Introduce serendipity_specialchars-wrapper for encoding bug (#236)
PHP 5.4 sets UTF-8 as the default for htmlspecialchars, htmlentities and html_entity_decode. The first two will echo an empty string when given a string with umlauts. This commits introduces serendipity_specialchar-wrapper that are meant to be a temporary solution for the s9y-core until PHP 5.6 fixed the bug, so the native charset option of s9y continues to work.
This commit is contained in:
onli
@ -51,7 +51,7 @@ if (isset($_POST['SAVE']) && serendipity_checkFormToken()) {
|
||||
if (is_array($r)) {
|
||||
$r = serendipity_db_query("SELECT category_name FROM {$serendipity['dbPrefix']}category
|
||||
WHERE categoryid = ". (int)$parentid);
|
||||
$data['subcat'] = sprintf(ALREADY_SUBCATEGORY, htmlspecialchars($r[0]['category_name']), htmlspecialchars($name));
|
||||
$data['subcat'] = sprintf(ALREADY_SUBCATEGORY, serendipity_specialchars($r[0]['category_name']), serendipity_specialchars($name));
|
||||
} else {
|
||||
serendipity_updateCategory($serendipity['GET']['cid'], $name, $desc, $authorid, $icon, $parentid, $serendipity['POST']['cat']['sort_order'], $serendipity['POST']['cat']['hide_sub'], $admin_category);
|
||||
serendipity_ACLGrant($serendipity['GET']['cid'], 'category', 'read', $serendipity['POST']['cat']['read_authors']);
|
||||
|
||||
@ -206,7 +206,7 @@ $filters = array('author', 'email', 'ip', 'url', 'body', 'referer');
|
||||
/* Compress the filters into an "AND" SQL query, and a querystring */
|
||||
foreach ($filters as $filter) {
|
||||
$and .= (!empty($serendipity['GET']['filter'][$filter]) ? "AND c.". $filter ." LIKE '%". serendipity_db_escape_string($serendipity['GET']['filter'][$filter]) ."%'" : "");
|
||||
$searchString .= (!empty($serendipity['GET']['filter'][$filter]) ? "&serendipity[filter][". $filter ."]=". htmlspecialchars($serendipity['GET']['filter'][$filter]) : "");
|
||||
$searchString .= (!empty($serendipity['GET']['filter'][$filter]) ? "&serendipity[filter][". $filter ."]=". serendipity_specialchars($serendipity['GET']['filter'][$filter]) : "");
|
||||
}
|
||||
|
||||
if ($serendipity['GET']['filter']['show'] == 'approved') {
|
||||
@ -330,11 +330,11 @@ if(is_array($sql)) {
|
||||
$comment['excerpt'] = true;
|
||||
|
||||
// When summary is not the full body, strip HTML tags from summary, as it might break and leave unclosed HTML.
|
||||
$comment['fullBody'] = nl2br(htmlspecialchars($comment['fullBody']));
|
||||
$comment['fullBody'] = nl2br(serendipity_specialchars($comment['fullBody']));
|
||||
$comment['summary'] = nl2br(strip_tags($comment['summary']));
|
||||
} else {
|
||||
$comment['excerpt'] = false;
|
||||
$comment['fullBody'] = $comment['summary'] = nl2br(htmlspecialchars($comment['fullBody']));
|
||||
$comment['fullBody'] = $comment['summary'] = nl2br(serendipity_specialchars($comment['fullBody']));
|
||||
}
|
||||
|
||||
serendipity_plugin_api::hook_event('backend_view_comment', $comment, '&serendipity[page]='. $page . $searchString);
|
||||
|
||||
@ -173,7 +173,7 @@ switch($serendipity['GET']['adminAction']) {
|
||||
'serendipity[action]' => 'admin',
|
||||
'serendipity[adminModule]' => 'entries',
|
||||
'serendipity[adminAction]' => 'save',
|
||||
'serendipity[timestamp]' => htmlspecialchars($entry['timestamp'])
|
||||
'serendipity[timestamp]' => serendipity_specialchars($entry['timestamp'])
|
||||
),
|
||||
$entry,
|
||||
$errors
|
||||
@ -191,7 +191,7 @@ switch($serendipity['GET']['adminAction']) {
|
||||
serendipity_deleteEntry((int)$serendipity['GET']['id']);
|
||||
$data['switched_output'] = true;
|
||||
$data['is_doDelete'] = true;
|
||||
$data['del_entry'] = sprintf(RIP_ENTRY, $entry['id'] . ' - ' . htmlspecialchars($entry['title']));
|
||||
$data['del_entry'] = sprintf(RIP_ENTRY, $entry['id'] . ' - ' . serendipity_specialchars($entry['title']));
|
||||
|
||||
case 'doMultiDelete':
|
||||
if ($serendipity['GET']['adminAction'] != 'doDelete') {
|
||||
@ -208,7 +208,7 @@ switch($serendipity['GET']['adminAction']) {
|
||||
$entry = serendipity_fetchEntry('id', $id, 1, 1);
|
||||
serendipity_deleteEntry((int)$id);
|
||||
$data['is_doMultiDelete'] = true;
|
||||
$data['del_entry'][] = sprintf(RIP_ENTRY, $entry['id'] . ' - ' . htmlspecialchars($entry['title']));
|
||||
$data['del_entry'][] = sprintf(RIP_ENTRY, $entry['id'] . ' - ' . serendipity_specialchars($entry['title']));
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -327,13 +327,13 @@ switch($serendipity['GET']['adminAction']) {
|
||||
|
||||
$smartentries[] = array(
|
||||
'id' => $ey['id'],
|
||||
'title' => htmlspecialchars($ey['title']),
|
||||
'title' => serendipity_specialchars($ey['title']),
|
||||
'timestamp' => (int)$ey['timestamp'],
|
||||
'last_modified' => (int)$ey['last_modified'],
|
||||
'isdraft' => serendipity_db_bool($ey['isdraft']),
|
||||
'ep_is_sticky' => (serendipity_db_bool($ey['properties']['ep_is_sticky']) ? true : false),
|
||||
'pubdate' => date("c", (int)$ey['timestamp']),
|
||||
'author' => htmlspecialchars($ey['author']),
|
||||
'author' => serendipity_specialchars($ey['author']),
|
||||
'cats' => $entry_cats,
|
||||
'preview' => ((serendipity_db_bool($ey['isdraft']) || (!$serendipity['showFutureEntries'] && $ey['timestamp'] >= serendipity_serverOffsetHour())) ? true : false),
|
||||
'archive_link' => serendipity_archiveURL($ey['id'], $ey['title'], 'serendipityHTTPPath', true, array('timestamp' => $ey['timestamp'])),
|
||||
@ -365,7 +365,7 @@ switch($serendipity['GET']['adminAction']) {
|
||||
$data['is_delete'] = true;
|
||||
$data['newLoc'] = $newLoc;
|
||||
// for smartification printf had to turn into sprintf!!
|
||||
$data['rip_entry'] = sprintf(DELETE_SURE, $entry['id'] . ' - ' . htmlspecialchars($entry['title']));
|
||||
$data['rip_entry'] = sprintf(DELETE_SURE, $entry['id'] . ' - ' . serendipity_specialchars($entry['title']));
|
||||
break;
|
||||
|
||||
case 'multidelete':
|
||||
@ -379,7 +379,7 @@ switch($serendipity['GET']['adminAction']) {
|
||||
$ids .= (int)$id . ',';
|
||||
$entry = serendipity_fetchEntry('id', $id, 1, 1);
|
||||
$data['is_multidelete'] = true;
|
||||
$data['rip_entry'][] = sprintf(DELETE_SURE, $entry['id'] . ' - ' . htmlspecialchars($entry['title']));
|
||||
$data['rip_entry'][] = sprintf(DELETE_SURE, $entry['id'] . ' - ' . serendipity_specialchars($entry['title']));
|
||||
}
|
||||
$newLoc = '?' . serendipity_setFormToken('url') . '&serendipity[action]=admin&serendipity[adminModule]=entries&serendipity[adminAction]=doMultiDelete&serendipity[id]=' . $ids;
|
||||
$data['switched_output'] = true;
|
||||
|
||||
@ -81,7 +81,7 @@ switch ($serendipity['GET']['adminAction']) {
|
||||
if ($id > 0) {
|
||||
$image = serendipity_fetchImageFromDatabase($id);
|
||||
$messages[] = serendipity_deleteImage((int)$id);
|
||||
$messages[] = sprintf(RIP_ENTRY, $image['id'] . ' - ' . htmlspecialchars($image['realname']));
|
||||
$messages[] = sprintf(RIP_ENTRY, $image['id'] . ' - ' . serendipity_specialchars($image['realname']));
|
||||
}
|
||||
}
|
||||
$data['showML'] = showMediaLibrary();
|
||||
@ -118,7 +118,7 @@ switch ($serendipity['GET']['adminAction']) {
|
||||
foreach($serendipity['POST']['multiDelete'] AS $idx => $id) {
|
||||
$ids .= (int)$id . ',';
|
||||
$image = serendipity_fetchImageFromDatabase($id);
|
||||
$data['rip_image'][] = sprintf(DELETE_SURE, $image['id'] . ' - ' . htmlspecialchars($image['realname']));
|
||||
$data['rip_image'][] = sprintf(DELETE_SURE, $image['id'] . ' - ' . serendipity_specialchars($image['realname']));
|
||||
}
|
||||
if (!isset($serendipity['adminFile'])) {
|
||||
$serendipity['adminFile'] = 'serendipity_admin.php';
|
||||
@ -172,7 +172,7 @@ switch ($serendipity['GET']['adminAction']) {
|
||||
|
||||
$new_media = array();
|
||||
|
||||
$serendipity['POST']['imageurl'] = htmlspecialchars($serendipity['POST']['imageurl']);
|
||||
$serendipity['POST']['imageurl'] = serendipity_specialchars($serendipity['POST']['imageurl']);
|
||||
|
||||
// First find out whether to fetch a file or accept an upload
|
||||
if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') {
|
||||
@ -439,7 +439,7 @@ switch ($serendipity['GET']['adminAction']) {
|
||||
$data['groups'] = $groups;
|
||||
$data['use_dir'] = $use_dir;
|
||||
$data['formtoken'] = serendipity_setFormToken();
|
||||
$data['dir'] = htmlspecialchars($serendipity['GET']['dir']);
|
||||
$data['dir'] = serendipity_specialchars($serendipity['GET']['dir']);
|
||||
$data['rgroups'] = (isset($read_groups[0]) ? true : false);
|
||||
$data['wgroups'] = (isset($write_groups[0]) ? true : false);
|
||||
$data['read_groups'] = $read_groups;
|
||||
@ -451,9 +451,9 @@ switch ($serendipity['GET']['adminAction']) {
|
||||
return;
|
||||
}
|
||||
$data['case_directoryDelete'] = true;
|
||||
$data['dir'] = htmlspecialchars($serendipity['GET']['dir']);
|
||||
$data['dir'] = serendipity_specialchars($serendipity['GET']['dir']);
|
||||
$data['formtoken'] = serendipity_setFormToken();
|
||||
$data['basename_dir'] = basename(htmlspecialchars($serendipity['GET']['dir']));
|
||||
$data['basename_dir'] = basename(serendipity_specialchars($serendipity['GET']['dir']));
|
||||
break;
|
||||
|
||||
case 'directoryDoCreate':
|
||||
@ -557,7 +557,7 @@ switch ($serendipity['GET']['adminAction']) {
|
||||
if (isset($image_selector_addvars) && is_array($image_selector_addvars)) {
|
||||
// These variables may come from serendipity_admin_image_selector.php to show embedded upload form
|
||||
foreach($image_selector_addvars AS $imgsel_key => $imgsel_val) {
|
||||
$form_hidden .= ' <input type="hidden" name="serendipity[' . htmlspecialchars($imgsel_key) . ']" value="' . htmlspecialchars($imgsel_val) . '" />' . "\n";
|
||||
$form_hidden .= ' <input type="hidden" name="serendipity[' . serendipity_specialchars($imgsel_key) . ']" value="' . serendipity_specialchars($imgsel_val) . '" />' . "\n";
|
||||
}
|
||||
}
|
||||
|
||||
@ -584,7 +584,7 @@ switch ($serendipity['GET']['adminAction']) {
|
||||
}
|
||||
|
||||
if (empty($serendipity['adminFile_redirect'])) {
|
||||
$serendipity['adminFile_redirect'] = htmlspecialchars($_SERVER['HTTP_REFERER']);
|
||||
$serendipity['adminFile_redirect'] = serendipity_specialchars($_SERVER['HTTP_REFERER']);
|
||||
}
|
||||
|
||||
$data['case_rotateCW'] = true;
|
||||
@ -601,7 +601,7 @@ switch ($serendipity['GET']['adminAction']) {
|
||||
}
|
||||
|
||||
if (empty($serendipity['adminFile_redirect'])) {
|
||||
$serendipity['adminFile_redirect'] = htmlspecialchars($_SERVER['HTTP_REFERER']);
|
||||
$serendipity['adminFile_redirect'] = serendipity_specialchars($_SERVER['HTTP_REFERER']);
|
||||
}
|
||||
|
||||
$data['case_rotateCCW'] = true;
|
||||
@ -641,7 +641,7 @@ switch ($serendipity['GET']['adminAction']) {
|
||||
$data['img_width'] = $s[0];
|
||||
$data['img_height'] = $s[1];
|
||||
|
||||
$data['print_RESIZE_BLAHBLAH'] = sprintf(RESIZE_BLAHBLAH, htmlspecialchars($serendipity['GET']['fname']));
|
||||
$data['print_RESIZE_BLAHBLAH'] = sprintf(RESIZE_BLAHBLAH, serendipity_specialchars($serendipity['GET']['fname']));
|
||||
$data['print_ORIGINAL_SIZE'] = sprintf(ORIGINAL_SIZE, $s[0],$s[1]);
|
||||
$data['formtoken'] = serendipity_setFormToken();
|
||||
$data['file'] = $serendipity['uploadHTTPPath'] . $file['path'] . $file['name'] .($file['extension'] ? '.'. $file['extension'] : "");
|
||||
@ -661,7 +661,7 @@ switch ($serendipity['GET']['adminAction']) {
|
||||
serendipity_plugin_api::hook_event('media_getproperties_cached', $media['file']['props']['base_metadata'], $media['file']['realfile']);
|
||||
|
||||
if ($file['is_image']) {
|
||||
$file['finishJSFunction'] = $file['origfinishJSFunction'] = 'serendipity.serendipity_imageSelector_done(\'' . htmlspecialchars($serendipity['GET']['textarea']) . '\')';
|
||||
$file['finishJSFunction'] = $file['origfinishJSFunction'] = 'serendipity.serendipity_imageSelector_done(\'' . serendipity_specialchars($serendipity['GET']['textarea']) . '\')';
|
||||
|
||||
if (!empty($serendipity['GET']['filename_only']) && $serendipity['GET']['filename_only'] !== 'true') {
|
||||
$file['fast_select'] = true;
|
||||
|
||||
@ -81,7 +81,7 @@ class Serendipity_Import_b2evolution extends Serendipity_Import {
|
||||
|
||||
$b2db = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$b2db) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'])) {
|
||||
|
||||
@ -83,7 +83,7 @@ class Serendipity_Import_bblog extends Serendipity_Import {
|
||||
|
||||
$bblogdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$bblogdb) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'])) {
|
||||
|
||||
@ -81,7 +81,7 @@ class Serendipity_Import_bmachine extends Serendipity_Import {
|
||||
|
||||
$txpdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$txpdb) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'])) {
|
||||
|
||||
@ -87,7 +87,7 @@ class Serendipity_Import_geeklog extends Serendipity_Import {
|
||||
|
||||
$gdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$gdb) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'])) {
|
||||
|
||||
@ -146,7 +146,7 @@ class Serendipity_Import_Generic extends Serendipity_Import {
|
||||
|
||||
if (PEAR::isError($res) || $req->getResponseCode() != '200') {
|
||||
serendipity_request_end();
|
||||
echo '<span class="block_level">' . IMPORT_FAILED . ': ' . htmlspecialchars($this->data['url']) . '</span>';
|
||||
echo '<span class="block_level">' . IMPORT_FAILED . ': ' . serendipity_specialchars($this->data['url']) . '</span>';
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -198,7 +198,7 @@ class Serendipity_Import_Generic extends Serendipity_Import {
|
||||
'category_left' => 0,
|
||||
'category_right' => 0);
|
||||
echo '<span class="block_level">';
|
||||
printf(CREATE_CATEGORY, htmlspecialchars($cat_name));
|
||||
printf(CREATE_CATEGORY, serendipity_specialchars($cat_name));
|
||||
echo "</span>";
|
||||
if ($dry_run) {
|
||||
$s9y_cat[$cat_name] = time();
|
||||
@ -256,7 +256,7 @@ class Serendipity_Import_Generic extends Serendipity_Import {
|
||||
$s9y_users[$wp_user]['authorid'] = serendipity_addAuthor($wp_user, md5(time()), $wp_user, '', USERLEVEL_EDITOR);
|
||||
}
|
||||
echo '<span class="block_level">';
|
||||
printf(CREATE_AUTHOR, htmlspecialchars($wp_user));
|
||||
printf(CREATE_AUTHOR, serendipity_specialchars($wp_user));
|
||||
echo "</span>";
|
||||
}
|
||||
|
||||
@ -312,7 +312,7 @@ class Serendipity_Import_Generic extends Serendipity_Import {
|
||||
$s9y_cid[$c_id] = $cid;
|
||||
}
|
||||
|
||||
echo "<span class='msg_notice'>Entry '" . htmlspecialchars($entry['title']) . "' ($c_i comments) imported.</span>";
|
||||
echo "<span class='msg_notice'>Entry '" . serendipity_specialchars($entry['title']) . "' ($c_i comments) imported.</span>";
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -81,7 +81,7 @@ class Serendipity_Import_lifetype extends Serendipity_Import {
|
||||
|
||||
$ltdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$ltdb) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'])) {
|
||||
|
||||
@ -201,7 +201,7 @@ class Serendipity_Import_LiveJournalXML extends Serendipity_Import {
|
||||
global $serendipity;
|
||||
|
||||
if (!file_exists($this->data['url'])) {
|
||||
printf(FILE_NOT_FOUND, htmlspecialchars($this->data['url']));
|
||||
printf(FILE_NOT_FOUND, serendipity_specialchars($this->data['url']));
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -252,7 +252,7 @@ class Serendipity_Import_LiveJournalXML extends Serendipity_Import {
|
||||
}
|
||||
}
|
||||
$id = serendipity_updertEntry($new_entry);
|
||||
echo '<span class="msg_notice">Inserted entry #' . $id . ', "' . htmlspecialchars($new_entry['title']) . '"</span>';
|
||||
echo '<span class="msg_notice">Inserted entry #' . $id . ', "' . serendipity_specialchars($new_entry['title']) . '"</span>';
|
||||
if (is_array($new_entry['comments'])) {
|
||||
$cid_map = array();
|
||||
$jids = array();
|
||||
|
||||
@ -138,7 +138,7 @@ class Serendipity_Import_MovableType extends Serendipity_Import {
|
||||
if ( !isset($authors[$data]) ) {
|
||||
$au_inf = serendipity_fetchAuthor($data);
|
||||
if ( !is_array($au_inf) ) {
|
||||
$tasks[] = sprintf(CREATE_AUTHOR, htmlspecialchars($data));
|
||||
$tasks[] = sprintf(CREATE_AUTHOR, serendipity_specialchars($data));
|
||||
$tasks[] = '<ul class="plainList"><li>Input array is: ' . print_r($data, true) . '</li><<li>Return is: ' . print_r($au_inf, true) . '</li></ul>';
|
||||
$au_inf = serendipity_fetchAuthor($serendipity['authorid']);
|
||||
}
|
||||
@ -197,7 +197,7 @@ class Serendipity_Import_MovableType extends Serendipity_Import {
|
||||
$entry['categories'][] = $this->categories[$y]['categoryid'];
|
||||
}
|
||||
} else {
|
||||
$tasks[] = sprintf(CREATE_CATEGORY, htmlspecialchars($data));
|
||||
$tasks[] = sprintf(CREATE_CATEGORY, serendipity_specialchars($data));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -84,7 +84,7 @@ class Serendipity_Import_Nucleus extends Serendipity_Import {
|
||||
|
||||
$nucdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$nucdb) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'])) {
|
||||
|
||||
@ -81,7 +81,7 @@ class Serendipity_Import_nuke extends Serendipity_Import {
|
||||
|
||||
$nukedb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$nukedb) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'])) {
|
||||
|
||||
@ -125,7 +125,7 @@ ENDPOST
|
||||
# locate the post title
|
||||
if (preg_match("/TITLE:(.*)/", $post, $title)) {
|
||||
$title = trim($title[1]);
|
||||
echo "<b class='block_level'>" . htmlspecialchars($title) . "</b>";
|
||||
echo "<b class='block_level'>" . serendipity_specialchars($title) . "</b>";
|
||||
} else {
|
||||
$title = "";
|
||||
echo "<b class='block_level'>Empty title</b>";
|
||||
@ -134,7 +134,7 @@ ENDPOST
|
||||
# locate the post author
|
||||
if (preg_match("/AUTHOR:(.*)/", $post, $author)) {
|
||||
$author = trim($author[1]);
|
||||
echo "<em class='block_level'>" . htmlspecialchars($author[1]) . "</em>";
|
||||
echo "<em class='block_level'>" . serendipity_specialchars($author[1]) . "</em>";
|
||||
} else {
|
||||
$author = "";
|
||||
echo "<em class='block_level'>Unknown author</em>";
|
||||
@ -143,7 +143,7 @@ ENDPOST
|
||||
# locate the post date
|
||||
if (preg_match("/DATE:(.*)/", $post, $date)) {
|
||||
$date = strtotime(trim($date[1]));
|
||||
echo "<span class='block_level'>Posted on " . htmlspecialchars($date[1]) . ".</span>";
|
||||
echo "<span class='block_level'>Posted on " . serendipity_specialchars($date[1]) . ".</span>";
|
||||
} else {
|
||||
$date = time();
|
||||
echo "<span class='block_level'>Unknown posting time.</span>";
|
||||
|
||||
@ -83,7 +83,7 @@ class Serendipity_Import_phpbb extends Serendipity_Import {
|
||||
|
||||
$gdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$gdb) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'])) {
|
||||
|
||||
@ -69,7 +69,7 @@ class Serendipity_Import_Pivot extends Serendipity_Import {
|
||||
if (!is_dir($this->data['pivot_path']) || !is_readable($this->data['pivot_path'])) {
|
||||
$check_dir = $serendipity['serendipityPath'] . $this->data['pivot_path'];
|
||||
if (!is_dir($check_dir) || !is_readable($check_dir)) {
|
||||
return sprintf(ERROR_NO_DIRECTORY, htmlspecialchars($this->data['pivot_path']));
|
||||
return sprintf(ERROR_NO_DIRECTORY, serendipity_specialchars($this->data['pivot_path']));
|
||||
}
|
||||
$this->data['pivot_path'] = $check_dir;
|
||||
}
|
||||
@ -95,10 +95,10 @@ class Serendipity_Import_Pivot extends Serendipity_Import {
|
||||
}
|
||||
|
||||
if ($found) {
|
||||
echo '<li>Pivot Category "' . htmlspecialchars($pivot_category) . '" mapped to Serendipity ID ' . $found . '</li>';
|
||||
echo '<li>Pivot Category "' . serendipity_specialchars($pivot_category) . '" mapped to Serendipity ID ' . $found . '</li>';
|
||||
$pivot_to_s9y['categories'][$pivot_category] = $found;
|
||||
} else {
|
||||
echo '<li>Created Pivot Category "' . htmlspecialchars($pivot_category) . '".</li>';
|
||||
echo '<li>Created Pivot Category "' . serendipity_specialchars($pivot_category) . '".</li>';
|
||||
$cat = array('category_name' => $pivot_category,
|
||||
'category_description' => '',
|
||||
'parentid' => 0,
|
||||
@ -191,7 +191,7 @@ class Serendipity_Import_Pivot extends Serendipity_Import {
|
||||
}
|
||||
echo '</ul>';
|
||||
} else {
|
||||
return sprintf(ERROR_NO_DIRECTORY, htmlspecialchars($this->data['pivot_path']));
|
||||
return sprintf(ERROR_NO_DIRECTORY, serendipity_specialchars($this->data['pivot_path']));
|
||||
}
|
||||
|
||||
return true;
|
||||
|
||||
@ -84,7 +84,7 @@ class Serendipity_Import_pMachine extends Serendipity_Import {
|
||||
|
||||
$pmdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$pmdb) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'])) {
|
||||
|
||||
@ -448,7 +448,7 @@ class Serendipity_Import_Serendipity extends Serendipity_Import {
|
||||
|
||||
$s9ydb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$s9ydb) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'], $s9ydb)) {
|
||||
|
||||
@ -87,7 +87,7 @@ class Serendipity_Import_smf extends Serendipity_Import {
|
||||
|
||||
$gdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$gdb) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'])) {
|
||||
@ -296,7 +296,7 @@ class Serendipity_Import_smf extends Serendipity_Import {
|
||||
break;
|
||||
}
|
||||
}
|
||||
$a['post_text'] = html_entity_decode($a['post_text']);
|
||||
$a['post_text'] = serendipity_entity_decode($a['post_text']);
|
||||
|
||||
$comment = array('entry_id ' => $entries[$x]['entryid'],
|
||||
'parent_id' => 0,
|
||||
|
||||
@ -88,7 +88,7 @@ class Serendipity_Import_sunlog extends Serendipity_Import {
|
||||
|
||||
$sunlogdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$sunlogdb) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'])) {
|
||||
|
||||
@ -87,7 +87,7 @@ class Serendipity_Import_textpattern extends Serendipity_Import {
|
||||
|
||||
$txpdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$txpdb) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'])) {
|
||||
|
||||
@ -96,11 +96,11 @@ class Serendipity_Import_VoodooPad extends Serendipity_Import {
|
||||
|
||||
// Feed the contents of the file into the parser
|
||||
if (!file_exists($file)) {
|
||||
die(sprintf(DOCUMENT_NOT_FOUND, htmlspecialchars($file)));
|
||||
die(sprintf(DOCUMENT_NOT_FOUND, serendipity_specialchars($file)));
|
||||
}
|
||||
|
||||
if(!($handle = fopen($file, "r"))) {
|
||||
die(sprintf(SKIPPING_FILE_UNREADABLE, htmlspecialchars($file)));
|
||||
die(sprintf(SKIPPING_FILE_UNREADABLE, serendipity_specialchars($file)));
|
||||
}
|
||||
|
||||
while($contents = fread($handle, 4096)) {
|
||||
|
||||
@ -87,7 +87,7 @@ class Serendipity_Import_WordPress_PG extends Serendipity_Import {
|
||||
|
||||
$wpdb = pg_connect("$this->data['host'], $this->data['port'], $this->data['user'], $this->data['pass'], $this->data['name']");
|
||||
if ( !$wpdb ) {
|
||||
return sprintf(PGSQL_COULDNT_CONNECT, htmlspecialchars($this->data['pass']));
|
||||
return sprintf(PGSQL_COULDNT_CONNECT, serendipity_specialchars($this->data['pass']));
|
||||
}
|
||||
|
||||
/* Users */
|
||||
|
||||
@ -94,7 +94,7 @@ class Serendipity_Import_WordPress extends Serendipity_Import {
|
||||
|
||||
$wpdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
|
||||
if (!$wpdb) {
|
||||
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
|
||||
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
|
||||
}
|
||||
|
||||
if (!@mysql_select_db($this->data['name'], $wpdb)) {
|
||||
|
||||
@ -13,7 +13,7 @@ switch($serendipity['POST']['adminAction']) {
|
||||
break;
|
||||
}
|
||||
$success = serendipity_updertEntry(array(
|
||||
'id' => htmlspecialchars($serendipity['POST']['id']),
|
||||
'id' => serendipity_specialchars($serendipity['POST']['id']),
|
||||
'timestamp' => time(),
|
||||
'isdraft' => 0
|
||||
));
|
||||
@ -65,7 +65,7 @@ if (count($comments) > 1) {
|
||||
$comment['excerpt'] = true;
|
||||
|
||||
// When summary is not the full body, strip HTML tags from summary, as it might break and leave unclosed HTML.
|
||||
$comment['fullBody'] = nl2br(htmlspecialchars($comment['fullBody']));
|
||||
$comment['fullBody'] = nl2br(serendipity_specialchars($comment['fullBody']));
|
||||
$comment['summary'] = nl2br(strip_tags($comment['summary']));
|
||||
}
|
||||
}
|
||||
|
||||
@ -77,9 +77,9 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
|
||||
$plugin->performConfig($bag);
|
||||
}
|
||||
|
||||
$name = htmlspecialchars($bag->get('name'));
|
||||
$desc = htmlspecialchars($bag->get('description'));
|
||||
$license = htmlspecialchars($bag->get('license'));
|
||||
$name = serendipity_specialchars($bag->get('name'));
|
||||
$desc = serendipity_specialchars($bag->get('description'));
|
||||
$license = serendipity_specialchars($bag->get('license'));
|
||||
|
||||
$documentation = $bag->get('website');
|
||||
|
||||
@ -372,11 +372,11 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
|
||||
/* Load the new plugin */
|
||||
$plugin = &serendipity_plugin_api::load_plugin($inst);
|
||||
if (!is_object($plugin)) {
|
||||
echo "DEBUG: Plugin " . htmlspecialchars($inst) . " not an object: " . htmlspecialchars(print_r($plugin, true))
|
||||
. ".<br />Input: " . htmlspecialchars(print_r($serendipity['GET'], true)) . ".<br /><br />\n\nThis error
|
||||
echo "DEBUG: Plugin " . serendipity_specialchars($inst) . " not an object: " . serendipity_specialchars(print_r($plugin, true))
|
||||
. ".<br />Input: " . serendipity_specialchars(print_r($serendipity['GET'], true)) . ".<br /><br />\n\nThis error
|
||||
can happen if a plugin was not properly downloaded (check your plugins directory if the requested plugin
|
||||
was downloaded) or the inclusion of a file failed (permissions?)<br />\n";
|
||||
echo "Backtrace:<br />\n" . nl2br(htmlspecialchars(implode("\n", $serendipity['debug']['pluginload']))) . "<br />";
|
||||
echo "Backtrace:<br />\n" . nl2br(serendipity_specialchars(implode("\n", $serendipity['debug']['pluginload']))) . "<br />";
|
||||
}
|
||||
$bag = new serendipity_property_bag;
|
||||
$plugin->introspect($bag);
|
||||
|
||||
@ -65,17 +65,17 @@ if ($serendipity['GET']['adminAction'] == 'editConfiguration') {
|
||||
if ($serendipity['GET']['adminAction'] == 'install' || $serendipity['GET']['adminAction'] == 'install-frontend' || $serendipity['GET']['adminAction'] == 'install-backend') {
|
||||
serendipity_plugin_api::hook_event('backend_templates_fetchtemplate', $serendipity);
|
||||
|
||||
$themeInfo = serendipity_fetchTemplateInfo(htmlspecialchars($serendipity['GET']['theme']));
|
||||
$themeInfo = serendipity_fetchTemplateInfo(serendipity_specialchars($serendipity['GET']['theme']));
|
||||
|
||||
// A separate hook is used post installation, for plugins to possibly perform some actions
|
||||
serendipity_plugin_api::hook_event('backend_templates_install', $serendipity['GET']['theme'], $themeInfo);
|
||||
|
||||
if ($serendipity['GET']['adminAction'] == 'install' || $serendipity['GET']['adminAction'] == 'install-frontend') {
|
||||
serendipity_set_config_var('template', htmlspecialchars($serendipity['GET']['theme']));
|
||||
serendipity_set_config_var('template', serendipity_specialchars($serendipity['GET']['theme']));
|
||||
}
|
||||
|
||||
if ($serendipity['GET']['adminAction'] == 'install-backend' && $themeInfo['custom_admin_interface'] == YES) {
|
||||
serendipity_set_config_var('template_backend', htmlspecialchars($serendipity['GET']['theme']));
|
||||
serendipity_set_config_var('template_backend', serendipity_specialchars($serendipity['GET']['theme']));
|
||||
} else {
|
||||
// template_engine was set by default to default, which screws up the fallback chain (to the default-template first)
|
||||
// The "Engine" now only applies to FRONTEND themes. Backend themes will always fall back to our default backend theme only, to ensure proper backend operation.
|
||||
@ -87,7 +87,7 @@ if ($serendipity['GET']['adminAction'] == 'install' || $serendipity['GET']['admi
|
||||
serendipity_set_config_var('last_template_change', time());
|
||||
|
||||
$data["adminAction"] = "install";
|
||||
$data["install_template"] = htmlspecialchars($serendipity['GET']['theme']);
|
||||
$data["install_template"] = serendipity_specialchars($serendipity['GET']['theme']);
|
||||
}
|
||||
|
||||
if ( @file_exists($serendipity['serendipityPath'] . $serendipity['templatePath'] . $serendipity['template'] .'/layout.php') ) {
|
||||
|
||||
Reference in New Issue
Block a user