mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-08 04:18:52 +00:00
[ticket/16690] Fix htmlspecialchars and htmlspecialchars_decode default flag
PHPBB3-16690
This commit is contained in:
rxu
parent
ddf5de8349
commit
2fd4dbb685
73 changed files with 206 additions and 206 deletions
|
|
@ -45,7 +45,7 @@ foreach ($xml->xpath('//item') as $item)
|
||||||
$keyUrl = 'https://tracker.phpbb.com/browse/' . $key;
|
$keyUrl = 'https://tracker.phpbb.com/browse/' . $key;
|
||||||
$keyLink = '<a href="' . $keyUrl . '">' . $key . '</a>';
|
$keyLink = '<a href="' . $keyUrl . '">' . $key . '</a>';
|
||||||
|
|
||||||
$value = str_replace($key, $keyLink, htmlspecialchars($item->title));
|
$value = str_replace($key, $keyLink, htmlspecialchars($item->title, ENT_COMPAT));
|
||||||
$value = str_replace(']', '] -', $value);
|
$value = str_replace(']', '] -', $value);
|
||||||
|
|
||||||
$types[(string) $item->type][$key] = $value;
|
$types[(string) $item->type][$key] = $value;
|
||||||
|
|
|
||||||
|
|
@ -220,7 +220,7 @@ foreach ($files_to_parse as $file_num => $data)
|
||||||
{
|
{
|
||||||
$_var = str_replace(array('{', '}'), array('', ''), $var);
|
$_var = str_replace(array('{', '}'), array('', ''), $var);
|
||||||
$lang_references[$_var][] = $data['single_filename'];
|
$lang_references[$_var][] = $data['single_filename'];
|
||||||
$lang_data .= '<li>' . $var . '<br>' . "\n" . ((isset($lang[$_var])) ? htmlspecialchars(str_replace("\\'", "'", $lang[$_var])) : '<span style="color:red">No Language Variable available</span>') . '<br></li><br>' . "\n";
|
$lang_data .= '<li>' . $var . '<br>' . "\n" . ((isset($lang[$_var])) ? htmlspecialchars(str_replace("\\'", "'", $lang[$_var]), ENT_COMPAT) : '<span style="color:red">No Language Variable available</span>') . '<br></li><br>' . "\n";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$lang_data .= '</ul>';
|
$lang_data .= '</ul>';
|
||||||
|
|
|
||||||
|
|
@ -290,7 +290,7 @@ function dump_code($code, $filename = 'file.txt')
|
||||||
$list = explode("\n", $code);
|
$list = explode("\n", $code);
|
||||||
$height = 15 * count($list);
|
$height = 15 * count($list);
|
||||||
echo ' [ <a href="?download=', $hash, '">download</a> <a href="javascript:void(0);" onclick="document.getElementById(\'code-', $hash, '\').style.height = \'', $height, 'px\'; this.style.display = \'none\'; return false;">expand</a> ]<br />';
|
echo ' [ <a href="?download=', $hash, '">download</a> <a href="javascript:void(0);" onclick="document.getElementById(\'code-', $hash, '\').style.height = \'', $height, 'px\'; this.style.display = \'none\'; return false;">expand</a> ]<br />';
|
||||||
echo '<textarea id="code-', $hash, '" onfocus="this.select();" style="width: 98%; height: 200px;">', htmlspecialchars($code), '</textarea><br />';
|
echo '<textarea id="code-', $hash, '" onfocus="this.select();" style="width: 98%; height: 200px;">', htmlspecialchars($code, ENT_COMPAT), '</textarea><br />';
|
||||||
}
|
}
|
||||||
|
|
||||||
function css($list, $path = './', $bidi = false)
|
function css($list, $path = './', $bidi = false)
|
||||||
|
|
|
||||||
|
|
@ -759,7 +759,7 @@ class acp_attachments
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . htmlspecialchars($img) . '</option>';
|
$filename_list .= '<option value="' . htmlspecialchars($img, ENT_COMPAT) . '"' . $selected . '>' . htmlspecialchars($img, ENT_COMPAT) . '</option>';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,7 @@ class acp_bbcodes
|
||||||
}
|
}
|
||||||
|
|
||||||
$bbcode_match = $row['bbcode_match'];
|
$bbcode_match = $row['bbcode_match'];
|
||||||
$bbcode_tpl = htmlspecialchars($row['bbcode_tpl']);
|
$bbcode_tpl = htmlspecialchars($row['bbcode_tpl'], ENT_COMPAT);
|
||||||
$display_on_posting = $row['display_on_posting'];
|
$display_on_posting = $row['display_on_posting'];
|
||||||
$bbcode_helpline = $row['bbcode_helpline'];
|
$bbcode_helpline = $row['bbcode_helpline'];
|
||||||
break;
|
break;
|
||||||
|
|
@ -86,7 +86,7 @@ class acp_bbcodes
|
||||||
$display_on_posting = $request->variable('display_on_posting', 0);
|
$display_on_posting = $request->variable('display_on_posting', 0);
|
||||||
|
|
||||||
$bbcode_match = $request->variable('bbcode_match', '');
|
$bbcode_match = $request->variable('bbcode_match', '');
|
||||||
$bbcode_tpl = htmlspecialchars_decode($request->variable('bbcode_tpl', '', true));
|
$bbcode_tpl = htmlspecialchars_decode($request->variable('bbcode_tpl', '', true), ENT_COMPAT);
|
||||||
$bbcode_helpline = $request->variable('bbcode_helpline', '', true);
|
$bbcode_helpline = $request->variable('bbcode_helpline', '', true);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
@ -334,7 +334,7 @@ class acp_bbcodes
|
||||||
'action' => $action,
|
'action' => $action,
|
||||||
'bbcode' => $bbcode_id,
|
'bbcode' => $bbcode_id,
|
||||||
'bbcode_match' => $bbcode_match,
|
'bbcode_match' => $bbcode_match,
|
||||||
'bbcode_tpl' => htmlspecialchars($bbcode_tpl),
|
'bbcode_tpl' => htmlspecialchars($bbcode_tpl, ENT_COMPAT),
|
||||||
'bbcode_helpline' => $bbcode_helpline,
|
'bbcode_helpline' => $bbcode_helpline,
|
||||||
'display_on_posting' => $display_on_posting,
|
'display_on_posting' => $display_on_posting,
|
||||||
)))
|
)))
|
||||||
|
|
|
||||||
|
|
@ -719,8 +719,8 @@ class acp_board
|
||||||
$messenger->set_addresses($user->data);
|
$messenger->set_addresses($user->data);
|
||||||
$messenger->anti_abuse_headers($config, $user);
|
$messenger->anti_abuse_headers($config, $user);
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'USERNAME' => htmlspecialchars_decode($user->data['username']),
|
'USERNAME' => htmlspecialchars_decode($user->data['username'], ENT_COMPAT),
|
||||||
'MESSAGE' => htmlspecialchars_decode($request->variable('send_test_email_text', '', true)),
|
'MESSAGE' => htmlspecialchars_decode($request->variable('send_test_email_text', '', true), ENT_COMPAT),
|
||||||
));
|
));
|
||||||
$messenger->send(NOTIFY_EMAIL);
|
$messenger->send(NOTIFY_EMAIL);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -205,7 +205,7 @@ class acp_email
|
||||||
$email_template = 'admin_send_email';
|
$email_template = 'admin_send_email';
|
||||||
$template_data = array(
|
$template_data = array(
|
||||||
'CONTACT_EMAIL' => phpbb_get_board_contact($config, $phpEx),
|
'CONTACT_EMAIL' => phpbb_get_board_contact($config, $phpEx),
|
||||||
'MESSAGE' => htmlspecialchars_decode($message),
|
'MESSAGE' => htmlspecialchars_decode($message, ENT_COMPAT),
|
||||||
);
|
);
|
||||||
$generate_log_entry = true;
|
$generate_log_entry = true;
|
||||||
|
|
||||||
|
|
@ -252,7 +252,7 @@ class acp_email
|
||||||
|
|
||||||
$messenger->anti_abuse_headers($config, $user);
|
$messenger->anti_abuse_headers($config, $user);
|
||||||
|
|
||||||
$messenger->subject(htmlspecialchars_decode($subject));
|
$messenger->subject(htmlspecialchars_decode($subject, ENT_COMPAT));
|
||||||
$messenger->set_mail_priority($priority);
|
$messenger->set_mail_priority($priority);
|
||||||
|
|
||||||
$messenger->assign_vars($template_data);
|
$messenger->assign_vars($template_data);
|
||||||
|
|
|
||||||
|
|
@ -90,7 +90,7 @@ class acp_help_phpbb
|
||||||
|
|
||||||
if (!empty($response))
|
if (!empty($response))
|
||||||
{
|
{
|
||||||
$decoded_response = json_decode(htmlspecialchars_decode($response), true);
|
$decoded_response = json_decode(htmlspecialchars_decode($response, ENT_COMPAT), true);
|
||||||
|
|
||||||
if ($decoded_response && isset($decoded_response['status']) && $decoded_response['status'] == 'ok')
|
if ($decoded_response && isset($decoded_response['status']) && $decoded_response['status'] == 'ok')
|
||||||
{
|
{
|
||||||
|
|
@ -126,7 +126,7 @@ class acp_help_phpbb
|
||||||
}
|
}
|
||||||
|
|
||||||
$template->assign_block_vars('providers', array(
|
$template->assign_block_vars('providers', array(
|
||||||
'NAME' => htmlspecialchars($provider),
|
'NAME' => htmlspecialchars($provider, ENT_COMPAT),
|
||||||
));
|
));
|
||||||
|
|
||||||
foreach ($data as $key => $value)
|
foreach ($data as $key => $value)
|
||||||
|
|
|
||||||
|
|
@ -693,7 +693,7 @@ class acp_icons
|
||||||
|
|
||||||
foreach ($_paks as $pak)
|
foreach ($_paks as $pak)
|
||||||
{
|
{
|
||||||
$pak_options .= '<option value="' . $pak . '">' . htmlspecialchars($pak) . '</option>';
|
$pak_options .= '<option value="' . $pak . '">' . htmlspecialchars($pak, ENT_COMPAT) . '</option>';
|
||||||
}
|
}
|
||||||
|
|
||||||
$template->assign_vars(array(
|
$template->assign_vars(array(
|
||||||
|
|
|
||||||
|
|
@ -130,7 +130,7 @@ class acp_inactive
|
||||||
$messenger->anti_abuse_headers($config, $user);
|
$messenger->anti_abuse_headers($config, $user);
|
||||||
|
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'USERNAME' => htmlspecialchars_decode($row['username']))
|
'USERNAME' => htmlspecialchars_decode($row['username'], ENT_COMPAT))
|
||||||
);
|
);
|
||||||
|
|
||||||
$messenger->send(NOTIFY_EMAIL);
|
$messenger->send(NOTIFY_EMAIL);
|
||||||
|
|
@ -224,7 +224,7 @@ class acp_inactive
|
||||||
$messenger->anti_abuse_headers($config, $user);
|
$messenger->anti_abuse_headers($config, $user);
|
||||||
|
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'USERNAME' => htmlspecialchars_decode($row['username']),
|
'USERNAME' => htmlspecialchars_decode($row['username'], ENT_COMPAT),
|
||||||
'REGISTER_DATE' => $user->format_date($row['user_regdate'], false, true),
|
'REGISTER_DATE' => $user->format_date($row['user_regdate'], false, true),
|
||||||
'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u=" . $row['user_id'] . '&k=' . $row['user_actkey'])
|
'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u=" . $row['user_id'] . '&k=' . $row['user_actkey'])
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -274,7 +274,7 @@ class acp_language
|
||||||
|
|
||||||
$lang_pack = array(
|
$lang_pack = array(
|
||||||
'iso' => $lang_iso,
|
'iso' => $lang_iso,
|
||||||
'name' => trim(htmlspecialchars($file[0])),
|
'name' => trim(htmlspecialchars($file[0], ENT_COMPAT)),
|
||||||
'local_name'=> trim(htmlspecialchars($file[1], ENT_COMPAT, 'UTF-8')),
|
'local_name'=> trim(htmlspecialchars($file[1], ENT_COMPAT, 'UTF-8')),
|
||||||
'author' => trim(htmlspecialchars($file[2], ENT_COMPAT, 'UTF-8'))
|
'author' => trim(htmlspecialchars($file[2], ENT_COMPAT, 'UTF-8'))
|
||||||
);
|
);
|
||||||
|
|
@ -420,7 +420,7 @@ class acp_language
|
||||||
foreach ($new_ary as $iso => $lang_ary)
|
foreach ($new_ary as $iso => $lang_ary)
|
||||||
{
|
{
|
||||||
$template->assign_block_vars('notinst', array(
|
$template->assign_block_vars('notinst', array(
|
||||||
'ISO' => htmlspecialchars($lang_ary['iso']),
|
'ISO' => htmlspecialchars($lang_ary['iso'], ENT_COMPAT),
|
||||||
'LOCAL_NAME' => htmlspecialchars($lang_ary['local_name'], ENT_COMPAT, 'UTF-8'),
|
'LOCAL_NAME' => htmlspecialchars($lang_ary['local_name'], ENT_COMPAT, 'UTF-8'),
|
||||||
'NAME' => htmlspecialchars($lang_ary['name'], ENT_COMPAT, 'UTF-8'),
|
'NAME' => htmlspecialchars($lang_ary['name'], ENT_COMPAT, 'UTF-8'),
|
||||||
'U_INSTALL' => $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso']) . '&hash=' . generate_link_hash('acp_language'))
|
'U_INSTALL' => $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso']) . '&hash=' . generate_link_hash('acp_language'))
|
||||||
|
|
|
||||||
|
|
@ -108,7 +108,7 @@ class acp_logs
|
||||||
$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
|
$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
|
||||||
|
|
||||||
$keywords = $request->variable('keywords', '', true);
|
$keywords = $request->variable('keywords', '', true);
|
||||||
$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : '';
|
$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)) : '';
|
||||||
|
|
||||||
$l_title = $user->lang['ACP_' . strtoupper($mode) . '_LOGS'];
|
$l_title = $user->lang['ACP_' . strtoupper($mode) . '_LOGS'];
|
||||||
$l_title_explain = $user->lang['ACP_' . strtoupper($mode) . '_LOGS_EXPLAIN'];
|
$l_title_explain = $user->lang['ACP_' . strtoupper($mode) . '_LOGS_EXPLAIN'];
|
||||||
|
|
|
||||||
|
|
@ -70,7 +70,7 @@ class acp_ranks
|
||||||
'rank_title' => $rank_title,
|
'rank_title' => $rank_title,
|
||||||
'rank_special' => $special_rank,
|
'rank_special' => $special_rank,
|
||||||
'rank_min' => $min_posts,
|
'rank_min' => $min_posts,
|
||||||
'rank_image' => htmlspecialchars_decode($rank_image)
|
'rank_image' => htmlspecialchars_decode($rank_image, ENT_COMPAT)
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -206,7 +206,7 @@ class acp_ranks
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . $img . ((in_array($img, $existing_imgs)) ? ' ' . $user->lang['RANK_IMAGE_IN_USE'] : '') . '</option>';
|
$filename_list .= '<option value="' . htmlspecialchars($img, ENT_COMPAT) . '"' . $selected . '>' . $img . ((in_array($img, $existing_imgs)) ? ' ' . $user->lang['RANK_IMAGE_IN_USE'] : '') . '</option>';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -221,7 +221,7 @@ class acp_ranks
|
||||||
|
|
||||||
'RANK_TITLE' => (isset($ranks['rank_title'])) ? $ranks['rank_title'] : '',
|
'RANK_TITLE' => (isset($ranks['rank_title'])) ? $ranks['rank_title'] : '',
|
||||||
'S_FILENAME_LIST' => $filename_list,
|
'S_FILENAME_LIST' => $filename_list,
|
||||||
'RANK_IMAGE' => ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : htmlspecialchars($phpbb_admin_path) . 'images/spacer.gif',
|
'RANK_IMAGE' => ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : htmlspecialchars($phpbb_admin_path, ENT_COMPAT) . 'images/spacer.gif',
|
||||||
'S_SPECIAL_RANK' => (isset($ranks['rank_special']) && $ranks['rank_special']) ? true : false,
|
'S_SPECIAL_RANK' => (isset($ranks['rank_special']) && $ranks['rank_special']) ? true : false,
|
||||||
'MIN_POSTS' => (isset($ranks['rank_min']) && !$ranks['rank_special']) ? $ranks['rank_min'] : 0,
|
'MIN_POSTS' => (isset($ranks['rank_min']) && !$ranks['rank_special']) ? $ranks['rank_min'] : 0,
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -205,7 +205,7 @@ class acp_styles
|
||||||
{
|
{
|
||||||
if (in_array($dir, $this->reserved_style_names))
|
if (in_array($dir, $this->reserved_style_names))
|
||||||
{
|
{
|
||||||
$messages[] = $this->user->lang('STYLE_NAME_RESERVED', htmlspecialchars($dir));
|
$messages[] = $this->user->lang('STYLE_NAME_RESERVED', htmlspecialchars($dir, ENT_COMPAT));
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -225,12 +225,12 @@ class acp_styles
|
||||||
$found = true;
|
$found = true;
|
||||||
$installed_names[] = $style['style_name'];
|
$installed_names[] = $style['style_name'];
|
||||||
$installed_dirs[] = $style['style_path'];
|
$installed_dirs[] = $style['style_path'];
|
||||||
$messages[] = sprintf($this->user->lang['STYLE_INSTALLED'], htmlspecialchars($style['style_name']));
|
$messages[] = sprintf($this->user->lang['STYLE_INSTALLED'], htmlspecialchars($style['style_name'], ENT_COMPAT));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!$found)
|
if (!$found)
|
||||||
{
|
{
|
||||||
$messages[] = sprintf($this->user->lang['STYLE_NOT_INSTALLED'], htmlspecialchars($dir));
|
$messages[] = sprintf($this->user->lang['STYLE_NOT_INSTALLED'], htmlspecialchars($dir, ENT_COMPAT));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -598,7 +598,7 @@ class acp_styles
|
||||||
{
|
{
|
||||||
$this->template->assign_block_vars('parent_styles', array(
|
$this->template->assign_block_vars('parent_styles', array(
|
||||||
'STYLE_ID' => $row['style_id'],
|
'STYLE_ID' => $row['style_id'],
|
||||||
'STYLE_NAME' => htmlspecialchars($row['style_name']),
|
'STYLE_NAME' => htmlspecialchars($row['style_name'], ENT_COMPAT),
|
||||||
'LEVEL' => $row['level'],
|
'LEVEL' => $row['level'],
|
||||||
'SPACER' => str_repeat(' ', $row['level']),
|
'SPACER' => str_repeat(' ', $row['level']),
|
||||||
)
|
)
|
||||||
|
|
@ -609,9 +609,9 @@ class acp_styles
|
||||||
$this->template->assign_vars(array(
|
$this->template->assign_vars(array(
|
||||||
'S_STYLE_DETAILS' => true,
|
'S_STYLE_DETAILS' => true,
|
||||||
'STYLE_ID' => $style['style_id'],
|
'STYLE_ID' => $style['style_id'],
|
||||||
'STYLE_NAME' => htmlspecialchars($style['style_name']),
|
'STYLE_NAME' => htmlspecialchars($style['style_name'], ENT_COMPAT),
|
||||||
'STYLE_PATH' => htmlspecialchars($style['style_path']),
|
'STYLE_PATH' => htmlspecialchars($style['style_path'], ENT_COMPAT),
|
||||||
'STYLE_VERSION' => htmlspecialchars($style_cfg['style_version']),
|
'STYLE_VERSION' => htmlspecialchars($style_cfg['style_version'], ENT_COMPAT),
|
||||||
'STYLE_COPYRIGHT' => strip_tags($style['style_copyright']),
|
'STYLE_COPYRIGHT' => strip_tags($style['style_copyright']),
|
||||||
'STYLE_PARENT' => $style['style_parent_id'],
|
'STYLE_PARENT' => $style['style_parent_id'],
|
||||||
'S_STYLE_ACTIVE' => $style['style_active'],
|
'S_STYLE_ACTIVE' => $style['style_active'],
|
||||||
|
|
@ -657,7 +657,7 @@ class acp_styles
|
||||||
{
|
{
|
||||||
if (empty($style['_shown']))
|
if (empty($style['_shown']))
|
||||||
{
|
{
|
||||||
$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($style['style_parent_tree']));
|
$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($style['style_parent_tree'], ENT_COMPAT));
|
||||||
$this->list_style($style, 0);
|
$this->list_style($style, 0);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -826,7 +826,7 @@ class acp_styles
|
||||||
{
|
{
|
||||||
// Parent style is not installed yet
|
// Parent style is not installed yet
|
||||||
$style['_available'] = false;
|
$style['_available'] = false;
|
||||||
$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($parent));
|
$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($parent, ENT_COMPAT));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -966,10 +966,10 @@ class acp_styles
|
||||||
$row = array(
|
$row = array(
|
||||||
// Style data
|
// Style data
|
||||||
'STYLE_ID' => $style['style_id'],
|
'STYLE_ID' => $style['style_id'],
|
||||||
'STYLE_NAME' => htmlspecialchars($style['style_name']),
|
'STYLE_NAME' => htmlspecialchars($style['style_name'], ENT_COMPAT),
|
||||||
'STYLE_VERSION' => $style_cfg['style_version'] ?? '-',
|
'STYLE_VERSION' => $style_cfg['style_version'] ?? '-',
|
||||||
'STYLE_PHPBB_VERSION' => $style_cfg['phpbb_version'],
|
'STYLE_PHPBB_VERSION' => $style_cfg['phpbb_version'],
|
||||||
'STYLE_PATH' => htmlspecialchars($style['style_path']),
|
'STYLE_PATH' => htmlspecialchars($style['style_path'], ENT_COMPAT),
|
||||||
'STYLE_COPYRIGHT' => strip_tags($style['style_copyright']),
|
'STYLE_COPYRIGHT' => strip_tags($style['style_copyright']),
|
||||||
'STYLE_ACTIVE' => $style['style_active'],
|
'STYLE_ACTIVE' => $style['style_active'],
|
||||||
|
|
||||||
|
|
@ -979,7 +979,7 @@ class acp_styles
|
||||||
'LEVEL' => $level,
|
'LEVEL' => $level,
|
||||||
'PADDING' => (4 + 16 * $level),
|
'PADDING' => (4 + 16 * $level),
|
||||||
'SHOW_COPYRIGHT' => ($style['style_id']) ? false : true,
|
'SHOW_COPYRIGHT' => ($style['style_id']) ? false : true,
|
||||||
'STYLE_PATH_FULL' => htmlspecialchars($this->styles_path_absolute . '/' . $style['style_path']) . '/',
|
'STYLE_PATH_FULL' => htmlspecialchars($this->styles_path_absolute . '/' . $style['style_path'], ENT_COMPAT) . '/',
|
||||||
|
|
||||||
// Comment to show below style
|
// Comment to show below style
|
||||||
'COMMENT' => (isset($style['_note'])) ? $style['_note'] : '',
|
'COMMENT' => (isset($style['_note'])) ? $style['_note'] : '',
|
||||||
|
|
|
||||||
|
|
@ -402,8 +402,8 @@ class acp_users
|
||||||
$messenger->anti_abuse_headers($config, $user);
|
$messenger->anti_abuse_headers($config, $user);
|
||||||
|
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
|
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
|
||||||
'USERNAME' => htmlspecialchars_decode($user_row['username']),
|
'USERNAME' => htmlspecialchars_decode($user_row['username'], ENT_COMPAT),
|
||||||
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
|
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
@ -466,7 +466,7 @@ class acp_users
|
||||||
$messenger->anti_abuse_headers($config, $user);
|
$messenger->anti_abuse_headers($config, $user);
|
||||||
|
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'USERNAME' => htmlspecialchars_decode($user_row['username']))
|
'USERNAME' => htmlspecialchars_decode($user_row['username'], ENT_COMPAT))
|
||||||
);
|
);
|
||||||
|
|
||||||
$messenger->send(NOTIFY_EMAIL);
|
$messenger->send(NOTIFY_EMAIL);
|
||||||
|
|
|
||||||
|
|
@ -488,7 +488,7 @@ class auth_admin extends \phpbb\auth\auth
|
||||||
|
|
||||||
if ($s_role_options)
|
if ($s_role_options)
|
||||||
{
|
{
|
||||||
$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
|
$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN'], ENT_COMPAT) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$current_role_id && $mode != 'view')
|
if (!$current_role_id && $mode != 'view')
|
||||||
|
|
@ -585,7 +585,7 @@ class auth_admin extends \phpbb\auth\auth
|
||||||
|
|
||||||
if ($s_role_options)
|
if ($s_role_options)
|
||||||
{
|
{
|
||||||
$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
|
$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN'], ENT_COMPAT) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$current_role_id && $mode != 'view')
|
if (!$current_role_id && $mode != 'view')
|
||||||
|
|
|
||||||
|
|
@ -322,17 +322,17 @@ class diff_renderer_unified extends diff_renderer
|
||||||
|
|
||||||
function _context($lines)
|
function _context($lines)
|
||||||
{
|
{
|
||||||
return '<pre class="diff context">' . htmlspecialchars($this->_lines($lines, ' ')) . '<br /></pre>';
|
return '<pre class="diff context">' . htmlspecialchars($this->_lines($lines, ' '), ENT_COMPAT) . '<br /></pre>';
|
||||||
}
|
}
|
||||||
|
|
||||||
function _added($lines)
|
function _added($lines)
|
||||||
{
|
{
|
||||||
return '<pre class="diff added">' . htmlspecialchars($this->_lines($lines, '+')) . '<br /></pre>';
|
return '<pre class="diff added">' . htmlspecialchars($this->_lines($lines, '+'), ENT_COMPAT) . '<br /></pre>';
|
||||||
}
|
}
|
||||||
|
|
||||||
function _deleted($lines)
|
function _deleted($lines)
|
||||||
{
|
{
|
||||||
return '<pre class="diff removed">' . htmlspecialchars($this->_lines($lines, '-')) . '<br /></pre>';
|
return '<pre class="diff removed">' . htmlspecialchars($this->_lines($lines, '-'), ENT_COMPAT) . '<br /></pre>';
|
||||||
}
|
}
|
||||||
|
|
||||||
function _changed($orig, $final)
|
function _changed($orig, $final)
|
||||||
|
|
@ -519,7 +519,7 @@ class diff_renderer_inline extends diff_renderer
|
||||||
|
|
||||||
function _encode(&$string)
|
function _encode(&$string)
|
||||||
{
|
{
|
||||||
$string = htmlspecialchars($string);
|
$string = htmlspecialchars($string, ENT_COMPAT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -539,7 +539,7 @@ class diff_renderer_raw extends diff_renderer
|
||||||
*/
|
*/
|
||||||
function get_diff_content($diff)
|
function get_diff_content($diff)
|
||||||
{
|
{
|
||||||
return '<textarea style="height: 290px;" rows="15" cols="76" class="full">' . htmlspecialchars($this->render($diff)) . '</textarea>';
|
return '<textarea style="height: 290px;" rows="15" cols="76" class="full">' . htmlspecialchars($this->render($diff), ENT_COMPAT) . '</textarea>';
|
||||||
}
|
}
|
||||||
|
|
||||||
function _block_header($xbeg, $xlen, $ybeg, $ylen)
|
function _block_header($xbeg, $xlen, $ybeg, $ylen)
|
||||||
|
|
@ -649,7 +649,7 @@ class diff_renderer_side_by_side extends diff_renderer
|
||||||
|
|
||||||
foreach ($change['lines'] as $_line)
|
foreach ($change['lines'] as $_line)
|
||||||
{
|
{
|
||||||
$line .= htmlspecialchars($_line) . '<br />';
|
$line .= htmlspecialchars($_line, ENT_COMPAT) . '<br />';
|
||||||
}
|
}
|
||||||
|
|
||||||
$output .= '<tr><td class="added_empty"> </td><td class="added"><pre>' . ((strlen($line)) ? $line : ' ') . '<br /></pre></td></tr>';
|
$output .= '<tr><td class="added_empty"> </td><td class="added"><pre>' . ((strlen($line)) ? $line : ' ') . '<br /></pre></td></tr>';
|
||||||
|
|
@ -660,14 +660,14 @@ class diff_renderer_side_by_side extends diff_renderer
|
||||||
|
|
||||||
foreach ($change['lines'] as $_line)
|
foreach ($change['lines'] as $_line)
|
||||||
{
|
{
|
||||||
$line .= htmlspecialchars($_line) . '<br />';
|
$line .= htmlspecialchars($_line, ENT_COMPAT) . '<br />';
|
||||||
}
|
}
|
||||||
|
|
||||||
$output .= '<tr><td class="removed"><pre>' . ((strlen($line)) ? $line : ' ') . '<br /></pre></td><td class="removed_empty"> </td></tr>';
|
$output .= '<tr><td class="removed"><pre>' . ((strlen($line)) ? $line : ' ') . '<br /></pre></td><td class="removed_empty"> </td></tr>';
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'empty':
|
case 'empty':
|
||||||
$current_context .= htmlspecialchars($change['line']) . '<br />';
|
$current_context .= htmlspecialchars($change['line'], ENT_COMPAT) . '<br />';
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'change':
|
case 'change':
|
||||||
|
|
@ -678,9 +678,9 @@ class diff_renderer_side_by_side extends diff_renderer
|
||||||
|
|
||||||
for ($row = 0, $row_max = max($oldsize, $newsize); $row < $row_max; ++$row)
|
for ($row = 0, $row_max = max($oldsize, $newsize); $row < $row_max; ++$row)
|
||||||
{
|
{
|
||||||
$left .= isset($change['old'][$row]) ? htmlspecialchars($change['old'][$row]) : '';
|
$left .= isset($change['old'][$row]) ? htmlspecialchars($change['old'][$row], ENT_COMPAT) : '';
|
||||||
$left .= '<br />';
|
$left .= '<br />';
|
||||||
$right .= isset($change['new'][$row]) ? htmlspecialchars($change['new'][$row]) : '';
|
$right .= isset($change['new'][$row]) ? htmlspecialchars($change['new'][$row], ENT_COMPAT) : '';
|
||||||
$right .= '<br />';
|
$right .= '<br />';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2703,7 +2703,7 @@ function parse_cfg_file($filename, $lines = false)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Determine first occurrence, since in values the equal sign is allowed
|
// Determine first occurrence, since in values the equal sign is allowed
|
||||||
$key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))));
|
$key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))), ENT_COMPAT);
|
||||||
$value = trim(substr($line, $delim_pos + 1));
|
$value = trim(substr($line, $delim_pos + 1));
|
||||||
|
|
||||||
if (in_array($value, array('off', 'false', '0')))
|
if (in_array($value, array('off', 'false', '0')))
|
||||||
|
|
@ -2720,11 +2720,11 @@ function parse_cfg_file($filename, $lines = false)
|
||||||
}
|
}
|
||||||
else if (($value[0] == "'" && $value[strlen($value) - 1] == "'") || ($value[0] == '"' && $value[strlen($value) - 1] == '"'))
|
else if (($value[0] == "'" && $value[strlen($value) - 1] == "'") || ($value[0] == '"' && $value[strlen($value) - 1] == '"'))
|
||||||
{
|
{
|
||||||
$value = htmlspecialchars(substr($value, 1, strlen($value)-2));
|
$value = htmlspecialchars(substr($value, 1, strlen($value)-2), ENT_COMPAT);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$value = htmlspecialchars($value);
|
$value = htmlspecialchars($value, ENT_COMPAT);
|
||||||
}
|
}
|
||||||
|
|
||||||
$parsed_items[$key] = $value;
|
$parsed_items[$key] = $value;
|
||||||
|
|
@ -2757,7 +2757,7 @@ function get_backtrace()
|
||||||
foreach ($backtrace as $trace)
|
foreach ($backtrace as $trace)
|
||||||
{
|
{
|
||||||
// Strip the current directory from path
|
// Strip the current directory from path
|
||||||
$trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file']));
|
$trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file']), ENT_COMPAT);
|
||||||
$trace['line'] = (empty($trace['line'])) ? '(not given by php)' : $trace['line'];
|
$trace['line'] = (empty($trace['line'])) ? '(not given by php)' : $trace['line'];
|
||||||
|
|
||||||
// Only show function arguments for include etc.
|
// Only show function arguments for include etc.
|
||||||
|
|
@ -2765,7 +2765,7 @@ function get_backtrace()
|
||||||
$argument = '';
|
$argument = '';
|
||||||
if (!empty($trace['args'][0]) && in_array($trace['function'], array('include', 'require', 'include_once', 'require_once')))
|
if (!empty($trace['args'][0]) && in_array($trace['function'], array('include', 'require', 'include_once', 'require_once')))
|
||||||
{
|
{
|
||||||
$argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0]));
|
$argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0]), ENT_COMPAT);
|
||||||
}
|
}
|
||||||
|
|
||||||
$trace['class'] = (!isset($trace['class'])) ? '' : $trace['class'];
|
$trace['class'] = (!isset($trace['class'])) ? '' : $trace['class'];
|
||||||
|
|
@ -2775,7 +2775,7 @@ function get_backtrace()
|
||||||
$output .= '<b>FILE:</b> ' . $trace['file'] . '<br />';
|
$output .= '<b>FILE:</b> ' . $trace['file'] . '<br />';
|
||||||
$output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />';
|
$output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />';
|
||||||
|
|
||||||
$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']);
|
$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function'], ENT_COMPAT);
|
||||||
$output .= '(' . (($argument !== '') ? "'$argument'" : '') . ')<br />';
|
$output .= '(' . (($argument !== '') ? "'$argument'" : '') . ')<br />';
|
||||||
}
|
}
|
||||||
$output .= '</div>';
|
$output .= '</div>';
|
||||||
|
|
@ -4405,6 +4405,6 @@ function phpbb_get_board_contact_link(\phpbb\config\config $config, $phpbb_root_
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return 'mailto:' . htmlspecialchars($config['board_contact']);
|
return 'mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -758,7 +758,7 @@ function phpbb_http_login($param)
|
||||||
{
|
{
|
||||||
if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
|
if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
|
||||||
{
|
{
|
||||||
$username = htmlspecialchars_decode($request->server($k));
|
$username = htmlspecialchars_decode($request->server($k), ENT_COMPAT);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -768,7 +768,7 @@ function phpbb_http_login($param)
|
||||||
{
|
{
|
||||||
if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
|
if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
|
||||||
{
|
{
|
||||||
$password = htmlspecialchars_decode($request->server($k));
|
$password = htmlspecialchars_decode($request->server($k), ENT_COMPAT);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -803,8 +803,8 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
|
||||||
$orig_url = $url;
|
$orig_url = $url;
|
||||||
$orig_relative = $relative_url;
|
$orig_relative = $relative_url;
|
||||||
$append = '';
|
$append = '';
|
||||||
$url = htmlspecialchars_decode($url);
|
$url = htmlspecialchars_decode($url, ENT_COMPAT);
|
||||||
$relative_url = htmlspecialchars_decode($relative_url);
|
$relative_url = htmlspecialchars_decode($relative_url, ENT_COMPAT);
|
||||||
|
|
||||||
// make sure no HTML entities were matched
|
// make sure no HTML entities were matched
|
||||||
$chars = array('<', '>', '"');
|
$chars = array('<', '>', '"');
|
||||||
|
|
@ -911,9 +911,9 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
$url = htmlspecialchars($url);
|
$url = htmlspecialchars($url, ENT_COMPAT);
|
||||||
$text = htmlspecialchars($text);
|
$text = htmlspecialchars($text, ENT_COMPAT);
|
||||||
$append = htmlspecialchars($append);
|
$append = htmlspecialchars($append, ENT_COMPAT);
|
||||||
|
|
||||||
$html = "$whitespace<!-- $tag --><a$class href=\"$url\">$text</a><!-- $tag -->$append";
|
$html = "$whitespace<!-- $tag --><a$class href=\"$url\">$text</a><!-- $tag -->$append";
|
||||||
|
|
||||||
|
|
@ -1456,7 +1456,7 @@ function truncate_string($string, $max_length = 60, $max_store_length = 255, $al
|
||||||
$string = substr($string, 4);
|
$string = substr($string, 4);
|
||||||
}
|
}
|
||||||
|
|
||||||
$_chars = utf8_str_split(htmlspecialchars_decode($string));
|
$_chars = utf8_str_split(htmlspecialchars_decode($string, ENT_COMPAT));
|
||||||
$chars = array_map('utf8_htmlspecialchars', $_chars);
|
$chars = array_map('utf8_htmlspecialchars', $_chars);
|
||||||
|
|
||||||
// Now check the length ;)
|
// Now check the length ;)
|
||||||
|
|
@ -1471,7 +1471,7 @@ function truncate_string($string, $max_length = 60, $max_store_length = 255, $al
|
||||||
if (utf8_strlen($string) > $max_store_length)
|
if (utf8_strlen($string) > $max_store_length)
|
||||||
{
|
{
|
||||||
// let's split again, we do not want half-baked strings where entities are split
|
// let's split again, we do not want half-baked strings where entities are split
|
||||||
$_chars = utf8_str_split(htmlspecialchars_decode($string));
|
$_chars = utf8_str_split(htmlspecialchars_decode($string, ENT_COMPAT));
|
||||||
$chars = array_map('utf8_htmlspecialchars', $_chars);
|
$chars = array_map('utf8_htmlspecialchars', $_chars);
|
||||||
|
|
||||||
do
|
do
|
||||||
|
|
|
||||||
|
|
@ -208,7 +208,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
|
||||||
|
|
||||||
if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)))
|
if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)))
|
||||||
{
|
{
|
||||||
header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
|
header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'], ENT_COMPAT)));
|
||||||
if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
|
if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
|
||||||
{
|
{
|
||||||
header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
|
header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
|
||||||
|
|
@ -216,7 +216,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
|
header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'], ENT_COMPAT)));
|
||||||
if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))
|
if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))
|
||||||
{
|
{
|
||||||
header('X-Download-Options: noopen');
|
header('X-Download-Options: noopen');
|
||||||
|
|
@ -327,7 +327,7 @@ function download_allowed()
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
$url = htmlspecialchars_decode($request->header('Referer'));
|
$url = htmlspecialchars_decode($request->header('Referer'), ENT_COMPAT);
|
||||||
|
|
||||||
if (!$url)
|
if (!$url)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -320,8 +320,8 @@ class messenger
|
||||||
// We add some standard variables we always use, no need to specify them always
|
// We add some standard variables we always use, no need to specify them always
|
||||||
$this->assign_vars(array(
|
$this->assign_vars(array(
|
||||||
'U_BOARD' => generate_board_url(),
|
'U_BOARD' => generate_board_url(),
|
||||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'])),
|
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'], ENT_COMPAT)),
|
||||||
'SITENAME' => htmlspecialchars_decode($config['sitename']),
|
'SITENAME' => htmlspecialchars_decode($config['sitename'], ENT_COMPAT),
|
||||||
));
|
));
|
||||||
|
|
||||||
$subject = $this->subject;
|
$subject = $this->subject;
|
||||||
|
|
@ -427,7 +427,7 @@ class messenger
|
||||||
$user->session_begin();
|
$user->session_begin();
|
||||||
}
|
}
|
||||||
|
|
||||||
$calling_page = htmlspecialchars_decode($request->server('PHP_SELF'));
|
$calling_page = htmlspecialchars_decode($request->server('PHP_SELF'), ENT_COMPAT);
|
||||||
|
|
||||||
switch ($type)
|
switch ($type)
|
||||||
{
|
{
|
||||||
|
|
@ -440,7 +440,7 @@ class messenger
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
$message .= '<br /><em>' . htmlspecialchars($calling_page) . '</em><br /><br />' . $msg . '<br />';
|
$message .= '<br /><em>' . htmlspecialchars($calling_page, ENT_COMPAT) . '</em><br /><br />' . $msg . '<br />';
|
||||||
$phpbb_log->add('critical', $user->data['user_id'], $user->ip, 'LOG_ERROR_' . $type, false, array($message));
|
$phpbb_log->add('critical', $user->data['user_id'], $user->ip, 'LOG_ERROR_' . $type, false, array($message));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -557,7 +557,7 @@ class messenger
|
||||||
$use_queue = true;
|
$use_queue = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
$contact_name = htmlspecialchars_decode($config['board_contact_name']);
|
$contact_name = htmlspecialchars_decode($config['board_contact_name'], ENT_COMPAT);
|
||||||
$board_contact = (($contact_name !== '') ? '"' . mail_encode($contact_name) . '" ' : '') . '<' . $config['board_contact'] . '>';
|
$board_contact = (($contact_name !== '') ? '"' . mail_encode($contact_name) . '" ' : '') . '<' . $config['board_contact'] . '>';
|
||||||
|
|
||||||
$break = false;
|
$break = false;
|
||||||
|
|
@ -691,7 +691,7 @@ class messenger
|
||||||
if (!$use_queue)
|
if (!$use_queue)
|
||||||
{
|
{
|
||||||
include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
|
include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
|
||||||
$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
|
$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password'], ENT_COMPAT), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
|
||||||
|
|
||||||
if (!$this->jabber->connect())
|
if (!$this->jabber->connect())
|
||||||
{
|
{
|
||||||
|
|
@ -891,7 +891,7 @@ class queue
|
||||||
}
|
}
|
||||||
|
|
||||||
include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
|
include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
|
||||||
$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
|
$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password'], ENT_COMPAT), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
|
||||||
|
|
||||||
if (!$this->jabber->connect())
|
if (!$this->jabber->connect())
|
||||||
{
|
{
|
||||||
|
|
@ -1196,7 +1196,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
|
||||||
}
|
}
|
||||||
|
|
||||||
$err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";
|
$err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";
|
||||||
$err_msg .= ($error_contents) ? '<br /><br />' . htmlspecialchars($error_contents) : '';
|
$err_msg .= ($error_contents) ? '<br /><br />' . htmlspecialchars($error_contents, ENT_COMPAT) : '';
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1208,7 +1208,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Let me in. This function handles the complete authentication process
|
// Let me in. This function handles the complete authentication process
|
||||||
if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], htmlspecialchars_decode($config['smtp_password']), $config['smtp_auth_method']))
|
if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], htmlspecialchars_decode($config['smtp_password'], ENT_COMPAT), $config['smtp_auth_method']))
|
||||||
{
|
{
|
||||||
$smtp->close_session($err_msg);
|
$smtp->close_session($err_msg);
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -1259,7 +1259,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
|
||||||
{
|
{
|
||||||
$user->session_begin();
|
$user->session_begin();
|
||||||
$err_msg .= '<br /><br />';
|
$err_msg .= '<br /><br />';
|
||||||
$err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address)) : '<strong>' . htmlspecialchars($mail_to_address) . '</strong> possibly an invalid email address?';
|
$err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address, ENT_COMPAT)) : '<strong>' . htmlspecialchars($mail_to_address, ENT_COMPAT) . '</strong> possibly an invalid email address?';
|
||||||
$smtp->close_session($err_msg);
|
$smtp->close_session($err_msg);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
@ -1342,7 +1342,7 @@ class smtp_class
|
||||||
{
|
{
|
||||||
if ($this->backtrace)
|
if ($this->backtrace)
|
||||||
{
|
{
|
||||||
$this->backtrace_log[] = utf8_htmlspecialchars($message);
|
$this->backtrace_log[] = utf8_htmlspecialchars($message, ENT_COMPAT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1510,7 +1510,7 @@ function user_ipwhois($ip)
|
||||||
$ipwhois = (empty($buffer)) ? $ipwhois : $buffer;
|
$ipwhois = (empty($buffer)) ? $ipwhois : $buffer;
|
||||||
}
|
}
|
||||||
|
|
||||||
$ipwhois = htmlspecialchars($ipwhois);
|
$ipwhois = htmlspecialchars($ipwhois, ENT_COMPAT);
|
||||||
|
|
||||||
// Magic URL ;)
|
// Magic URL ;)
|
||||||
return trim(make_clickable($ipwhois, false, ''));
|
return trim(make_clickable($ipwhois, false, ''));
|
||||||
|
|
@ -1572,11 +1572,11 @@ function validate_string($string, $optional = false, $min = 0, $max = 0)
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
|
if ($min && utf8_strlen(htmlspecialchars_decode($string, ENT_COMPAT)) < $min)
|
||||||
{
|
{
|
||||||
return 'TOO_SHORT';
|
return 'TOO_SHORT';
|
||||||
}
|
}
|
||||||
else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
|
else if ($max && utf8_strlen(htmlspecialchars_decode($string, ENT_COMPAT)) > $max)
|
||||||
{
|
{
|
||||||
return 'TOO_LONG';
|
return 'TOO_LONG';
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -179,7 +179,7 @@ class mcp_logs
|
||||||
$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
|
$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
|
||||||
|
|
||||||
$keywords = $request->variable('keywords', '', true);
|
$keywords = $request->variable('keywords', '', true);
|
||||||
$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : '';
|
$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)) : '';
|
||||||
|
|
||||||
// Grab log data
|
// Grab log data
|
||||||
$log_data = array();
|
$log_data = array();
|
||||||
|
|
|
||||||
|
|
@ -206,7 +206,7 @@ class mcp_notes
|
||||||
$sql_sort = $sort_by_sql[$sk] . ' ' . (($sd == 'd') ? 'DESC' : 'ASC');
|
$sql_sort = $sort_by_sql[$sk] . ' ' . (($sd == 'd') ? 'DESC' : 'ASC');
|
||||||
|
|
||||||
$keywords = $request->variable('keywords', '', true);
|
$keywords = $request->variable('keywords', '', true);
|
||||||
$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : '';
|
$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)) : '';
|
||||||
|
|
||||||
$log_data = array();
|
$log_data = array();
|
||||||
$log_count = 0;
|
$log_count = 0;
|
||||||
|
|
|
||||||
|
|
@ -506,7 +506,7 @@ class bbcode_firstpass extends bbcode
|
||||||
}
|
}
|
||||||
|
|
||||||
// Because highlight_string is specialcharing the text (but we already did this before), we have to reverse this in order to get correct results
|
// Because highlight_string is specialcharing the text (but we already did this before), we have to reverse this in order to get correct results
|
||||||
$code = htmlspecialchars_decode($code);
|
$code = htmlspecialchars_decode($code, ENT_COMPAT);
|
||||||
$code = highlight_string($code, true);
|
$code = highlight_string($code, true);
|
||||||
|
|
||||||
$str_from = array('<span style="color: ', '<font color="syntax', '</font>', '<code>', '</code>','[', ']', '.', ':');
|
$str_from = array('<span style="color: ', '<font color="syntax', '</font>', '<code>', '</code>','[', ']', '.', ':');
|
||||||
|
|
|
||||||
|
|
@ -150,11 +150,11 @@ class phpbb_questionnaire_system_data_provider
|
||||||
|
|
||||||
// Start discovering the IPV4 server address, if available
|
// Start discovering the IPV4 server address, if available
|
||||||
// Try apache, IIS, fall back to 0.0.0.0
|
// Try apache, IIS, fall back to 0.0.0.0
|
||||||
$server_address = htmlspecialchars_decode($request->server('SERVER_ADDR', $request->server('LOCAL_ADDR', '0.0.0.0')));
|
$server_address = htmlspecialchars_decode($request->server('SERVER_ADDR', $request->server('LOCAL_ADDR', '0.0.0.0')), ENT_COMPAT);
|
||||||
|
|
||||||
return array(
|
return array(
|
||||||
'os' => PHP_OS,
|
'os' => PHP_OS,
|
||||||
'httpd' => htmlspecialchars_decode($request->server('SERVER_SOFTWARE')),
|
'httpd' => htmlspecialchars_decode($request->server('SERVER_SOFTWARE'), ENT_COMPAT),
|
||||||
// we don't want the real IP address (for privacy policy reasons) but only
|
// we don't want the real IP address (for privacy policy reasons) but only
|
||||||
// a network address to see whether your installation is running on a private or public network.
|
// a network address to see whether your installation is running on a private or public network.
|
||||||
'private_ip' => $this->is_private_ip($server_address),
|
'private_ip' => $this->is_private_ip($server_address),
|
||||||
|
|
|
||||||
|
|
@ -134,7 +134,7 @@ class ucp_activate
|
||||||
$messenger->anti_abuse_headers($config, $user);
|
$messenger->anti_abuse_headers($config, $user);
|
||||||
|
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'USERNAME' => htmlspecialchars_decode($user_row['username']))
|
'USERNAME' => htmlspecialchars_decode($user_row['username'], ENT_COMPAT))
|
||||||
);
|
);
|
||||||
|
|
||||||
$messenger->send($user_row['user_notify_type']);
|
$messenger->send($user_row['user_notify_type']);
|
||||||
|
|
|
||||||
|
|
@ -230,7 +230,7 @@ class ucp_login_link
|
||||||
$user->lang[$result['error_msg']],
|
$user->lang[$result['error_msg']],
|
||||||
($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',
|
($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',
|
||||||
($config['email_enable']) ? '</a>' : '',
|
($config['email_enable']) ? '</a>' : '',
|
||||||
($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',
|
($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT) . '">' : '',
|
||||||
($config['board_contact']) ? '</a>' : ''
|
($config['board_contact']) ? '</a>' : ''
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
|
|
@ -242,7 +242,7 @@ class ucp_login_link
|
||||||
// Assign admin contact to some error messages
|
// Assign admin contact to some error messages
|
||||||
if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')
|
if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')
|
||||||
{
|
{
|
||||||
$login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
|
$login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT) . '">', '</a>');
|
||||||
}
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
|
|
@ -186,7 +186,7 @@ class ucp_profile
|
||||||
$messenger->anti_abuse_headers($config, $user);
|
$messenger->anti_abuse_headers($config, $user);
|
||||||
|
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'USERNAME' => htmlspecialchars_decode($data['username']),
|
'USERNAME' => htmlspecialchars_decode($data['username'], ENT_COMPAT),
|
||||||
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
|
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -472,9 +472,9 @@ class ucp_register
|
||||||
$messenger->anti_abuse_headers($config, $user);
|
$messenger->anti_abuse_headers($config, $user);
|
||||||
|
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
|
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
|
||||||
'USERNAME' => htmlspecialchars_decode($data['username']),
|
'USERNAME' => htmlspecialchars_decode($data['username'], ENT_COMPAT),
|
||||||
'PASSWORD' => htmlspecialchars_decode($data['new_password']),
|
'PASSWORD' => htmlspecialchars_decode($data['new_password'], ENT_COMPAT),
|
||||||
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
|
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -99,8 +99,8 @@ class ucp_resend
|
||||||
$messenger->anti_abuse_headers($config, $user);
|
$messenger->anti_abuse_headers($config, $user);
|
||||||
|
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
|
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
|
||||||
'USERNAME' => htmlspecialchars_decode($user_row['username']),
|
'USERNAME' => htmlspecialchars_decode($user_row['username'], ENT_COMPAT),
|
||||||
'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
|
'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
@ -134,7 +134,7 @@ class ucp_resend
|
||||||
$messenger->anti_abuse_headers($config, $user);
|
$messenger->anti_abuse_headers($config, $user);
|
||||||
|
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'USERNAME' => htmlspecialchars_decode($user_row['username']),
|
'USERNAME' => htmlspecialchars_decode($user_row['username'], ENT_COMPAT),
|
||||||
'U_USER_DETAILS' => generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$user_row['user_id']}",
|
'U_USER_DETAILS' => generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$user_row['user_id']}",
|
||||||
'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
|
'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -506,7 +506,7 @@ class convertor
|
||||||
{
|
{
|
||||||
/** @var \phpbb\db\driver\driver_interface $src_db */
|
/** @var \phpbb\db\driver\driver_interface $src_db */
|
||||||
$src_db = new $src_dbms();
|
$src_db = new $src_dbms();
|
||||||
$src_db->sql_connect($src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, false, true);
|
$src_db->sql_connect($src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd, ENT_COMPAT), $src_dbname, $src_dbport, false, true);
|
||||||
$same_db = false;
|
$same_db = false;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
|
||||||
|
|
@ -132,7 +132,7 @@ class convertor
|
||||||
$dbms = $convert->src_dbms;
|
$dbms = $convert->src_dbms;
|
||||||
/** @var \phpbb\db\driver\driver $src_db */
|
/** @var \phpbb\db\driver\driver $src_db */
|
||||||
$src_db = new $dbms();
|
$src_db = new $dbms();
|
||||||
$src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, htmlspecialchars_decode($convert->src_dbpasswd), $convert->src_dbname, $convert->src_dbport, false, true);
|
$src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, htmlspecialchars_decode($convert->src_dbpasswd, ENT_COMPAT), $convert->src_dbname, $convert->src_dbport, false, true);
|
||||||
$same_db = false;
|
$same_db = false;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
@ -763,7 +763,7 @@ class convertor
|
||||||
{
|
{
|
||||||
if (!$db->sql_query($insert_query . $waiting_sql))
|
if (!$db->sql_query($insert_query . $waiting_sql))
|
||||||
{
|
{
|
||||||
$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true)), __LINE__, __FILE__, true);
|
$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql, ENT_COMPAT) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true), ENT_COMPAT), __LINE__, __FILE__, true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -782,7 +782,7 @@ class convertor
|
||||||
|
|
||||||
if (!$db->sql_query($insert_sql))
|
if (!$db->sql_query($insert_sql))
|
||||||
{
|
{
|
||||||
$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_sql) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true)), __LINE__, __FILE__, true);
|
$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_sql, ENT_COMPAT) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true), ENT_COMPAT), __LINE__, __FILE__, true);
|
||||||
}
|
}
|
||||||
$db->sql_return_on_error(false);
|
$db->sql_return_on_error(false);
|
||||||
|
|
||||||
|
|
@ -817,7 +817,7 @@ class convertor
|
||||||
foreach ($waiting_rows as $waiting_sql)
|
foreach ($waiting_rows as $waiting_sql)
|
||||||
{
|
{
|
||||||
$db->sql_query($insert_query . $waiting_sql);
|
$db->sql_query($insert_query . $waiting_sql);
|
||||||
$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true)), __LINE__, __FILE__, true);
|
$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql, ENT_COMPAT) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true), ENT_COMPAT), __LINE__, __FILE__, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
$db->sql_return_on_error(false);
|
$db->sql_return_on_error(false);
|
||||||
|
|
|
||||||
|
|
@ -442,16 +442,16 @@ switch ($mode)
|
||||||
$messenger = new messenger(false);
|
$messenger = new messenger(false);
|
||||||
|
|
||||||
$messenger->template('profile_send_im', $row['user_lang']);
|
$messenger->template('profile_send_im', $row['user_lang']);
|
||||||
$messenger->subject(htmlspecialchars_decode($subject));
|
$messenger->subject(htmlspecialchars_decode($subject, ENT_COMPAT));
|
||||||
|
|
||||||
$messenger->replyto($user->data['user_email']);
|
$messenger->replyto($user->data['user_email']);
|
||||||
$messenger->set_addresses($row);
|
$messenger->set_addresses($row);
|
||||||
|
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'BOARD_CONTACT' => phpbb_get_board_contact($config, $phpEx),
|
'BOARD_CONTACT' => phpbb_get_board_contact($config, $phpEx),
|
||||||
'FROM_USERNAME' => htmlspecialchars_decode($user->data['username']),
|
'FROM_USERNAME' => htmlspecialchars_decode($user->data['username'], ENT_COMPAT),
|
||||||
'TO_USERNAME' => htmlspecialchars_decode($row['username']),
|
'TO_USERNAME' => htmlspecialchars_decode($row['username'], ENT_COMPAT),
|
||||||
'MESSAGE' => htmlspecialchars_decode($message))
|
'MESSAGE' => htmlspecialchars_decode($message, ENT_COMPAT))
|
||||||
);
|
);
|
||||||
|
|
||||||
$messenger->send(NOTIFY_IM);
|
$messenger->send(NOTIFY_IM);
|
||||||
|
|
@ -804,8 +804,8 @@ switch ($mode)
|
||||||
'S_USER_NOTES' => ($user_notes_enabled) ? true : false,
|
'S_USER_NOTES' => ($user_notes_enabled) ? true : false,
|
||||||
'S_WARN_USER' => ($warn_user_enabled) ? true : false,
|
'S_WARN_USER' => ($warn_user_enabled) ? true : false,
|
||||||
'S_ZEBRA' => ($user->data['user_id'] != $user_id && $user->data['is_registered'] && $zebra_enabled) ? true : false,
|
'S_ZEBRA' => ($user->data['user_id'] != $user_id && $user->data['is_registered'] && $zebra_enabled) ? true : false,
|
||||||
'U_ADD_FRIEND' => (!$friend && !$foe && $friends_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&add=' . urlencode(htmlspecialchars_decode($member['username']))) : '',
|
'U_ADD_FRIEND' => (!$friend && !$foe && $friends_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&add=' . urlencode(htmlspecialchars_decode($member['username'], ENT_COMPAT))) : '',
|
||||||
'U_ADD_FOE' => (!$friend && !$foe && $foes_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&mode=foes&add=' . urlencode(htmlspecialchars_decode($member['username']))) : '',
|
'U_ADD_FOE' => (!$friend && !$foe && $foes_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&mode=foes&add=' . urlencode(htmlspecialchars_decode($member['username'], ENT_COMPAT))) : '',
|
||||||
'U_REMOVE_FRIEND' => ($friend && $friends_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&remove=1&usernames[]=' . $user_id) : '',
|
'U_REMOVE_FRIEND' => ($friend && $friends_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&remove=1&usernames[]=' . $user_id) : '',
|
||||||
'U_REMOVE_FOE' => ($foe && $foes_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&remove=1&mode=foes&usernames[]=' . $user_id) : '',
|
'U_REMOVE_FOE' => ($foe && $foes_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&remove=1&mode=foes&usernames[]=' . $user_id) : '',
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,7 @@ class apache extends base
|
||||||
*/
|
*/
|
||||||
public function init()
|
public function init()
|
||||||
{
|
{
|
||||||
if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')))
|
if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'), ENT_COMPAT))
|
||||||
{
|
{
|
||||||
return $this->language->lang('APACHE_SETUP_BEFORE_USE');
|
return $this->language->lang('APACHE_SETUP_BEFORE_USE');
|
||||||
}
|
}
|
||||||
|
|
@ -113,8 +113,8 @@ class apache extends base
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
|
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'), ENT_COMPAT);
|
||||||
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
|
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'), ENT_COMPAT);
|
||||||
|
|
||||||
if (!empty($php_auth_user) && !empty($php_auth_pw))
|
if (!empty($php_auth_user) && !empty($php_auth_pw))
|
||||||
{
|
{
|
||||||
|
|
@ -180,8 +180,8 @@ class apache extends base
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
|
||||||
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
|
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'), ENT_COMPAT);
|
||||||
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
|
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'), ENT_COMPAT);
|
||||||
|
|
||||||
if (!empty($php_auth_user) && !empty($php_auth_pw))
|
if (!empty($php_auth_user) && !empty($php_auth_pw))
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -83,7 +83,7 @@ class ldap extends base
|
||||||
|
|
||||||
if ($this->config['ldap_user'] || $this->config['ldap_password'])
|
if ($this->config['ldap_user'] || $this->config['ldap_password'])
|
||||||
{
|
{
|
||||||
if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))
|
if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user'], ENT_COMPAT), htmlspecialchars_decode($this->config['ldap_password'], ENT_COMPAT)))
|
||||||
{
|
{
|
||||||
return $this->language->lang('LDAP_INCORRECT_USER_PASSWORD');
|
return $this->language->lang('LDAP_INCORRECT_USER_PASSWORD');
|
||||||
}
|
}
|
||||||
|
|
@ -92,11 +92,11 @@ class ldap extends base
|
||||||
// ldap_connect only checks whether the specified server is valid, so the connection might still fail
|
// ldap_connect only checks whether the specified server is valid, so the connection might still fail
|
||||||
$search = @ldap_search(
|
$search = @ldap_search(
|
||||||
$ldap,
|
$ldap,
|
||||||
htmlspecialchars_decode($this->config['ldap_base_dn']),
|
htmlspecialchars_decode($this->config['ldap_base_dn'], ENT_COMPAT),
|
||||||
$this->ldap_user_filter($this->user->data['username']),
|
$this->ldap_user_filter($this->user->data['username']),
|
||||||
(empty($this->config['ldap_email'])) ?
|
(empty($this->config['ldap_email'])) ?
|
||||||
array(htmlspecialchars_decode($this->config['ldap_uid'])) :
|
array(htmlspecialchars_decode($this->config['ldap_uid'], ENT_COMPAT)) :
|
||||||
array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),
|
array(htmlspecialchars_decode($this->config['ldap_uid'], ENT_COMPAT), htmlspecialchars_decode($this->config['ldap_email'], ENT_COMPAT)),
|
||||||
0,
|
0,
|
||||||
1
|
1
|
||||||
);
|
);
|
||||||
|
|
@ -180,7 +180,7 @@ class ldap extends base
|
||||||
|
|
||||||
if ($this->config['ldap_user'] || $this->config['ldap_password'])
|
if ($this->config['ldap_user'] || $this->config['ldap_password'])
|
||||||
{
|
{
|
||||||
if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))
|
if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user'], ENT_COMPAT), htmlspecialchars_decode($this->config['ldap_password'], ENT_COMPAT)))
|
||||||
{
|
{
|
||||||
return array(
|
return array(
|
||||||
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
|
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
|
||||||
|
|
@ -192,11 +192,11 @@ class ldap extends base
|
||||||
|
|
||||||
$search = @ldap_search(
|
$search = @ldap_search(
|
||||||
$ldap,
|
$ldap,
|
||||||
htmlspecialchars_decode($this->config['ldap_base_dn']),
|
htmlspecialchars_decode($this->config['ldap_base_dn'], ENT_COMPAT),
|
||||||
$this->ldap_user_filter($username),
|
$this->ldap_user_filter($username),
|
||||||
(empty($this->config['ldap_email'])) ?
|
(empty($this->config['ldap_email'])) ?
|
||||||
array(htmlspecialchars_decode($this->config['ldap_uid'])) :
|
array(htmlspecialchars_decode($this->config['ldap_uid'], ENT_COMPAT)) :
|
||||||
array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),
|
array(htmlspecialchars_decode($this->config['ldap_uid'], ENT_COMPAT), htmlspecialchars_decode($this->config['ldap_email'], ENT_COMPAT)),
|
||||||
0,
|
0,
|
||||||
1
|
1
|
||||||
);
|
);
|
||||||
|
|
@ -205,7 +205,7 @@ class ldap extends base
|
||||||
|
|
||||||
if (is_array($ldap_result) && count($ldap_result) > 1)
|
if (is_array($ldap_result) && count($ldap_result) > 1)
|
||||||
{
|
{
|
||||||
if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password)))
|
if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password, ENT_COMPAT)))
|
||||||
{
|
{
|
||||||
@ldap_close($ldap);
|
@ldap_close($ldap);
|
||||||
|
|
||||||
|
|
@ -257,7 +257,7 @@ class ldap extends base
|
||||||
$ldap_user_row = array(
|
$ldap_user_row = array(
|
||||||
'username' => $username,
|
'username' => $username,
|
||||||
'user_password' => '',
|
'user_password' => '',
|
||||||
'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '',
|
'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'], ENT_COMPAT)][0]) : '',
|
||||||
'group_id' => (int) $row['group_id'],
|
'group_id' => (int) $row['group_id'],
|
||||||
'user_type' => USER_NORMAL,
|
'user_type' => USER_NORMAL,
|
||||||
'user_ip' => $this->user->ip,
|
'user_ip' => $this->user->ip,
|
||||||
|
|
@ -337,7 +337,7 @@ class ldap extends base
|
||||||
*/
|
*/
|
||||||
private function ldap_user_filter($username)
|
private function ldap_user_filter($username)
|
||||||
{
|
{
|
||||||
$filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')';
|
$filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username, ENT_COMPAT)) . ')';
|
||||||
if ($this->config['ldap_user_filter'])
|
if ($this->config['ldap_user_filter'])
|
||||||
{
|
{
|
||||||
$_filter = ($this->config['ldap_user_filter'][0] == '(' && substr($this->config['ldap_user_filter'], -1) == ')') ? $this->config['ldap_user_filter'] : "({$this->config['ldap_user_filter']})";
|
$_filter = ($this->config['ldap_user_filter'][0] == '(' && substr($this->config['ldap_user_filter'], -1) == ')') ? $this->config['ldap_user_filter'] : "({$this->config['ldap_user_filter']})";
|
||||||
|
|
|
||||||
|
|
@ -209,7 +209,7 @@ class activate extends command
|
||||||
$messenger->set_addresses($user_row);
|
$messenger->set_addresses($user_row);
|
||||||
$messenger->anti_abuse_headers($this->config, $this->user);
|
$messenger->anti_abuse_headers($this->config, $this->user);
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'USERNAME' => htmlspecialchars_decode($user_row['username']))
|
'USERNAME' => htmlspecialchars_decode($user_row['username'], ENT_COMPAT))
|
||||||
);
|
);
|
||||||
|
|
||||||
$messenger->send(NOTIFY_EMAIL);
|
$messenger->send(NOTIFY_EMAIL);
|
||||||
|
|
|
||||||
|
|
@ -312,9 +312,9 @@ class add extends command
|
||||||
$messenger->to($this->data['email'], $this->data['username']);
|
$messenger->to($this->data['email'], $this->data['username']);
|
||||||
$messenger->anti_abuse_headers($this->config, $this->user);
|
$messenger->anti_abuse_headers($this->config, $this->user);
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'WELCOME_MSG' => htmlspecialchars_decode($this->language->lang('WELCOME_SUBJECT', $this->config['sitename'])),
|
'WELCOME_MSG' => htmlspecialchars_decode($this->language->lang('WELCOME_SUBJECT', $this->config['sitename']), ENT_COMPAT),
|
||||||
'USERNAME' => htmlspecialchars_decode($this->data['username']),
|
'USERNAME' => htmlspecialchars_decode($this->data['username'], ENT_COMPAT),
|
||||||
'PASSWORD' => htmlspecialchars_decode($this->data['new_password']),
|
'PASSWORD' => htmlspecialchars_decode($this->data['new_password'], ENT_COMPAT),
|
||||||
'U_ACTIVATE' => generate_board_url() . "/ucp.{$this->php_ext}?mode=activate&u=$user_id&k=$user_actkey")
|
'U_ACTIVATE' => generate_board_url() . "/ucp.{$this->php_ext}?mode=activate&u=$user_id&k=$user_actkey")
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -983,7 +983,7 @@ abstract class driver implements driver_interface
|
||||||
// The DEBUG constant is for development only!
|
// The DEBUG constant is for development only!
|
||||||
if ((isset($auth) && $auth->acl_get('a_')) || defined('IN_INSTALL') || $this->debug_sql_explain)
|
if ((isset($auth) && $auth->acl_get('a_')) || defined('IN_INSTALL') || $this->debug_sql_explain)
|
||||||
{
|
{
|
||||||
$message .= ($sql) ? '<br /><br />SQL<br /><br />' . htmlspecialchars($sql) : '';
|
$message .= ($sql) ? '<br /><br />SQL<br /><br />' . htmlspecialchars($sql, ENT_COMPAT) : '';
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
@ -997,7 +997,7 @@ abstract class driver implements driver_interface
|
||||||
{
|
{
|
||||||
if (!empty($config['board_contact']))
|
if (!empty($config['board_contact']))
|
||||||
{
|
{
|
||||||
$message .= '<br /><br />' . sprintf($user->lang['SQL_ERROR_OCCURRED'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
|
$message .= '<br /><br />' . sprintf($user->lang['SQL_ERROR_OCCURRED'], '<a href="mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT) . '">', '</a>');
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
@ -1061,7 +1061,7 @@ abstract class driver implements driver_interface
|
||||||
<meta charset="utf-8">
|
<meta charset="utf-8">
|
||||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||||
<title>SQL Report</title>
|
<title>SQL Report</title>
|
||||||
<link href="' . htmlspecialchars($phpbb_path_helper->update_web_root_path($phpbb_root_path) . $phpbb_path_helper->get_adm_relative_path()) . 'style/admin.css" rel="stylesheet" type="text/css" media="screen" />
|
<link href="' . htmlspecialchars($phpbb_path_helper->update_web_root_path($phpbb_root_path) . $phpbb_path_helper->get_adm_relative_path(), ENT_COMPAT) . 'style/admin.css" rel="stylesheet" type="text/css" media="screen" />
|
||||||
</head>
|
</head>
|
||||||
<body id="errorpage">
|
<body id="errorpage">
|
||||||
<div id="wrap">
|
<div id="wrap">
|
||||||
|
|
@ -1111,7 +1111,7 @@ abstract class driver implements driver_interface
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
<tr>
|
<tr>
|
||||||
<td class="row3"><textarea style="font-family:\'Courier New\',monospace;width:99%" rows="5" cols="10">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query))) . '</textarea></td>
|
<td class="row3"><textarea style="font-family:\'Courier New\',monospace;width:99%" rows="5" cols="10">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query), ENT_COMPAT)) . '</textarea></td>
|
||||||
</tr>
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
@ -1132,7 +1132,7 @@ abstract class driver implements driver_interface
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$error = $this->sql_error();
|
$error = $this->sql_error();
|
||||||
$this->sql_report .= '<b style="color: red">FAILED</b> - ' . $this->sql_layer . ' Error ' . $error['code'] . ': ' . htmlspecialchars($error['message']);
|
$this->sql_report .= '<b style="color: red">FAILED</b> - ' . $this->sql_layer . ' Error ' . $error['code'] . ': ' . htmlspecialchars($error['message'], ENT_COMPAT);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->sql_report .= '</p><br /><br />';
|
$this->sql_report .= '</p><br /><br />';
|
||||||
|
|
@ -1197,7 +1197,7 @@ abstract class driver implements driver_interface
|
||||||
$color = ($time_db > $time_cache) ? 'green' : 'red';
|
$color = ($time_db > $time_cache) ? 'green' : 'red';
|
||||||
|
|
||||||
$this->sql_report .= '<table cellspacing="1"><thead><tr><th>Query results obtained from the cache</th></tr></thead><tbody><tr>';
|
$this->sql_report .= '<table cellspacing="1"><thead><tr><th>Query results obtained from the cache</th></tr></thead><tbody><tr>';
|
||||||
$this->sql_report .= '<td class="row3"><textarea style="font-family:\'Courier New\',monospace;width:99%" rows="5" cols="10">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query))) . '</textarea></td></tr></tbody></table>';
|
$this->sql_report .= '<td class="row3"><textarea style="font-family:\'Courier New\',monospace;width:99%" rows="5" cols="10">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query), ENT_COMPAT)) . '</textarea></td></tr></tbody></table>';
|
||||||
$this->sql_report .= '<p style="text-align: center;">';
|
$this->sql_report .= '<p style="text-align: center;">';
|
||||||
$this->sql_report .= 'Before: ' . sprintf('%.5f', $this->curtime - $starttime) . 's | After: ' . sprintf('%.5f', $endtime - $starttime) . 's | Elapsed [cache]: <b style="color: ' . $color . '">' . sprintf('%.5f', ($time_cache)) . 's</b> | Elapsed [db]: <b>' . sprintf('%.5f', $time_db) . 's</b></p><br /><br />';
|
$this->sql_report .= 'Before: ' . sprintf('%.5f', $this->curtime - $starttime) . 's | After: ' . sprintf('%.5f', $endtime - $starttime) . 's | Elapsed [cache]: <b style="color: ' . $color . '">' . sprintf('%.5f', ($time_cache)) . 's</b> | Elapsed [db]: <b>' . sprintf('%.5f', $time_db) . 's</b></p><br /><br />';
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -117,7 +117,7 @@ class metadata_manager
|
||||||
*/
|
*/
|
||||||
public function sanitize_json(&$value, $key)
|
public function sanitize_json(&$value, $key)
|
||||||
{
|
{
|
||||||
$value = htmlspecialchars($value);
|
$value = htmlspecialchars($value, ENT_COMPAT);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -418,7 +418,7 @@ class ajax_iohandler extends iohandler_base
|
||||||
|
|
||||||
if ($msg !== null)
|
if ($msg !== null)
|
||||||
{
|
{
|
||||||
$link_properties['msg'] = htmlspecialchars_decode($this->language->lang($msg));
|
$link_properties['msg'] = htmlspecialchars_decode($this->language->lang($msg), ENT_COMPAT);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->download[] = $link_properties;
|
$this->download[] = $link_properties;
|
||||||
|
|
|
||||||
|
|
@ -108,7 +108,7 @@ abstract class iohandler_base implements iohandler_interface
|
||||||
{
|
{
|
||||||
if (!is_array($error_title) && strpos($error_title, '<br />') !== false)
|
if (!is_array($error_title) && strpos($error_title, '<br />') !== false)
|
||||||
{
|
{
|
||||||
$error_title = strip_tags(htmlspecialchars_decode($error_title));
|
$error_title = strip_tags(htmlspecialchars_decode($error_title, ENT_COMPAT));
|
||||||
}
|
}
|
||||||
$this->errors[] = $this->translate_message($error_title, $error_description);
|
$this->errors[] = $this->translate_message($error_title, $error_description);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -63,7 +63,7 @@ class add_languages extends \phpbb\install\task_base
|
||||||
$lang_pack = array(
|
$lang_pack = array(
|
||||||
'lang_iso' => $lang_info['iso'],
|
'lang_iso' => $lang_info['iso'],
|
||||||
'lang_dir' => $lang_info['iso'],
|
'lang_dir' => $lang_info['iso'],
|
||||||
'lang_english_name' => htmlspecialchars($lang_info['name']),
|
'lang_english_name' => htmlspecialchars($lang_info['name'], ENT_COMPAT),
|
||||||
'lang_local_name' => htmlspecialchars($lang_info['local_name'], ENT_COMPAT, 'UTF-8'),
|
'lang_local_name' => htmlspecialchars($lang_info['local_name'], ENT_COMPAT, 'UTF-8'),
|
||||||
'lang_author' => htmlspecialchars($lang_info['author'], ENT_COMPAT, 'UTF-8'),
|
'lang_author' => htmlspecialchars($lang_info['author'], ENT_COMPAT, 'UTF-8'),
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -120,8 +120,8 @@ class notify_user extends \phpbb\install\task_base
|
||||||
$messenger->to($this->config['board_email'], $this->install_config->get('admin_name'));
|
$messenger->to($this->config['board_email'], $this->install_config->get('admin_name'));
|
||||||
$messenger->anti_abuse_headers($this->config, $this->user);
|
$messenger->anti_abuse_headers($this->config, $this->user);
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'USERNAME' => htmlspecialchars_decode($this->install_config->get('admin_name')),
|
'USERNAME' => htmlspecialchars_decode($this->install_config->get('admin_name'), ENT_COMPAT),
|
||||||
'PASSWORD' => htmlspecialchars_decode($this->install_config->get('admin_passwd')))
|
'PASSWORD' => htmlspecialchars_decode($this->install_config->get('admin_passwd'), ENT_COMPAT))
|
||||||
);
|
);
|
||||||
$messenger->send(NOTIFY_EMAIL);
|
$messenger->send(NOTIFY_EMAIL);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -57,7 +57,7 @@ class obtain_server_data extends \phpbb\install\task_base implements \phpbb\inst
|
||||||
$server_name = strtolower(htmlspecialchars_decode($this->io_handler->get_header_variable(
|
$server_name = strtolower(htmlspecialchars_decode($this->io_handler->get_header_variable(
|
||||||
'Host',
|
'Host',
|
||||||
$this->io_handler->get_server_variable('SERVER_NAME')
|
$this->io_handler->get_server_variable('SERVER_NAME')
|
||||||
)));
|
), ENT_COMPAT));
|
||||||
|
|
||||||
// HTTP HOST can carry a port number...
|
// HTTP HOST can carry a port number...
|
||||||
if (strpos($server_name, ':') !== false)
|
if (strpos($server_name, ':') !== false)
|
||||||
|
|
@ -65,11 +65,11 @@ class obtain_server_data extends \phpbb\install\task_base implements \phpbb\inst
|
||||||
$server_name = substr($server_name, 0, strpos($server_name, ':'));
|
$server_name = substr($server_name, 0, strpos($server_name, ':'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$script_path = htmlspecialchars_decode($this->io_handler->get_server_variable('PHP_SELF'));
|
$script_path = htmlspecialchars_decode($this->io_handler->get_server_variable('PHP_SELF'), ENT_COMPAT);
|
||||||
|
|
||||||
if (!$script_path)
|
if (!$script_path)
|
||||||
{
|
{
|
||||||
$script_path = htmlspecialchars_decode($this->io_handler->get_server_variable('REQUEST_URI'));
|
$script_path = htmlspecialchars_decode($this->io_handler->get_server_variable('REQUEST_URI'), ENT_COMPAT);
|
||||||
}
|
}
|
||||||
|
|
||||||
$script_path = str_replace(array('\\', '//'), '/', $script_path);
|
$script_path = str_replace(array('\\', '//'), '/', $script_path);
|
||||||
|
|
|
||||||
|
|
@ -87,7 +87,7 @@ class obtain_update_ftp_data extends task_base
|
||||||
|
|
||||||
$ftp_host = $this->iohandler->get_input('ftp_host', '', true);
|
$ftp_host = $this->iohandler->get_input('ftp_host', '', true);
|
||||||
$ftp_user = $this->iohandler->get_input('ftp_user', '', true);
|
$ftp_user = $this->iohandler->get_input('ftp_user', '', true);
|
||||||
$ftp_pass = htmlspecialchars_decode($this->iohandler->get_input('ftp_pass', '', true));
|
$ftp_pass = htmlspecialchars_decode($this->iohandler->get_input('ftp_pass', '', true), ENT_COMPAT);
|
||||||
$ftp_path = $this->iohandler->get_input('ftp_path', '', true);
|
$ftp_path = $this->iohandler->get_input('ftp_path', '', true);
|
||||||
$ftp_port = $this->iohandler->get_input('ftp_port', 21);
|
$ftp_port = $this->iohandler->get_input('ftp_port', 21);
|
||||||
$ftp_time = $this->iohandler->get_input('ftp_timeout', 10);
|
$ftp_time = $this->iohandler->get_input('ftp_timeout', 10);
|
||||||
|
|
|
||||||
|
|
@ -262,13 +262,13 @@ class message
|
||||||
$messenger->headers('X-AntiAbuse: Username - ' . $this->sender_username);
|
$messenger->headers('X-AntiAbuse: Username - ' . $this->sender_username);
|
||||||
}
|
}
|
||||||
|
|
||||||
$messenger->subject(htmlspecialchars_decode($this->subject));
|
$messenger->subject(htmlspecialchars_decode($this->subject, ENT_COMPAT));
|
||||||
|
|
||||||
$messenger->assign_vars(array(
|
$messenger->assign_vars(array(
|
||||||
'BOARD_CONTACT' => $contact,
|
'BOARD_CONTACT' => $contact,
|
||||||
'TO_USERNAME' => htmlspecialchars_decode($recipient['to_name']),
|
'TO_USERNAME' => htmlspecialchars_decode($recipient['to_name'], ENT_COMPAT),
|
||||||
'FROM_USERNAME' => htmlspecialchars_decode($this->sender_name),
|
'FROM_USERNAME' => htmlspecialchars_decode($this->sender_name, ENT_COMPAT),
|
||||||
'MESSAGE' => htmlspecialchars_decode($this->body))
|
'MESSAGE' => htmlspecialchars_decode($this->body, ENT_COMPAT))
|
||||||
);
|
);
|
||||||
|
|
||||||
if (count($this->template_vars))
|
if (count($this->template_vars))
|
||||||
|
|
|
||||||
|
|
@ -122,7 +122,7 @@ class topic_form extends form
|
||||||
|
|
||||||
$this->message->set_template('email_notify');
|
$this->message->set_template('email_notify');
|
||||||
$this->message->set_template_vars(array(
|
$this->message->set_template_vars(array(
|
||||||
'TOPIC_NAME' => htmlspecialchars_decode($this->topic_row['topic_title']),
|
'TOPIC_NAME' => htmlspecialchars_decode($this->topic_row['topic_title'], ENT_COMPAT),
|
||||||
'U_TOPIC' => generate_board_url() . '/viewtopic.' . $this->phpEx . '?f=' . $this->topic_row['forum_id'] . '&t=' . $this->topic_id,
|
'U_TOPIC' => generate_board_url() . '/viewtopic.' . $this->phpEx . '?f=' . $this->topic_row['forum_id'] . '&t=' . $this->topic_id,
|
||||||
));
|
));
|
||||||
$this->message->set_body($this->body);
|
$this->message->set_body($this->body);
|
||||||
|
|
|
||||||
|
|
@ -150,7 +150,7 @@ class admin_activate_user extends \phpbb\notification\type\base
|
||||||
$username = $this->user_loader->get_username($this->item_id, 'username');
|
$username = $this->user_loader->get_username($this->item_id, 'username');
|
||||||
|
|
||||||
return array(
|
return array(
|
||||||
'USERNAME' => htmlspecialchars_decode($username),
|
'USERNAME' => htmlspecialchars_decode($username, ENT_COMPAT),
|
||||||
'U_USER_DETAILS' => "{$board_url}/memberlist.{$this->php_ext}?mode=viewprofile&u={$this->item_id}",
|
'U_USER_DETAILS' => "{$board_url}/memberlist.{$this->php_ext}?mode=viewprofile&u={$this->item_id}",
|
||||||
'U_ACTIVATE' => "{$board_url}/ucp.{$this->php_ext}?mode=activate&u={$this->item_id}&k={$this->get_data('user_actkey')}",
|
'U_ACTIVATE' => "{$board_url}/ucp.{$this->php_ext}?mode=activate&u={$this->item_id}&k={$this->get_data('user_actkey')}",
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -120,7 +120,7 @@ class disapprove_post extends \phpbb\notification\type\approve_post
|
||||||
public function get_email_template_variables()
|
public function get_email_template_variables()
|
||||||
{
|
{
|
||||||
return array_merge(parent::get_email_template_variables(), array(
|
return array_merge(parent::get_email_template_variables(), array(
|
||||||
'REASON' => htmlspecialchars_decode($this->get_data('disapprove_reason')),
|
'REASON' => htmlspecialchars_decode($this->get_data('disapprove_reason'), ENT_COMPAT),
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -120,7 +120,7 @@ class disapprove_topic extends \phpbb\notification\type\approve_topic
|
||||||
public function get_email_template_variables()
|
public function get_email_template_variables()
|
||||||
{
|
{
|
||||||
return array_merge(parent::get_email_template_variables(), array(
|
return array_merge(parent::get_email_template_variables(), array(
|
||||||
'REASON' => htmlspecialchars_decode($this->get_data('disapprove_reason')),
|
'REASON' => htmlspecialchars_decode($this->get_data('disapprove_reason'), ENT_COMPAT),
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -130,10 +130,10 @@ class forum extends \phpbb\notification\type\post
|
||||||
}
|
}
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'AUTHOR_NAME' => htmlspecialchars_decode($username),
|
'AUTHOR_NAME' => htmlspecialchars_decode($username, ENT_COMPAT),
|
||||||
'FORUM_NAME' => htmlspecialchars_decode(censor_text($this->get_data('forum_name'))),
|
'FORUM_NAME' => htmlspecialchars_decode(censor_text($this->get_data('forum_name')), ENT_COMPAT),
|
||||||
'POST_SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('post_subject'))),
|
'POST_SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('post_subject')), ENT_COMPAT),
|
||||||
'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('topic_title'))),
|
'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('topic_title')), ENT_COMPAT),
|
||||||
|
|
||||||
'U_VIEW_POST' => generate_board_url() . "/viewtopic.{$this->php_ext}?p={$this->item_id}#p{$this->item_id}",
|
'U_VIEW_POST' => generate_board_url() . "/viewtopic.{$this->php_ext}?p={$this->item_id}#p{$this->item_id}",
|
||||||
'U_NEWEST_POST' => generate_board_url() . "/viewtopic.{$this->php_ext}?f={$this->get_data('forum_id')}&t={$this->item_parent_id}&e=1&view=unread#unread",
|
'U_NEWEST_POST' => generate_board_url() . "/viewtopic.{$this->php_ext}?f={$this->get_data('forum_id')}&t={$this->item_parent_id}&e=1&view=unread#unread",
|
||||||
|
|
|
||||||
|
|
@ -133,8 +133,8 @@ class group_request extends \phpbb\notification\type\base
|
||||||
$user_data = $this->user_loader->get_user($this->item_id);
|
$user_data = $this->user_loader->get_user($this->item_id);
|
||||||
|
|
||||||
return array(
|
return array(
|
||||||
'GROUP_NAME' => htmlspecialchars_decode($this->get_data('group_name')),
|
'GROUP_NAME' => htmlspecialchars_decode($this->get_data('group_name'), ENT_COMPAT),
|
||||||
'REQUEST_USERNAME' => htmlspecialchars_decode($user_data['username']),
|
'REQUEST_USERNAME' => htmlspecialchars_decode($user_data['username'], ENT_COMPAT),
|
||||||
|
|
||||||
'U_PENDING' => generate_board_url() . "/ucp.{$this->php_ext}?i=groups&mode=manage&action=list&g={$this->item_parent_id}",
|
'U_PENDING' => generate_board_url() . "/ucp.{$this->php_ext}?i=groups&mode=manage&action=list&g={$this->item_parent_id}",
|
||||||
'U_GROUP' => generate_board_url() . "/memberlist.{$this->php_ext}?mode=group&g={$this->item_parent_id}",
|
'U_GROUP' => generate_board_url() . "/memberlist.{$this->php_ext}?mode=group&g={$this->item_parent_id}",
|
||||||
|
|
|
||||||
|
|
@ -164,8 +164,8 @@ class pm extends \phpbb\notification\type\base
|
||||||
$user_data = $this->user_loader->get_user($this->get_data('from_user_id'));
|
$user_data = $this->user_loader->get_user($this->get_data('from_user_id'));
|
||||||
|
|
||||||
return array(
|
return array(
|
||||||
'AUTHOR_NAME' => htmlspecialchars_decode($user_data['username']),
|
'AUTHOR_NAME' => htmlspecialchars_decode($user_data['username'], ENT_COMPAT),
|
||||||
'SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('message_subject'))),
|
'SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('message_subject')), ENT_COMPAT),
|
||||||
|
|
||||||
'U_VIEW_MESSAGE' => generate_board_url() . '/ucp.' . $this->php_ext . "?i=pm&mode=view&p={$this->item_id}",
|
'U_VIEW_MESSAGE' => generate_board_url() . '/ucp.' . $this->php_ext . "?i=pm&mode=view&p={$this->item_id}",
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -262,9 +262,9 @@ class post extends \phpbb\notification\type\base
|
||||||
}
|
}
|
||||||
|
|
||||||
return array(
|
return array(
|
||||||
'AUTHOR_NAME' => htmlspecialchars_decode($username),
|
'AUTHOR_NAME' => htmlspecialchars_decode($username, ENT_COMPAT),
|
||||||
'POST_SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('post_subject'))),
|
'POST_SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('post_subject')), ENT_COMPAT),
|
||||||
'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('topic_title'))),
|
'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('topic_title')), ENT_COMPAT),
|
||||||
|
|
||||||
'U_VIEW_POST' => generate_board_url() . "/viewtopic.{$this->php_ext}?p={$this->item_id}#p{$this->item_id}",
|
'U_VIEW_POST' => generate_board_url() . "/viewtopic.{$this->php_ext}?p={$this->item_id}#p{$this->item_id}",
|
||||||
'U_NEWEST_POST' => generate_board_url() . "/viewtopic.{$this->php_ext}?f={$this->get_data('forum_id')}&t={$this->item_parent_id}&e=1&view=unread#unread",
|
'U_NEWEST_POST' => generate_board_url() . "/viewtopic.{$this->php_ext}?f={$this->get_data('forum_id')}&t={$this->item_parent_id}&e=1&view=unread#unread",
|
||||||
|
|
|
||||||
|
|
@ -168,7 +168,7 @@ class quote extends \phpbb\notification\type\post
|
||||||
$user_data = $this->user_loader->get_user($this->get_data('poster_id'));
|
$user_data = $this->user_loader->get_user($this->get_data('poster_id'));
|
||||||
|
|
||||||
return array_merge(parent::get_email_template_variables(), array(
|
return array_merge(parent::get_email_template_variables(), array(
|
||||||
'AUTHOR_NAME' => htmlspecialchars_decode($user_data['username']),
|
'AUTHOR_NAME' => htmlspecialchars_decode($user_data['username'], ENT_COMPAT),
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -143,11 +143,11 @@ class report_pm extends \phpbb\notification\type\pm
|
||||||
$user_data = $this->user_loader->get_user($this->get_data('from_user_id'));
|
$user_data = $this->user_loader->get_user($this->get_data('from_user_id'));
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'AUTHOR_NAME' => htmlspecialchars_decode($user_data['username']),
|
'AUTHOR_NAME' => htmlspecialchars_decode($user_data['username'], ENT_COMPAT),
|
||||||
'SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('message_subject'))),
|
'SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('message_subject')), ENT_COMPAT),
|
||||||
|
|
||||||
/** @deprecated 3.2.6-RC1 (to be removed in 4.0.0) use {SUBJECT} instead in report_pm.txt */
|
/** @deprecated 3.2.6-RC1 (to be removed in 4.0.0) use {SUBJECT} instead in report_pm.txt */
|
||||||
'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('message_subject'))),
|
'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('message_subject')), ENT_COMPAT),
|
||||||
|
|
||||||
'U_VIEW_REPORT' => generate_board_url() . "/mcp.{$this->php_ext}?r={$this->item_parent_id}&i=pm_reports&mode=pm_report_details",
|
'U_VIEW_REPORT' => generate_board_url() . "/mcp.{$this->php_ext}?r={$this->item_parent_id}&i=pm_reports&mode=pm_report_details",
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -104,9 +104,9 @@ class report_pm_closed extends \phpbb\notification\type\pm
|
||||||
$closer_data = $this->user_loader->get_username($this->get_data('closer_id'), 'username');
|
$closer_data = $this->user_loader->get_username($this->get_data('closer_id'), 'username');
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'AUTHOR_NAME' => htmlspecialchars_decode($sender_data['username']),
|
'AUTHOR_NAME' => htmlspecialchars_decode($sender_data['username'], ENT_COMPAT),
|
||||||
'CLOSER_NAME' => htmlspecialchars_decode($closer_data['username']),
|
'CLOSER_NAME' => htmlspecialchars_decode($closer_data['username'], ENT_COMPAT),
|
||||||
'SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('message_subject'))),
|
'SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('message_subject')), ENT_COMPAT),
|
||||||
|
|
||||||
'U_VIEW_MESSAGE'=> generate_board_url() . "/ucp.{$this->php_ext}?i=pm&mode=view&p={$this->item_id}",
|
'U_VIEW_MESSAGE'=> generate_board_url() . "/ucp.{$this->php_ext}?i=pm&mode=view&p={$this->item_id}",
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -110,8 +110,8 @@ class report_post extends \phpbb\notification\type\post_in_queue
|
||||||
$board_url = generate_board_url();
|
$board_url = generate_board_url();
|
||||||
|
|
||||||
return array(
|
return array(
|
||||||
'POST_SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('post_subject'))),
|
'POST_SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('post_subject')), ENT_COMPAT),
|
||||||
'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('topic_title'))),
|
'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('topic_title')), ENT_COMPAT),
|
||||||
|
|
||||||
'U_VIEW_REPORT' => "{$board_url}/mcp.{$this->php_ext}?f={$this->get_data('forum_id')}&p={$this->item_id}&i=reports&mode=report_details#reports",
|
'U_VIEW_REPORT' => "{$board_url}/mcp.{$this->php_ext}?f={$this->get_data('forum_id')}&p={$this->item_id}&i=reports&mode=report_details#reports",
|
||||||
'U_VIEW_POST' => "{$board_url}/viewtopic.{$this->php_ext}?p={$this->item_id}#p{$this->item_id}",
|
'U_VIEW_POST' => "{$board_url}/viewtopic.{$this->php_ext}?p={$this->item_id}#p{$this->item_id}",
|
||||||
|
|
|
||||||
|
|
@ -111,10 +111,10 @@ class report_post_closed extends \phpbb\notification\type\post
|
||||||
$closer_username = $this->user_loader->get_username($this->get_data('closer_id'), 'username');
|
$closer_username = $this->user_loader->get_username($this->get_data('closer_id'), 'username');
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'AUTHOR_NAME' => htmlspecialchars_decode($post_username),
|
'AUTHOR_NAME' => htmlspecialchars_decode($post_username, ENT_COMPAT),
|
||||||
'CLOSER_NAME' => htmlspecialchars_decode($closer_username),
|
'CLOSER_NAME' => htmlspecialchars_decode($closer_username, ENT_COMPAT),
|
||||||
'POST_SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('post_subject'))),
|
'POST_SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('post_subject')), ENT_COMPAT),
|
||||||
'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('topic_title'))),
|
'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('topic_title')), ENT_COMPAT),
|
||||||
|
|
||||||
'U_VIEW_POST' => generate_board_url() . "/viewtopic.{$this->php_ext}?p={$this->item_id}#p{$this->item_id}",
|
'U_VIEW_POST' => generate_board_url() . "/viewtopic.{$this->php_ext}?p={$this->item_id}#p{$this->item_id}",
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -217,9 +217,9 @@ class topic extends \phpbb\notification\type\base
|
||||||
}
|
}
|
||||||
|
|
||||||
return array(
|
return array(
|
||||||
'AUTHOR_NAME' => htmlspecialchars_decode($username),
|
'AUTHOR_NAME' => htmlspecialchars_decode($username, ENT_COMPAT),
|
||||||
'FORUM_NAME' => htmlspecialchars_decode($this->get_data('forum_name')),
|
'FORUM_NAME' => htmlspecialchars_decode($this->get_data('forum_name'), ENT_COMPAT),
|
||||||
'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('topic_title'))),
|
'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('topic_title')), ENT_COMPAT),
|
||||||
|
|
||||||
'U_TOPIC' => "{$board_url}/viewtopic.{$this->php_ext}?f={$this->item_parent_id}&t={$this->item_id}",
|
'U_TOPIC' => "{$board_url}/viewtopic.{$this->php_ext}?f={$this->item_parent_id}&t={$this->item_id}",
|
||||||
'U_VIEW_TOPIC' => "{$board_url}/viewtopic.{$this->php_ext}?f={$this->item_parent_id}&t={$this->item_id}",
|
'U_VIEW_TOPIC' => "{$board_url}/viewtopic.{$this->php_ext}?f={$this->item_parent_id}&t={$this->item_id}",
|
||||||
|
|
|
||||||
|
|
@ -163,7 +163,7 @@ class plupload
|
||||||
'S_PLUPLOAD' => true,
|
'S_PLUPLOAD' => true,
|
||||||
'FILTERS' => $filters,
|
'FILTERS' => $filters,
|
||||||
'CHUNK_SIZE' => $chunk_size,
|
'CHUNK_SIZE' => $chunk_size,
|
||||||
'S_PLUPLOAD_URL' => htmlspecialchars_decode($s_action),
|
'S_PLUPLOAD_URL' => htmlspecialchars_decode($s_action, ENT_COMPAT),
|
||||||
'MAX_ATTACHMENTS' => $max_files,
|
'MAX_ATTACHMENTS' => $max_files,
|
||||||
'ATTACH_ORDER' => ($this->config['display_order']) ? 'asc' : 'desc',
|
'ATTACH_ORDER' => ($this->config['display_order']) ? 'asc' : 'desc',
|
||||||
'L_TOO_MANY_ATTACHMENTS' => $this->user->lang('TOO_MANY_ATTACHMENTS', $max_files),
|
'L_TOO_MANY_ATTACHMENTS' => $this->user->lang('TOO_MANY_ATTACHMENTS', $max_files),
|
||||||
|
|
|
||||||
|
|
@ -232,7 +232,7 @@ class fulltext_mysql extends \phpbb\search\base
|
||||||
}
|
}
|
||||||
|
|
||||||
// Filter out as above
|
// Filter out as above
|
||||||
$split_keywords = preg_replace("#[\n\r\t]+#", ' ', trim(htmlspecialchars_decode($keywords)));
|
$split_keywords = preg_replace("#[\n\r\t]+#", ' ', trim(htmlspecialchars_decode($keywords, ENT_COMPAT)));
|
||||||
|
|
||||||
// Split words
|
// Split words
|
||||||
$split_keywords = preg_replace('#([^\p{L}\p{N}\'*"()])#u', '$1$1', str_replace('\'\'', '\' \'', trim($split_keywords)));
|
$split_keywords = preg_replace('#([^\p{L}\p{N}\'*"()])#u', '$1$1', str_replace('\'\'', '\' \'', trim($split_keywords)));
|
||||||
|
|
@ -597,7 +597,7 @@ class fulltext_mysql extends \phpbb\search\base
|
||||||
|
|
||||||
$sql = "SELECT $sql_select
|
$sql = "SELECT $sql_select
|
||||||
FROM $sql_from$sql_sort_table" . POSTS_TABLE . " p
|
FROM $sql_from$sql_sort_table" . POSTS_TABLE . " p
|
||||||
WHERE MATCH ($sql_match) AGAINST ('" . $this->db->sql_escape(htmlspecialchars_decode($this->search_query)) . "' IN BOOLEAN MODE)
|
WHERE MATCH ($sql_match) AGAINST ('" . $this->db->sql_escape(htmlspecialchars_decode($this->search_query, ENT_COMPAT)) . "' IN BOOLEAN MODE)
|
||||||
$sql_where_options
|
$sql_where_options
|
||||||
ORDER BY $sql_sort";
|
ORDER BY $sql_sort";
|
||||||
$this->db->sql_return_on_error(true);
|
$this->db->sql_return_on_error(true);
|
||||||
|
|
|
||||||
|
|
@ -204,7 +204,7 @@ class fulltext_postgres extends \phpbb\search\base
|
||||||
}
|
}
|
||||||
|
|
||||||
// Filter out as above
|
// Filter out as above
|
||||||
$split_keywords = preg_replace("#[\"\n\r\t]+#", ' ', trim(htmlspecialchars_decode($keywords)));
|
$split_keywords = preg_replace("#[\"\n\r\t]+#", ' ', trim(htmlspecialchars_decode($keywords, ENT_COMPAT)));
|
||||||
|
|
||||||
// Split words
|
// Split words
|
||||||
$split_keywords = preg_replace('#([^\p{L}\p{N}\'*"()])#u', '$1$1', str_replace('\'\'', '\' \'', trim($split_keywords)));
|
$split_keywords = preg_replace('#([^\p{L}\p{N}\'*"()])#u', '$1$1', str_replace('\'\'', '\' \'', trim($split_keywords)));
|
||||||
|
|
|
||||||
|
|
@ -1045,7 +1045,7 @@ class fulltext_sphinx
|
||||||
</dl>
|
</dl>
|
||||||
<dl>
|
<dl>
|
||||||
<dt><label for="fulltext_sphinx_config_file">' . $this->user->lang['FULLTEXT_SPHINX_CONFIG_FILE'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['FULLTEXT_SPHINX_CONFIG_FILE_EXPLAIN'] . '</span></dt>
|
<dt><label for="fulltext_sphinx_config_file">' . $this->user->lang['FULLTEXT_SPHINX_CONFIG_FILE'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['FULLTEXT_SPHINX_CONFIG_FILE_EXPLAIN'] . '</span></dt>
|
||||||
<dd>' . (($this->config_generate()) ? '<textarea readonly="readonly" rows="6" id="sphinx_config_data">' . htmlspecialchars($this->config_file_data) . '</textarea>' : $this->config_file_data) . '</dd>
|
<dd>' . (($this->config_generate()) ? '<textarea readonly="readonly" rows="6" id="sphinx_config_data">' . htmlspecialchars($this->config_file_data, ENT_COMPAT) . '</textarea>' : $this->config_file_data) . '</dd>
|
||||||
<dl>
|
<dl>
|
||||||
';
|
';
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -49,7 +49,7 @@ class session
|
||||||
// If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
|
// If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
|
||||||
if (!$script_name)
|
if (!$script_name)
|
||||||
{
|
{
|
||||||
$script_name = htmlspecialchars_decode($request->server('REQUEST_URI'));
|
$script_name = htmlspecialchars_decode($request->server('REQUEST_URI'), ENT_COMPAT);
|
||||||
$script_name = (($pos = strpos($script_name, '?')) !== false) ? substr($script_name, 0, $pos) : $script_name;
|
$script_name = (($pos = strpos($script_name, '?')) !== false) ? substr($script_name, 0, $pos) : $script_name;
|
||||||
$page_array['failover'] = 1;
|
$page_array['failover'] = 1;
|
||||||
}
|
}
|
||||||
|
|
@ -83,7 +83,7 @@ class session
|
||||||
|
|
||||||
// basenamed page name (for example: index.php)
|
// basenamed page name (for example: index.php)
|
||||||
$page_name = (substr($script_name, -1, 1) == '/') ? '' : basename($script_name);
|
$page_name = (substr($script_name, -1, 1) == '/') ? '' : basename($script_name);
|
||||||
$page_name = urlencode(htmlspecialchars($page_name));
|
$page_name = urlencode(htmlspecialchars($page_name, ENT_COMPAT));
|
||||||
|
|
||||||
$symfony_request_path = $phpbb_filesystem->clean_path($symfony_request->getPathInfo());
|
$symfony_request_path = $phpbb_filesystem->clean_path($symfony_request->getPathInfo());
|
||||||
if ($symfony_request_path !== '/')
|
if ($symfony_request_path !== '/')
|
||||||
|
|
@ -148,8 +148,8 @@ class session
|
||||||
'page_dir' => $page_dir,
|
'page_dir' => $page_dir,
|
||||||
|
|
||||||
'query_string' => $query_string,
|
'query_string' => $query_string,
|
||||||
'script_path' => str_replace(' ', '%20', htmlspecialchars($script_path)),
|
'script_path' => str_replace(' ', '%20', htmlspecialchars($script_path, ENT_COMPAT)),
|
||||||
'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)),
|
'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path, ENT_COMPAT)),
|
||||||
|
|
||||||
'page' => $page,
|
'page' => $page,
|
||||||
'forum' => $forum_id,
|
'forum' => $forum_id,
|
||||||
|
|
@ -166,7 +166,7 @@ class session
|
||||||
global $config, $request;
|
global $config, $request;
|
||||||
|
|
||||||
// Get hostname
|
// Get hostname
|
||||||
$host = htmlspecialchars_decode($request->header('Host', $request->server('SERVER_NAME')));
|
$host = htmlspecialchars_decode($request->header('Host', $request->server('SERVER_NAME')), ENT_COMPAT);
|
||||||
|
|
||||||
// Should be a string and lowered
|
// Should be a string and lowered
|
||||||
$host = (string) strtolower($host);
|
$host = (string) strtolower($host);
|
||||||
|
|
@ -289,7 +289,7 @@ class session
|
||||||
|
|
||||||
// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
|
// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
|
||||||
// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
|
// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
|
||||||
$ip = htmlspecialchars_decode($request->server('REMOTE_ADDR'));
|
$ip = htmlspecialchars_decode($request->server('REMOTE_ADDR'), ENT_COMPAT);
|
||||||
$ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $ip));
|
$ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $ip));
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -455,8 +455,8 @@ class session
|
||||||
$s_ip,
|
$s_ip,
|
||||||
$u_browser,
|
$u_browser,
|
||||||
$s_browser,
|
$s_browser,
|
||||||
htmlspecialchars($u_forwarded_for),
|
htmlspecialchars($u_forwarded_for, ENT_COMPAT),
|
||||||
htmlspecialchars($s_forwarded_for)
|
htmlspecialchars($s_forwarded_for, ENT_COMPAT)
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
@ -1584,7 +1584,7 @@ class session
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
$host = htmlspecialchars($this->host);
|
$host = htmlspecialchars($this->host, ENT_COMPAT);
|
||||||
$ref = substr($this->referer, strpos($this->referer, '://') + 3);
|
$ref = substr($this->referer, strpos($this->referer, '://') + 3);
|
||||||
|
|
||||||
if (!(stripos($ref, $host) === 0) && (!$config['force_server_vars'] || !(stripos($ref, $config['server_name']) === 0)))
|
if (!(stripos($ref, $host) === 0) && (!$config['force_server_vars'] || !(stripos($ref, $config['server_name']) === 0)))
|
||||||
|
|
|
||||||
|
|
@ -227,7 +227,7 @@ class data_access
|
||||||
{
|
{
|
||||||
foreach ($columns as $column)
|
foreach ($columns as $column)
|
||||||
{
|
{
|
||||||
$row[$column] = htmlspecialchars_decode($row[$column]);
|
$row[$column] = htmlspecialchars_decode($row[$column], ENT_COMPAT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -118,7 +118,7 @@ class reset_password
|
||||||
if (!$this->config['allow_password_reset'])
|
if (!$this->config['allow_password_reset'])
|
||||||
{
|
{
|
||||||
throw new http_exception(Response::HTTP_OK, 'UCP_PASSWORD_RESET_DISABLED', [
|
throw new http_exception(Response::HTTP_OK, 'UCP_PASSWORD_RESET_DISABLED', [
|
||||||
'<a href="mailto:' . htmlspecialchars($this->config['board_contact']) . '">',
|
'<a href="mailto:' . htmlspecialchars($this->config['board_contact'], ENT_COMPAT) . '">',
|
||||||
'</a>'
|
'</a>'
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
@ -265,7 +265,7 @@ class reset_password
|
||||||
$messenger->anti_abuse_headers($this->config, $this->user);
|
$messenger->anti_abuse_headers($this->config, $this->user);
|
||||||
|
|
||||||
$messenger->assign_vars([
|
$messenger->assign_vars([
|
||||||
'USERNAME' => htmlspecialchars_decode($user_row['username']),
|
'USERNAME' => htmlspecialchars_decode($user_row['username'], ENT_COMPAT),
|
||||||
'U_RESET_PASSWORD' => generate_board_url(true) . $this->helper->route('phpbb_ucp_reset_password_controller', [
|
'U_RESET_PASSWORD' => generate_board_url(true) . $this->helper->route('phpbb_ucp_reset_password_controller', [
|
||||||
'u' => $user_row['user_id'],
|
'u' => $user_row['user_id'],
|
||||||
'token' => $reset_token,
|
'token' => $reset_token,
|
||||||
|
|
|
||||||
|
|
@ -326,7 +326,7 @@ class user extends \phpbb\session
|
||||||
|
|
||||||
if (is_string($default_value))
|
if (is_string($default_value))
|
||||||
{
|
{
|
||||||
$this->style[$key] = htmlspecialchars($this->style[$key]);
|
$this->style[$key] = htmlspecialchars($this->style[$key], ENT_COMPAT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -678,16 +678,16 @@ if ($keywords || $author || $author_id || $search_id || $submit)
|
||||||
$hilit = phpbb_clean_search_string(str_replace(array('+', '-', '|', '(', ')', '"'), ' ', $keywords));
|
$hilit = phpbb_clean_search_string(str_replace(array('+', '-', '|', '(', ')', '"'), ' ', $keywords));
|
||||||
$hilit = str_replace(' ', '|', $hilit);
|
$hilit = str_replace(' ', '|', $hilit);
|
||||||
|
|
||||||
$u_hilit = urlencode(htmlspecialchars_decode(str_replace('|', ' ', $hilit)));
|
$u_hilit = urlencode(htmlspecialchars_decode(str_replace('|', ' ', $hilit), ENT_COMPAT));
|
||||||
$u_show_results = '&sr=' . $show_results;
|
$u_show_results = '&sr=' . $show_results;
|
||||||
$u_search_forum = implode('&fid%5B%5D=', $search_forum);
|
$u_search_forum = implode('&fid%5B%5D=', $search_forum);
|
||||||
|
|
||||||
$u_search = append_sid("{$phpbb_root_path}search.$phpEx", $u_sort_param . $u_show_results);
|
$u_search = append_sid("{$phpbb_root_path}search.$phpEx", $u_sort_param . $u_show_results);
|
||||||
$u_search .= ($search_id) ? '&search_id=' . $search_id : '';
|
$u_search .= ($search_id) ? '&search_id=' . $search_id : '';
|
||||||
$u_search .= ($u_hilit) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : '';
|
$u_search .= ($u_hilit) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)) : '';
|
||||||
$u_search .= ($search_terms != 'all') ? '&terms=' . $search_terms : '';
|
$u_search .= ($search_terms != 'all') ? '&terms=' . $search_terms : '';
|
||||||
$u_search .= ($topic_id) ? '&t=' . $topic_id : '';
|
$u_search .= ($topic_id) ? '&t=' . $topic_id : '';
|
||||||
$u_search .= ($author) ? '&author=' . urlencode(htmlspecialchars_decode($author)) : '';
|
$u_search .= ($author) ? '&author=' . urlencode(htmlspecialchars_decode($author, ENT_COMPAT)) : '';
|
||||||
$u_search .= ($author_id) ? '&author_id=' . $author_id : '';
|
$u_search .= ($author_id) ? '&author_id=' . $author_id : '';
|
||||||
$u_search .= ($u_search_forum) ? '&fid%5B%5D=' . $u_search_forum : '';
|
$u_search .= ($u_search_forum) ? '&fid%5B%5D=' . $u_search_forum : '';
|
||||||
$u_search .= (!$search_child) ? '&sc=0' : '';
|
$u_search .= (!$search_child) ? '&sc=0' : '';
|
||||||
|
|
@ -1564,7 +1564,7 @@ if ($auth->acl_get('a_search'))
|
||||||
'KEYWORDS' => $keywords,
|
'KEYWORDS' => $keywords,
|
||||||
'TIME' => $user->format_date($row['search_time']),
|
'TIME' => $user->format_date($row['search_time']),
|
||||||
|
|
||||||
'U_KEYWORDS' => append_sid("{$phpbb_root_path}search.$phpEx", 'keywords=' . urlencode(htmlspecialchars_decode($keywords)))
|
'U_KEYWORDS' => append_sid("{$phpbb_root_path}search.$phpEx", 'keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)))
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
$db->sql_freeresult($result);
|
$db->sql_freeresult($result);
|
||||||
|
|
|
||||||
|
|
@ -123,8 +123,8 @@ class phpbb_email_parsing_test extends phpbb_test_case
|
||||||
$this->messenger->set_addresses($user->data);
|
$this->messenger->set_addresses($user->data);
|
||||||
|
|
||||||
$this->messenger->assign_vars(array(
|
$this->messenger->assign_vars(array(
|
||||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'])),
|
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'], ENT_COMPAT)),
|
||||||
'SITENAME' => htmlspecialchars_decode($config['sitename']),
|
'SITENAME' => htmlspecialchars_decode($config['sitename'], ENT_COMPAT),
|
||||||
|
|
||||||
'AUTHOR_NAME' => $author_name,
|
'AUTHOR_NAME' => $author_name,
|
||||||
'FORUM_NAME' => $forum_name,
|
'FORUM_NAME' => $forum_name,
|
||||||
|
|
@ -143,8 +143,8 @@ class phpbb_email_parsing_test extends phpbb_test_case
|
||||||
$this->assertStringContainsString($forum_name, $msg);
|
$this->assertStringContainsString($forum_name, $msg);
|
||||||
$this->assertStringContainsString($topic_title, $msg);
|
$this->assertStringContainsString($topic_title, $msg);
|
||||||
$this->assertStringContainsString($username, $msg);
|
$this->assertStringContainsString($username, $msg);
|
||||||
$this->assertStringContainsString(htmlspecialchars_decode($config['sitename']), $msg);
|
$this->assertStringContainsString(htmlspecialchars_decode($config['sitename'], ENT_COMPAT), $msg);
|
||||||
$this->assertStringContainsString(str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'])), $msg);
|
$this->assertStringContainsString(str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'], ENT_COMPAT)), $msg);
|
||||||
$this->assertStringNotContainsString('EMAIL_SIG', $msg);
|
$this->assertStringNotContainsString('EMAIL_SIG', $msg);
|
||||||
$this->assertStringNotContainsString('U_STOP_WATCHING_FORUM', $msg);
|
$this->assertStringNotContainsString('U_STOP_WATCHING_FORUM', $msg);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -529,7 +529,7 @@ class phpbb_filespec_test extends phpbb_test_case
|
||||||
$type_cast_helper->set_var($upload_name, $filename, 'string', true, true);
|
$type_cast_helper->set_var($upload_name, $filename, 'string', true, true);
|
||||||
$filespec = $this->get_filespec(array('name'=> $upload_name));
|
$filespec = $this->get_filespec(array('name'=> $upload_name));
|
||||||
|
|
||||||
$this->assertSame(trim(utf8_basename(htmlspecialchars($filename))), $filespec->get('uploadname'));
|
$this->assertSame(trim(utf8_basename(htmlspecialchars($filename, ENT_COMPAT))), $filespec->get('uploadname'));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_is_uploaded()
|
public function test_is_uploaded()
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue