Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[4994] trunk
|
From: <dai...@us...> - 2012-02-29 09:10:47
|
Revision: 4994
http://web-erp.svn.sourceforge.net/web-erp/?rev=4994&view=rev
Author: daintree
Date: 2012-02-29 09:10:35 +0000 (Wed, 29 Feb 2012)
Log Message:
-----------
htmlentities replaced with htmlspecialchars
Modified Paths:
--------------
trunk/AccountGroups.php
trunk/CompanyPreferences.php
trunk/Contracts.php
trunk/GLJournal.php
trunk/InternalStockRequest.php
trunk/PO_AuthoriseMyOrders.php
trunk/PO_Header.php
trunk/PO_Items.php
trunk/PO_PDFPurchOrder.php
trunk/SelectCreditItems.php
trunk/SelectCustomer.php
trunk/SelectOrderItems.php
trunk/SpecialOrder.php
trunk/Z_poEditLangHeader.php
trunk/doc/Change.log
trunk/includes/tcpdf/tcpdf.php
Modified: trunk/AccountGroups.php
===================================================================
--- trunk/AccountGroups.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/AccountGroups.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -256,13 +256,13 @@
break;
} //end of switch statement
- echo '<td>' . htmlentities($myrow['groupname'], ENT_QUOTES,'UTF-8') . '</td>
+ echo '<td>' . htmlspecialchars($myrow['groupname'], ENT_QUOTES,'UTF-8') . '</td>
<td>' . $myrow['sectionname'] . '</td>
<td>' . $myrow['sequenceintb'] . '</td>
<td>' . $PandLText . '</td>
<td>' . $myrow['parentgroupname'] . '</td>';
- echo '<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?SelectedAccountGroup=' . htmlentities($myrow['groupname'], ENT_QUOTES,'UTF-8') . '">' . _('Edit') . '</a></td>';
- echo '<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?SelectedAccountGroup=' . htmlentities($myrow['groupname'], ENT_QUOTES,'UTF-8') . '&delete=1" onclick="return confirm(\'' . _('Are you sure you wish to delete this account group?') . '\');">' . _('Delete') .'</a></td></tr>';
+ echo '<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?SelectedAccountGroup=' . htmlspecialchars($myrow['groupname'], ENT_QUOTES,'UTF-8') . '">' . _('Edit') . '</a></td>';
+ echo '<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?SelectedAccountGroup=' . htmlspecialchars($myrow['groupname'], ENT_QUOTES,'UTF-8') . '&delete=1" onclick="return confirm(\'' . _('Are you sure you wish to delete this account group?') . '\');">' . _('Delete') .'</a></td></tr>';
} //END WHILE LIST LOOP
echo '</table>';
@@ -360,9 +360,9 @@
while ( $grouprow = DB_fetch_array($groupresult) ) {
if (isset($_POST['ParentGroupName']) AND $_POST['ParentGroupName']==$grouprow['groupname']) {
- echo '<option selected="selected" value="'.htmlentities($grouprow['groupname'], ENT_QUOTES,'UTF-8').'">' .htmlentities($grouprow['groupname'], ENT_QUOTES,'UTF-8').'</option>';
+ echo '<option selected="selected" value="'.htmlspecialchars($grouprow['groupname'], ENT_QUOTES,'UTF-8').'">' .htmlspecialchars($grouprow['groupname'], ENT_QUOTES,'UTF-8').'</option>';
} else {
- echo '<option value="'.htmlentities($grouprow['groupname'], ENT_QUOTES,'UTF-8').'">' .htmlentities($grouprow['groupname'], ENT_QUOTES,'UTF-8').'</option>';
+ echo '<option value="'.htmlspecialchars($grouprow['groupname'], ENT_QUOTES,'UTF-8').'">' .htmlspecialchars($grouprow['groupname'], ENT_QUOTES,'UTF-8').'</option>';
}
}
echo '</select>';
Modified: trunk/CompanyPreferences.php
===================================================================
--- trunk/CompanyPreferences.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/CompanyPreferences.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -314,9 +314,9 @@
while ($myrow = DB_fetch_row($result)) {
if ($_POST['DebtorsAct']==$myrow[0]){
- echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
} else {
- echo '<option value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
}
} //end while loop
@@ -331,9 +331,9 @@
while ($myrow = DB_fetch_row($result)) {
if ($_POST['CreditorsAct']==$myrow[0]){
- echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
} else {
- echo '<option value="' . $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option value="' . $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
}
} //end while loop
@@ -348,9 +348,9 @@
while ($myrow = DB_fetch_row($result)) {
if ($_POST['PayrollAct']==$myrow[0]){
- echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
} else {
- echo '<option value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
}
} //end while loop
@@ -365,9 +365,9 @@
while ($myrow = DB_fetch_row($result)) {
if ($_POST['GRNAct']==$myrow[0]){
- echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
} else {
- echo '<option value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
}
} //end while loop
@@ -381,9 +381,9 @@
while ($myrow = DB_fetch_row($result)) {
if ($_POST['RetainedEarnings']==$myrow[0]){
- echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
} else {
- echo '<option value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
}
} //end while loop
@@ -406,9 +406,9 @@
while ($myrow = DB_fetch_row($result)) {
if ($_POST['FreightAct']==$myrow[0]){
- echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
} else {
- echo '<option value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
}
} //end while loop
@@ -423,9 +423,9 @@
while ($myrow = DB_fetch_row($result)) {
if ($_POST['ExchangeDiffAct']==$myrow[0]){
- echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
} else {
- echo '<option value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
}
} //end while loop
@@ -440,9 +440,9 @@
while ($myrow = DB_fetch_row($result)) {
if ($_POST['PurchasesExchangeDiffAct']==$myrow[0]){
- echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
} else {
- echo '<option value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
}
} //end while loop
@@ -457,9 +457,9 @@
while ($myrow = DB_fetch_row($result)) {
if ($_POST['PytDiscountAct']==$myrow[0]){
- echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option selected="selected" value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
} else {
- echo '<option value="'. $myrow[0] . '">' . htmlentities($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
+ echo '<option value="'. $myrow[0] . '">' . htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8') . ' ('.$myrow[0].')</option>';
}
} //end while loop
Modified: trunk/Contracts.php
===================================================================
--- trunk/Contracts.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/Contracts.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -790,13 +790,13 @@
$k=1;
}
if ($LastCustomer != $myrow['name']) {
- echo '<td>'.htmlentities($myrow['name'], ENT_QUOTES,'UTF-8').'</td>';
+ echo '<td>'.htmlspecialchars($myrow['name'], ENT_QUOTES,'UTF-8').'</td>';
} else {
echo '<td></td>';
}
- echo '<td><input tabindex="'.($j+5).'" type="submit" name="SubmitCustomerSelection' . $j .'" value="'.htmlentities($myrow['brname'], ENT_QUOTES,'UTF-8').'" /></td>
+ echo '<td><input tabindex="'.($j+5).'" type="submit" name="SubmitCustomerSelection' . $j .'" value="'.htmlspecialchars($myrow['brname'], ENT_QUOTES,'UTF-8').'" /></td>
<input type="hidden" name="SelectedCustomer' . $j .'" value="'.$myrow['debtorno'].' - '.$myrow['branchcode'].'" />
- <td>'.htmlentities($myrow['contactname'], ENT_QUOTES,'UTF-8') .'</td>
+ <td>'.htmlspecialchars($myrow['contactname'], ENT_QUOTES,'UTF-8') .'</td>
<td>'.$myrow['phoneno'].'</td>
<td>'.$myrow['faxno'].'</td>
</tr>';
Modified: trunk/GLJournal.php
===================================================================
--- trunk/GLJournal.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/GLJournal.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -330,9 +330,9 @@
echo '<option value="">' . _('Select a general ledger account code') . '</option>';
while ($myrow=DB_fetch_array($result)){
if (isset($_POST['tag']) and $_POST['tag']==$myrow['accountcode']){
- echo '<option selected="selected" value="' . $myrow['accountcode'] . '">' . $myrow['accountcode'].' - ' .htmlentities($myrow['accountname'], ENT_QUOTES,'UTF-8') . '</option>';
+ echo '<option selected="selected" value="' . $myrow['accountcode'] . '">' . $myrow['accountcode'].' - ' .htmlspecialchars($myrow['accountname'], ENT_QUOTES,'UTF-8') . '</option>';
} else {
- echo '<option value="' . $myrow['accountcode'] . '">' . $myrow['accountcode'].' - ' .htmlentities($myrow['accountname'], ENT_QUOTES,'UTF-8') .'</option>';
+ echo '<option value="' . $myrow['accountcode'] . '">' . $myrow['accountcode'].' - ' .htmlspecialchars($myrow['accountname'], ENT_QUOTES,'UTF-8') .'</option>';
}
}
echo '</select></td>';
Modified: trunk/InternalStockRequest.php
===================================================================
--- trunk/InternalStockRequest.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/InternalStockRequest.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -174,9 +174,9 @@
<option value="">' . _('Select your department') . '</option>';
while ($myrow=DB_fetch_array($result)){
if (isset($_SESSION['Request']->Department) AND $_SESSION['Request']->Department==$myrow['departmentid']){
- echo '<option selected="True" value="' . $myrow['departmentid'] . '">' . $myrow['departmentid'].' - ' .htmlentities($myrow['description'], ENT_QUOTES,'UTF-8') . '</option>';
+ echo '<option selected="True" value="' . $myrow['departmentid'] . '">' . $myrow['departmentid'].' - ' .htmlspecialchars($myrow['description'], ENT_QUOTES,'UTF-8') . '</option>';
} else {
- echo '<option value="' . $myrow['departmentid'] . '">' . $myrow['departmentid'].' - ' .htmlentities($myrow['description'], ENT_QUOTES,'UTF-8') . '</option>';
+ echo '<option value="' . $myrow['departmentid'] . '">' . $myrow['departmentid'].' - ' .htmlspecialchars($myrow['description'], ENT_QUOTES,'UTF-8') . '</option>';
}
}
echo '</select></td>
@@ -193,9 +193,9 @@
<option value="">' . _('Select a Location') . '</option>';
while ($myrow=DB_fetch_array($result)){
if (isset($_SESSION['Request']->Location) AND $_SESSION['Request']->Location==$myrow['loccode']){
- echo '<option selected="True" value="' . $myrow['loccode'] . '">' . $myrow['loccode'].' - ' .htmlentities($myrow['locationname'], ENT_QUOTES,'UTF-8') . '</option>';
+ echo '<option selected="True" value="' . $myrow['loccode'] . '">' . $myrow['loccode'].' - ' .htmlspecialchars($myrow['locationname'], ENT_QUOTES,'UTF-8') . '</option>';
} else {
- echo '<option value="' . $myrow['loccode'] . '">' . $myrow['loccode'].' - ' .htmlentities($myrow['locationname'], ENT_QUOTES,'UTF-8') . '</option>';
+ echo '<option value="' . $myrow['loccode'] . '">' . $myrow['loccode'].' - ' .htmlspecialchars($myrow['locationname'], ENT_QUOTES,'UTF-8') . '</option>';
}
}
echo '</select></td>
Modified: trunk/PO_AuthoriseMyOrders.php
===================================================================
--- trunk/PO_AuthoriseMyOrders.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/PO_AuthoriseMyOrders.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -94,7 +94,7 @@
<option value="Cancelled">'._('Cancelled').'</option>
</select></td>
</tr>';
- echo '<input type="hidden" name="comment" value="' . htmlentities($myrow['stat_comment'], ENT_QUOTES,'UTF-8') . '" />';
+ echo '<input type="hidden" name="comment" value="' . htmlspecialchars($myrow['stat_comment'], ENT_QUOTES,'UTF-8') . '" />';
$LineSQL="SELECT purchorderdetails.*,
stockmaster.description,
stockmaster.decimalplaces
Modified: trunk/PO_Header.php
===================================================================
--- trunk/PO_Header.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/PO_Header.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -844,7 +844,7 @@
<td colspan="2">' . html_entity_decode($_SESSION['PO'.$identifier]->StatusComments, ENT_QUOTES,'UTF-8') .'</td>
</tr>';
- echo '<input type="hidden" name="StatusCommentsComplete" value="' . htmlentities($_SESSION['PO'.$identifier]->StatusComments, ENT_QUOTES,'UTF-8') .'" />';
+ echo '<input type="hidden" name="StatusCommentsComplete" value="' . htmlspecialchars($_SESSION['PO'.$identifier]->StatusComments, ENT_QUOTES,'UTF-8') .'" />';
echo '<tr><td><input type="submit" name="UpdateStatus" value="' . _('Status Update') .'" /></td>';
} //end its not a new order
Modified: trunk/PO_Items.php
===================================================================
--- trunk/PO_Items.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/PO_Items.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -184,7 +184,7 @@
'" . Date('Y-m-d') . "',
'" . $_SESSION['PO'.$identifier]->DeliveryBy . "',
'" . $_SESSION['PO'.$identifier]->Status . "',
- '" . htmlentities($StatusComment,ENT_QUOTES,'UTF-8') . "',
+ '" . htmlspecialchars($StatusComment,ENT_QUOTES,'UTF-8') . "',
'" . FormatDateForSQL($_SESSION['PO'.$identifier]->DeliveryDate) . "',
'" . $_SESSION['PO'.$identifier]->PaymentTerms. "',
'" . $_SESSION['PO'.$identifier]->AllowPrintPO . "' )";
@@ -277,7 +277,7 @@
paymentterms='" . $_SESSION['PO'.$identifier]->PaymentTerms . "',
allowprint='" . $_SESSION['PO'.$identifier]->AllowPrintPO . "',
status = '" . $_SESSION['PO'.$identifier]->Status . "',
- stat_comment = '" . htmlentities($_SESSION['PO'.$identifier]->StatusComments,ENT_QUOTES,'UTF-8') . "'
+ stat_comment = '" . htmlspecialchars($_SESSION['PO'.$identifier]->StatusComments,ENT_QUOTES,'UTF-8') . "'
WHERE orderno = '" . $_SESSION['PO'.$identifier]->OrderNo ."'";
$ErrMsg = _('The purchase order could not be updated because');
Modified: trunk/PO_PDFPurchOrder.php
===================================================================
--- trunk/PO_PDFPurchOrder.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/PO_PDFPurchOrder.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -340,7 +340,7 @@
$sql = "UPDATE purchorders SET allowprint = 0,
dateprinted = '" . Date('Y-m-d') . "',
status = 'Printed',
- stat_comment = '" . htmlentities($StatusComment,ENT_QUOTES,'UTF-8') . "'
+ stat_comment = '" . htmlspecialchars($StatusComment,ENT_QUOTES,'UTF-8') . "'
WHERE purchorders.orderno = '" . $OrderNo ."'";
$result = DB_query($sql,$db);
}
Modified: trunk/SelectCreditItems.php
===================================================================
--- trunk/SelectCreditItems.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/SelectCreditItems.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -261,7 +261,7 @@
} else {
echo '<td></td>';
}
- echo '<td><input tabindex="'.($j+5).'" type="submit" name="SubmitCustomerSelection' . $j .'" value="' . htmlentities($myrow['brname'], ENT_QUOTES,'UTF-8'). '" /></td>
+ echo '<td><input tabindex="'.($j+5).'" type="submit" name="SubmitCustomerSelection' . $j .'" value="' . htmlspecialchars($myrow['brname'], ENT_QUOTES,'UTF-8'). '" /></td>
<input type="hidden" name="SelectedCustomer' . $j .'" value="'.$myrow['debtorno'].'" />
<input type="hidden" name="SelectedBranch' . $j .'" value="'. $myrow['branchcode'].'" />
<td>'.$myrow['contactname'].'</td>
Modified: trunk/SelectCustomer.php
===================================================================
--- trunk/SelectCustomer.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/SelectCustomer.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -447,7 +447,7 @@
echo '<tr class="OddTableRows">';
$k = 1;
}
- echo '<td><font size="1"><input type="submit" name="SubmitCustomerSelection' . $i .'" value="' . htmlentities($myrow['debtorno'].' '.$myrow['branchcode'],ENT_QUOTES,'UTF-8') . '" /></font></td>
+ echo '<td><font size="1"><input type="submit" name="SubmitCustomerSelection' . $i .'" value="' . htmlspecialchars($myrow['debtorno'].' '.$myrow['branchcode'],ENT_QUOTES,'UTF-8') . '" /></font></td>
<input type="hidden" name="SelectedCustomer' . $i . '" value="'.$myrow['debtorno'].'" />
<input type="hidden" name="SelectedBranch' . $i . '" value="'. $myrow['branchcode'].'" />
<td><font size="1">' . $myrow['name'] . '</font></td>
Modified: trunk/SelectOrderItems.php
===================================================================
--- trunk/SelectOrderItems.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/SelectOrderItems.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -627,7 +627,7 @@
} else {
echo '<td></td>';
}
- echo '<td><input tabindex="'.strval($j+5).'" type="submit" name="SubmitCustomerSelection' . $j .'" value="' . htmlentities($myrow['brname'], ENT_QUOTES,'UTF-8'). '" /></td>
+ echo '<td><input tabindex="'.strval($j+5).'" type="submit" name="SubmitCustomerSelection' . $j .'" value="' . htmlspecialchars($myrow['brname'], ENT_QUOTES,'UTF-8'). '" /></td>
<input type="hidden" name="SelectedCustomer' . $j .'" value="'.$myrow['debtorno'].'" />
<input type="hidden" name="SelectedBranch' . $j .'" value="'. $myrow['branchcode'].'" />
<td>'.$myrow['contactname'].'</td>
Modified: trunk/SpecialOrder.php
===================================================================
--- trunk/SpecialOrder.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/SpecialOrder.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -380,7 +380,7 @@
'" . $StkLocAddress['deladd6'] . "',
'" . $StkLocAddress['contact'] . "',
'" . $_SESSION['SPL'.$identifier]->Status . "',
- '" . htmlentities($StatusComment, ENT_QUOTES,'UTF-8') . "',
+ '" . htmlspecialchars($StatusComment, ENT_QUOTES,'UTF-8') . "',
'" . $_SESSION['SPL'.$identifier]->AllowPrintPO . "',
'" . Date('Y-m-d') . "',
'" . Date('Y-m-d') . "')";
Modified: trunk/Z_poEditLangHeader.php
===================================================================
--- trunk/Z_poEditLangHeader.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/Z_poEditLangHeader.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -98,7 +98,7 @@
echo '<tr>';
echo '<td>' . _('Header Line') . ' # ' . $i . '</td>';
- echo '<td><input type="text" size="80" name="Header_' . $i . '" value="' . htmlentities($LanguageHeader[$i]) . '" /></td>';
+ echo '<td><input type="text" size="80" name="Header_' . $i . '" value="' . htmlspecialchars($LanguageHeader[$i]) . '" /></td>';
echo '</tr>';
}
Modified: trunk/doc/Change.log
===================================================================
--- trunk/doc/Change.log 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/doc/Change.log 2012-02-29 09:10:35 UTC (rev 4994)
@@ -38,7 +38,7 @@
28/1/12 Ahmed.Fawzy: StockCategories.php fixes for numericvalue not displaying and errored with "minimum value is not numeric"
28/1/12 Phil: ConfirmDispatch_Invoice.php corrected link to ConfirmDispatchControlled_Invoice.php to send $identifier to get the correct session variable containing the order to invoice
28/1/12 Tim: SpecialOrder.php added $identifier to session class variable to avoid overlapping sessions in multiple tabs.
-27/1/12 Phil: PO_AuthoriseMyOrders.php fixed html in hidden $_POST['StatusComments'] by using htmlentities($_POST['StatusComments'])
+27/1/12 Phil: PO_AuthoriseMyOrders.php fixed html in hidden $_POST['StatusComments'] by using htmlspecialchars($_POST['StatusComments'])
25/1/12 Vitaly: Added quotes and missing closing tags in multiple files
24/1/12 Vitaly: Added quotes to attributes in multiple files and changed option selected to selected="selected".
23/1/12 Vitaly: Added quotes to attributes in multiple files.
Modified: trunk/includes/tcpdf/tcpdf.php
===================================================================
--- trunk/includes/tcpdf/tcpdf.php 2012-02-29 09:05:57 UTC (rev 4993)
+++ trunk/includes/tcpdf/tcpdf.php 2012-02-29 09:10:35 UTC (rev 4994)
@@ -6353,7 +6353,7 @@
case 'link': {
if(is_string($pl['txt'])) {
// external URI link
- $annots .= ' /A <</S /URI /URI '.$this->_dataannobjstring($this->unhtmlentities($pl['txt'])).'>>';
+ $annots .= ' /A <</S /URI /URI '.$this->_dataannobjstring($this->unhtmlspecialchars($pl['txt'])).'>>';
} else {
// internal link
$l = $this->links[$pl['txt']];
@@ -8312,7 +8312,7 @@
* @return string converted
* @access public
*/
- public function unhtmlentities($text_to_convert) {
+ public function unhtmlspecialchars($text_to_convert) {
return html_entity_decode($text_to_convert, ENT_QUOTES, $this->encoding);
}
@@ -13860,7 +13860,7 @@
// text
$dom[$key]['tag'] = false;
$dom[$key]['block'] = false;
- $dom[$key]['value'] = stripslashes($this->unhtmlentities($element));
+ $dom[$key]['value'] = stripslashes($this->unhtmlspecialchars($element));
$dom[$key]['parent'] = end($level);
}
++$elkey;
@@ -17572,7 +17572,7 @@
*/
public function hyphenateText($text, $patterns, $dictionary=array(), $leftmin=1, $rightmin=2, $charmin=1, $charmax=8) {
global $unicode;
- $text = $this->unhtmlentities($text);
+ $text = $this->unhtmlspecialchars($text);
$word = array(); // last word
$txtarr = array(); // text to be returned
$intag = false; // true if we are inside an HTML tag
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
