mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

Introduce serendipity_specialchars-wrapper for encoding bug (#236)

Browse Source 
PHP 5.4 sets UTF-8 as the default for htmlspecialchars, htmlentities and html_entity_decode. The first two will echo an empty string when given a string with umlauts. This commits introduces serendipity_specialchar-wrapper that are meant to be a temporary solution for the s9y-core until PHP 5.6 fixed the bug, so the native charset option of s9y continues to work.
This commit is contained in:
onli 2014-11-23 23:41:08 +01:00
parent 6c26d1b3f6
commit 92afc37753
50 changed files with 208 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
comment.php
View File

@ -159,7 +159,7 @@ if ($type == 'trackback') {
$serendipity['smarty']->assign(
array(
'is_comment_added' => true,
'comment_url' => htmlspecialchars($_GET['url']) . '&serendipity[entry_id]=' . $id,
'comment_url' => serendipity_specialchars($_GET['url']) . '&serendipity[entry_id]=' . $id,
'comment_string' => explode('%s', COMMENT_ADDED_CLICK)
)
);
@ -210,7 +210,7 @@ if ($type == 'trackback') {
$serendipity['smarty']->assign(
array(
'is_comment_notadded' => true,
'comment_url' => htmlspecialchars($_SERVER['HTTP_REFERER']),
'comment_url' => serendipity_specialchars($_SERVER['HTTP_REFERER']),
'comment_string' => explode('%s', COMMENT_NOT_ADDED_CLICK)
)
);
@ -219,7 +219,7 @@ if ($type == 'trackback') {
$serendipity['smarty']->assign(
array(
'is_comment_empty' => true,
'comment_url' => htmlspecialchars($_SERVER['HTTP_REFERER']),
'comment_url' => serendipity_specialchars($_SERVER['HTTP_REFERER']),
'comment_string' => explode('%s', EMPTY_COMMENT)
)
);

2
include/admin/category.inc.php
View File

@ -51,7 +51,7 @@ if (isset($_POST['SAVE']) && serendipity_checkFormToken()) {
if (is_array($r)) {
$r = serendipity_db_query("SELECT category_name FROM {$serendipity['dbPrefix']}category
WHERE categoryid = ". (int)$parentid);
$data['subcat'] = sprintf(ALREADY_SUBCATEGORY, htmlspecialchars($r[0]['category_name']), htmlspecialchars($name));
$data['subcat'] = sprintf(ALREADY_SUBCATEGORY, serendipity_specialchars($r[0]['category_name']), serendipity_specialchars($name));
} else {
serendipity_updateCategory($serendipity['GET']['cid'], $name, $desc, $authorid, $icon, $parentid, $serendipity['POST']['cat']['sort_order'], $serendipity['POST']['cat']['hide_sub'], $admin_category);
serendipity_ACLGrant($serendipity['GET']['cid'], 'category', 'read', $serendipity['POST']['cat']['read_authors']);

6
include/admin/comments.inc.php
View File

@ -206,7 +206,7 @@ $filters = array('author', 'email', 'ip', 'url', 'body', 'referer');
/* Compress the filters into an "AND" SQL query, and a querystring */
foreach ($filters as $filter) {
$and .= (!empty($serendipity['GET']['filter'][$filter]) ? "AND c.". $filter ." LIKE '%". serendipity_db_escape_string($serendipity['GET']['filter'][$filter]) ."%'" : "");
$searchString .= (!empty($serendipity['GET']['filter'][$filter]) ? "&serendipity[filter][". $filter ."]=". htmlspecialchars($serendipity['GET']['filter'][$filter]) : "");
$searchString .= (!empty($serendipity['GET']['filter'][$filter]) ? "&serendipity[filter][". $filter ."]=". serendipity_specialchars($serendipity['GET']['filter'][$filter]) : "");
}
if ($serendipity['GET']['filter']['show'] == 'approved') {
@ -330,11 +330,11 @@ if(is_array($sql)) {
$comment['excerpt'] = true;
// When summary is not the full body, strip HTML tags from summary, as it might break and leave unclosed HTML.
$comment['fullBody'] = nl2br(htmlspecialchars($comment['fullBody']));
$comment['fullBody'] = nl2br(serendipity_specialchars($comment['fullBody']));
$comment['summary'] = nl2br(strip_tags($comment['summary']));
} else {
$comment['excerpt'] = false;
$comment['fullBody'] = $comment['summary'] = nl2br(htmlspecialchars($comment['fullBody']));
$comment['fullBody'] = $comment['summary'] = nl2br(serendipity_specialchars($comment['fullBody']));
}
serendipity_plugin_api::hook_event('backend_view_comment', $comment, '&serendipity[page]='. $page . $searchString);

14
include/admin/entries.inc.php
View File

@ -173,7 +173,7 @@ switch($serendipity['GET']['adminAction']) {
'serendipity[action]' => 'admin',
'serendipity[adminModule]' => 'entries',
'serendipity[adminAction]' => 'save',
'serendipity[timestamp]' => htmlspecialchars($entry['timestamp'])
'serendipity[timestamp]' => serendipity_specialchars($entry['timestamp'])
),
$entry,
$errors
@ -191,7 +191,7 @@ switch($serendipity['GET']['adminAction']) {
serendipity_deleteEntry((int)$serendipity['GET']['id']);
$data['switched_output'] = true;
$data['is_doDelete'] = true;
$data['del_entry'] = sprintf(RIP_ENTRY, $entry['id'] . ' - ' . htmlspecialchars($entry['title']));
$data['del_entry'] = sprintf(RIP_ENTRY, $entry['id'] . ' - ' . serendipity_specialchars($entry['title']));
case 'doMultiDelete':
if ($serendipity['GET']['adminAction'] != 'doDelete') {
@ -208,7 +208,7 @@ switch($serendipity['GET']['adminAction']) {
$entry = serendipity_fetchEntry('id', $id, 1, 1);
serendipity_deleteEntry((int)$id);
$data['is_doMultiDelete'] = true;
$data['del_entry'][] = sprintf(RIP_ENTRY, $entry['id'] . ' - ' . htmlspecialchars($entry['title']));
$data['del_entry'][] = sprintf(RIP_ENTRY, $entry['id'] . ' - ' . serendipity_specialchars($entry['title']));
}
}
}
@ -327,13 +327,13 @@ switch($serendipity['GET']['adminAction']) {
$smartentries[] = array(
'id' => $ey['id'],
'title' => htmlspecialchars($ey['title']),
'title' => serendipity_specialchars($ey['title']),
'timestamp' => (int)$ey['timestamp'],
'last_modified' => (int)$ey['last_modified'],
'isdraft' => serendipity_db_bool($ey['isdraft']),
'ep_is_sticky' => (serendipity_db_bool($ey['properties']['ep_is_sticky']) ? true : false),
'pubdate' => date("c", (int)$ey['timestamp']),
'author' => htmlspecialchars($ey['author']),
'author' => serendipity_specialchars($ey['author']),
'cats' => $entry_cats,
'preview' => ((serendipity_db_bool($ey['isdraft']) || (!$serendipity['showFutureEntries'] && $ey['timestamp'] >= serendipity_serverOffsetHour())) ? true : false),
'archive_link' => serendipity_archiveURL($ey['id'], $ey['title'], 'serendipityHTTPPath', true, array('timestamp' => $ey['timestamp'])),
@ -365,7 +365,7 @@ switch($serendipity['GET']['adminAction']) {
$data['is_delete'] = true;
$data['newLoc'] = $newLoc;
// for smartification printf had to turn into sprintf!!
$data['rip_entry'] = sprintf(DELETE_SURE, $entry['id'] . ' - ' . htmlspecialchars($entry['title']));
$data['rip_entry'] = sprintf(DELETE_SURE, $entry['id'] . ' - ' . serendipity_specialchars($entry['title']));
break;
case 'multidelete':
@ -379,7 +379,7 @@ switch($serendipity['GET']['adminAction']) {
$ids .= (int)$id . ',';
$entry = serendipity_fetchEntry('id', $id, 1, 1);
$data['is_multidelete'] = true;
$data['rip_entry'][] = sprintf(DELETE_SURE, $entry['id'] . ' - ' . htmlspecialchars($entry['title']));
$data['rip_entry'][] = sprintf(DELETE_SURE, $entry['id'] . ' - ' . serendipity_specialchars($entry['title']));
}
$newLoc = '?' . serendipity_setFormToken('url') . '&serendipity[action]=admin&serendipity[adminModule]=entries&serendipity[adminAction]=doMultiDelete&serendipity[id]=' . $ids;
$data['switched_output'] = true;

22
include/admin/images.inc.php
View File

@ -81,7 +81,7 @@ switch ($serendipity['GET']['adminAction']) {
if ($id > 0) {
$image = serendipity_fetchImageFromDatabase($id);
$messages[] = serendipity_deleteImage((int)$id);
$messages[] = sprintf(RIP_ENTRY, $image['id'] . ' - ' . htmlspecialchars($image['realname']));
$messages[] = sprintf(RIP_ENTRY, $image['id'] . ' - ' . serendipity_specialchars($image['realname']));
}
}
$data['showML'] = showMediaLibrary();
@ -118,7 +118,7 @@ switch ($serendipity['GET']['adminAction']) {
foreach($serendipity['POST']['multiDelete'] AS $idx => $id) {
$ids .= (int)$id . ',';
$image = serendipity_fetchImageFromDatabase($id);
$data['rip_image'][] = sprintf(DELETE_SURE, $image['id'] . ' - ' . htmlspecialchars($image['realname']));
$data['rip_image'][] = sprintf(DELETE_SURE, $image['id'] . ' - ' . serendipity_specialchars($image['realname']));
}
if (!isset($serendipity['adminFile'])) {
$serendipity['adminFile'] = 'serendipity_admin.php';
@ -172,7 +172,7 @@ switch ($serendipity['GET']['adminAction']) {
$new_media = array();
$serendipity['POST']['imageurl'] = htmlspecialchars($serendipity['POST']['imageurl']);
$serendipity['POST']['imageurl'] = serendipity_specialchars($serendipity['POST']['imageurl']);
// First find out whether to fetch a file or accept an upload
if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') {
@ -439,7 +439,7 @@ switch ($serendipity['GET']['adminAction']) {
$data['groups'] = $groups;
$data['use_dir'] = $use_dir;
$data['formtoken'] = serendipity_setFormToken();
$data['dir'] = htmlspecialchars($serendipity['GET']['dir']);
$data['dir'] = serendipity_specialchars($serendipity['GET']['dir']);
$data['rgroups'] = (isset($read_groups[0]) ? true : false);
$data['wgroups'] = (isset($write_groups[0]) ? true : false);
$data['read_groups'] = $read_groups;
@ -451,9 +451,9 @@ switch ($serendipity['GET']['adminAction']) {
return;
}
$data['case_directoryDelete'] = true;
$data['dir'] = htmlspecialchars($serendipity['GET']['dir']);
$data['dir'] = serendipity_specialchars($serendipity['GET']['dir']);
$data['formtoken'] = serendipity_setFormToken();
$data['basename_dir'] = basename(htmlspecialchars($serendipity['GET']['dir']));
$data['basename_dir'] = basename(serendipity_specialchars($serendipity['GET']['dir']));
break;
case 'directoryDoCreate':
@ -557,7 +557,7 @@ switch ($serendipity['GET']['adminAction']) {
if (isset($image_selector_addvars) && is_array($image_selector_addvars)) {
// These variables may come from serendipity_admin_image_selector.php to show embedded upload form
foreach($image_selector_addvars AS $imgsel_key => $imgsel_val) {
$form_hidden .= ' <input type="hidden" name="serendipity[' . htmlspecialchars($imgsel_key) . ']" value="' . htmlspecialchars($imgsel_val) . '" />' . "\n";
$form_hidden .= ' <input type="hidden" name="serendipity[' . serendipity_specialchars($imgsel_key) . ']" value="' . serendipity_specialchars($imgsel_val) . '" />' . "\n";
}
}
@ -584,7 +584,7 @@ switch ($serendipity['GET']['adminAction']) {
}
if (empty($serendipity['adminFile_redirect'])) {
$serendipity['adminFile_redirect'] = htmlspecialchars($_SERVER['HTTP_REFERER']);
$serendipity['adminFile_redirect'] = serendipity_specialchars($_SERVER['HTTP_REFERER']);
}
$data['case_rotateCW'] = true;
@ -601,7 +601,7 @@ switch ($serendipity['GET']['adminAction']) {
}
if (empty($serendipity['adminFile_redirect'])) {
$serendipity['adminFile_redirect'] = htmlspecialchars($_SERVER['HTTP_REFERER']);
$serendipity['adminFile_redirect'] = serendipity_specialchars($_SERVER['HTTP_REFERER']);
}
$data['case_rotateCCW'] = true;
@ -641,7 +641,7 @@ switch ($serendipity['GET']['adminAction']) {
$data['img_width'] = $s[0];
$data['img_height'] = $s[1];
$data['print_RESIZE_BLAHBLAH'] = sprintf(RESIZE_BLAHBLAH, htmlspecialchars($serendipity['GET']['fname']));
$data['print_RESIZE_BLAHBLAH'] = sprintf(RESIZE_BLAHBLAH, serendipity_specialchars($serendipity['GET']['fname']));
$data['print_ORIGINAL_SIZE'] = sprintf(ORIGINAL_SIZE, $s[0],$s[1]);
$data['formtoken'] = serendipity_setFormToken();
$data['file'] = $serendipity['uploadHTTPPath'] . $file['path'] . $file['name'] .($file['extension'] ? '.'. $file['extension'] : "");
@ -661,7 +661,7 @@ switch ($serendipity['GET']['adminAction']) {
serendipity_plugin_api::hook_event('media_getproperties_cached', $media['file']['props']['base_metadata'], $media['file']['realfile']);
if ($file['is_image']) {
$file['finishJSFunction'] = $file['origfinishJSFunction'] = 'serendipity.serendipity_imageSelector_done(\'' . htmlspecialchars($serendipity['GET']['textarea']) . '\')';
$file['finishJSFunction'] = $file['origfinishJSFunction'] = 'serendipity.serendipity_imageSelector_done(\'' . serendipity_specialchars($serendipity['GET']['textarea']) . '\')';
if (!empty($serendipity['GET']['filename_only']) && $serendipity['GET']['filename_only'] !== 'true') {
$file['fast_select'] = true;

2
include/admin/importers/b2evolution.inc.php
View File

@ -81,7 +81,7 @@ class Serendipity_Import_b2evolution extends Serendipity_Import {
$b2db = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$b2db) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'])) {

2
include/admin/importers/bblog.inc.php
View File

@ -83,7 +83,7 @@ class Serendipity_Import_bblog extends Serendipity_Import {
$bblogdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$bblogdb) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'])) {

2
include/admin/importers/bmachine.inc.php
View File

@ -81,7 +81,7 @@ class Serendipity_Import_bmachine extends Serendipity_Import {
$txpdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$txpdb) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'])) {

2
include/admin/importers/geeklog.inc.php
View File

@ -87,7 +87,7 @@ class Serendipity_Import_geeklog extends Serendipity_Import {
$gdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$gdb) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'])) {

8
include/admin/importers/generic.inc.php
View File

@ -146,7 +146,7 @@ class Serendipity_Import_Generic extends Serendipity_Import {
if (PEAR::isError($res) || $req->getResponseCode() != '200') {
serendipity_request_end();
echo '<span class="block_level">' . IMPORT_FAILED . ': ' . htmlspecialchars($this->data['url']) . '</span>';
echo '<span class="block_level">' . IMPORT_FAILED . ': ' . serendipity_specialchars($this->data['url']) . '</span>';
return false;
}
@ -198,7 +198,7 @@ class Serendipity_Import_Generic extends Serendipity_Import {
'category_left' => 0,
'category_right' => 0);
echo '<span class="block_level">';
printf(CREATE_CATEGORY, htmlspecialchars($cat_name));
printf(CREATE_CATEGORY, serendipity_specialchars($cat_name));
echo "</span>";
if ($dry_run) {
$s9y_cat[$cat_name] = time();
@ -256,7 +256,7 @@ class Serendipity_Import_Generic extends Serendipity_Import {
$s9y_users[$wp_user]['authorid'] = serendipity_addAuthor($wp_user, md5(time()), $wp_user, '', USERLEVEL_EDITOR);
}
echo '<span class="block_level">';
printf(CREATE_AUTHOR, htmlspecialchars($wp_user));
printf(CREATE_AUTHOR, serendipity_specialchars($wp_user));
echo "</span>";
}
@ -312,7 +312,7 @@ class Serendipity_Import_Generic extends Serendipity_Import {
$s9y_cid[$c_id] = $cid;
}
echo "<span class='msg_notice'>Entry '" . htmlspecialchars($entry['title']) . "' ($c_i comments) imported.</span>";
echo "<span class='msg_notice'>Entry '" . serendipity_specialchars($entry['title']) . "' ($c_i comments) imported.</span>";
}
return true;
}

2
include/admin/importers/lifetype.inc.php
View File

@ -81,7 +81,7 @@ class Serendipity_Import_lifetype extends Serendipity_Import {
$ltdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$ltdb) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'])) {

4
include/admin/importers/livejournal.inc.php
View File

@ -201,7 +201,7 @@ class Serendipity_Import_LiveJournalXML extends Serendipity_Import {
global $serendipity;
if (!file_exists($this->data['url'])) {
printf(FILE_NOT_FOUND, htmlspecialchars($this->data['url']));
printf(FILE_NOT_FOUND, serendipity_specialchars($this->data['url']));
return false;
}
@ -252,7 +252,7 @@ class Serendipity_Import_LiveJournalXML extends Serendipity_Import {
}
}
$id = serendipity_updertEntry($new_entry);
echo '<span class="msg_notice">Inserted entry #' . $id . ', "' . htmlspecialchars($new_entry['title']) . '"</span>';
echo '<span class="msg_notice">Inserted entry #' . $id . ', "' . serendipity_specialchars($new_entry['title']) . '"</span>';
if (is_array($new_entry['comments'])) {
$cid_map = array();
$jids = array();

4
include/admin/importers/movabletype.inc.php
View File

@ -138,7 +138,7 @@ class Serendipity_Import_MovableType extends Serendipity_Import {
if ( !isset($authors[$data]) ) {
$au_inf = serendipity_fetchAuthor($data);
if ( !is_array($au_inf) ) {
$tasks[] = sprintf(CREATE_AUTHOR, htmlspecialchars($data));
$tasks[] = sprintf(CREATE_AUTHOR, serendipity_specialchars($data));
$tasks[] = '<ul class="plainList"><li>Input array is: ' . print_r($data, true) . '</li><<li>Return is: ' . print_r($au_inf, true) . '</li></ul>';
$au_inf = serendipity_fetchAuthor($serendipity['authorid']);
}
@ -197,7 +197,7 @@ class Serendipity_Import_MovableType extends Serendipity_Import {
$entry['categories'][] = $this->categories[$y]['categoryid'];
}
} else {
$tasks[] = sprintf(CREATE_CATEGORY, htmlspecialchars($data));
$tasks[] = sprintf(CREATE_CATEGORY, serendipity_specialchars($data));
}
}
}

2
include/admin/importers/nucleus.inc.php
View File

@ -84,7 +84,7 @@ class Serendipity_Import_Nucleus extends Serendipity_Import {
$nucdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$nucdb) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'])) {

2
include/admin/importers/nuke.inc.php
View File

@ -81,7 +81,7 @@ class Serendipity_Import_nuke extends Serendipity_Import {
$nukedb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$nukedb) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'])) {

6
include/admin/importers/old_blogger.inc.php
View File

@ -125,7 +125,7 @@ ENDPOST
# locate the post title
if (preg_match("/TITLE:(.*)/", $post, $title)) {
$title = trim($title[1]);
echo "<b class='block_level'>" . htmlspecialchars($title) . "</b>";
echo "<b class='block_level'>" . serendipity_specialchars($title) . "</b>";
} else {
$title = "";
echo "<b class='block_level'>Empty title</b>";
@ -134,7 +134,7 @@ ENDPOST
# locate the post author
if (preg_match("/AUTHOR:(.*)/", $post, $author)) {
$author = trim($author[1]);
echo "<em class='block_level'>" . htmlspecialchars($author[1]) . "</em>";
echo "<em class='block_level'>" . serendipity_specialchars($author[1]) . "</em>";
} else {
$author = "";
echo "<em class='block_level'>Unknown author</em>";
@ -143,7 +143,7 @@ ENDPOST
# locate the post date
if (preg_match("/DATE:(.*)/", $post, $date)) {
$date = strtotime(trim($date[1]));
echo "<span class='block_level'>Posted on " . htmlspecialchars($date[1]) . ".</span>";
echo "<span class='block_level'>Posted on " . serendipity_specialchars($date[1]) . ".</span>";
} else {
$date = time();
echo "<span class='block_level'>Unknown posting time.</span>";

2
include/admin/importers/phpbb.inc.php
View File

@ -83,7 +83,7 @@ class Serendipity_Import_phpbb extends Serendipity_Import {
$gdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$gdb) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'])) {

8
include/admin/importers/pivot.inc.php
View File

@ -69,7 +69,7 @@ class Serendipity_Import_Pivot extends Serendipity_Import {
if (!is_dir($this->data['pivot_path']) || !is_readable($this->data['pivot_path'])) {
$check_dir = $serendipity['serendipityPath'] . $this->data['pivot_path'];
if (!is_dir($check_dir) || !is_readable($check_dir)) {
return sprintf(ERROR_NO_DIRECTORY, htmlspecialchars($this->data['pivot_path']));
return sprintf(ERROR_NO_DIRECTORY, serendipity_specialchars($this->data['pivot_path']));
}
$this->data['pivot_path'] = $check_dir;
}
@ -95,10 +95,10 @@ class Serendipity_Import_Pivot extends Serendipity_Import {
}
if ($found) {
echo '<li>Pivot Category "' . htmlspecialchars($pivot_category) . '" mapped to Serendipity ID ' . $found . '</li>';
echo '<li>Pivot Category "' . serendipity_specialchars($pivot_category) . '" mapped to Serendipity ID ' . $found . '</li>';
$pivot_to_s9y['categories'][$pivot_category] = $found;
} else {
echo '<li>Created Pivot Category "' . htmlspecialchars($pivot_category) . '".</li>';
echo '<li>Created Pivot Category "' . serendipity_specialchars($pivot_category) . '".</li>';
$cat = array('category_name' => $pivot_category,
'category_description' => '',
'parentid' => 0,
@ -191,7 +191,7 @@ class Serendipity_Import_Pivot extends Serendipity_Import {
}
echo '</ul>';
} else {
return sprintf(ERROR_NO_DIRECTORY, htmlspecialchars($this->data['pivot_path']));
return sprintf(ERROR_NO_DIRECTORY, serendipity_specialchars($this->data['pivot_path']));
}
return true;

2
include/admin/importers/pmachine.inc.php
View File

@ -84,7 +84,7 @@ class Serendipity_Import_pMachine extends Serendipity_Import {
$pmdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$pmdb) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'])) {

2
include/admin/importers/serendipity.inc.php
View File

@ -448,7 +448,7 @@ class Serendipity_Import_Serendipity extends Serendipity_Import {
$s9ydb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$s9ydb) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'], $s9ydb)) {

4
include/admin/importers/smf.inc.php
View File

@ -87,7 +87,7 @@ class Serendipity_Import_smf extends Serendipity_Import {
$gdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$gdb) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'])) {
@ -296,7 +296,7 @@ class Serendipity_Import_smf extends Serendipity_Import {
break;
}
}
$a['post_text'] = html_entity_decode($a['post_text']);
$a['post_text'] = serendipity_entity_decode($a['post_text']);
$comment = array('entry_id ' => $entries[$x]['entryid'],
'parent_id' => 0,

2
include/admin/importers/sunlog.inc.php
View File

@ -88,7 +88,7 @@ class Serendipity_Import_sunlog extends Serendipity_Import {
$sunlogdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$sunlogdb) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'])) {

2
include/admin/importers/textpattern.inc.php
View File

@ -87,7 +87,7 @@ class Serendipity_Import_textpattern extends Serendipity_Import {
$txpdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$txpdb) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'])) {

4
include/admin/importers/voodoopad.inc.php
View File

@ -96,11 +96,11 @@ class Serendipity_Import_VoodooPad extends Serendipity_Import {
// Feed the contents of the file into the parser
if (!file_exists($file)) {
die(sprintf(DOCUMENT_NOT_FOUND, htmlspecialchars($file)));
die(sprintf(DOCUMENT_NOT_FOUND, serendipity_specialchars($file)));
}
if(!($handle = fopen($file, "r"))) {
die(sprintf(SKIPPING_FILE_UNREADABLE, htmlspecialchars($file)));
die(sprintf(SKIPPING_FILE_UNREADABLE, serendipity_specialchars($file)));
}
while($contents = fread($handle, 4096)) {

2
include/admin/importers/wordpress-pg.inc.php
View File

@ -87,7 +87,7 @@ class Serendipity_Import_WordPress_PG extends Serendipity_Import {
$wpdb = pg_connect("$this->data['host'], $this->data['port'], $this->data['user'], $this->data['pass'], $this->data['name']");
if ( !$wpdb ) {
return sprintf(PGSQL_COULDNT_CONNECT, htmlspecialchars($this->data['pass']));
return sprintf(PGSQL_COULDNT_CONNECT, serendipity_specialchars($this->data['pass']));
}
/* Users */

2
include/admin/importers/wordpress.inc.php
View File

@ -94,7 +94,7 @@ class Serendipity_Import_WordPress extends Serendipity_Import {
$wpdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
if (!$wpdb) {
return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
}
if (!@mysql_select_db($this->data['name'], $wpdb)) {

4
include/admin/overview.inc.php
View File

@ -13,7 +13,7 @@ switch($serendipity['POST']['adminAction']) {
break;
}
$success = serendipity_updertEntry(array(
'id' => htmlspecialchars($serendipity['POST']['id']),
'id' => serendipity_specialchars($serendipity['POST']['id']),
'timestamp' => time(),
'isdraft' => 0
));
@ -65,7 +65,7 @@ if (count($comments) > 1) {
$comment['excerpt'] = true;
// When summary is not the full body, strip HTML tags from summary, as it might break and leave unclosed HTML.
$comment['fullBody'] = nl2br(htmlspecialchars($comment['fullBody']));
$comment['fullBody'] = nl2br(serendipity_specialchars($comment['fullBody']));
$comment['summary'] = nl2br(strip_tags($comment['summary']));
}
}

12
include/admin/plugins.inc.php
View File

@ -77,9 +77,9 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
$plugin->performConfig($bag);
}
$name = htmlspecialchars($bag->get('name'));
$desc = htmlspecialchars($bag->get('description'));
$license = htmlspecialchars($bag->get('license'));
$name = serendipity_specialchars($bag->get('name'));
$desc = serendipity_specialchars($bag->get('description'));
$license = serendipity_specialchars($bag->get('license'));
$documentation = $bag->get('website');
@ -372,11 +372,11 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
/* Load the new plugin */
$plugin = &serendipity_plugin_api::load_plugin($inst);
if (!is_object($plugin)) {
echo "DEBUG: Plugin " . htmlspecialchars($inst) . " not an object: " . htmlspecialchars(print_r($plugin, true))
. ".<br />Input: " . htmlspecialchars(print_r($serendipity['GET'], true)) . ".<br /><br />\n\nThis error
echo "DEBUG: Plugin " . serendipity_specialchars($inst) . " not an object: " . serendipity_specialchars(print_r($plugin, true))
. ".<br />Input: " . serendipity_specialchars(print_r($serendipity['GET'], true)) . ".<br /><br />\n\nThis error
can happen if a plugin was not properly downloaded (check your plugins directory if the requested plugin
was downloaded) or the inclusion of a file failed (permissions?)<br />\n";
echo "Backtrace:<br />\n" . nl2br(htmlspecialchars(implode("\n", $serendipity['debug']['pluginload']))) . "<br />";
echo "Backtrace:<br />\n" . nl2br(serendipity_specialchars(implode("\n", $serendipity['debug']['pluginload']))) . "<br />";
}
$bag = new serendipity_property_bag;
$plugin->introspect($bag);

8
include/admin/templates.inc.php
View File

@ -65,17 +65,17 @@ if ($serendipity['GET']['adminAction'] == 'editConfiguration') {
if ($serendipity['GET']['adminAction'] == 'install' || $serendipity['GET']['adminAction'] == 'install-frontend' || $serendipity['GET']['adminAction'] == 'install-backend') {
serendipity_plugin_api::hook_event('backend_templates_fetchtemplate', $serendipity);
$themeInfo = serendipity_fetchTemplateInfo(htmlspecialchars($serendipity['GET']['theme']));
$themeInfo = serendipity_fetchTemplateInfo(serendipity_specialchars($serendipity['GET']['theme']));
// A separate hook is used post installation, for plugins to possibly perform some actions
serendipity_plugin_api::hook_event('backend_templates_install', $serendipity['GET']['theme'], $themeInfo);
if ($serendipity['GET']['adminAction'] == 'install' || $serendipity['GET']['adminAction'] == 'install-frontend') {
serendipity_set_config_var('template', htmlspecialchars($serendipity['GET']['theme']));
serendipity_set_config_var('template', serendipity_specialchars($serendipity['GET']['theme']));
}
if ($serendipity['GET']['adminAction'] == 'install-backend' && $themeInfo['custom_admin_interface'] == YES) {
serendipity_set_config_var('template_backend', htmlspecialchars($serendipity['GET']['theme']));
serendipity_set_config_var('template_backend', serendipity_specialchars($serendipity['GET']['theme']));
} else {
// template_engine was set by default to default, which screws up the fallback chain (to the default-template first)
// The "Engine" now only applies to FRONTEND themes. Backend themes will always fall back to our default backend theme only, to ensure proper backend operation.
@ -87,7 +87,7 @@ if ($serendipity['GET']['adminAction'] == 'install' || $serendipity['GET']['admi
serendipity_set_config_var('last_template_change', time());
$data["adminAction"] = "install";
$data["install_template"] = htmlspecialchars($serendipity['GET']['theme']);
$data["install_template"] = serendipity_specialchars($serendipity['GET']['theme']);
}
if ( @file_exists($serendipity['serendipityPath'] . $serendipity['templatePath'] . $serendipity['template'] .'/layout.php') ) {

33
include/compat.inc.php
View File

@ -408,4 +408,37 @@ if (function_exists('date_default_timezone_get')) {
@date_default_timezone_set(@date_default_timezone_get());
}
/**
* In PHP 5.4, the default encoding of htmlspecialchar changed to UTF-8 and it will emit empty strings when given
* native encoded strings containing umlauts. This wrapper should to be used in the core until PHP 5.6 fixes the bug.
*/
function serendipity_specialchars($string, $flags = null, $encoding = LANG_CHARSET, $double_encode = true) {
if ($flags == null) {
$flags = ENT_COMPAT | ENT_HTML401 | ENT_SUBSTITUTE;
}
return htmlspecialchars($string, $flags, $encoding, $double_encode);
}
/**
* see serendipity_specialchars
*/
function serendipity_entities($string, $flags = null, $encoding = LANG_CHARSET, $double_encode = true) {
if ($flags == null) {
$flags = ENT_COMPAT | ENT_HTML401 | ENT_SUBSTITUTE;
}
return htmlentities($string, $flags, $encoding, $double_encode);
}
/**
* serendipity_specialchars
*/
function serendipity_entity_decode($string, $flags = null, $encoding = LANG_CHARSET, $double_encode = true) {
if ($flags == null) {
# NOTE: ENT_SUBSTITUTE does not exist for this function, and the documentation does not specify that it will
# ever echo empty strings on charset errors
$flags = ENT_COMPAT | ENT_HTML401;
}
return html_entity_decode($string, $flags, $encoding, $double_encode);
}
/* vim: set sts=4 ts=4 expandtab : */

8
include/db/mysql.inc.php
View File

@ -96,13 +96,13 @@ function &serendipity_db_query($sql, $single = false, $result_type = "both", $re
}
if (!$expectError && mysql_error($serendipity['dbConn']) != '') {
$msg = '<pre>' . htmlspecialchars($sql) . '</pre> / ' . htmlspecialchars(mysql_error($serendipity['dbConn']));
$msg = '<pre>' . serendipity_specialchars($sql) . '</pre> / ' . serendipity_specialchars(mysql_error($serendipity['dbConn']));
return $msg;
}
if (!$c) {
if (!$expectError && !$serendipity['production']) {
print '<pre>' . htmlspecialchars($sql) . '</pre> / ' . htmlspecialchars(mysql_error($serendipity['dbConn']));
print '<pre>' . serendipity_specialchars($sql) . '</pre> / ' . serendipity_specialchars(mysql_error($serendipity['dbConn']));
if (function_exists('debug_backtrace') && $reportErr == true) {
highlight_string(var_export(debug_backtrace(), 1));
}
@ -340,7 +340,7 @@ function serendipity_db_probe($hash, &$errs) {
if (!($c = @mysql_connect($hash['dbHost'], $hash['dbUser'], $hash['dbPass']))) {
$errs[] = 'Could not connect to database; check your settings.';
$errs[] = 'The mySQL error was: ' . htmlspecialchars(mysql_error());
$errs[] = 'The mySQL error was: ' . serendipity_specialchars(mysql_error());
return false;
}
@ -348,7 +348,7 @@ function serendipity_db_probe($hash, &$errs) {
if (!@mysql_select_db($hash['dbName'])) {
$errs[] = 'The database you specified does not exist.';
$errs[] = 'The mySQL error was: ' . htmlspecialchars(mysql_error());
$errs[] = 'The mySQL error was: ' . serendipity_specialchars(mysql_error());
return false;
}

4
include/db/mysqli.inc.php
View File

@ -321,7 +321,7 @@ function serendipity_db_probe($hash, &$errs) {
if (!$c) {
$errs[] = 'Could not connect to database; check your settings.';
$errs[] = 'The mySQL error was: ' . htmlspecialchars(mysqli_connect_error());
$errs[] = 'The mySQL error was: ' . serendipity_specialchars(mysqli_connect_error());
return false;
}
@ -329,7 +329,7 @@ function serendipity_db_probe($hash, &$errs) {
if ( !@mysqli_select_db($c, $hash['dbName']) ) {
$errs[] = 'The database you specified does not exist.';
$errs[] = 'The mySQL error was: ' . htmlspecialchars(mysqli_error($c));
$errs[] = 'The mySQL error was: ' . serendipity_specialchars(mysqli_error($c));
return false;
}

4
include/db/sqlrelay.inc.php
View File

@ -161,13 +161,13 @@ function &serendipity_db_query($sql, $single = false, $result_type = "both", $re
}
if (!$expectError && sqlrcur_errorMessage($cur) != '') {
$msg = '<pre>' . htmlspecialchars($sql) . '</pre> / ' . htmlspecialchars(sqlrcur_errorMessage($cur));
$msg = '<pre>' . serendipity_specialchars($sql) . '</pre> / ' . serendipity_specialchars(sqlrcur_errorMessage($cur));
return $msg;
}
if (!$c) {
if (!$expectError && !$serendipity['production']) {
print '<pre>' . htmlspecialchars($sql) . '</pre> / ' . htmlspecialchars(sqlrcur_errorMessage($cur));
print '<pre>' . serendipity_specialchars($sql) . '</pre> / ' . serendipity_specialchars(sqlrcur_errorMessage($cur));
if (function_exists('debug_backtrace') && $reportErr == true) {
highlight_string(var_export(debug_backtrace(), 1));
}

10
include/functions.inc.php
View File

@ -939,15 +939,15 @@ function serendipity_displayTopUrlList($list, $limit, $use_links = true, $interv
if ($use_links) {
$output .= sprintf(
'<span class="block_level"><a href="%1$s://%2$s" title="%2$s" >%2$s</a> (%3$s)</span>',
htmlspecialchars($row['scheme']),
htmlspecialchars($row['host']),
htmlspecialchars($row['total'])
serendipity_specialchars($row['scheme']),
serendipity_specialchars($row['host']),
serendipity_specialchars($row['total'])
);
} else {
$output .= sprintf(
'<span class="block_level">%1$s (%2$s)</span>',
htmlspecialchars($row['host']),
htmlspecialchars($row['total'])
serendipity_specialchars($row['host']),
serendipity_specialchars($row['total'])
);
}
}

20
include/functions_comments.inc.php
View File

@ -191,13 +191,13 @@ function serendipity_displayCommentForm($id, $url = '', $comments = NULL, $data
$commentform_data = array(
'commentform_action' => $url,
'commentform_id' => $id,
'commentform_name' => isset($data['name']) ? htmlspecialchars($data['name']) : (isset($serendipity['COOKIE']['name']) ? htmlspecialchars($serendipity['COOKIE']['name']) : ''),
'commentform_email' => isset($data['email']) ? htmlspecialchars($data['email']) : (isset($serendipity['COOKIE']['email']) ? htmlspecialchars($serendipity['COOKIE']['email']) : ''),
'commentform_url' => isset($data['url']) ? htmlspecialchars($data['url']) : (isset($serendipity['COOKIE']['url']) ? htmlspecialchars($serendipity['COOKIE']['url']) : ''),
'commentform_name' => isset($data['name']) ? serendipity_specialchars($data['name']) : (isset($serendipity['COOKIE']['name']) ? serendipity_specialchars($serendipity['COOKIE']['name']) : ''),
'commentform_email' => isset($data['email']) ? serendipity_specialchars($data['email']) : (isset($serendipity['COOKIE']['email']) ? serendipity_specialchars($serendipity['COOKIE']['email']) : ''),
'commentform_url' => isset($data['url']) ? serendipity_specialchars($data['url']) : (isset($serendipity['COOKIE']['url']) ? serendipity_specialchars($serendipity['COOKIE']['url']) : ''),
'commentform_remember' => isset($data['remember']) ? 'checked="checked"' : (isset($serendipity['COOKIE']['remember']) ? 'checked="checked"' : ''),
'commentform_replyTo' => serendipity_generateCommentList($id, $comments, ((isset($data['replyTo']) && ($data['replyTo'])) ? $data['replyTo'] : 0)),
'commentform_subscribe' => isset($data['subscribe']) ? 'checked="checked"' : '',
'commentform_data' => isset($data['comment']) ? htmlspecialchars($data['comment']) : '',
'commentform_data' => isset($data['comment']) ? serendipity_specialchars($data['comment']) : '',
'is_commentform_showToolbar' => $showToolbar,
'is_allowSubscriptions' => (serendipity_db_bool($serendipity['allowSubscriptions']) || $serendipity['allowSubscriptions'] === 'fulltext' ? true : false),
'is_moderate_comments' => $moderate_comments,
@ -320,7 +320,7 @@ function serendipity_generateCommentList($id, $comments = NULL, $selected = 0, $
foreach ($comments as $comment) {
if ($comment['parent_id'] == $parent) {
$i++;
$retval .= '<option value="' . $comment['id'] . '"'. ($selected == $comment['id'] || (isset($serendipity['POST']['replyTo']) && $comment['id'] == $serendipity['POST']['replyTo']) ? ' selected="selected"' : '') .'>' . str_repeat('&#160;', $level * 2) . '#' . $indent . $i . ': ' . (empty($comment['author']) ? ANONYMOUS : htmlspecialchars($comment['author'])) . ' ' . ON . ' ' . serendipity_mb('ucfirst', serendipity_strftime(DATE_FORMAT_SHORT, $comment['timestamp'])) . "</option>\n";
$retval .= '<option value="' . $comment['id'] . '"'. ($selected == $comment['id'] || (isset($serendipity['POST']['replyTo']) && $comment['id'] == $serendipity['POST']['replyTo']) ? ' selected="selected"' : '') .'>' . str_repeat('&#160;', $level * 2) . '#' . $indent . $i . ': ' . (empty($comment['author']) ? ANONYMOUS : serendipity_specialchars($comment['author'])) . ' ' . ON . ' ' . serendipity_mb('ucfirst', serendipity_strftime(DATE_FORMAT_SHORT, $comment['timestamp'])) . "</option>\n";
$retval .= serendipity_generateCommentList($id, $comments, $selected, $comment['id'], $level + 1, $indent . $i . '.');
}
}
@ -362,7 +362,7 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace
if ($parentid === VIEWMODE_LINEAR || !isset($comment['parent_id']) || $comment['parent_id'] == $parentid) {
$i++;
$comment['comment'] = htmlspecialchars(strip_tags($comment['body']));
$comment['comment'] = serendipity_specialchars(strip_tags($comment['body']));
$comment['url'] = strip_tags($comment['url']);
$comment['link_delete'] = $serendipity['baseURL'] . 'comment.php?serendipity[delete]=' . $comment['id'] . '&amp;serendipity[entry]=' . $comment['entry_id'] . '&amp;serendipity[type]=comments';
@ -380,7 +380,7 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace
if (!@parse_url($comment['url'])) {
$comment['url'] = '';
}
$comment['url'] = htmlspecialchars($comment['url'], ENT_QUOTES);
$comment['url'] = serendipity_specialchars($comment['url'], ENT_QUOTES);
}
$addData = array('from' => 'functions_entries:printComments');
@ -390,16 +390,16 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace
$comment['email'] = false;
} elseif (!empty($comment['email'])) {
$comment['clear_email'] = $comment['email'];
$comment['email'] = htmlspecialchars(str_replace('@', '[at]', $comment['email']));
$comment['email'] = serendipity_specialchars(str_replace('@', '[at]', $comment['email']));
}
$comment['body'] = $comment['comment'];
$comment['pos'] = $i;
$comment['trace'] = $trace . $i;
$comment['depth'] = $depth;
$comment['author'] = htmlspecialchars($comment['author']);
$comment['author'] = serendipity_specialchars($comment['author']);
if (isset($comment['title'])) {
$comment['title'] = htmlspecialchars($comment['title']);
$comment['title'] = serendipity_specialchars($comment['title']);
}
if (serendipity_userLoggedIn()) {

2
include/functions_config.inc.php
View File

@ -730,7 +730,7 @@ function serendipity_setCookie($name, $value, $securebyprot = true) {
* @return null
*/
function serendipity_JSsetCookie($name, $value) {
$name = htmlentities($name);
$name = serendipity_entities($name);
$value = urlencode($value);
echo '<script type="text/javascript">serendipity.SetCookie("' . $name . '", unescape("' . $value . '"))</script>' . "\n";

20
include/functions_entries.inc.php
View File

@ -1130,7 +1130,7 @@ function serendipity_printEntries($entries, $extended = 0, $preview = false, $sm
$entry['authorid'] = $serendipity['authorid'];
}
$entry['author'] = htmlspecialchars($entry['author']);
$entry['author'] = serendipity_specialchars($entry['author']);
$authorData = array(
'authorid' => $entry['authorid'],
@ -1142,12 +1142,12 @@ function serendipity_printEntries($entries, $extended = 0, $preview = false, $sm
$entry['link'] = serendipity_archiveURL($entry['id'], $entry['title'], 'serendipityHTTPPath', true, array('timestamp' => $entry['timestamp']));
$entry['commURL'] = serendipity_archiveURL($entry['id'], $entry['title'], 'baseURL', false, array('timestamp' => $entry['timestamp']));
$entry['html_title'] = $entry['title'];
$entry['title'] = htmlspecialchars($entry['title'], ENT_QUOTES, LANG_CHARSET); // PHP 5.4 changed default charset in htmlspecialchars
$entry['title'] = serendipity_specialchars($entry['title']);
$entry['title_rdf'] = preg_replace('@-{2,}@', '-', $entry['html_title']);
$entry['rdf_ident'] = serendipity_archiveURL($entry['id'], $entry['title_rdf'], 'baseURL', true, array('timestamp' => $entry['timestamp']));
$entry['link_rdf'] = serendipity_rewriteURL(PATH_FEEDS . '/ei_'. $entry['id'] .'.rdf');
$entry['title_rdf'] = htmlspecialchars($entry['title_rdf']);
$entry['title_rdf'] = serendipity_specialchars($entry['title_rdf']);
$entry['link_allow_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=enable&amp;serendipity[entry]=' . $entry['id'];
$entry['link_deny_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=disable&amp;serendipity[entry]=' . $entry['id'];
@ -1529,12 +1529,12 @@ function serendipity_generateCategoryList($cats, $select = array(0), $type = 0,
if ($cat['parentid'] == $id) {
switch ($type) {
case 0:
$ret .= str_repeat('&nbsp;', $level * 2).'&bull;&nbsp;<span class="block_level" id="catItem_' . $cat['categoryid'] . '"' . (($cat['categoryid'] && in_array($cat['categoryid'], $select)) ? ' selected="selected"' : '') . '><a href="?serendipity[adminModule]=category&amp;serendipity[cat][catid]=' . $cat['categoryid'] . '">' . (!empty($cat['category_icon']) ? '<img style="vertical-align: middle;" src="' . $cat['category_icon'] . '" border="0" alt="' . $cat['category_name'] . '"/> ' : '') . htmlspecialchars($cat['category_name']) . (!empty($cat['category_description']) ? ' - ' . htmlspecialchars($cat['category_description']) : '') . '</a></span>';
$ret .= str_repeat('&nbsp;', $level * 2).'&bull;&nbsp;<span class="block_level" id="catItem_' . $cat['categoryid'] . '"' . (($cat['categoryid'] && in_array($cat['categoryid'], $select)) ? ' selected="selected"' : '') . '><a href="?serendipity[adminModule]=category&amp;serendipity[cat][catid]=' . $cat['categoryid'] . '">' . (!empty($cat['category_icon']) ? '<img style="vertical-align: middle;" src="' . $cat['category_icon'] . '" border="0" alt="' . $cat['category_name'] . '"/> ' : '') . serendipity_specialchars($cat['category_name']) . (!empty($cat['category_description']) ? ' - ' . serendipity_specialchars($cat['category_description']) : '') . '</a></span>';
break;
case 1:
case 2:
$ret .= '<option value="' . $cat['categoryid'] . '"' . (($cat['categoryid'] && in_array($cat['categoryid'], $select)) ? ' selected="selected"' : '') . '>';
$ret .= str_repeat('&nbsp;', $level * 2) . htmlspecialchars($cat['category_name']) . ($type == 1 && !empty($cat['category_description']) ? (' - ' . htmlspecialchars($cat['category_description'])) : '');
$ret .= str_repeat('&nbsp;', $level * 2) . serendipity_specialchars($cat['category_name']) . ($type == 1 && !empty($cat['category_description']) ? (' - ' . serendipity_specialchars($cat['category_description'])) : '');
$ret .= '</option>';
break;
case 3:
@ -1546,19 +1546,19 @@ function serendipity_generateCategoryList($cats, $select = array(0), $type = 0,
'<a href="%s" title="%s">%s</a>' .
'</div>',
$serendipity['serendipityHTTPPath'] . 'rss.php?category=' . $cat['categoryid'] . '_' . $category_id,
htmlspecialchars($cat['category_description']),
serendipity_specialchars($cat['category_description']),
$xmlImg,
str_repeat('&#160;', $level * 3),
serendipity_categoryURL($cat, 'serendipityHTTPPath'),
htmlspecialchars($cat['category_description']),
htmlspecialchars($cat['category_name']));
serendipity_specialchars($cat['category_description']),
serendipity_specialchars($cat['category_name']));
} else {
$ret .= sprintf(
'<span class="block_level">%s<a href="%s" title="%s">%s</a></span>',
str_repeat('&#160;', $level * 3),
serendipity_categoryURL($cat, 'serendipityHTTPPath'),
htmlspecialchars($cat['category_description']),
htmlspecialchars($cat['category_name']));
serendipity_specialchars($cat['category_description']),
serendipity_specialchars($cat['category_name']));
}
break;
case 4:

2
include/functions_entries_admin.inc.php
View File

@ -113,7 +113,7 @@ function serendipity_printEntryForm($targetURL, $hiddens = array(), $entry = arr
}
if (!empty($serendipity['GET']['url'])) {
$entry['body'] .= "\n" . '<a class="block_level" href="' . htmlspecialchars(utf8_decode(urldecode($serendipity['GET']['url']))) . '">' . $entry['title'] . '</a>';
$entry['body'] .= "\n" . '<a class="block_level" href="' . serendipity_specialchars(utf8_decode(urldecode($serendipity['GET']['url']))) . '">' . $entry['title'] . '</a>';
}
$template_vars['formToken'] = serendipity_setFormToken();

30
include/functions_images.inc.php
View File

@ -1456,7 +1456,7 @@ function serendipity_displayImageList($page = 0, $lineBreak = NULL, $manage = fa
$extraParems = serendipity_generateImageSelectorParems();
$serendipity['GET']['only_path'] = serendipity_uploadSecure($limit_path . $serendipity['GET']['only_path'], true);
$serendipity['GET']['only_filename'] = htmlspecialchars(str_replace(array('*', '?'), array('%', '_'), $serendipity['GET']['only_filename']));
$serendipity['GET']['only_filename'] = serendipity_specialchars(str_replace(array('*', '?'), array('%', '_'), $serendipity['GET']['only_filename']));
$perPage = (!empty($serendipity['GET']['sortorder']['perpage']) ? (int)$serendipity['GET']['sortorder']['perpage'] : 8);
while ($perPage % $lineBreak !== 0) {
@ -1675,19 +1675,19 @@ function serendipity_generateImageSelectorParems() {
foreach($importParams AS $importParam) {
if (isset($serendipity['GET'][$importParam])) {
$extraParems .= 'serendipity[' . $importParam . ']='. htmlspecialchars($serendipity['GET'][$importParam]) .'&amp;';
$extraParems .= 'serendipity[' . $importParam . ']='. serendipity_specialchars($serendipity['GET'][$importParam]) .'&amp;';
}
}
foreach($sortParams AS $sortParam) {
serendipity_restoreVar($serendipity['COOKIE']['sortorder_' . $sortParam], $serendipity['GET']['sortorder'][$sortParam]);
$extraParems .= 'serendipity[sortorder]['. $sortParam .']='. htmlspecialchars($serendipity['GET']['sortorder'][$sortParam]) .'&amp;';
$extraParems .= 'serendipity[sortorder]['. $sortParam .']='. serendipity_specialchars($serendipity['GET']['sortorder'][$sortParam]) .'&amp;';
}
foreach($standaloneFilterParams AS $filterParam) {
serendipity_restoreVar($serendipity['COOKIE'][$filterParam], $serendipity['GET'][$filterParam]);
if (!empty($serendipity['GET'][$filterParam]) && $serendipity['GET'][$filterParam] != "undefined") {
$extraParems .= 'serendipity[' . $filterParam . ']='. htmlspecialchars($serendipity['GET'][$filterParam]) .'&amp;';
$extraParems .= 'serendipity[' . $filterParam . ']='. serendipity_specialchars($serendipity['GET'][$filterParam]) .'&amp;';
}
}
@ -1696,10 +1696,10 @@ function serendipity_generateImageSelectorParems() {
if (!empty($serendipity['GET']['filter'][$filterParam]) && $serendipity['GET']['filter'][$filterParam] != "undefined") {
if (is_array($filterValue)) {
foreach($filterValue as $key => $value) {
$extraParems .= 'serendipity[filter][' . $filterParam . '][' . $key . ']='. htmlspecialchars($value) .'&amp;';
$extraParems .= 'serendipity[filter][' . $filterParam . '][' . $key . ']='. serendipity_specialchars($value) .'&amp;';
}
} else {
$extraParems .= 'serendipity[filter][' . $filterParam . ']='. htmlspecialchars($filterValue) .'&amp;';
$extraParems .= 'serendipity[filter][' . $filterParam . ']='. serendipity_specialchars($filterValue) .'&amp;';
}
}
@ -2045,7 +2045,7 @@ function serendipity_getImageFields() {
foreach($addProp AS $prop) {
$parts = explode(':', $prop);
$name = $parts[0];
$x['bp.' . $name] = array('desc' => (defined('MEDIA_PROPERTY_' . $name) ? constant('MEDIA_PROPERTY_' . $name) : htmlspecialchars($name)));
$x['bp.' . $name] = array('desc' => (defined('MEDIA_PROPERTY_' . $name) ? constant('MEDIA_PROPERTY_' . $name) : serendipity_specialchars($name)));
if (preg_match('@date@i', $name)) {
$x['bp.' . $name]['type'] = 'date';
}
@ -2312,7 +2312,7 @@ function serendipity_showPropertyForm(&$new_media, $keywordsPerBlock = 3, $is_ed
if (isset($GLOBALS['image_selector_addvars']) && is_array($GLOBALS['image_selector_addvars'])) {
// These variables may come from serendipity_admin_image_selector.php to show embedded upload form
foreach($GLOBALS['image_selector_addvars'] AS $imgsel_key => $imgsel_val) {
$editform_hidden .= ' <input type="hidden" name="serendipity[' . htmlspecialchars($imgsel_key) . ']" value="' . htmlspecialchars($imgsel_val) . '" />' . "\n";
$editform_hidden .= ' <input type="hidden" name="serendipity[' . serendipity_specialchars($imgsel_key) . ']" value="' . serendipity_specialchars($imgsel_val) . '" />' . "\n";
}
}
@ -2431,13 +2431,13 @@ function serendipity_parseMediaProperties(&$dprops, &$keywords, &$media, &$props
}
$val = serendipity_mediaTypeCast($parts[0], $props['base_property'][$parts[0]], true);
$propkey = htmlspecialchars($parts[0]) . $idx;
$propkey = serendipity_specialchars($parts[0]) . $idx;
$media['base_property'][$propkey] = array(
'label' => htmlspecialchars(defined('MEDIA_PROPERTY_' . strtoupper($parts[0])) ? constant('MEDIA_PROPERTY_' . strtoupper($parts[0])) : $parts[0]),
'label' => serendipity_specialchars(defined('MEDIA_PROPERTY_' . strtoupper($parts[0])) ? constant('MEDIA_PROPERTY_' . strtoupper($parts[0])) : $parts[0]),
'type' => $type,
'val' => $val,
'title' => htmlspecialchars($parts[0])
'title' => serendipity_specialchars($parts[0])
);
if (!is_array($GLOBALS['IPTC'])) {
@ -2532,7 +2532,7 @@ function serendipity_parseMediaProperties(&$dprops, &$keywords, &$media, &$props
$kidx = ($i*$keywordsPerBlock) + $j;
if (isset($keywords[$kidx])) {
$media['base_keywords'][$i][$j] = array(
'name' => htmlspecialchars($keywords[$kidx]),
'name' => serendipity_specialchars($keywords[$kidx]),
'selected' => isset($props['base_keyword'][$keywords[$kidx]]) ? true : false
);
} else {
@ -2875,7 +2875,7 @@ function serendipity_showMedia(&$file, &$paths, $url = '', $manage = false, $lin
$form_hidden = '';
foreach($serendipity['GET'] AS $g_key => $g_val) {
if (!is_array($g_val) && $g_key != 'page') {
$form_hidden .= '<input type="hidden" name="serendipity[' . $g_key . ']" value="' . htmlspecialchars($g_val) . '" />';
$form_hidden .= '<input type="hidden" name="serendipity[' . $g_key . ']" value="' . serendipity_specialchars($g_val) . '" />';
}
}
@ -3285,7 +3285,7 @@ function serendipity_imageAppend(&$tfile, &$target, $dir, $echo = true) {
$target = $dir . $tfile;
if ($echo) {
printf(FILENAME_REASSIGNED . '<br />', htmlspecialchars($tfile));
printf(FILENAME_REASSIGNED . '<br />', serendipity_specialchars($tfile));
}
return $realname;
}
@ -3414,7 +3414,7 @@ function serendipity_moveMediaDirectory($oldDir, $newDir, $type = 'dir', $item_i
if ($type == 'file') {
if (serendipity_isActiveFile(basename($newDir))) {
echo '<span class="msg_error"><span class="icon-attention"></span> ';
printf(ERROR_FILE_FORBIDDEN, htmlspecialchars($newDir));
printf(ERROR_FILE_FORBIDDEN, serendipity_specialchars($newDir));
echo "</span>\n";
return false;
}

26
include/functions_installer.inc.php
View File

@ -576,33 +576,33 @@ function serendipity_checkInstallation() {
// Check dirs
if (!is_dir($_POST['serendipityPath'])) {
$errs[] = sprintf(DIRECTORY_NON_EXISTANT, htmlspecialchars($_POST['serendipityPath']));
$errs[] = sprintf(DIRECTORY_NON_EXISTANT, serendipity_specialchars($_POST['serendipityPath']));
}
elseif (!is_writable($_POST['serendipityPath']) ) {
$errs[] = sprintf(DIRECTORY_WRITE_ERROR, htmlspecialchars($_POST['serendipityPath']));
$errs[] = sprintf(DIRECTORY_WRITE_ERROR, serendipity_specialchars($_POST['serendipityPath']));
}
elseif (!is_dir($_POST['serendipityPath'] . $_POST['uploadPath'] ) && @mkdir($_POST['serendipityPath'] . $_POST['uploadPath'], $umask) !== true) {
$errs[] = sprintf(DIRECTORY_CREATE_ERROR, htmlspecialchars($_POST['serendipityPath']) . htmlspecialchars($_POST['uploadPath']));
$errs[] = sprintf(DIRECTORY_CREATE_ERROR, serendipity_specialchars($_POST['serendipityPath']) . serendipity_specialchars($_POST['uploadPath']));
}
elseif (!is_writable($_POST['serendipityPath'] . $_POST['uploadPath'])) {
$errs[] = sprintf(DIRECTORY_WRITE_ERROR, htmlspecialchars($_POST['serendipityPath']) . htmlspecialchars($_POST['uploadPath']));
$errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rws', htmlspecialchars($_POST['serendipityPath']) . htmlspecialchars($_POST['uploadPath']));
$errs[] = sprintf(DIRECTORY_WRITE_ERROR, serendipity_specialchars($_POST['serendipityPath']) . serendipity_specialchars($_POST['uploadPath']));
$errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rws', serendipity_specialchars($_POST['serendipityPath']) . serendipity_specialchars($_POST['uploadPath']));
}
// Attempt to create the template compile directory, it might already be there, but we just want to be sure
if (!is_dir($_POST['serendipityPath'] . PATH_SMARTY_COMPILE) && @mkdir($_POST['serendipityPath'] . PATH_SMARTY_COMPILE, $umask) !== true) {
$errs[] = sprintf(DIRECTORY_CREATE_ERROR, htmlspecialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE);
$errs[] = sprintf(DIRECTORY_RUN_CMD , 'mkdir' , htmlspecialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE);
$errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rwx', htmlspecialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE);
$errs[] = sprintf(DIRECTORY_CREATE_ERROR, serendipity_specialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE);
$errs[] = sprintf(DIRECTORY_RUN_CMD , 'mkdir' , serendipity_specialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE);
$errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rwx', serendipity_specialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE);
} elseif (is_dir($_POST['serendipityPath'] . PATH_SMARTY_COMPILE) && !is_writeable($_POST['serendipityPath'] . PATH_SMARTY_COMPILE) && @chmod($_POST['serendipityPath'] . PATH_SMARTY_COMPILE, $umask) !== true) {
$errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rwx', htmlspecialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE);
$errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rwx', serendipity_specialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE);
}
// Attempt to create the archives directory
if (!is_dir($_POST['serendipityPath'] . PATH_ARCHIVES) && @mkdir($_POST['serendipityPath'] . PATH_ARCHIVES, $umask) !== true) {
$errs[] = sprintf(DIRECTORY_CREATE_ERROR, htmlspecialchars($_POST['serendipityPath']) . PATH_ARCHIVES);
$errs[] = sprintf(DIRECTORY_RUN_CMD , 'mkdir' , htmlspecialchars($_POST['serendipityPath']) . PATH_ARCHIVES);
$errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rwx', htmlspecialchars($_POST['serendipityPath']) . PATH_ARCHIVES);
$errs[] = sprintf(DIRECTORY_CREATE_ERROR, serendipity_specialchars($_POST['serendipityPath']) . PATH_ARCHIVES);
$errs[] = sprintf(DIRECTORY_RUN_CMD , 'mkdir' , serendipity_specialchars($_POST['serendipityPath']) . PATH_ARCHIVES);
$errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rwx', serendipity_specialchars($_POST['serendipityPath']) . PATH_ARCHIVES);
}
// Check imagick
@ -795,7 +795,7 @@ function serendipity_installFiles($serendipity_core = '') {
$fp = @fopen($serendipity_core . '.htaccess', 'w');
if (!$fp) {
$errs[] = sprintf(FILE_WRITE_ERROR, $serendipity_core . '.htaccess') . ' ' . FILE_CREATE_YOURSELF;
$errs[] = sprintf(COPY_CODE_BELOW , $serendipity_core . '.htaccess', 'serendipity', htmlspecialchars($content));
$errs[] = sprintf(COPY_CODE_BELOW , $serendipity_core . '.htaccess', 'serendipity', serendipity_specialchars($content));
return $errs;
} else {
// Check if an old htaccess file existed and try to preserve its contents. Otherwise completely wipe the file.

20
include/functions_plugins_admin.inc.php
View File

@ -151,11 +151,11 @@ function show_plugins($event_only = false, $sidebars = null)
$bag = new serendipity_property_bag;
$plugin->introspect($bag);
$name = htmlspecialchars($bag->get('name'));
$name = serendipity_specialchars($bag->get('name'));
$desc = '<details class="plugin_data">';
$desc .= '<summary><var class="perm_name">'.$cname[0].'</var></summary>';
$desc .= '<div class="plugin_desc clearfix">' . htmlspecialchars($bag->get('description')) . '</div>';
$desc .= '<div class="plugin_desc clearfix">' . serendipity_specialchars($bag->get('description')) . '</div>';
$desc .= '<span class="block_level">' . VERSION . ': ' . $bag->get('version') . '</span>';
$desc .= '</details>';
@ -255,10 +255,10 @@ function serendipity_plugin_config(&$plugin, &$bag, &$name, &$desc, &$config_nam
$cbag = new serendipity_property_bag;
$plugin->introspect_config_item($config_item, $cbag);
$data['cname'] = $cname = htmlspecialchars($cbag->get('name'));
$data['cdesc'] = $cdesc = htmlspecialchars($cbag->get('description'));
$data['cname'] = $cname = serendipity_specialchars($cbag->get('name'));
$data['cdesc'] = $cdesc = serendipity_specialchars($cbag->get('description'));
$value = $plugin->get_config($config_item, 'unset');
$lang_direction = htmlspecialchars($cbag->get('lang_direction'));
$lang_direction = serendipity_specialchars($cbag->get('lang_direction'));
if (empty($lang_direction)) {
$lang_direction = LANG_DIRECTION;
@ -279,12 +279,12 @@ function serendipity_plugin_config(&$plugin, &$bag, &$name, &$desc, &$config_nam
if (isset($_POST['serendipity'][$postkey][$config_item])) {
if (is_array($_POST['serendipity'][$postkey][$config_item])) {
$hvalue = $_POST['serendipity'][$postkey][$config_item];
array_walk($hvalue, 'htmlspecialchars');
array_walk($hvalue, 'serendipity_specialchars');
} else {
$hvalue = htmlspecialchars($_POST['serendipity'][$postkey][$config_item]);
$hvalue = serendipity_specialchars($_POST['serendipity'][$postkey][$config_item]);
}
} else {
$hvalue = htmlspecialchars($value);
$hvalue = serendipity_specialchars($value);
}
$radio = array();
@ -367,7 +367,7 @@ function serendipity_plugin_config(&$plugin, &$bag, &$name, &$desc, &$config_nam
$data['radio_button'] = array();
$counter = 0;
foreach($radio['value'] AS $radio_index => $radio_value) {
$id = htmlspecialchars($config_item . $radio_value);
$id = serendipity_specialchars($config_item . $radio_value);
$counter++;
$checked = "";
@ -382,7 +382,7 @@ function serendipity_plugin_config(&$plugin, &$bag, &$name, &$desc, &$config_nam
$data['radio_button'][$radio_index]['checked'] = $checked;
$data['radio_button'][$radio_index]['counter'] = $counter;
$data['radio_button'][$radio_index]['value'] = $radio_value;
$data['radio_button'][$radio_index]['index'] = htmlspecialchars($radio['desc'][$radio_index]);
$data['radio_button'][$radio_index]['index'] = serendipity_specialchars($radio['desc'][$radio_index]);
}
$assign_plugin_config($data);

18
include/functions_rss.inc.php
View File

@ -70,7 +70,7 @@ function serendipity_printEntries_rss(&$entries, $version, $comments = false, $f
$entry['body'] .= ' ' . $entry['extended'];
$ext = '';
} elseif ($entry['exflag']) {
$ext = '<a class="block_level" href="' . $entry['feed_entryLink'] . '#extended">' . sprintf(VIEW_EXTENDED_ENTRY, htmlspecialchars($entry['title'])) . '</a>';
$ext = '<a class="block_level" href="' . $entry['feed_entryLink'] . '#extended">' . sprintf(VIEW_EXTENDED_ENTRY, serendipity_specialchars($entry['title'])) . '</a>';
} else {
$ext = '';
}
@ -103,24 +103,24 @@ function serendipity_printEntries_rss(&$entries, $version, $comments = false, $f
if (!is_array($entry['categories'])) {
$entry['categories'] = array(0 => array(
'category_name' => $entry['category_name'],
'feed_category_name' => serendipity_utf8_encode(htmlspecialchars($entry['category_name'])),
'feed_category_name' => serendipity_utf8_encode(serendipity_specialchars($entry['category_name'])),
'categoryURL' => serendipity_categoryURL($entry, 'baseURL')
));
} else {
foreach($entry['categories'] AS $cid => $_cat) {
$cat = &$entry['categories'][$cid];
$cat['categoryURL'] = serendipity_categoryURL($cat, 'baseURL');
$cat['feed_category_name'] = serendipity_utf8_encode(htmlspecialchars($cat['category_name']));
$cat['feed_category_name'] = serendipity_utf8_encode(serendipity_specialchars($cat['category_name']));
}
}
// Prepare variables
// 1. UTF8 encoding + htmlspecialchars.
$entry['feed_title'] = serendipity_utf8_encode(htmlspecialchars($entry['title']));
$entry['feed_blogTitle'] = serendipity_utf8_encode(htmlspecialchars($serendipity['blogTitle']));
$entry['feed_title'] = serendipity_utf8_encode(htmlspecialchars($entry['title']));
$entry['feed_author'] = serendipity_utf8_encode(htmlspecialchars($entry['author']));
$entry['feed_email'] = serendipity_utf8_encode(htmlspecialchars($entry['email']));
// 1. UTF8 encoding + serendipity_specialchars.
$entry['feed_title'] = serendipity_utf8_encode(serendipity_specialchars($entry['title']));
$entry['feed_blogTitle'] = serendipity_utf8_encode(serendipity_specialchars($serendipity['blogTitle']));
$entry['feed_title'] = serendipity_utf8_encode(serendipity_specialchars($entry['title']));
$entry['feed_author'] = serendipity_utf8_encode(serendipity_specialchars($entry['author']));
$entry['feed_email'] = serendipity_utf8_encode(serendipity_specialchars($entry['email']));
// 2. gmdate
$entry['feed_timestamp'] = gmdate('Y-m-d\TH:i:s\Z', serendipity_serverOffsetHour($entry['timestamp']));

2
include/functions_smarty.inc.php
View File

@ -93,7 +93,7 @@ function &serendipity_smarty_fetch($block, $file, $echo = false) {
* @return string The return string
*/
function serendipity_emptyPrefix($string, $prefix = ': ') {
return (!empty($string) ? $prefix . htmlspecialchars($string) : '');
return (!empty($string) ? $prefix . serendipity_specialchars($string) : '');
}
/**

8
include/functions_trackbacks.inc.php
View File

@ -90,7 +90,7 @@ global $serendipity;
</params>
</methodCall>";
echo '<div>&#8226; ' . sprintf(PINGBACK_SENDING, htmlspecialchars($pingback)) . '</div>';
echo '<div>&#8226; ' . sprintf(PINGBACK_SENDING, serendipity_specialchars($pingback)) . '</div>';
flush();
$response = _serendipity_send($pingback, $query, 'text/html');
@ -210,7 +210,7 @@ function serendipity_trackback_autodiscover($res, $loc, $url, $author, $title, $
. '&blog_name=' . rawurlencode($author)
. '&excerpt=' . rawurlencode(strip_tags($text));
printf(TRACKBACK_SENDING, htmlspecialchars($trackURI));
printf(TRACKBACK_SENDING, serendipity_specialchars($trackURI));
flush();
$response = serendipity_trackback_is_success(_serendipity_send($trackURI, $data));
@ -533,7 +533,7 @@ function fetchPingbackData( &$comment) {
// Get a title
if (preg_match('@<head[^>]*>.*?<title[^>]*>(.*?)</title>.*?</head>@is',$fContent,$matches)) {
$comment['title'] = html_entity_decode(strip_tags($matches[1]), ENT_COMPAT, LANG_CHARSET);
$comment['title'] = serendipity_entity_decode(strip_tags($matches[1]), ENT_COMPAT, LANG_CHARSET);
}
// Try to get content from first <p> tag on:
@ -567,7 +567,7 @@ function trackback_body_strip( $body ){
$body = str_replace('&nbsp;', ' ', $body);
// strip html entities and tags.
$body = html_entity_decode(strip_tags($body), ENT_COMPAT, LANG_CHARSET);
$body = serendipity_entity_decode(strip_tags($body), ENT_COMPAT, LANG_CHARSET);
// replace whitespace with single space
$body = preg_replace('@\s+@s', ' ', $body);

4
include/functions_upgrader.inc.php
View File

@ -347,7 +347,7 @@ function serendipity_upgrader_rename_plugins() {
$plugin['name'] = str_replace('serendipity_html_nugget_plugin', 'serendipity_plugin_html_nugget', $plugin['name']);
$pluginparts = explode(':', $plugin['name']);
echo "<!-- " . htmlspecialchars($origname) . " &gt;&gt; " . htmlspecialchars($plugin['name']) . "-->\n";
echo "<!-- " . serendipity_specialchars($origname) . " &gt;&gt; " . serendipity_specialchars($plugin['name']) . "-->\n";
serendipity_db_query("UPDATE {$serendipity['dbPrefix']}plugins SET name = '" . serendipity_db_escape_string($plugin['name']) . "', path = '" . serendipity_db_escape_string($pluginparts[0]) . "' WHERE name = '" . serendipity_db_escape_string($origname) . "'");
}
}
@ -362,7 +362,7 @@ function serendipity_upgrader_rename_plugins() {
$config['name'] = str_replace('serendipity_html_nugget_plugin', 'serendipity_plugin_html_nugget', $config['name']);
$configparts = explode(':', $config['name']);
echo "<!--[C] " . htmlspecialchars($origname) . " &gt;&gt; " . htmlspecialchars($config['name']) . "-->\n";
echo "<!--[C] " . serendipity_specialchars($origname) . " &gt;&gt; " . serendipity_specialchars($config['name']) . "-->\n";
serendipity_db_query("UPDATE {$serendipity['dbPrefix']}config SET name = '" . serendipity_db_escape_string($config['name']) . "' WHERE name = '" . serendipity_db_escape_string($origname) . "'");
}
}

2
include/genpage.inc.php
View File

@ -39,7 +39,7 @@ switch ($serendipity['GET']['action']) {
if (!is_array($entry) || count($entry) < 1 || !is_array($entry[0])) {
unset($serendipity['GET']['id']);
$entry = array(array());
$serendipity['head_title'] = htmlspecialchars($serendipity['blogTitle']);
$serendipity['head_title'] = serendipity_specialchars($serendipity['blogTitle']);
$serendipity['head_subtitle'] = '';
$serendipity['smarty']->assign('head_title', $serendipity['head_title']);
$serendipity['smarty']->assign('head_subtitle', $serendipity['head_subtitle']);

6
include/plugin_api.inc.php
View File

@ -215,7 +215,7 @@ class serendipity_plugin_api
$serendipity['debug']['pluginload'][] = "Installing plugin: " . print_r(func_get_args(), true);
$iq = "INSERT INTO {$serendipity['dbPrefix']}plugins (name, sort_order, placement, authorid, path) values ('" . htmlspecialchars($key) . "', $nextidx, '$default_placement', '$authorid', '" . htmlspecialchars($pluginPath) . "')";
$iq = "INSERT INTO {$serendipity['dbPrefix']}plugins (name, sort_order, placement, authorid, path) values ('" . serendipity_specialchars($key) . "', $nextidx, '$default_placement', '$authorid', '" . serendipity_specialchars($pluginPath) . "')";
$serendipity['debug']['pluginload'][] = $iq;
serendipity_db_query($iq);
serendipity_plugin_api::hook_event('backend_plugins_new_instance', $key, array('default_placement' => $default_placement));
@ -230,7 +230,7 @@ class serendipity_plugin_api
$plugin->install();
} else {
$serendipity['debug']['pluginload'][] = "Loading plugin failed painfully. File not found?";
echo '<span class="msg_error">' . ERROR . ': ' . htmlspecialchars($key) . ' (' . htmlspecialchars($pluginPath) . ')</span>';
echo '<span class="msg_error">' . ERROR . ': ' . serendipity_specialchars($key) . ' (' . serendipity_specialchars($pluginPath) . ')</span>';
}
return $key;
@ -933,7 +933,7 @@ class serendipity_plugin_api
ob_end_clean();
if ($loggedin) {
$content .= '<div class="serendipity_edit_nugget"><a href="' . $serendipity['serendipityHTTPPath'] . 'serendipity_admin.php?serendipity[adminModule]=plugins&amp;serendipity[plugin_to_conf]=' . htmlentities($plugin->instance) . '">' . EDIT . '</a></div>';
$content .= '<div class="serendipity_edit_nugget"><a href="' . $serendipity['serendipityHTTPPath'] . 'serendipity_admin.php?serendipity[adminModule]=plugins&amp;serendipity[plugin_to_conf]=' . serendipity_entities($plugin->instance) . '">' . EDIT . '</a></div>';
}
if ($show_plugin !== false) {

4
include/template_api.inc.php
View File

@ -129,7 +129,7 @@ class serendipity_smarty_emulator {
} elseif (function_exists($funcname)) {
return call_user_func($funcname, $params, $this);
} else {
return "<span class='msg_error'>ERROR: " . htmlspecialchars($funcname) . " NOT FOUND.</span>";
return "<span class='msg_error'>ERROR: " . serendipity_specialchars($funcname) . " NOT FOUND.</span>";
}
}
@ -326,7 +326,7 @@ class serendipity_smarty_emulator_xml extends serendipity_smarty_emulator {
$this->assign($val, null, $level + 1);
echo str_repeat("\t", $level) . "</$closekey>\n";
} else {
echo str_repeat("\t", $level) . "<$openkey>" . htmlspecialchars($val) . "</$closekey>\n";
echo str_repeat("\t", $level) . "<$openkey>" . serendipity_specialchars($val) . "</$closekey>\n";
}
}
}

10
index.php
View File

@ -305,8 +305,8 @@ if (preg_match(PAT_ARCHIVES, $uri, $matches) || isset($serendipity['GET']['range
$title = serendipity_db_query("SELECT title FROM {$serendipity['dbPrefix']}entries WHERE id=$id AND isdraft = 'false' " . (!serendipity_db_bool($serendipity['showFutureEntries']) ? " AND timestamp <= " . serendipity_db_time() : ''), true);
if (is_array($title)) {
$serendipity['head_title'] = htmlspecialchars($title[0]);
$serendipity['head_subtitle'] = htmlspecialchars($serendipity['blogTitle']);
$serendipity['head_title'] = serendipity_specialchars($title[0]);
$serendipity['head_subtitle'] = serendipity_specialchars($serendipity['blogTitle']);
} else {
$serendipity['view'] = '404';
$serendipity['viewtype'] = '404_1';
@ -464,7 +464,7 @@ if (preg_match(PAT_ARCHIVES, $uri, $matches) || isset($serendipity['GET']['range
} else {
$serendipity['head_title'] = $cInfo['category_name'];
if (isset($serendipity['GET']['page'])) {
$serendipity['head_title'] .= " - " . htmlspecialchars($serendipity['GET']['page']);
$serendipity['head_title'] .= " - " . serendipity_specialchars($serendipity['GET']['page']);
}
$serendipity['head_subtitle'] = $serendipity['blogTitle'];
}
@ -545,7 +545,7 @@ if (preg_match(PAT_ARCHIVES, $uri, $matches) || isset($serendipity['GET']['range
}
$serendipity['GET']['action'] = 'search';
$serendipity['GET']['searchTerm'] = urldecode(htmlspecialchars(strip_tags(implode(' ', $search))));
$serendipity['GET']['searchTerm'] = urldecode(serendipity_specialchars(strip_tags(implode(' ', $search))));
include(S9Y_INCLUDE_PATH . 'include/genpage.inc.php');
} elseif (preg_match(PAT_CSS, $uri, $matches)) {
serendipity_smarty_init();
@ -631,7 +631,7 @@ if (preg_match(PAT_ARCHIVES, $uri, $matches) || isset($serendipity['GET']['range
}
}
$serendipity['head_title'] = COMMENTS_FROM . ' ' . htmlspecialchars($serendipity['GET']['viewCommentAuthor']);
$serendipity['head_title'] = COMMENTS_FROM . ' ' . serendipity_specialchars($serendipity['GET']['viewCommentAuthor']);
if (isset($timedesc['start']) && isset($timedesc['end'])) {
$serendipity['head_title'] .= ' (' . $timedesc['start'] . ' - ' . $timedesc['end'] . ')';
} elseif (isset($timedesc['start'])) {

10
rss.php
View File

@ -116,15 +116,15 @@ if (isset($serendipity['serendipityRealname'])) {
if (!empty($serendipity['GET']['category'])) {
$cInfo = serendipity_fetchCategoryInfo((int)$serendipity['GET']['category']);
$title = serendipity_utf8_encode(htmlspecialchars($title . ' - '. $cInfo['category_name']));
$title = serendipity_utf8_encode(serendipity_specialchars($title . ' - '. $cInfo['category_name']));
} elseif (!empty($serendipity['GET']['viewAuthor'])) {
list($aInfo) = serendipity_fetchAuthor((int)$serendipity['GET']['viewAuthor']);
$title = serendipity_utf8_encode(htmlspecialchars($aInfo['realname'] . ' - '. $title ));
$title = serendipity_utf8_encode(serendipity_specialchars($aInfo['realname'] . ' - '. $title ));
} else {
$title = serendipity_utf8_encode(htmlspecialchars($title));
$title = serendipity_utf8_encode(serendipity_specialchars($title));
}
$description = serendipity_utf8_encode(htmlspecialchars($description));
$description = serendipity_utf8_encode(serendipity_specialchars($description));
$metadata = array(
'title' => $title,
@ -244,7 +244,7 @@ if (!$metadata['template_file'] || $metadata['template_file'] == 'feed_' . $file
die("Invalid RSS version specified or RSS-template file not found\n");
}
$self_url = 'http://' . $_SERVER['HTTP_HOST'] . htmlspecialchars($_SERVER['REQUEST_URI']);
$self_url = 'http://' . $_SERVER['HTTP_HOST'] . serendipity_specialchars($_SERVER['REQUEST_URI']);
if (!is_array($entries)) {
$entries = array();
}