mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

[ticket/16690] Fix htmlspecialchars and htmlspecialchars_decode default flag

Browse Source 
PHPBB3-16690
This commit is contained in:
rxu
2021-01-20 00:01:20 +07:00
parent ddf5de8349
commit 2fd4dbb685
73 changed files with 206 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/phpbb/install/helper/iohandler/ajax_iohandler.php
View File

@@ -418,7 +418,7 @@ class ajax_iohandler extends iohandler_base
if ($msg !== null)
{
$link_properties['msg'] = htmlspecialchars_decode($this->language->lang($msg));
$link_properties['msg'] = htmlspecialchars_decode($this->language->lang($msg), ENT_COMPAT);
}
$this->download[] = $link_properties;

2
phpBB/phpbb/install/helper/iohandler/iohandler_base.php
View File

@@ -108,7 +108,7 @@ abstract class iohandler_base implements iohandler_interface
{
if (!is_array($error_title) && strpos($error_title, '<br />') !== false)
{
$error_title = strip_tags(htmlspecialchars_decode($error_title));
$error_title = strip_tags(htmlspecialchars_decode($error_title, ENT_COMPAT));
}
$this->errors[] = $this->translate_message($error_title, $error_description);
}

2
phpBB/phpbb/install/module/install_data/task/add_languages.php
View File

@@ -63,7 +63,7 @@ class add_languages extends \phpbb\install\task_base
$lang_pack = array(
'lang_iso' => $lang_info['iso'],
'lang_dir' => $lang_info['iso'],
'lang_english_name' => htmlspecialchars($lang_info['name']),
'lang_english_name' => htmlspecialchars($lang_info['name'], ENT_COMPAT),
'lang_local_name' => htmlspecialchars($lang_info['local_name'], ENT_COMPAT, 'UTF-8'),
'lang_author' => htmlspecialchars($lang_info['author'], ENT_COMPAT, 'UTF-8'),
);

4
phpBB/phpbb/install/module/install_finish/task/notify_user.php
View File

@@ -120,8 +120,8 @@ class notify_user extends \phpbb\install\task_base
$messenger->to($this->config['board_email'], $this->install_config->get('admin_name'));
$messenger->anti_abuse_headers($this->config, $this->user);
$messenger->assign_vars(array(
'USERNAME' => htmlspecialchars_decode($this->install_config->get('admin_name')),
'PASSWORD' => htmlspecialchars_decode($this->install_config->get('admin_passwd')))
'USERNAME' => htmlspecialchars_decode($this->install_config->get('admin_name'), ENT_COMPAT),
'PASSWORD' => htmlspecialchars_decode($this->install_config->get('admin_passwd'), ENT_COMPAT))
);
$messenger->send(NOTIFY_EMAIL);
}

6
phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php
View File

@@ -57,7 +57,7 @@ class obtain_server_data extends \phpbb\install\task_base implements \phpbb\inst
$server_name = strtolower(htmlspecialchars_decode($this->io_handler->get_header_variable(
'Host',
$this->io_handler->get_server_variable('SERVER_NAME')
)));
), ENT_COMPAT));
// HTTP HOST can carry a port number...
if (strpos($server_name, ':') !== false)
@@ -65,11 +65,11 @@ class obtain_server_data extends \phpbb\install\task_base implements \phpbb\inst
$server_name = substr($server_name, 0, strpos($server_name, ':'));
}
$script_path = htmlspecialchars_decode($this->io_handler->get_server_variable('PHP_SELF'));
$script_path = htmlspecialchars_decode($this->io_handler->get_server_variable('PHP_SELF'), ENT_COMPAT);
if (!$script_path)
{
$script_path = htmlspecialchars_decode($this->io_handler->get_server_variable('REQUEST_URI'));
$script_path = htmlspecialchars_decode($this->io_handler->get_server_variable('REQUEST_URI'), ENT_COMPAT);
}
$script_path = str_replace(array('\\', '//'), '/', $script_path);

2
phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php
View File

@@ -87,7 +87,7 @@ class obtain_update_ftp_data extends task_base
$ftp_host = $this->iohandler->get_input('ftp_host', '', true);
$ftp_user = $this->iohandler->get_input('ftp_user', '', true);
$ftp_pass = htmlspecialchars_decode($this->iohandler->get_input('ftp_pass', '', true));
$ftp_pass = htmlspecialchars_decode($this->iohandler->get_input('ftp_pass', '', true), ENT_COMPAT);
$ftp_path = $this->iohandler->get_input('ftp_path', '', true);
$ftp_port = $this->iohandler->get_input('ftp_port', 21);
$ftp_time = $this->iohandler->get_input('ftp_timeout', 10);