Changeset 1533

Timestamp:

02/26/08 16:42:58 (3 months ago)

Author:

Rickard

Message:

Replaced all htmlspecialchars() calls with calls to the wrapper function pun_htmlencode(). The wrapper function calls htmlspecialchars() with ENT_QUOTES and the UTF-8 charset parameter. Additionally, the wrapper function contains a hook.

Files:

• branches/punbb-1.3-dev/extras/db_update.php (modified) (1 diff)
• branches/punbb-1.3-dev/upload/admin/bans.php (modified) (4 diffs)
• branches/punbb-1.3-dev/upload/admin/categories.php (modified) (3 diffs)
• branches/punbb-1.3-dev/upload/admin/censoring.php (modified) (2 diffs)
• branches/punbb-1.3-dev/upload/admin/extensions.php (modified) (14 diffs)
• branches/punbb-1.3-dev/upload/admin/forums.php (modified) (9 diffs)
• branches/punbb-1.3-dev/upload/admin/groups.php (modified) (9 diffs)
• branches/punbb-1.3-dev/upload/admin/options.php (modified) (13 diffs)
• branches/punbb-1.3-dev/upload/admin/prune.php (modified) (2 diffs)
• branches/punbb-1.3-dev/upload/admin/ranks.php (modified) (1 diff)
• branches/punbb-1.3-dev/upload/admin/reindex.php (modified) (1 diff)
• branches/punbb-1.3-dev/upload/admin/reports.php (modified) (2 diffs)
• branches/punbb-1.3-dev/upload/admin/users.php (modified) (5 diffs)
• branches/punbb-1.3-dev/upload/delete.php (modified) (1 diff)
• branches/punbb-1.3-dev/upload/edit.php (modified) (2 diffs)
• branches/punbb-1.3-dev/upload/extern.php (modified) (8 diffs)
• branches/punbb-1.3-dev/upload/footer.php (modified) (3 diffs)
• branches/punbb-1.3-dev/upload/header.php (modified) (4 diffs)
• branches/punbb-1.3-dev/upload/help.php (modified) (2 diffs)
• branches/punbb-1.3-dev/upload/include/cache.php (modified) (1 diff)
• branches/punbb-1.3-dev/upload/include/common.php (modified) (1 diff)
• branches/punbb-1.3-dev/upload/include/functions.php (modified) (19 diffs)
• branches/punbb-1.3-dev/upload/include/parser.php (modified) (3 diffs)
• branches/punbb-1.3-dev/upload/index.php (modified) (7 diffs)
• branches/punbb-1.3-dev/upload/install.php (modified) (1 diff)
• branches/punbb-1.3-dev/upload/login.php (modified) (6 diffs)
• branches/punbb-1.3-dev/upload/misc.php (modified) (6 diffs)
• branches/punbb-1.3-dev/upload/moderate.php (modified) (8 diffs)
• branches/punbb-1.3-dev/upload/post.php (modified) (7 diffs)
• branches/punbb-1.3-dev/upload/profile.php (modified) (33 diffs)
• branches/punbb-1.3-dev/upload/register.php (modified) (4 diffs)
• branches/punbb-1.3-dev/upload/search.php (modified) (8 diffs)
• branches/punbb-1.3-dev/upload/userlist.php (modified) (3 diffs)
• branches/punbb-1.3-dev/upload/viewforum.php (modified) (5 diffs)
• branches/punbb-1.3-dev/upload/viewtopic.php (modified) (9 diffs)

branches/punbb-1.3-dev/extras/db_update.php

@@ -1175 +1175 @@
-                                        <label for="fld1">
-                                                <span class="frm-label">Copy contents:</span><br />
-htmlspecialchars
+pun_htmlencode
-                                        </label>
-                                </div>

branches/punbb-1.3-dev/upload/admin/bans.php

@@ -187 +187 @@
-                                        <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                <span class="fld-label"><?php echo $lang_admin['Username to ban'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                        </label>
-                                </div>
@@ -213 +213 @@
-                                        <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                <span class="fld-label"><?php echo $lang_admin['Ban message'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                <span class="fld-help"><?php echo $lang_admin['Ban message info'] ?></span>
-                                        </label>
@@ -432 +432 @@
-        {
-                $pun_page['ban_info'] = array();
-htmlspecialchars
+pun_htmlencode
-
-                if ($cur_ban['username'] != '')
-htmlspecialchars
+pun_htmlencode
-
-                if ($cur_ban['email'] != '')
@@ -454 +454 @@
-                                <?php echo implode('<br />', $pun_page['ban_info'])."\n" ?>
-                        </p>
-htmlspecialchars
+pun_htmlencode
-<?php endif; ?>         <p class="actions"><a href="<?php echo pun_link($pun_url['admin_bans']).'?edit_ban='.$cur_ban['id'] ?>"><?php echo $lang_admin['Edit'] ?></a> <a href="<?php echo pun_link($pun_url['admin_bans']).'?del_ban='.$cur_ban['id'].'&amp;csrf_token='.generate_form_token('del_ban'.$cur_ban['id']) ?>"><?php echo $lang_admin['Remove'] ?></a></p>
-</div>

branches/punbb-1.3-dev/upload/admin/categories.php

@@ -162 +162 @@
-        <div class="main-content frm">
-                <div class="frm-head">
-htmlspecialchars
+pun_htmlencode
-                </div>
-                <div class="frm-info">
@@ -339 +339 @@
-
-        while (list(, list($cat_id, $cat_name, ,)) = @each($cat_list))
-htmlspecialchars
+pun_htmlencode
-
-?>
@@ -374 +374 @@
-?>
-                        <fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">
-htmlspecialchars
+pun_htmlencode
-                                <div class="frm-fld text twin">
-                                        <label for="fld<?php echo ++$pun_page['fld_count'] ?>" class="twin1">
-                                                <span class="fld-label"><?php echo $lang_admin['Edit category'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                        </label><br />
-                                        <label for="fld<?php echo ++$pun_page['fld_count'] ?>" class="twin2">

branches/punbb-1.3-dev/upload/admin/censoring.php

@@ -218 +218 @@
-                                        <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                <span class="fld-label"><?php echo $lang_admin['Censored word'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                        </label>
-                                </div>
@@ -225 +225 @@
-                                        <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                <span class="fld-label"><?php echo $lang_admin['Censored replacement text'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                        </label>
-                                        <span class="submit"><input type="submit" name="update[<?php echo $cur_word['id'] ?>]" value="<?php echo $lang_admin['Update'] ?>" /> <input type="submit" name="remove[<?php echo $cur_word['id'] ?>]" value="<?php echo $lang_admin['Remove'] ?>" /></span>

branches/punbb-1.3-dev/upload/admin/extensions.php

@@ -193 +193 @@
-        <div class="main-content frm">
-                <div class="frm-head">
-htmlspecialchars
+pun_htmlencode
-                </div>
-                <div class="frm-info">
@@ -236 +236 @@
-        <div class="main-content frm">
-                <div class="frm-head">
-htmlspecialchars
+pun_htmlencode
-                </div>
-                <form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo $base_url.'/admin/extensions.php'.(isset($_GET['install']) ? '?install=' : '?install_hotfix=').$id ?>">
@@ -243 +243 @@
-                        </div>
-                        <div class="ext-item databox">
-htmlspecialchars
-htmlspecialchars
+pun_htmlencode
+pun_htmlencode
-<?php
-
@@ -254 +254 @@
-        {
-                if ($cur_note['attributes']['type'] == 'install')
-htmlspecialchars
+pun_htmlencode
-        }
-
@@ -379 +379 @@
-        <div class="main-content frm">
-                <div class="frm-head">
-htmlspecialchars
+pun_htmlencode
-                </div>
-                <div class="frm-info">
@@ -422 +422 @@
-        <div class="main-content frm">
-                <div class="frm-head">
-htmlspecialchars
+pun_htmlencode
-                </div>
-                <form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo $base_url ?>/admin/extensions.php?section=manage&amp;uninstall=<?php echo $id ?>">
@@ -429 +429 @@
-                        </div>
-                        <div class="ext-item databox">
-htmlspecialchars
-htmlspecialchars
+pun_htmlencode
+pun_htmlencode
-<?php if ($ext_data['uninstall_note'] != ''): ?>                                <h4><?php echo $lang_admin['Uninstall note'] ?></h4>
-htmlspecialchars
+pun_htmlencode
-<?php endif; ?>                 </div>
-                        <div class="frm-info">
@@ -560 +560 @@
-                        if (!array_key_exists($hotfix['attributes']['id'], $inst_exts))
-                        {
-htmlspecialchars
+pun_htmlencode
-                                ++$num_exts;
-                        }
@@ -573 +573 @@
-                        if (preg_match('/[^0-9a-z_]/', $entry))
-                        {
-htmlspecialchars
+pun_htmlencode
-                                ++$num_failed;
-                                continue;
@@ -579 +579 @@
-                        else if (!file_exists(PUN_ROOT.'extensions/'.$entry.'/manifest.xml'))
-                        {
-htmlspecialchars
+pun_htmlencode
-                                ++$num_failed;
-                                continue;
@@ -588 +588 @@
-                        if (empty($ext_data))
-                        {
-htmlspecialchars
+pun_htmlencode
-                                ++$num_failed;
-                                continue;
@@ -597 +597 @@
-                        if (!empty($errors))
-                        {
-htmlspecialchars
+pun_htmlencode
-                                ++$num_failed;
-                        }
@@ -604 +604 @@
-                                if (!array_key_exists($entry, $inst_exts) || version_compare($inst_exts[$entry]['version'], $ext_data['extension']['version'], '!='))
-                                {
-htmlspecialchars($ext_data['extension']['title']).' v'.$ext_data['extension']['version'].'</span></h3>'."\n\t\t\t".'<p><span>'.sprintf($lang_admin['Extension by'], htmlspecialchars($ext_data['extension']['author'])).'</span>'.(($ext_data['extension']['description'] != '') ? '<br /><span>'.htmlspecialchars
+pun_htmlencode($ext_data['extension']['title']).' v'.$ext_data['extension']['version'].'</span></h3>'."\n\t\t\t".'<p><span>'.sprintf($lang_admin['Extension by'], pun_htmlencode($ext_data['extension']['author'])).'</span>'.(($ext_data['extension']['description'] != '') ? '<br /><span>'.pun_htmlencode
-                                        ++$num_exts;
-                                }
@@ -701 +701 @@
-?>
-                <div class="ext-item databox<?php if ($ext['disabled'] == '1') echo ' extdisabled' ?>">
-htmlspecialchars
-htmlspecialchars
+pun_htmlencode
+pun_htmlencode
-                        <p class="actions"><?php echo implode('', $pun_page['ext_actions']) ?></p>
-                </div>

branches/punbb-1.3-dev/upload/admin/forums.php

@@ -153 +153 @@
-        <div class="main-content frm">
-                <div class="frm-head">
-htmlspecialchars
+pun_htmlencode
-                </div>
-                <form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo pun_link($pun_url['admin_forums']) ?>?del_forum=<?php echo $forum_to_delete ?>">
@@ -449 +449 @@
-                                                <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                        <span class="fld-label"><?php echo $lang_admin['Forum name'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                </label>
-                                        </div>
@@ -455 +455 @@
-                                                <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                        <span class="fld-label"><?php echo $lang_admin['Forum description'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                        <span class="fld-help"><?php echo $lang_admin['Forum description help'] ?></span>
-                                                </label>
@@ -476 +476 @@
-        {
-                $selected = ($cur_cat['id'] == $cur_forum['cat_id']) ? ' selected="selected"' : '';
-htmlspecialchars
+pun_htmlencode
-        }
-
@@ -495 +495 @@
-                                                <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                        <span class="fld-label"><?php echo $lang_admin['Redirect URL'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                </label>
-                                        </div>
@@ -550 +550 @@
-?>
-                                        <fieldset class="frm-group">
-htmlspecialchars
+pun_htmlencode
-                                                <div class="radbox frm-choice">
-                                                        <input type="hidden" name="read_forum_old[<?php echo $cur_perm['g_id'] ?>]" value="<?php echo ($read_forum) ? '1' : '0'; ?>" />
@@ -649 +649 @@
-        $result = $db->query_build($query) or error(__FILE__, __LINE__);
-        while ($cur_cat = $db->fetch_assoc($result))
-htmlspecialchars
+pun_htmlencode
-
-?>
@@ -709 +709 @@
-?>
-                        <fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">
-htmlspecialchars
+pun_htmlencode
-                                <h3 class="frm-fld link">
-                                        <span class="fld-label"><?php echo $lang_admin['Category'] ?></span>
-htmlspecialchars
+pun_htmlencode
-                                </h3>
-<?php
@@ -721 +721 @@
-?>
-                                <div class="frm-fld text twin">
-htmlspecialchars($cur_forum['forum_name']).' </span></span>' ?></a><br /> <a href="<?php echo pun_link($pun_url['admin_forums']) ?>?del_forum=<?php echo $cur_forum['fid'] ?>"><span><?php echo $lang_admin['Delete'].'<span> '.htmlspecialchars
+pun_htmlencode($cur_forum['forum_name']).' </span></span>' ?></a><br /> <a href="<?php echo pun_link($pun_url['admin_forums']) ?>?del_forum=<?php echo $cur_forum['fid'] ?>"><span><?php echo $lang_admin['Delete'].'<span> '.pun_htmlencode
-                                        <label for="fld<?php echo ++$pun_page['fld_count'] ?>" class="twin2">
-                                                <span class="fld-label"><?php echo $lang_admin['Position'] ?></span><br />
-                                                <span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="position[<?php echo $cur_forum['fid'] ?>]" size="3" maxlength="3" value="<?php echo $cur_forum['disp_position'] ?>" /></span>
-htmlspecialchars
+pun_htmlencode
-                                        </label>
-                                </div>

branches/punbb-1.3-dev/upload/admin/groups.php

@@ -132 +132 @@
-                                                <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                        <span class="fld-label"><?php echo $lang_admin['Group title'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                        <em class="req-text"><?php echo $lang_common['Required'] ?></em>
-                                                </label>
@@ -139 +139 @@
-                                                <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                        <span class="fld-label"><?php echo $lang_admin['User title'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                        <span class="fld-help"><?php echo $lang_admin['User title info'] ?></span>
-                                                </label>
@@ -293 +293 @@
-                $result = $db->query_build($query) or error(__FILE__, __LINE__);
-                if ($db->num_rows($result))
-htmlspecialchars
+pun_htmlencode
-
-                // Insert the new group
@@ -350 +350 @@
-                $result = $db->query_build($query) or error(__FILE__, __LINE__);
-                if ($db->num_rows($result))
-htmlspecialchars
+pun_htmlencode
-
-                // Save changes
@@ -525 +525 @@
-        <div class="main-content frm">
-                <div class="frm-head">
-htmlspecialchars
+pun_htmlencode
-                </div>
-                <form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo pun_link($pun_url['admin_groups']) ?>?del_group=<?php echo $group_id ?>">
@@ -551 +551 @@
-        {
-                if ($cur_group['g_id'] == $pun_config['o_default_user_group'])  // Pre-select the default Members group
-htmlspecialchars
+pun_htmlencode
-                else
-htmlspecialchars
+pun_htmlencode
-        }
-
@@ -630 +630 @@
-{
-        if ($cur_group['g_id'] == $pun_config['o_default_user_group'])
-htmlspecialchars
+pun_htmlencode
-        else
-htmlspecialchars
+pun_htmlencode
-}
-
@@ -679 +679 @@
-{
-        if ($cur_group['g_id'] == $pun_config['o_default_user_group'])
-htmlspecialchars
+pun_htmlencode
-        else
-htmlspecialchars
+pun_htmlencode
-}
-
@@ -718 +718 @@
-?>
-                        <div class="grp-item databox db<?php echo ++$pun_page['item_num'] ?>">
-htmlspecialchars
-htmlspecialchars($cur_group['g_title']) ?></span></span></a><?php if ($cur_group['g_id'] > PUN_MEMBER) echo ' <a href="'.pun_link($pun_url['admin_groups']).'?del_group='.$cur_group['g_id'].'"><span>'.$lang_admin['Remove'].'<span> '.htmlspecialchars
+pun_htmlencode
+pun_htmlencode($cur_group['g_title']) ?></span></span></a><?php if ($cur_group['g_id'] > PUN_MEMBER) echo ' <a href="'.pun_link($pun_url['admin_groups']).'?del_group='.$cur_group['g_id'].'"><span>'.$lang_admin['Remove'].'<span> '.pun_htmlencode
-                        </div>
-<?php

branches/punbb-1.3-dev/upload/admin/options.php

@@ -301 +301 @@
-                                                <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                        <span class="fld-label"><?php echo $lang_admin['Board title'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                </label>
-                                        </div>
@@ -307 +307 @@
-                                                <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                        <span class="fld-label"><?php echo $lang_admin['Board description'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                </label>
-                                        </div>
@@ -436 +436 @@
-                                                <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                        <span class="fld-label"><?php echo $lang_admin['Time format'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                        <span class="fld-help">[<?php echo $lang_admin['Current format'].' '.gmdate($pun_config['o_time_format']) ?>]</span>
-                                                </label>
@@ -443 +443 @@
-                                                <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                        <span class="fld-label"><?php echo $lang_admin['Date format'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                        <span class="fld-help">[<?php echo $lang_admin['Current format'].' '.gmdate($pun_config['o_date_format']) ?>]</span>
-                                                </label>
@@ -608 +608 @@
-                                                <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                        <span class="fld-label"><?php echo $lang_admin['Additional menu items'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                </label>
-                                        </div>
@@ -784 +784 @@
-                                                <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                        <span class="fld-label"><?php echo $lang_admin['Upload directory'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                        <span class="fld-help"><?php echo $lang_admin['Upload directory info'] ?></span>
-                                                </label>
@@ -914 +914 @@
-                                        <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                <span class="fld-label"><?php echo $lang_admin['Announcement message'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                <span class="fld-help"><?php echo $lang_admin['Announcement message help'] ?></span>
-                                        </label>
@@ -1011 +1011 @@
-                                                <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                        <span class="fld-label"><?php echo $lang_admin['Compose rules'] ?></span><br />
-htmlspecialchars
+pun_htmlencode
-                                                        <span class="fld-help"><?php echo $lang_admin['Compose rules help'] ?></span>
-                                                </label>
@@ -1077 +1077 @@
-                                        <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
-                                                <span class="fld-label"><?php echo $lang_admin['Maintenance message'] ?></span><br />
-htmlspecialchars
+pun_htmlencode