mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-09 18:26:32 +02:00
Code Issues Releases Wiki Activity

[ticket/16690] Fix htmlspecialchars and htmlspecialchars_decode default flag

Browse Source 
PHPBB3-16690
This commit is contained in:
rxu
2021-01-20 00:01:20 +07:00
parent ddf5de8349
commit 2fd4dbb685
73 changed files with 206 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/includes/ucp/ucp_activate.php
View File

@@ -134,7 +134,7 @@ class ucp_activate
$messenger->anti_abuse_headers($config, $user);
$messenger->assign_vars(array(
'USERNAME' => htmlspecialchars_decode($user_row['username']))
'USERNAME' => htmlspecialchars_decode($user_row['username'], ENT_COMPAT))
);
$messenger->send($user_row['user_notify_type']);

4
phpBB/includes/ucp/ucp_login_link.php
View File

@@ -230,7 +230,7 @@ class ucp_login_link
$user->lang[$result['error_msg']],
($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',
($config['email_enable']) ? '</a>' : '',
($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',
($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT) . '">' : '',
($config['board_contact']) ? '</a>' : ''
);
break;
@@ -242,7 +242,7 @@ class ucp_login_link
// Assign admin contact to some error messages
if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')
{
$login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
$login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT) . '">', '</a>');
}
break;

2
phpBB/includes/ucp/ucp_profile.php
View File

@@ -186,7 +186,7 @@ class ucp_profile
$messenger->anti_abuse_headers($config, $user);
$messenger->assign_vars(array(
'USERNAME' => htmlspecialchars_decode($data['username']),
'USERNAME' => htmlspecialchars_decode($data['username'], ENT_COMPAT),
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
);

6
phpBB/includes/ucp/ucp_register.php
View File

@@ -472,9 +472,9 @@ class ucp_register
$messenger->anti_abuse_headers($config, $user);
$messenger->assign_vars(array(
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
'USERNAME' => htmlspecialchars_decode($data['username']),
'PASSWORD' => htmlspecialchars_decode($data['new_password']),
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
'USERNAME' => htmlspecialchars_decode($data['username'], ENT_COMPAT),
'PASSWORD' => htmlspecialchars_decode($data['new_password'], ENT_COMPAT),
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
);

6
phpBB/includes/ucp/ucp_resend.php
View File

@@ -99,8 +99,8 @@ class ucp_resend
$messenger->anti_abuse_headers($config, $user);
$messenger->assign_vars(array(
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
'USERNAME' => htmlspecialchars_decode($user_row['username']),
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
'USERNAME' => htmlspecialchars_decode($user_row['username'], ENT_COMPAT),
'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
);
@@ -134,7 +134,7 @@ class ucp_resend
$messenger->anti_abuse_headers($config, $user);
$messenger->assign_vars(array(
'USERNAME' => htmlspecialchars_decode($user_row['username']),
'USERNAME' => htmlspecialchars_decode($user_row['username'], ENT_COMPAT),
'U_USER_DETAILS' => generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$user_row['user_id']}",
'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
);