mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-05 08:17:47 +02:00
Code Issues Releases Wiki Activity

[ticket/16690] Fix htmlspecialchars and htmlspecialchars_decode default flag

Browse Source 
PHPBB3-16690
This commit is contained in:
rxu
2021-01-20 00:01:20 +07:00
parent ddf5de8349
commit 2fd4dbb685
73 changed files with 206 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
phpBB/includes/diff/renderer.php
View File

@@ -322,17 +322,17 @@ class diff_renderer_unified extends diff_renderer
function _context($lines)
{
return '<pre class="diff context">' . htmlspecialchars($this->_lines($lines, ' ')) . '<br /></pre>';
return '<pre class="diff context">' . htmlspecialchars($this->_lines($lines, ' '), ENT_COMPAT) . '<br /></pre>';
}
function _added($lines)
{
return '<pre class="diff added">' . htmlspecialchars($this->_lines($lines, '+')) . '<br /></pre>';
return '<pre class="diff added">' . htmlspecialchars($this->_lines($lines, '+'), ENT_COMPAT) . '<br /></pre>';
}
function _deleted($lines)
{
return '<pre class="diff removed">' . htmlspecialchars($this->_lines($lines, '-')) . '<br /></pre>';
return '<pre class="diff removed">' . htmlspecialchars($this->_lines($lines, '-'), ENT_COMPAT) . '<br /></pre>';
}
function _changed($orig, $final)
@@ -519,7 +519,7 @@ class diff_renderer_inline extends diff_renderer
function _encode(&$string)
{
$string = htmlspecialchars($string);
$string = htmlspecialchars($string, ENT_COMPAT);
}
}
@@ -539,7 +539,7 @@ class diff_renderer_raw extends diff_renderer
*/
function get_diff_content($diff)
{
return '<textarea style="height: 290px;" rows="15" cols="76" class="full">' . htmlspecialchars($this->render($diff)) . '</textarea>';
return '<textarea style="height: 290px;" rows="15" cols="76" class="full">' . htmlspecialchars($this->render($diff), ENT_COMPAT) . '</textarea>';
}
function _block_header($xbeg, $xlen, $ybeg, $ylen)
@@ -649,7 +649,7 @@ class diff_renderer_side_by_side extends diff_renderer
foreach ($change['lines'] as $_line)
{
$line .= htmlspecialchars($_line) . '<br />';
$line .= htmlspecialchars($_line, ENT_COMPAT) . '<br />';
}
$output .= '<tr><td class="added_empty">&nbsp;</td><td class="added"><pre>' . ((strlen($line)) ? $line : '&nbsp;') . '<br /></pre></td></tr>';
@@ -660,14 +660,14 @@ class diff_renderer_side_by_side extends diff_renderer
foreach ($change['lines'] as $_line)
{
$line .= htmlspecialchars($_line) . '<br />';
$line .= htmlspecialchars($_line, ENT_COMPAT) . '<br />';
}
$output .= '<tr><td class="removed"><pre>' . ((strlen($line)) ? $line : '&nbsp;') . '<br /></pre></td><td class="removed_empty">&nbsp;</td></tr>';
break;
case 'empty':
$current_context .= htmlspecialchars($change['line']) . '<br />';
$current_context .= htmlspecialchars($change['line'], ENT_COMPAT) . '<br />';
break;
case 'change':
@@ -678,9 +678,9 @@ class diff_renderer_side_by_side extends diff_renderer
for ($row = 0, $row_max = max($oldsize, $newsize); $row < $row_max; ++$row)
{
$left .= isset($change['old'][$row]) ? htmlspecialchars($change['old'][$row]) : '';
$left .= isset($change['old'][$row]) ? htmlspecialchars($change['old'][$row], ENT_COMPAT) : '';
$left .= '<br />';
$right .= isset($change['new'][$row]) ? htmlspecialchars($change['new'][$row]) : '';
$right .= isset($change['new'][$row]) ? htmlspecialchars($change['new'][$row], ENT_COMPAT) : '';
$right .= '<br />';
}