 +398,8 @@ <?php } ?> - <input type="radio" id="serendipity_plugin_<?php echo $id; ?>" name="serendipity[plugin][<?php echo $config_item; ?>]" value="<?php echo $radio_value; ?>" <?php echo ($radio_value == $hvalue ? 'checked="checked"' : ''); ?> title="<?php echo htmlentities($radio['desc'][$radio_index]); ?>" /> - <label for="serendipity_plugin_<?php echo $id; ?>"><?php echo htmlentities($radio['desc'][$radio_index]); ?></label> + <input type="radio" id="serendipity_plugin_<?php echo $id; ?>" name="serendipity[plugin][<?php echo $config_item; ?>]" value="<?php echo $radio_value; ?>" <?php echo ($radio_value == $hvalue ? 'checked="checked"' : ''); ?> title="<?php echo htmlspecialchars($radio['desc'][$radio_index]); ?>" /> + <label for="serendipity_plugin_<?php echo $id; ?>"><?php echo htmlspecialchars($radio['desc'][$radio_index]); ?></label> <?php if ($counter == $per_row) { $counter = 0; Index: serendipity_sidebar_items.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_sidebar_items.php,v retrieving revision 1.53 retrieving revision 1.54 diff -u -d -r1.53 -r1.54 --- serendipity_sidebar_items.php 4 Apr 2004 16:23:29 -0000 1.53 +++ serendipity_sidebar_items.php 7 Apr 2004 12:42:43 -0000 1.54 @@ -530,12 +530,12 @@ '<a href="%s" title="%s">%s</a><br />', $serendipity['serendipityHTTPPath'] . 'rss.php?category=' . $category['categoryid'] . '_' . $category_id, - htmlentities($category['category_description']), + htmlspecialchars($category['category_description']), ($serendipity['XHTML11'] ? 'style="display: inline; border: 0px"' : 'border="0"'), serendipity_getTemplateFile('img/xml.gif'), $serendipity['serendipityHTTPPath'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . PATH_CATEGORIES.'/' . $category['categoryid'] . '_' . $category_id, - htmlentities($category['category_description']), - htmlentities($category['category_name']) + htmlspecialchars($category['category_description']), + htmlspecialchars($category['category_name']) ); } } Index: serendipity_functions_installer.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_functions_installer.inc.php,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- serendipity_functions_installer.inc.php 7 Apr 2004 07:41:02 -0000 1.4 +++ serendipity_functions_installer.inc.php 7 Apr 2004 12:42:42 -0000 1.5 @@ -195,7 +195,7 @@ break; case 'protected' : - echo '<input type="password" size="30" name="' . $name . '" value="' . htmlentities($value) . '" />'; + echo '<input type="password" size="30" name="' . $name . '" value="' . htmlspecialchars($value) . '" />'; break; case 'list' : preg_match_all("/([^\=]+)\=\>([^\,]+)\,?/i", $default, $res); @@ -209,7 +209,7 @@ echo '</select>'; break; default : - echo '<input type="text" size="30" name="' . $name . '" value="' . htmlentities($value) . '" />'; + echo '<input type="text" size="30" name="' . $name . '" value="' . htmlspecialchars($value) . '" />'; break; } } Index: serendipity_admin_category.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_category.inc.php,v retrieving revision 1.9 retrieving revision 1.10 diff -u -d -r1.9 -r1.10 --- serendipity_admin_category.inc.php 4 Apr 2004 16:24:46 -0000 1.9 +++ serendipity_admin_category.inc.php 7 Apr 2004 12:42:42 -0000 1.10 @@ -56,12 +56,12 @@ if ($cat_to_edit > 0 && $cat_data['categoryid'] == $cat_to_edit && !isset($this_cat)) { $this_cat = $cat_data; } elseif ($cat_to_edit > 0) { - $existing_cats_dropdown .= '<option value="' . $cat_data['categoryid'] . '">' . htmlentities($cat_data['category_name']) . '</option>' . "\n"; + $existing_cats_dropdown .= '<option value="' . $cat_data['categoryid'] . '">' . htmlspecialchars($cat_data['category_name']) . '</option>' . "\n"; } } - $name = htmlentities($cat_data['category_name']); - $desc = htmlentities($cat_data['category_description']); + $name = htmlspecialchars($cat_data['category_name']); + $desc = htmlspecialchars($cat_data['category_description']); $edit_pre = '<a href="?serendipity[adminModule]=category&serendipity[cat][catid]=' . $cat_data['categoryid'] . '">'; $edit_post = '</a>'; @@ -94,7 +94,7 @@ $desc = CREATE_NEW_CAT; $save = CREATE; } else { - $desc = htmlentities(sprintf(EDIT_THIS_CAT, $this_cat['category_name'], $this_cat['category_description'])); + $desc = htmlspecialchars(sprintf(EDIT_THIS_CAT, $this_cat['category_name'], $this_cat['category_description'])); $save = SAVE; if ($serendipity['serendipityUserlevel'] >= USERLEVEL_CHIEF || $serendipity['authorid'] == $this_cat['authorid'] || $this_cat['authorid'] == '0') { $remove = '<br /><br /><font size="1">' . sprintf(CATEGORY_REMAINING, $existing_cats_dropdown) .' <input type="submit" name="REMOVE" value="> "></font>'; @@ -106,12 +106,12 @@ <table cellpadding="5"> <tr> <th><?php echo NAME; ?></th> - <td><input type="text" name="serendipity[cat][name]" value="<?php echo isset($this_cat['category_name']) ? htmlentities($this_cat['category_name']) : ''; ?>" /></td> + <td><input type="text" name="serendipity[cat][name]" value="<?php echo isset($this_cat['category_name']) ? htmlspecialchars($this_cat['category_name']) : ''; ?>" /></td> </tr> <tr> <th><?php echo DESCRIPTION; ?></th> - <td><input type="text" name="serendipity[cat][description]" value="<?php echo isset($this_cat['category_description']) ? htmlentities($this_cat['category_description']) : ''; ?>" /></td> + <td><input type="text" name="serendipity[cat][description]" value="<?php echo isset($this_cat['category_description']) ? htmlspecialchars($this_cat['category_description']) : ''; ?>" /></td> </tr> <tr> Index: comment.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/comment.php,v retrieving revision 1.30 retrieving revision 1.31 diff -u -d -r1.30 -r1.31 --- comment.php 3 Mar 2004 09:07:00 -0000 1.30 +++ comment.php 7 Apr 2004 12:42:42 -0000 1.31 @@ -4,6 +4,7 @@ session_start(); include_once('serendipity_config.inc.php'); +header('Content-Type: text/html; charset=' . LANG_CHARSET); if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type'])) { serendipity_deleteComment($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type']); @@ -53,6 +54,7 @@ <head> <title>' . COMMENTS . '</title> <link rel="stylesheet" type="text/css" href="' . $serendipity['serendipityHTTPPath'] . 'serendipity.css.php?mode=comments" /> + <meta http-equiv="Content-Type" content="text/html; charset=<?php echo LANG_CHARSET; ?>" /> </head> <body id="serendipity_comment_page"> '; Index: serendipity_admin_entries.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_entries.inc.php,v retrieving revision 1.19 retrieving revision 1.20 diff -u -d -r1.19 -r1.20 --- serendipity_admin_entries.inc.php 21 Mar 2004 16:35:31 -0000 1.19 +++ serendipity_admin_entries.inc.php 7 Apr 2004 12:42:42 -0000 1.20 @@ -80,7 +80,7 @@ <br /> <?php if ($entries[$x]['isdraft'] == 'true') echo DRAFT . ':'; ?> <a href="?serendipity[action]=admin&serendipity[adminModule]=entries&serendipity[adminAction]=<?php echo $action; ?>&serendipity[id]=<?php echo $entries[$x]['id']; ?>" title="#<?php echo $entries[$x]['id']; ?>"> - <?php echo htmlentities(substr(empty($entries[$x]['title']) ? $entries[$x]['body'] : $entries[$x]['title'], 0, 40)); ?> + <?php echo htmlspecialchars(substr(empty($entries[$x]['title']) ? $entries[$x]['body'] : $entries[$x]['title'], 0, 40)); ?> </a> </td> @@ -92,7 +92,7 @@ <br /> <?php if ($entries[$x + $half]['isdraft'] == 'true') echo DRAFT . ':'; ?> <a href="?serendipity[action]=admin&serendipity[adminModule]=entries&serendipity[adminAction]=<?php echo $action; ?>&serendipity[id]=<?php echo $entries[$x + $half]['id']; ?>" title="#<?php echo $entries[$x + $half]['id']; ?>"> - <?php echo htmlentities(substr(empty($entries[$x + $half]['title']) ? $entries[$x + $half]['body'] : $entries[$x + $half]['title'], 0, 40)); ?> + <?php echo htmlspecialchars(substr(empty($entries[$x + $half]['title']) ? $entries[$x + $half]['body'] : $entries[$x + $half]['title'], 0, 40)); ?> </a> <?php } |
