diff --git a/comment.php b/comment.php index eb92e948..fd4e96f7 100644 --- a/comment.php +++ b/comment.php @@ -159,7 +159,7 @@ if ($type == 'trackback') { $serendipity['smarty']->assign( array( 'is_comment_added' => true, - 'comment_url' => htmlspecialchars($_GET['url']) . '&serendipity[entry_id]=' . $id, + 'comment_url' => serendipity_specialchars($_GET['url']) . '&serendipity[entry_id]=' . $id, 'comment_string' => explode('%s', COMMENT_ADDED_CLICK) ) ); @@ -210,7 +210,7 @@ if ($type == 'trackback') { $serendipity['smarty']->assign( array( 'is_comment_notadded' => true, - 'comment_url' => htmlspecialchars($_SERVER['HTTP_REFERER']), + 'comment_url' => serendipity_specialchars($_SERVER['HTTP_REFERER']), 'comment_string' => explode('%s', COMMENT_NOT_ADDED_CLICK) ) ); @@ -219,7 +219,7 @@ if ($type == 'trackback') { $serendipity['smarty']->assign( array( 'is_comment_empty' => true, - 'comment_url' => htmlspecialchars($_SERVER['HTTP_REFERER']), + 'comment_url' => serendipity_specialchars($_SERVER['HTTP_REFERER']), 'comment_string' => explode('%s', EMPTY_COMMENT) ) ); diff --git a/include/admin/category.inc.php b/include/admin/category.inc.php index ce17eca0..116be101 100644 --- a/include/admin/category.inc.php +++ b/include/admin/category.inc.php @@ -51,7 +51,7 @@ if (isset($_POST['SAVE']) && serendipity_checkFormToken()) { if (is_array($r)) { $r = serendipity_db_query("SELECT category_name FROM {$serendipity['dbPrefix']}category WHERE categoryid = ". (int)$parentid); - $data['subcat'] = sprintf(ALREADY_SUBCATEGORY, htmlspecialchars($r[0]['category_name']), htmlspecialchars($name)); + $data['subcat'] = sprintf(ALREADY_SUBCATEGORY, serendipity_specialchars($r[0]['category_name']), serendipity_specialchars($name)); } else { serendipity_updateCategory($serendipity['GET']['cid'], $name, $desc, $authorid, $icon, $parentid, $serendipity['POST']['cat']['sort_order'], $serendipity['POST']['cat']['hide_sub'], $admin_category); serendipity_ACLGrant($serendipity['GET']['cid'], 'category', 'read', $serendipity['POST']['cat']['read_authors']); diff --git a/include/admin/comments.inc.php b/include/admin/comments.inc.php index fd6c78ad..d4e49178 100644 --- a/include/admin/comments.inc.php +++ b/include/admin/comments.inc.php @@ -206,7 +206,7 @@ $filters = array('author', 'email', 'ip', 'url', 'body', 'referer'); /* Compress the filters into an "AND" SQL query, and a querystring */ foreach ($filters as $filter) { $and .= (!empty($serendipity['GET']['filter'][$filter]) ? "AND c.". $filter ." LIKE '%". serendipity_db_escape_string($serendipity['GET']['filter'][$filter]) ."%'" : ""); - $searchString .= (!empty($serendipity['GET']['filter'][$filter]) ? "&serendipity[filter][". $filter ."]=". htmlspecialchars($serendipity['GET']['filter'][$filter]) : ""); + $searchString .= (!empty($serendipity['GET']['filter'][$filter]) ? "&serendipity[filter][". $filter ."]=". serendipity_specialchars($serendipity['GET']['filter'][$filter]) : ""); } if ($serendipity['GET']['filter']['show'] == 'approved') { @@ -330,11 +330,11 @@ if(is_array($sql)) { $comment['excerpt'] = true; // When summary is not the full body, strip HTML tags from summary, as it might break and leave unclosed HTML. - $comment['fullBody'] = nl2br(htmlspecialchars($comment['fullBody'])); + $comment['fullBody'] = nl2br(serendipity_specialchars($comment['fullBody'])); $comment['summary'] = nl2br(strip_tags($comment['summary'])); } else { $comment['excerpt'] = false; - $comment['fullBody'] = $comment['summary'] = nl2br(htmlspecialchars($comment['fullBody'])); + $comment['fullBody'] = $comment['summary'] = nl2br(serendipity_specialchars($comment['fullBody'])); } serendipity_plugin_api::hook_event('backend_view_comment', $comment, '&serendipity[page]='. $page . $searchString); diff --git a/include/admin/entries.inc.php b/include/admin/entries.inc.php index f4756079..4ed849bc 100644 --- a/include/admin/entries.inc.php +++ b/include/admin/entries.inc.php @@ -173,7 +173,7 @@ switch($serendipity['GET']['adminAction']) { 'serendipity[action]' => 'admin', 'serendipity[adminModule]' => 'entries', 'serendipity[adminAction]' => 'save', - 'serendipity[timestamp]' => htmlspecialchars($entry['timestamp']) + 'serendipity[timestamp]' => serendipity_specialchars($entry['timestamp']) ), $entry, $errors @@ -191,7 +191,7 @@ switch($serendipity['GET']['adminAction']) { serendipity_deleteEntry((int)$serendipity['GET']['id']); $data['switched_output'] = true; $data['is_doDelete'] = true; - $data['del_entry'] = sprintf(RIP_ENTRY, $entry['id'] . ' - ' . htmlspecialchars($entry['title'])); + $data['del_entry'] = sprintf(RIP_ENTRY, $entry['id'] . ' - ' . serendipity_specialchars($entry['title'])); case 'doMultiDelete': if ($serendipity['GET']['adminAction'] != 'doDelete') { @@ -208,7 +208,7 @@ switch($serendipity['GET']['adminAction']) { $entry = serendipity_fetchEntry('id', $id, 1, 1); serendipity_deleteEntry((int)$id); $data['is_doMultiDelete'] = true; - $data['del_entry'][] = sprintf(RIP_ENTRY, $entry['id'] . ' - ' . htmlspecialchars($entry['title'])); + $data['del_entry'][] = sprintf(RIP_ENTRY, $entry['id'] . ' - ' . serendipity_specialchars($entry['title'])); } } } @@ -327,13 +327,13 @@ switch($serendipity['GET']['adminAction']) { $smartentries[] = array( 'id' => $ey['id'], - 'title' => htmlspecialchars($ey['title']), + 'title' => serendipity_specialchars($ey['title']), 'timestamp' => (int)$ey['timestamp'], 'last_modified' => (int)$ey['last_modified'], 'isdraft' => serendipity_db_bool($ey['isdraft']), 'ep_is_sticky' => (serendipity_db_bool($ey['properties']['ep_is_sticky']) ? true : false), 'pubdate' => date("c", (int)$ey['timestamp']), - 'author' => htmlspecialchars($ey['author']), + 'author' => serendipity_specialchars($ey['author']), 'cats' => $entry_cats, 'preview' => ((serendipity_db_bool($ey['isdraft']) || (!$serendipity['showFutureEntries'] && $ey['timestamp'] >= serendipity_serverOffsetHour())) ? true : false), 'archive_link' => serendipity_archiveURL($ey['id'], $ey['title'], 'serendipityHTTPPath', true, array('timestamp' => $ey['timestamp'])), @@ -365,7 +365,7 @@ switch($serendipity['GET']['adminAction']) { $data['is_delete'] = true; $data['newLoc'] = $newLoc; // for smartification printf had to turn into sprintf!! - $data['rip_entry'] = sprintf(DELETE_SURE, $entry['id'] . ' - ' . htmlspecialchars($entry['title'])); + $data['rip_entry'] = sprintf(DELETE_SURE, $entry['id'] . ' - ' . serendipity_specialchars($entry['title'])); break; case 'multidelete': @@ -379,7 +379,7 @@ switch($serendipity['GET']['adminAction']) { $ids .= (int)$id . ','; $entry = serendipity_fetchEntry('id', $id, 1, 1); $data['is_multidelete'] = true; - $data['rip_entry'][] = sprintf(DELETE_SURE, $entry['id'] . ' - ' . htmlspecialchars($entry['title'])); + $data['rip_entry'][] = sprintf(DELETE_SURE, $entry['id'] . ' - ' . serendipity_specialchars($entry['title'])); } $newLoc = '?' . serendipity_setFormToken('url') . '&serendipity[action]=admin&serendipity[adminModule]=entries&serendipity[adminAction]=doMultiDelete&serendipity[id]=' . $ids; $data['switched_output'] = true; diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php index c8b23fe5..247f547a 100644 --- a/include/admin/images.inc.php +++ b/include/admin/images.inc.php @@ -81,7 +81,7 @@ switch ($serendipity['GET']['adminAction']) { if ($id > 0) { $image = serendipity_fetchImageFromDatabase($id); $messages[] = serendipity_deleteImage((int)$id); - $messages[] = sprintf(RIP_ENTRY, $image['id'] . ' - ' . htmlspecialchars($image['realname'])); + $messages[] = sprintf(RIP_ENTRY, $image['id'] . ' - ' . serendipity_specialchars($image['realname'])); } } $data['showML'] = showMediaLibrary(); @@ -118,7 +118,7 @@ switch ($serendipity['GET']['adminAction']) { foreach($serendipity['POST']['multiDelete'] AS $idx => $id) { $ids .= (int)$id . ','; $image = serendipity_fetchImageFromDatabase($id); - $data['rip_image'][] = sprintf(DELETE_SURE, $image['id'] . ' - ' . htmlspecialchars($image['realname'])); + $data['rip_image'][] = sprintf(DELETE_SURE, $image['id'] . ' - ' . serendipity_specialchars($image['realname'])); } if (!isset($serendipity['adminFile'])) { $serendipity['adminFile'] = 'serendipity_admin.php'; @@ -172,7 +172,7 @@ switch ($serendipity['GET']['adminAction']) { $new_media = array(); - $serendipity['POST']['imageurl'] = htmlspecialchars($serendipity['POST']['imageurl']); + $serendipity['POST']['imageurl'] = serendipity_specialchars($serendipity['POST']['imageurl']); // First find out whether to fetch a file or accept an upload if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') { @@ -439,7 +439,7 @@ switch ($serendipity['GET']['adminAction']) { $data['groups'] = $groups; $data['use_dir'] = $use_dir; $data['formtoken'] = serendipity_setFormToken(); - $data['dir'] = htmlspecialchars($serendipity['GET']['dir']); + $data['dir'] = serendipity_specialchars($serendipity['GET']['dir']); $data['rgroups'] = (isset($read_groups[0]) ? true : false); $data['wgroups'] = (isset($write_groups[0]) ? true : false); $data['read_groups'] = $read_groups; @@ -451,9 +451,9 @@ switch ($serendipity['GET']['adminAction']) { return; } $data['case_directoryDelete'] = true; - $data['dir'] = htmlspecialchars($serendipity['GET']['dir']); + $data['dir'] = serendipity_specialchars($serendipity['GET']['dir']); $data['formtoken'] = serendipity_setFormToken(); - $data['basename_dir'] = basename(htmlspecialchars($serendipity['GET']['dir'])); + $data['basename_dir'] = basename(serendipity_specialchars($serendipity['GET']['dir'])); break; case 'directoryDoCreate': @@ -557,7 +557,7 @@ switch ($serendipity['GET']['adminAction']) { if (isset($image_selector_addvars) && is_array($image_selector_addvars)) { // These variables may come from serendipity_admin_image_selector.php to show embedded upload form foreach($image_selector_addvars AS $imgsel_key => $imgsel_val) { - $form_hidden .= ' ' . "\n"; + $form_hidden .= ' ' . "\n"; } } @@ -584,7 +584,7 @@ switch ($serendipity['GET']['adminAction']) { } if (empty($serendipity['adminFile_redirect'])) { - $serendipity['adminFile_redirect'] = htmlspecialchars($_SERVER['HTTP_REFERER']); + $serendipity['adminFile_redirect'] = serendipity_specialchars($_SERVER['HTTP_REFERER']); } $data['case_rotateCW'] = true; @@ -601,7 +601,7 @@ switch ($serendipity['GET']['adminAction']) { } if (empty($serendipity['adminFile_redirect'])) { - $serendipity['adminFile_redirect'] = htmlspecialchars($_SERVER['HTTP_REFERER']); + $serendipity['adminFile_redirect'] = serendipity_specialchars($_SERVER['HTTP_REFERER']); } $data['case_rotateCCW'] = true; @@ -641,7 +641,7 @@ switch ($serendipity['GET']['adminAction']) { $data['img_width'] = $s[0]; $data['img_height'] = $s[1]; - $data['print_RESIZE_BLAHBLAH'] = sprintf(RESIZE_BLAHBLAH, htmlspecialchars($serendipity['GET']['fname'])); + $data['print_RESIZE_BLAHBLAH'] = sprintf(RESIZE_BLAHBLAH, serendipity_specialchars($serendipity['GET']['fname'])); $data['print_ORIGINAL_SIZE'] = sprintf(ORIGINAL_SIZE, $s[0],$s[1]); $data['formtoken'] = serendipity_setFormToken(); $data['file'] = $serendipity['uploadHTTPPath'] . $file['path'] . $file['name'] .($file['extension'] ? '.'. $file['extension'] : ""); @@ -661,7 +661,7 @@ switch ($serendipity['GET']['adminAction']) { serendipity_plugin_api::hook_event('media_getproperties_cached', $media['file']['props']['base_metadata'], $media['file']['realfile']); if ($file['is_image']) { - $file['finishJSFunction'] = $file['origfinishJSFunction'] = 'serendipity.serendipity_imageSelector_done(\'' . htmlspecialchars($serendipity['GET']['textarea']) . '\')'; + $file['finishJSFunction'] = $file['origfinishJSFunction'] = 'serendipity.serendipity_imageSelector_done(\'' . serendipity_specialchars($serendipity['GET']['textarea']) . '\')'; if (!empty($serendipity['GET']['filename_only']) && $serendipity['GET']['filename_only'] !== 'true') { $file['fast_select'] = true; diff --git a/include/admin/importers/b2evolution.inc.php b/include/admin/importers/b2evolution.inc.php index 29fd7509..7194d01c 100644 --- a/include/admin/importers/b2evolution.inc.php +++ b/include/admin/importers/b2evolution.inc.php @@ -81,7 +81,7 @@ class Serendipity_Import_b2evolution extends Serendipity_Import { $b2db = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$b2db) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'])) { diff --git a/include/admin/importers/bblog.inc.php b/include/admin/importers/bblog.inc.php index 173562cc..d6acb45d 100644 --- a/include/admin/importers/bblog.inc.php +++ b/include/admin/importers/bblog.inc.php @@ -83,7 +83,7 @@ class Serendipity_Import_bblog extends Serendipity_Import { $bblogdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$bblogdb) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'])) { diff --git a/include/admin/importers/bmachine.inc.php b/include/admin/importers/bmachine.inc.php index cbf07248..9e15c6ef 100644 --- a/include/admin/importers/bmachine.inc.php +++ b/include/admin/importers/bmachine.inc.php @@ -81,7 +81,7 @@ class Serendipity_Import_bmachine extends Serendipity_Import { $txpdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$txpdb) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'])) { diff --git a/include/admin/importers/geeklog.inc.php b/include/admin/importers/geeklog.inc.php index bf441e1b..250c92f1 100644 --- a/include/admin/importers/geeklog.inc.php +++ b/include/admin/importers/geeklog.inc.php @@ -87,7 +87,7 @@ class Serendipity_Import_geeklog extends Serendipity_Import { $gdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$gdb) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'])) { diff --git a/include/admin/importers/generic.inc.php b/include/admin/importers/generic.inc.php index 688cb3fc..3cbfc329 100644 --- a/include/admin/importers/generic.inc.php +++ b/include/admin/importers/generic.inc.php @@ -146,7 +146,7 @@ class Serendipity_Import_Generic extends Serendipity_Import { if (PEAR::isError($res) || $req->getResponseCode() != '200') { serendipity_request_end(); - echo '' . IMPORT_FAILED . ': ' . htmlspecialchars($this->data['url']) . ''; + echo '' . IMPORT_FAILED . ': ' . serendipity_specialchars($this->data['url']) . ''; return false; } @@ -198,7 +198,7 @@ class Serendipity_Import_Generic extends Serendipity_Import { 'category_left' => 0, 'category_right' => 0); echo ''; - printf(CREATE_CATEGORY, htmlspecialchars($cat_name)); + printf(CREATE_CATEGORY, serendipity_specialchars($cat_name)); echo ""; if ($dry_run) { $s9y_cat[$cat_name] = time(); @@ -256,7 +256,7 @@ class Serendipity_Import_Generic extends Serendipity_Import { $s9y_users[$wp_user]['authorid'] = serendipity_addAuthor($wp_user, md5(time()), $wp_user, '', USERLEVEL_EDITOR); } echo ''; - printf(CREATE_AUTHOR, htmlspecialchars($wp_user)); + printf(CREATE_AUTHOR, serendipity_specialchars($wp_user)); echo ""; } @@ -312,7 +312,7 @@ class Serendipity_Import_Generic extends Serendipity_Import { $s9y_cid[$c_id] = $cid; } - echo "Entry '" . htmlspecialchars($entry['title']) . "' ($c_i comments) imported."; + echo "Entry '" . serendipity_specialchars($entry['title']) . "' ($c_i comments) imported."; } return true; } diff --git a/include/admin/importers/lifetype.inc.php b/include/admin/importers/lifetype.inc.php index 311d68b2..706e683d 100644 --- a/include/admin/importers/lifetype.inc.php +++ b/include/admin/importers/lifetype.inc.php @@ -81,7 +81,7 @@ class Serendipity_Import_lifetype extends Serendipity_Import { $ltdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$ltdb) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'])) { diff --git a/include/admin/importers/livejournal.inc.php b/include/admin/importers/livejournal.inc.php index d34957cd..044ab551 100644 --- a/include/admin/importers/livejournal.inc.php +++ b/include/admin/importers/livejournal.inc.php @@ -201,7 +201,7 @@ class Serendipity_Import_LiveJournalXML extends Serendipity_Import { global $serendipity; if (!file_exists($this->data['url'])) { - printf(FILE_NOT_FOUND, htmlspecialchars($this->data['url'])); + printf(FILE_NOT_FOUND, serendipity_specialchars($this->data['url'])); return false; } @@ -252,7 +252,7 @@ class Serendipity_Import_LiveJournalXML extends Serendipity_Import { } } $id = serendipity_updertEntry($new_entry); - echo 'Inserted entry #' . $id . ', "' . htmlspecialchars($new_entry['title']) . '"'; + echo 'Inserted entry #' . $id . ', "' . serendipity_specialchars($new_entry['title']) . '"'; if (is_array($new_entry['comments'])) { $cid_map = array(); $jids = array(); diff --git a/include/admin/importers/movabletype.inc.php b/include/admin/importers/movabletype.inc.php index 18aa2fe4..cc402bd2 100644 --- a/include/admin/importers/movabletype.inc.php +++ b/include/admin/importers/movabletype.inc.php @@ -138,7 +138,7 @@ class Serendipity_Import_MovableType extends Serendipity_Import { if ( !isset($authors[$data]) ) { $au_inf = serendipity_fetchAuthor($data); if ( !is_array($au_inf) ) { - $tasks[] = sprintf(CREATE_AUTHOR, htmlspecialchars($data)); + $tasks[] = sprintf(CREATE_AUTHOR, serendipity_specialchars($data)); $tasks[] = ''; $au_inf = serendipity_fetchAuthor($serendipity['authorid']); } @@ -197,7 +197,7 @@ class Serendipity_Import_MovableType extends Serendipity_Import { $entry['categories'][] = $this->categories[$y]['categoryid']; } } else { - $tasks[] = sprintf(CREATE_CATEGORY, htmlspecialchars($data)); + $tasks[] = sprintf(CREATE_CATEGORY, serendipity_specialchars($data)); } } } diff --git a/include/admin/importers/nucleus.inc.php b/include/admin/importers/nucleus.inc.php index 7b7cf850..8e478c50 100644 --- a/include/admin/importers/nucleus.inc.php +++ b/include/admin/importers/nucleus.inc.php @@ -84,7 +84,7 @@ class Serendipity_Import_Nucleus extends Serendipity_Import { $nucdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$nucdb) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'])) { diff --git a/include/admin/importers/nuke.inc.php b/include/admin/importers/nuke.inc.php index 285a0c8a..fe31ec23 100644 --- a/include/admin/importers/nuke.inc.php +++ b/include/admin/importers/nuke.inc.php @@ -81,7 +81,7 @@ class Serendipity_Import_nuke extends Serendipity_Import { $nukedb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$nukedb) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'])) { diff --git a/include/admin/importers/old_blogger.inc.php b/include/admin/importers/old_blogger.inc.php index bcd7ce99..d02eda6d 100644 --- a/include/admin/importers/old_blogger.inc.php +++ b/include/admin/importers/old_blogger.inc.php @@ -125,7 +125,7 @@ ENDPOST # locate the post title if (preg_match("/TITLE:(.*)/", $post, $title)) { $title = trim($title[1]); - echo "" . htmlspecialchars($title) . ""; + echo "" . serendipity_specialchars($title) . ""; } else { $title = ""; echo "Empty title"; @@ -134,7 +134,7 @@ ENDPOST # locate the post author if (preg_match("/AUTHOR:(.*)/", $post, $author)) { $author = trim($author[1]); - echo "" . htmlspecialchars($author[1]) . ""; + echo "" . serendipity_specialchars($author[1]) . ""; } else { $author = ""; echo "Unknown author"; @@ -143,7 +143,7 @@ ENDPOST # locate the post date if (preg_match("/DATE:(.*)/", $post, $date)) { $date = strtotime(trim($date[1])); - echo "Posted on " . htmlspecialchars($date[1]) . "."; + echo "Posted on " . serendipity_specialchars($date[1]) . "."; } else { $date = time(); echo "Unknown posting time."; diff --git a/include/admin/importers/phpbb.inc.php b/include/admin/importers/phpbb.inc.php index ff071e0b..831d9873 100644 --- a/include/admin/importers/phpbb.inc.php +++ b/include/admin/importers/phpbb.inc.php @@ -83,7 +83,7 @@ class Serendipity_Import_phpbb extends Serendipity_Import { $gdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$gdb) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'])) { diff --git a/include/admin/importers/pivot.inc.php b/include/admin/importers/pivot.inc.php index 23b0e878..2aa1f619 100644 --- a/include/admin/importers/pivot.inc.php +++ b/include/admin/importers/pivot.inc.php @@ -69,7 +69,7 @@ class Serendipity_Import_Pivot extends Serendipity_Import { if (!is_dir($this->data['pivot_path']) || !is_readable($this->data['pivot_path'])) { $check_dir = $serendipity['serendipityPath'] . $this->data['pivot_path']; if (!is_dir($check_dir) || !is_readable($check_dir)) { - return sprintf(ERROR_NO_DIRECTORY, htmlspecialchars($this->data['pivot_path'])); + return sprintf(ERROR_NO_DIRECTORY, serendipity_specialchars($this->data['pivot_path'])); } $this->data['pivot_path'] = $check_dir; } @@ -95,10 +95,10 @@ class Serendipity_Import_Pivot extends Serendipity_Import { } if ($found) { - echo '
  • Pivot Category "' . htmlspecialchars($pivot_category) . '" mapped to Serendipity ID ' . $found . '
    • '; + echo '
  • Pivot Category "' . serendipity_specialchars($pivot_category) . '" mapped to Serendipity ID ' . $found . '
    • '; $pivot_to_s9y['categories'][$pivot_category] = $found; } else { - echo '
  • Created Pivot Category "' . htmlspecialchars($pivot_category) . '".
    • '; + echo '
  • Created Pivot Category "' . serendipity_specialchars($pivot_category) . '".
    • '; $cat = array('category_name' => $pivot_category, 'category_description' => '', 'parentid' => 0, @@ -191,7 +191,7 @@ class Serendipity_Import_Pivot extends Serendipity_Import { } echo ''; } else { - return sprintf(ERROR_NO_DIRECTORY, htmlspecialchars($this->data['pivot_path'])); + return sprintf(ERROR_NO_DIRECTORY, serendipity_specialchars($this->data['pivot_path'])); } return true; diff --git a/include/admin/importers/pmachine.inc.php b/include/admin/importers/pmachine.inc.php index 37de0bf6..dbf4b954 100644 --- a/include/admin/importers/pmachine.inc.php +++ b/include/admin/importers/pmachine.inc.php @@ -84,7 +84,7 @@ class Serendipity_Import_pMachine extends Serendipity_Import { $pmdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$pmdb) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'])) { diff --git a/include/admin/importers/serendipity.inc.php b/include/admin/importers/serendipity.inc.php index aaa01bd0..6cdf7831 100644 --- a/include/admin/importers/serendipity.inc.php +++ b/include/admin/importers/serendipity.inc.php @@ -448,7 +448,7 @@ class Serendipity_Import_Serendipity extends Serendipity_Import { $s9ydb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$s9ydb) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'], $s9ydb)) { diff --git a/include/admin/importers/smf.inc.php b/include/admin/importers/smf.inc.php index e92c577f..3923a553 100644 --- a/include/admin/importers/smf.inc.php +++ b/include/admin/importers/smf.inc.php @@ -87,7 +87,7 @@ class Serendipity_Import_smf extends Serendipity_Import { $gdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$gdb) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'])) { @@ -296,7 +296,7 @@ class Serendipity_Import_smf extends Serendipity_Import { break; } } - $a['post_text'] = html_entity_decode($a['post_text']); + $a['post_text'] = serendipity_entity_decode($a['post_text']); $comment = array('entry_id ' => $entries[$x]['entryid'], 'parent_id' => 0, diff --git a/include/admin/importers/sunlog.inc.php b/include/admin/importers/sunlog.inc.php index 1b5a4585..c9b5e30b 100644 --- a/include/admin/importers/sunlog.inc.php +++ b/include/admin/importers/sunlog.inc.php @@ -88,7 +88,7 @@ class Serendipity_Import_sunlog extends Serendipity_Import { $sunlogdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$sunlogdb) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'])) { diff --git a/include/admin/importers/textpattern.inc.php b/include/admin/importers/textpattern.inc.php index 68808751..a265f077 100644 --- a/include/admin/importers/textpattern.inc.php +++ b/include/admin/importers/textpattern.inc.php @@ -87,7 +87,7 @@ class Serendipity_Import_textpattern extends Serendipity_Import { $txpdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$txpdb) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'])) { diff --git a/include/admin/importers/voodoopad.inc.php b/include/admin/importers/voodoopad.inc.php index 941761b7..9cf25d13 100755 --- a/include/admin/importers/voodoopad.inc.php +++ b/include/admin/importers/voodoopad.inc.php @@ -96,11 +96,11 @@ class Serendipity_Import_VoodooPad extends Serendipity_Import { // Feed the contents of the file into the parser if (!file_exists($file)) { - die(sprintf(DOCUMENT_NOT_FOUND, htmlspecialchars($file))); + die(sprintf(DOCUMENT_NOT_FOUND, serendipity_specialchars($file))); } if(!($handle = fopen($file, "r"))) { - die(sprintf(SKIPPING_FILE_UNREADABLE, htmlspecialchars($file))); + die(sprintf(SKIPPING_FILE_UNREADABLE, serendipity_specialchars($file))); } while($contents = fread($handle, 4096)) { diff --git a/include/admin/importers/wordpress-pg.inc.php b/include/admin/importers/wordpress-pg.inc.php index 5963dc1c..b73efe4b 100644 --- a/include/admin/importers/wordpress-pg.inc.php +++ b/include/admin/importers/wordpress-pg.inc.php @@ -87,7 +87,7 @@ class Serendipity_Import_WordPress_PG extends Serendipity_Import { $wpdb = pg_connect("$this->data['host'], $this->data['port'], $this->data['user'], $this->data['pass'], $this->data['name']"); if ( !$wpdb ) { - return sprintf(PGSQL_COULDNT_CONNECT, htmlspecialchars($this->data['pass'])); + return sprintf(PGSQL_COULDNT_CONNECT, serendipity_specialchars($this->data['pass'])); } /* Users */ diff --git a/include/admin/importers/wordpress.inc.php b/include/admin/importers/wordpress.inc.php index c6ff3bee..d35b424d 100644 --- a/include/admin/importers/wordpress.inc.php +++ b/include/admin/importers/wordpress.inc.php @@ -94,7 +94,7 @@ class Serendipity_Import_WordPress extends Serendipity_Import { $wpdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']); if (!$wpdb) { - return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host'])); + return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host'])); } if (!@mysql_select_db($this->data['name'], $wpdb)) { diff --git a/include/admin/overview.inc.php b/include/admin/overview.inc.php index 95fce620..fab7d848 100644 --- a/include/admin/overview.inc.php +++ b/include/admin/overview.inc.php @@ -13,7 +13,7 @@ switch($serendipity['POST']['adminAction']) { break; } $success = serendipity_updertEntry(array( - 'id' => htmlspecialchars($serendipity['POST']['id']), + 'id' => serendipity_specialchars($serendipity['POST']['id']), 'timestamp' => time(), 'isdraft' => 0 )); @@ -65,7 +65,7 @@ if (count($comments) > 1) { $comment['excerpt'] = true; // When summary is not the full body, strip HTML tags from summary, as it might break and leave unclosed HTML. - $comment['fullBody'] = nl2br(htmlspecialchars($comment['fullBody'])); + $comment['fullBody'] = nl2br(serendipity_specialchars($comment['fullBody'])); $comment['summary'] = nl2br(strip_tags($comment['summary'])); } } diff --git a/include/admin/plugins.inc.php b/include/admin/plugins.inc.php index 706dc0b4..c7647133 100644 --- a/include/admin/plugins.inc.php +++ b/include/admin/plugins.inc.php @@ -77,9 +77,9 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) { $plugin->performConfig($bag); } - $name = htmlspecialchars($bag->get('name')); - $desc = htmlspecialchars($bag->get('description')); - $license = htmlspecialchars($bag->get('license')); + $name = serendipity_specialchars($bag->get('name')); + $desc = serendipity_specialchars($bag->get('description')); + $license = serendipity_specialchars($bag->get('license')); $documentation = $bag->get('website'); @@ -372,11 +372,11 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) { /* Load the new plugin */ $plugin = &serendipity_plugin_api::load_plugin($inst); if (!is_object($plugin)) { - echo "DEBUG: Plugin " . htmlspecialchars($inst) . " not an object: " . htmlspecialchars(print_r($plugin, true)) - . ".
    Input: " . htmlspecialchars(print_r($serendipity['GET'], true)) . ".

    \n\nThis error + echo "DEBUG: Plugin " . serendipity_specialchars($inst) . " not an object: " . serendipity_specialchars(print_r($plugin, true)) + . ".
    Input: " . serendipity_specialchars(print_r($serendipity['GET'], true)) . ".

    \n\nThis error can happen if a plugin was not properly downloaded (check your plugins directory if the requested plugin was downloaded) or the inclusion of a file failed (permissions?)
    \n"; - echo "Backtrace:
    \n" . nl2br(htmlspecialchars(implode("\n", $serendipity['debug']['pluginload']))) . "
    "; + echo "Backtrace:
    \n" . nl2br(serendipity_specialchars(implode("\n", $serendipity['debug']['pluginload']))) . "
    "; } $bag = new serendipity_property_bag; $plugin->introspect($bag); diff --git a/include/admin/templates.inc.php b/include/admin/templates.inc.php index 35ed10b7..c595905b 100644 --- a/include/admin/templates.inc.php +++ b/include/admin/templates.inc.php @@ -65,17 +65,17 @@ if ($serendipity['GET']['adminAction'] == 'editConfiguration') { if ($serendipity['GET']['adminAction'] == 'install' || $serendipity['GET']['adminAction'] == 'install-frontend' || $serendipity['GET']['adminAction'] == 'install-backend') { serendipity_plugin_api::hook_event('backend_templates_fetchtemplate', $serendipity); - $themeInfo = serendipity_fetchTemplateInfo(htmlspecialchars($serendipity['GET']['theme'])); + $themeInfo = serendipity_fetchTemplateInfo(serendipity_specialchars($serendipity['GET']['theme'])); // A separate hook is used post installation, for plugins to possibly perform some actions serendipity_plugin_api::hook_event('backend_templates_install', $serendipity['GET']['theme'], $themeInfo); if ($serendipity['GET']['adminAction'] == 'install' || $serendipity['GET']['adminAction'] == 'install-frontend') { - serendipity_set_config_var('template', htmlspecialchars($serendipity['GET']['theme'])); + serendipity_set_config_var('template', serendipity_specialchars($serendipity['GET']['theme'])); } if ($serendipity['GET']['adminAction'] == 'install-backend' && $themeInfo['custom_admin_interface'] == YES) { - serendipity_set_config_var('template_backend', htmlspecialchars($serendipity['GET']['theme'])); + serendipity_set_config_var('template_backend', serendipity_specialchars($serendipity['GET']['theme'])); } else { // template_engine was set by default to default, which screws up the fallback chain (to the default-template first) // The "Engine" now only applies to FRONTEND themes. Backend themes will always fall back to our default backend theme only, to ensure proper backend operation. @@ -87,7 +87,7 @@ if ($serendipity['GET']['adminAction'] == 'install' || $serendipity['GET']['admi serendipity_set_config_var('last_template_change', time()); $data["adminAction"] = "install"; - $data["install_template"] = htmlspecialchars($serendipity['GET']['theme']); + $data["install_template"] = serendipity_specialchars($serendipity['GET']['theme']); } if ( @file_exists($serendipity['serendipityPath'] . $serendipity['templatePath'] . $serendipity['template'] .'/layout.php') ) { diff --git a/include/compat.inc.php b/include/compat.inc.php index 0240f213..7f9aabeb 100644 --- a/include/compat.inc.php +++ b/include/compat.inc.php @@ -408,4 +408,37 @@ if (function_exists('date_default_timezone_get')) { @date_default_timezone_set(@date_default_timezone_get()); } +/** + * In PHP 5.4, the default encoding of htmlspecialchar changed to UTF-8 and it will emit empty strings when given + * native encoded strings containing umlauts. This wrapper should to be used in the core until PHP 5.6 fixes the bug. + */ +function serendipity_specialchars($string, $flags = null, $encoding = LANG_CHARSET, $double_encode = true) { + if ($flags == null) { + $flags = ENT_COMPAT | ENT_HTML401 | ENT_SUBSTITUTE; + } + return htmlspecialchars($string, $flags, $encoding, $double_encode); +} + +/** + * see serendipity_specialchars + */ +function serendipity_entities($string, $flags = null, $encoding = LANG_CHARSET, $double_encode = true) { + if ($flags == null) { + $flags = ENT_COMPAT | ENT_HTML401 | ENT_SUBSTITUTE; + } + return htmlentities($string, $flags, $encoding, $double_encode); +} + +/** + * serendipity_specialchars + */ +function serendipity_entity_decode($string, $flags = null, $encoding = LANG_CHARSET, $double_encode = true) { + if ($flags == null) { + # NOTE: ENT_SUBSTITUTE does not exist for this function, and the documentation does not specify that it will + # ever echo empty strings on charset errors + $flags = ENT_COMPAT | ENT_HTML401; + } + return html_entity_decode($string, $flags, $encoding, $double_encode); +} + /* vim: set sts=4 ts=4 expandtab : */ diff --git a/include/db/mysql.inc.php b/include/db/mysql.inc.php index f4c404cf..b3c1ed6c 100644 --- a/include/db/mysql.inc.php +++ b/include/db/mysql.inc.php @@ -96,13 +96,13 @@ function &serendipity_db_query($sql, $single = false, $result_type = "both", $re } if (!$expectError && mysql_error($serendipity['dbConn']) != '') { - $msg = '
    ' . htmlspecialchars($sql) . '
    / ' . htmlspecialchars(mysql_error($serendipity['dbConn'])); + $msg = '
    ' . serendipity_specialchars($sql) . '
    / ' . serendipity_specialchars(mysql_error($serendipity['dbConn'])); return $msg; } if (!$c) { if (!$expectError && !$serendipity['production']) { - print '
    ' . htmlspecialchars($sql) . '
    / ' . htmlspecialchars(mysql_error($serendipity['dbConn'])); + print '
    ' . serendipity_specialchars($sql) . '
    / ' . serendipity_specialchars(mysql_error($serendipity['dbConn'])); if (function_exists('debug_backtrace') && $reportErr == true) { highlight_string(var_export(debug_backtrace(), 1)); } @@ -340,7 +340,7 @@ function serendipity_db_probe($hash, &$errs) { if (!($c = @mysql_connect($hash['dbHost'], $hash['dbUser'], $hash['dbPass']))) { $errs[] = 'Could not connect to database; check your settings.'; - $errs[] = 'The mySQL error was: ' . htmlspecialchars(mysql_error()); + $errs[] = 'The mySQL error was: ' . serendipity_specialchars(mysql_error()); return false; } @@ -348,7 +348,7 @@ function serendipity_db_probe($hash, &$errs) { if (!@mysql_select_db($hash['dbName'])) { $errs[] = 'The database you specified does not exist.'; - $errs[] = 'The mySQL error was: ' . htmlspecialchars(mysql_error()); + $errs[] = 'The mySQL error was: ' . serendipity_specialchars(mysql_error()); return false; } diff --git a/include/db/mysqli.inc.php b/include/db/mysqli.inc.php index 356ec795..43b62e40 100644 --- a/include/db/mysqli.inc.php +++ b/include/db/mysqli.inc.php @@ -321,7 +321,7 @@ function serendipity_db_probe($hash, &$errs) { if (!$c) { $errs[] = 'Could not connect to database; check your settings.'; - $errs[] = 'The mySQL error was: ' . htmlspecialchars(mysqli_connect_error()); + $errs[] = 'The mySQL error was: ' . serendipity_specialchars(mysqli_connect_error()); return false; } @@ -329,7 +329,7 @@ function serendipity_db_probe($hash, &$errs) { if ( !@mysqli_select_db($c, $hash['dbName']) ) { $errs[] = 'The database you specified does not exist.'; - $errs[] = 'The mySQL error was: ' . htmlspecialchars(mysqli_error($c)); + $errs[] = 'The mySQL error was: ' . serendipity_specialchars(mysqli_error($c)); return false; } diff --git a/include/db/sqlrelay.inc.php b/include/db/sqlrelay.inc.php index e03f42de..8e99319d 100644 --- a/include/db/sqlrelay.inc.php +++ b/include/db/sqlrelay.inc.php @@ -161,13 +161,13 @@ function &serendipity_db_query($sql, $single = false, $result_type = "both", $re } if (!$expectError && sqlrcur_errorMessage($cur) != '') { - $msg = '
    ' . htmlspecialchars($sql) . '
    / ' . htmlspecialchars(sqlrcur_errorMessage($cur)); + $msg = '
    ' . serendipity_specialchars($sql) . '
    / ' . serendipity_specialchars(sqlrcur_errorMessage($cur)); return $msg; } if (!$c) { if (!$expectError && !$serendipity['production']) { - print '
    ' . htmlspecialchars($sql) . '
    / ' . htmlspecialchars(sqlrcur_errorMessage($cur)); + print '
    ' . serendipity_specialchars($sql) . '
    / ' . serendipity_specialchars(sqlrcur_errorMessage($cur)); if (function_exists('debug_backtrace') && $reportErr == true) { highlight_string(var_export(debug_backtrace(), 1)); } diff --git a/include/functions.inc.php b/include/functions.inc.php index c8e305a9..360a7151 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -939,15 +939,15 @@ function serendipity_displayTopUrlList($list, $limit, $use_links = true, $interv if ($use_links) { $output .= sprintf( '%2$s (%3$s)', - htmlspecialchars($row['scheme']), - htmlspecialchars($row['host']), - htmlspecialchars($row['total']) + serendipity_specialchars($row['scheme']), + serendipity_specialchars($row['host']), + serendipity_specialchars($row['total']) ); } else { $output .= sprintf( '%1$s (%2$s)', - htmlspecialchars($row['host']), - htmlspecialchars($row['total']) + serendipity_specialchars($row['host']), + serendipity_specialchars($row['total']) ); } } diff --git a/include/functions_comments.inc.php b/include/functions_comments.inc.php index cce34f96..0987d55a 100644 --- a/include/functions_comments.inc.php +++ b/include/functions_comments.inc.php @@ -191,13 +191,13 @@ function serendipity_displayCommentForm($id, $url = '', $comments = NULL, $data $commentform_data = array( 'commentform_action' => $url, 'commentform_id' => $id, - 'commentform_name' => isset($data['name']) ? htmlspecialchars($data['name']) : (isset($serendipity['COOKIE']['name']) ? htmlspecialchars($serendipity['COOKIE']['name']) : ''), - 'commentform_email' => isset($data['email']) ? htmlspecialchars($data['email']) : (isset($serendipity['COOKIE']['email']) ? htmlspecialchars($serendipity['COOKIE']['email']) : ''), - 'commentform_url' => isset($data['url']) ? htmlspecialchars($data['url']) : (isset($serendipity['COOKIE']['url']) ? htmlspecialchars($serendipity['COOKIE']['url']) : ''), + 'commentform_name' => isset($data['name']) ? serendipity_specialchars($data['name']) : (isset($serendipity['COOKIE']['name']) ? serendipity_specialchars($serendipity['COOKIE']['name']) : ''), + 'commentform_email' => isset($data['email']) ? serendipity_specialchars($data['email']) : (isset($serendipity['COOKIE']['email']) ? serendipity_specialchars($serendipity['COOKIE']['email']) : ''), + 'commentform_url' => isset($data['url']) ? serendipity_specialchars($data['url']) : (isset($serendipity['COOKIE']['url']) ? serendipity_specialchars($serendipity['COOKIE']['url']) : ''), 'commentform_remember' => isset($data['remember']) ? 'checked="checked"' : (isset($serendipity['COOKIE']['remember']) ? 'checked="checked"' : ''), 'commentform_replyTo' => serendipity_generateCommentList($id, $comments, ((isset($data['replyTo']) && ($data['replyTo'])) ? $data['replyTo'] : 0)), 'commentform_subscribe' => isset($data['subscribe']) ? 'checked="checked"' : '', - 'commentform_data' => isset($data['comment']) ? htmlspecialchars($data['comment']) : '', + 'commentform_data' => isset($data['comment']) ? serendipity_specialchars($data['comment']) : '', 'is_commentform_showToolbar' => $showToolbar, 'is_allowSubscriptions' => (serendipity_db_bool($serendipity['allowSubscriptions']) || $serendipity['allowSubscriptions'] === 'fulltext' ? true : false), 'is_moderate_comments' => $moderate_comments, @@ -320,7 +320,7 @@ function serendipity_generateCommentList($id, $comments = NULL, $selected = 0, $ foreach ($comments as $comment) { if ($comment['parent_id'] == $parent) { $i++; - $retval .= '\n"; + $retval .= '\n"; $retval .= serendipity_generateCommentList($id, $comments, $selected, $comment['id'], $level + 1, $indent . $i . '.'); } } @@ -362,7 +362,7 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace if ($parentid === VIEWMODE_LINEAR || !isset($comment['parent_id']) || $comment['parent_id'] == $parentid) { $i++; - $comment['comment'] = htmlspecialchars(strip_tags($comment['body'])); + $comment['comment'] = serendipity_specialchars(strip_tags($comment['body'])); $comment['url'] = strip_tags($comment['url']); $comment['link_delete'] = $serendipity['baseURL'] . 'comment.php?serendipity[delete]=' . $comment['id'] . '&serendipity[entry]=' . $comment['entry_id'] . '&serendipity[type]=comments'; @@ -380,7 +380,7 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace if (!@parse_url($comment['url'])) { $comment['url'] = ''; } - $comment['url'] = htmlspecialchars($comment['url'], ENT_QUOTES); + $comment['url'] = serendipity_specialchars($comment['url'], ENT_QUOTES); } $addData = array('from' => 'functions_entries:printComments'); @@ -390,16 +390,16 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace $comment['email'] = false; } elseif (!empty($comment['email'])) { $comment['clear_email'] = $comment['email']; - $comment['email'] = htmlspecialchars(str_replace('@', '[at]', $comment['email'])); + $comment['email'] = serendipity_specialchars(str_replace('@', '[at]', $comment['email'])); } $comment['body'] = $comment['comment']; $comment['pos'] = $i; $comment['trace'] = $trace . $i; $comment['depth'] = $depth; - $comment['author'] = htmlspecialchars($comment['author']); + $comment['author'] = serendipity_specialchars($comment['author']); if (isset($comment['title'])) { - $comment['title'] = htmlspecialchars($comment['title']); + $comment['title'] = serendipity_specialchars($comment['title']); } if (serendipity_userLoggedIn()) { diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php index b5135098..4c460d79 100644 --- a/include/functions_config.inc.php +++ b/include/functions_config.inc.php @@ -730,7 +730,7 @@ function serendipity_setCookie($name, $value, $securebyprot = true) { * @return null */ function serendipity_JSsetCookie($name, $value) { - $name = htmlentities($name); + $name = serendipity_entities($name); $value = urlencode($value); echo '' . "\n"; diff --git a/include/functions_entries.inc.php b/include/functions_entries.inc.php index e50ba0fa..b690f8d1 100644 --- a/include/functions_entries.inc.php +++ b/include/functions_entries.inc.php @@ -1130,7 +1130,7 @@ function serendipity_printEntries($entries, $extended = 0, $preview = false, $sm $entry['authorid'] = $serendipity['authorid']; } - $entry['author'] = htmlspecialchars($entry['author']); + $entry['author'] = serendipity_specialchars($entry['author']); $authorData = array( 'authorid' => $entry['authorid'], @@ -1142,12 +1142,12 @@ function serendipity_printEntries($entries, $extended = 0, $preview = false, $sm $entry['link'] = serendipity_archiveURL($entry['id'], $entry['title'], 'serendipityHTTPPath', true, array('timestamp' => $entry['timestamp'])); $entry['commURL'] = serendipity_archiveURL($entry['id'], $entry['title'], 'baseURL', false, array('timestamp' => $entry['timestamp'])); $entry['html_title'] = $entry['title']; - $entry['title'] = htmlspecialchars($entry['title'], ENT_QUOTES, LANG_CHARSET); // PHP 5.4 changed default charset in htmlspecialchars + $entry['title'] = serendipity_specialchars($entry['title']); $entry['title_rdf'] = preg_replace('@-{2,}@', '-', $entry['html_title']); $entry['rdf_ident'] = serendipity_archiveURL($entry['id'], $entry['title_rdf'], 'baseURL', true, array('timestamp' => $entry['timestamp'])); $entry['link_rdf'] = serendipity_rewriteURL(PATH_FEEDS . '/ei_'. $entry['id'] .'.rdf'); - $entry['title_rdf'] = htmlspecialchars($entry['title_rdf']); + $entry['title_rdf'] = serendipity_specialchars($entry['title_rdf']); $entry['link_allow_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=enable&serendipity[entry]=' . $entry['id']; $entry['link_deny_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=disable&serendipity[entry]=' . $entry['id']; @@ -1529,12 +1529,12 @@ function serendipity_generateCategoryList($cats, $select = array(0), $type = 0, if ($cat['parentid'] == $id) { switch ($type) { case 0: - $ret .= str_repeat(' ', $level * 2).'• ' . (!empty($cat['category_icon']) ? '' . $cat['category_name'] . ' ' : '') . htmlspecialchars($cat['category_name']) . (!empty($cat['category_description']) ? ' - ' . htmlspecialchars($cat['category_description']) : '') . ''; + $ret .= str_repeat(' ', $level * 2).'• ' . (!empty($cat['category_icon']) ? '' . $cat['category_name'] . ' ' : '') . serendipity_specialchars($cat['category_name']) . (!empty($cat['category_description']) ? ' - ' . serendipity_specialchars($cat['category_description']) : '') . ''; break; case 1: case 2: $ret .= ''; break; case 3: @@ -1546,19 +1546,19 @@ function serendipity_generateCategoryList($cats, $select = array(0), $type = 0, '%s' . '', $serendipity['serendipityHTTPPath'] . 'rss.php?category=' . $cat['categoryid'] . '_' . $category_id, - htmlspecialchars($cat['category_description']), + serendipity_specialchars($cat['category_description']), $xmlImg, str_repeat(' ', $level * 3), serendipity_categoryURL($cat, 'serendipityHTTPPath'), - htmlspecialchars($cat['category_description']), - htmlspecialchars($cat['category_name'])); + serendipity_specialchars($cat['category_description']), + serendipity_specialchars($cat['category_name'])); } else { $ret .= sprintf( '%s%s', str_repeat(' ', $level * 3), serendipity_categoryURL($cat, 'serendipityHTTPPath'), - htmlspecialchars($cat['category_description']), - htmlspecialchars($cat['category_name'])); + serendipity_specialchars($cat['category_description']), + serendipity_specialchars($cat['category_name'])); } break; case 4: diff --git a/include/functions_entries_admin.inc.php b/include/functions_entries_admin.inc.php index b3ab491e..c66e0176 100644 --- a/include/functions_entries_admin.inc.php +++ b/include/functions_entries_admin.inc.php @@ -113,7 +113,7 @@ function serendipity_printEntryForm($targetURL, $hiddens = array(), $entry = arr } if (!empty($serendipity['GET']['url'])) { - $entry['body'] .= "\n" . '' . $entry['title'] . ''; + $entry['body'] .= "\n" . '' . $entry['title'] . ''; } $template_vars['formToken'] = serendipity_setFormToken(); diff --git a/include/functions_images.inc.php b/include/functions_images.inc.php index 09917d6a..452c2dcf 100644 --- a/include/functions_images.inc.php +++ b/include/functions_images.inc.php @@ -1456,7 +1456,7 @@ function serendipity_displayImageList($page = 0, $lineBreak = NULL, $manage = fa $extraParems = serendipity_generateImageSelectorParems(); $serendipity['GET']['only_path'] = serendipity_uploadSecure($limit_path . $serendipity['GET']['only_path'], true); - $serendipity['GET']['only_filename'] = htmlspecialchars(str_replace(array('*', '?'), array('%', '_'), $serendipity['GET']['only_filename'])); + $serendipity['GET']['only_filename'] = serendipity_specialchars(str_replace(array('*', '?'), array('%', '_'), $serendipity['GET']['only_filename'])); $perPage = (!empty($serendipity['GET']['sortorder']['perpage']) ? (int)$serendipity['GET']['sortorder']['perpage'] : 8); while ($perPage % $lineBreak !== 0) { @@ -1675,19 +1675,19 @@ function serendipity_generateImageSelectorParems() { foreach($importParams AS $importParam) { if (isset($serendipity['GET'][$importParam])) { - $extraParems .= 'serendipity[' . $importParam . ']='. htmlspecialchars($serendipity['GET'][$importParam]) .'&'; + $extraParems .= 'serendipity[' . $importParam . ']='. serendipity_specialchars($serendipity['GET'][$importParam]) .'&'; } } foreach($sortParams AS $sortParam) { serendipity_restoreVar($serendipity['COOKIE']['sortorder_' . $sortParam], $serendipity['GET']['sortorder'][$sortParam]); - $extraParems .= 'serendipity[sortorder]['. $sortParam .']='. htmlspecialchars($serendipity['GET']['sortorder'][$sortParam]) .'&'; + $extraParems .= 'serendipity[sortorder]['. $sortParam .']='. serendipity_specialchars($serendipity['GET']['sortorder'][$sortParam]) .'&'; } foreach($standaloneFilterParams AS $filterParam) { serendipity_restoreVar($serendipity['COOKIE'][$filterParam], $serendipity['GET'][$filterParam]); if (!empty($serendipity['GET'][$filterParam]) && $serendipity['GET'][$filterParam] != "undefined") { - $extraParems .= 'serendipity[' . $filterParam . ']='. htmlspecialchars($serendipity['GET'][$filterParam]) .'&'; + $extraParems .= 'serendipity[' . $filterParam . ']='. serendipity_specialchars($serendipity['GET'][$filterParam]) .'&'; } } @@ -1696,10 +1696,10 @@ function serendipity_generateImageSelectorParems() { if (!empty($serendipity['GET']['filter'][$filterParam]) && $serendipity['GET']['filter'][$filterParam] != "undefined") { if (is_array($filterValue)) { foreach($filterValue as $key => $value) { - $extraParems .= 'serendipity[filter][' . $filterParam . '][' . $key . ']='. htmlspecialchars($value) .'&'; + $extraParems .= 'serendipity[filter][' . $filterParam . '][' . $key . ']='. serendipity_specialchars($value) .'&'; } } else { - $extraParems .= 'serendipity[filter][' . $filterParam . ']='. htmlspecialchars($filterValue) .'&'; + $extraParems .= 'serendipity[filter][' . $filterParam . ']='. serendipity_specialchars($filterValue) .'&'; } } @@ -2045,7 +2045,7 @@ function serendipity_getImageFields() { foreach($addProp AS $prop) { $parts = explode(':', $prop); $name = $parts[0]; - $x['bp.' . $name] = array('desc' => (defined('MEDIA_PROPERTY_' . $name) ? constant('MEDIA_PROPERTY_' . $name) : htmlspecialchars($name))); + $x['bp.' . $name] = array('desc' => (defined('MEDIA_PROPERTY_' . $name) ? constant('MEDIA_PROPERTY_' . $name) : serendipity_specialchars($name))); if (preg_match('@date@i', $name)) { $x['bp.' . $name]['type'] = 'date'; } @@ -2312,7 +2312,7 @@ function serendipity_showPropertyForm(&$new_media, $keywordsPerBlock = 3, $is_ed if (isset($GLOBALS['image_selector_addvars']) && is_array($GLOBALS['image_selector_addvars'])) { // These variables may come from serendipity_admin_image_selector.php to show embedded upload form foreach($GLOBALS['image_selector_addvars'] AS $imgsel_key => $imgsel_val) { - $editform_hidden .= ' ' . "\n"; + $editform_hidden .= ' ' . "\n"; } } @@ -2431,13 +2431,13 @@ function serendipity_parseMediaProperties(&$dprops, &$keywords, &$media, &$props } $val = serendipity_mediaTypeCast($parts[0], $props['base_property'][$parts[0]], true); - $propkey = htmlspecialchars($parts[0]) . $idx; + $propkey = serendipity_specialchars($parts[0]) . $idx; $media['base_property'][$propkey] = array( - 'label' => htmlspecialchars(defined('MEDIA_PROPERTY_' . strtoupper($parts[0])) ? constant('MEDIA_PROPERTY_' . strtoupper($parts[0])) : $parts[0]), + 'label' => serendipity_specialchars(defined('MEDIA_PROPERTY_' . strtoupper($parts[0])) ? constant('MEDIA_PROPERTY_' . strtoupper($parts[0])) : $parts[0]), 'type' => $type, 'val' => $val, - 'title' => htmlspecialchars($parts[0]) + 'title' => serendipity_specialchars($parts[0]) ); if (!is_array($GLOBALS['IPTC'])) { @@ -2532,7 +2532,7 @@ function serendipity_parseMediaProperties(&$dprops, &$keywords, &$media, &$props $kidx = ($i*$keywordsPerBlock) + $j; if (isset($keywords[$kidx])) { $media['base_keywords'][$i][$j] = array( - 'name' => htmlspecialchars($keywords[$kidx]), + 'name' => serendipity_specialchars($keywords[$kidx]), 'selected' => isset($props['base_keyword'][$keywords[$kidx]]) ? true : false ); } else { @@ -2875,7 +2875,7 @@ function serendipity_showMedia(&$file, &$paths, $url = '', $manage = false, $lin $form_hidden = ''; foreach($serendipity['GET'] AS $g_key => $g_val) { if (!is_array($g_val) && $g_key != 'page') { - $form_hidden .= ''; + $form_hidden .= ''; } } @@ -3285,7 +3285,7 @@ function serendipity_imageAppend(&$tfile, &$target, $dir, $echo = true) { $target = $dir . $tfile; if ($echo) { - printf(FILENAME_REASSIGNED . '
    ', htmlspecialchars($tfile)); + printf(FILENAME_REASSIGNED . '
    ', serendipity_specialchars($tfile)); } return $realname; } @@ -3414,7 +3414,7 @@ function serendipity_moveMediaDirectory($oldDir, $newDir, $type = 'dir', $item_i if ($type == 'file') { if (serendipity_isActiveFile(basename($newDir))) { echo ' '; - printf(ERROR_FILE_FORBIDDEN, htmlspecialchars($newDir)); + printf(ERROR_FILE_FORBIDDEN, serendipity_specialchars($newDir)); echo "\n"; return false; } diff --git a/include/functions_installer.inc.php b/include/functions_installer.inc.php index 654d1d01..dc05e693 100644 --- a/include/functions_installer.inc.php +++ b/include/functions_installer.inc.php @@ -576,33 +576,33 @@ function serendipity_checkInstallation() { // Check dirs if (!is_dir($_POST['serendipityPath'])) { - $errs[] = sprintf(DIRECTORY_NON_EXISTANT, htmlspecialchars($_POST['serendipityPath'])); + $errs[] = sprintf(DIRECTORY_NON_EXISTANT, serendipity_specialchars($_POST['serendipityPath'])); } elseif (!is_writable($_POST['serendipityPath']) ) { - $errs[] = sprintf(DIRECTORY_WRITE_ERROR, htmlspecialchars($_POST['serendipityPath'])); + $errs[] = sprintf(DIRECTORY_WRITE_ERROR, serendipity_specialchars($_POST['serendipityPath'])); } elseif (!is_dir($_POST['serendipityPath'] . $_POST['uploadPath'] ) && @mkdir($_POST['serendipityPath'] . $_POST['uploadPath'], $umask) !== true) { - $errs[] = sprintf(DIRECTORY_CREATE_ERROR, htmlspecialchars($_POST['serendipityPath']) . htmlspecialchars($_POST['uploadPath'])); + $errs[] = sprintf(DIRECTORY_CREATE_ERROR, serendipity_specialchars($_POST['serendipityPath']) . serendipity_specialchars($_POST['uploadPath'])); } elseif (!is_writable($_POST['serendipityPath'] . $_POST['uploadPath'])) { - $errs[] = sprintf(DIRECTORY_WRITE_ERROR, htmlspecialchars($_POST['serendipityPath']) . htmlspecialchars($_POST['uploadPath'])); - $errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rws', htmlspecialchars($_POST['serendipityPath']) . htmlspecialchars($_POST['uploadPath'])); + $errs[] = sprintf(DIRECTORY_WRITE_ERROR, serendipity_specialchars($_POST['serendipityPath']) . serendipity_specialchars($_POST['uploadPath'])); + $errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rws', serendipity_specialchars($_POST['serendipityPath']) . serendipity_specialchars($_POST['uploadPath'])); } // Attempt to create the template compile directory, it might already be there, but we just want to be sure if (!is_dir($_POST['serendipityPath'] . PATH_SMARTY_COMPILE) && @mkdir($_POST['serendipityPath'] . PATH_SMARTY_COMPILE, $umask) !== true) { - $errs[] = sprintf(DIRECTORY_CREATE_ERROR, htmlspecialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE); - $errs[] = sprintf(DIRECTORY_RUN_CMD , 'mkdir' , htmlspecialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE); - $errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rwx', htmlspecialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE); + $errs[] = sprintf(DIRECTORY_CREATE_ERROR, serendipity_specialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE); + $errs[] = sprintf(DIRECTORY_RUN_CMD , 'mkdir' , serendipity_specialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE); + $errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rwx', serendipity_specialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE); } elseif (is_dir($_POST['serendipityPath'] . PATH_SMARTY_COMPILE) && !is_writeable($_POST['serendipityPath'] . PATH_SMARTY_COMPILE) && @chmod($_POST['serendipityPath'] . PATH_SMARTY_COMPILE, $umask) !== true) { - $errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rwx', htmlspecialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE); + $errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rwx', serendipity_specialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE); } // Attempt to create the archives directory if (!is_dir($_POST['serendipityPath'] . PATH_ARCHIVES) && @mkdir($_POST['serendipityPath'] . PATH_ARCHIVES, $umask) !== true) { - $errs[] = sprintf(DIRECTORY_CREATE_ERROR, htmlspecialchars($_POST['serendipityPath']) . PATH_ARCHIVES); - $errs[] = sprintf(DIRECTORY_RUN_CMD , 'mkdir' , htmlspecialchars($_POST['serendipityPath']) . PATH_ARCHIVES); - $errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rwx', htmlspecialchars($_POST['serendipityPath']) . PATH_ARCHIVES); + $errs[] = sprintf(DIRECTORY_CREATE_ERROR, serendipity_specialchars($_POST['serendipityPath']) . PATH_ARCHIVES); + $errs[] = sprintf(DIRECTORY_RUN_CMD , 'mkdir' , serendipity_specialchars($_POST['serendipityPath']) . PATH_ARCHIVES); + $errs[] = sprintf(DIRECTORY_RUN_CMD , 'chmod go+rwx', serendipity_specialchars($_POST['serendipityPath']) . PATH_ARCHIVES); } // Check imagick @@ -795,7 +795,7 @@ function serendipity_installFiles($serendipity_core = '') { $fp = @fopen($serendipity_core . '.htaccess', 'w'); if (!$fp) { $errs[] = sprintf(FILE_WRITE_ERROR, $serendipity_core . '.htaccess') . ' ' . FILE_CREATE_YOURSELF; - $errs[] = sprintf(COPY_CODE_BELOW , $serendipity_core . '.htaccess', 'serendipity', htmlspecialchars($content)); + $errs[] = sprintf(COPY_CODE_BELOW , $serendipity_core . '.htaccess', 'serendipity', serendipity_specialchars($content)); return $errs; } else { // Check if an old htaccess file existed and try to preserve its contents. Otherwise completely wipe the file. diff --git a/include/functions_plugins_admin.inc.php b/include/functions_plugins_admin.inc.php index d9a907b6..88702bad 100644 --- a/include/functions_plugins_admin.inc.php +++ b/include/functions_plugins_admin.inc.php @@ -151,11 +151,11 @@ function show_plugins($event_only = false, $sidebars = null) $bag = new serendipity_property_bag; $plugin->introspect($bag); - $name = htmlspecialchars($bag->get('name')); + $name = serendipity_specialchars($bag->get('name')); $desc = '
    '; $desc .= ''.$cname[0].''; - $desc .= '
    ' . htmlspecialchars($bag->get('description')) . '
    '; + $desc .= '
    ' . serendipity_specialchars($bag->get('description')) . '
    '; $desc .= '' . VERSION . ': ' . $bag->get('version') . ''; $desc .= '
    '; @@ -255,10 +255,10 @@ function serendipity_plugin_config(&$plugin, &$bag, &$name, &$desc, &$config_nam $cbag = new serendipity_property_bag; $plugin->introspect_config_item($config_item, $cbag); - $data['cname'] = $cname = htmlspecialchars($cbag->get('name')); - $data['cdesc'] = $cdesc = htmlspecialchars($cbag->get('description')); + $data['cname'] = $cname = serendipity_specialchars($cbag->get('name')); + $data['cdesc'] = $cdesc = serendipity_specialchars($cbag->get('description')); $value = $plugin->get_config($config_item, 'unset'); - $lang_direction = htmlspecialchars($cbag->get('lang_direction')); + $lang_direction = serendipity_specialchars($cbag->get('lang_direction')); if (empty($lang_direction)) { $lang_direction = LANG_DIRECTION; @@ -279,12 +279,12 @@ function serendipity_plugin_config(&$plugin, &$bag, &$name, &$desc, &$config_nam if (isset($_POST['serendipity'][$postkey][$config_item])) { if (is_array($_POST['serendipity'][$postkey][$config_item])) { $hvalue = $_POST['serendipity'][$postkey][$config_item]; - array_walk($hvalue, 'htmlspecialchars'); + array_walk($hvalue, 'serendipity_specialchars'); } else { - $hvalue = htmlspecialchars($_POST['serendipity'][$postkey][$config_item]); + $hvalue = serendipity_specialchars($_POST['serendipity'][$postkey][$config_item]); } } else { - $hvalue = htmlspecialchars($value); + $hvalue = serendipity_specialchars($value); } $radio = array(); @@ -367,7 +367,7 @@ function serendipity_plugin_config(&$plugin, &$bag, &$name, &$desc, &$config_nam $data['radio_button'] = array(); $counter = 0; foreach($radio['value'] AS $radio_index => $radio_value) { - $id = htmlspecialchars($config_item . $radio_value); + $id = serendipity_specialchars($config_item . $radio_value); $counter++; $checked = ""; @@ -382,7 +382,7 @@ function serendipity_plugin_config(&$plugin, &$bag, &$name, &$desc, &$config_nam $data['radio_button'][$radio_index]['checked'] = $checked; $data['radio_button'][$radio_index]['counter'] = $counter; $data['radio_button'][$radio_index]['value'] = $radio_value; - $data['radio_button'][$radio_index]['index'] = htmlspecialchars($radio['desc'][$radio_index]); + $data['radio_button'][$radio_index]['index'] = serendipity_specialchars($radio['desc'][$radio_index]); } $assign_plugin_config($data); diff --git a/include/functions_rss.inc.php b/include/functions_rss.inc.php index 683a4eb9..2da7c92f 100644 --- a/include/functions_rss.inc.php +++ b/include/functions_rss.inc.php @@ -70,7 +70,7 @@ function serendipity_printEntries_rss(&$entries, $version, $comments = false, $f $entry['body'] .= ' ' . $entry['extended']; $ext = ''; } elseif ($entry['exflag']) { - $ext = '' . sprintf(VIEW_EXTENDED_ENTRY, htmlspecialchars($entry['title'])) . ''; + $ext = '' . sprintf(VIEW_EXTENDED_ENTRY, serendipity_specialchars($entry['title'])) . ''; } else { $ext = ''; } @@ -103,24 +103,24 @@ function serendipity_printEntries_rss(&$entries, $version, $comments = false, $f if (!is_array($entry['categories'])) { $entry['categories'] = array(0 => array( 'category_name' => $entry['category_name'], - 'feed_category_name' => serendipity_utf8_encode(htmlspecialchars($entry['category_name'])), + 'feed_category_name' => serendipity_utf8_encode(serendipity_specialchars($entry['category_name'])), 'categoryURL' => serendipity_categoryURL($entry, 'baseURL') )); } else { foreach($entry['categories'] AS $cid => $_cat) { $cat = &$entry['categories'][$cid]; $cat['categoryURL'] = serendipity_categoryURL($cat, 'baseURL'); - $cat['feed_category_name'] = serendipity_utf8_encode(htmlspecialchars($cat['category_name'])); + $cat['feed_category_name'] = serendipity_utf8_encode(serendipity_specialchars($cat['category_name'])); } } // Prepare variables - // 1. UTF8 encoding + htmlspecialchars. - $entry['feed_title'] = serendipity_utf8_encode(htmlspecialchars($entry['title'])); - $entry['feed_blogTitle'] = serendipity_utf8_encode(htmlspecialchars($serendipity['blogTitle'])); - $entry['feed_title'] = serendipity_utf8_encode(htmlspecialchars($entry['title'])); - $entry['feed_author'] = serendipity_utf8_encode(htmlspecialchars($entry['author'])); - $entry['feed_email'] = serendipity_utf8_encode(htmlspecialchars($entry['email'])); + // 1. UTF8 encoding + serendipity_specialchars. + $entry['feed_title'] = serendipity_utf8_encode(serendipity_specialchars($entry['title'])); + $entry['feed_blogTitle'] = serendipity_utf8_encode(serendipity_specialchars($serendipity['blogTitle'])); + $entry['feed_title'] = serendipity_utf8_encode(serendipity_specialchars($entry['title'])); + $entry['feed_author'] = serendipity_utf8_encode(serendipity_specialchars($entry['author'])); + $entry['feed_email'] = serendipity_utf8_encode(serendipity_specialchars($entry['email'])); // 2. gmdate $entry['feed_timestamp'] = gmdate('Y-m-d\TH:i:s\Z', serendipity_serverOffsetHour($entry['timestamp'])); diff --git a/include/functions_smarty.inc.php b/include/functions_smarty.inc.php index b3f1cb00..ac52e388 100644 --- a/include/functions_smarty.inc.php +++ b/include/functions_smarty.inc.php @@ -93,7 +93,7 @@ function &serendipity_smarty_fetch($block, $file, $echo = false) { * @return string The return string */ function serendipity_emptyPrefix($string, $prefix = ': ') { - return (!empty($string) ? $prefix . htmlspecialchars($string) : ''); + return (!empty($string) ? $prefix . serendipity_specialchars($string) : ''); } /** diff --git a/include/functions_trackbacks.inc.php b/include/functions_trackbacks.inc.php index 2b8bcf2f..80e469f1 100644 --- a/include/functions_trackbacks.inc.php +++ b/include/functions_trackbacks.inc.php @@ -90,7 +90,7 @@ global $serendipity; "; - echo '
    • ' . sprintf(PINGBACK_SENDING, htmlspecialchars($pingback)) . '
    '; + echo '
    • ' . sprintf(PINGBACK_SENDING, serendipity_specialchars($pingback)) . '
    '; flush(); $response = _serendipity_send($pingback, $query, 'text/html'); @@ -210,7 +210,7 @@ function serendipity_trackback_autodiscover($res, $loc, $url, $author, $title, $ . '&blog_name=' . rawurlencode($author) . '&excerpt=' . rawurlencode(strip_tags($text)); - printf(TRACKBACK_SENDING, htmlspecialchars($trackURI)); + printf(TRACKBACK_SENDING, serendipity_specialchars($trackURI)); flush(); $response = serendipity_trackback_is_success(_serendipity_send($trackURI, $data)); @@ -533,7 +533,7 @@ function fetchPingbackData( &$comment) { // Get a title if (preg_match('@]*>.*?]*>(.*?).*?@is',$fContent,$matches)) { - $comment['title'] = html_entity_decode(strip_tags($matches[1]), ENT_COMPAT, LANG_CHARSET); + $comment['title'] = serendipity_entity_decode(strip_tags($matches[1]), ENT_COMPAT, LANG_CHARSET); } // Try to get content from first

    tag on: @@ -567,7 +567,7 @@ function trackback_body_strip( $body ){ $body = str_replace(' ', ' ', $body); // strip html entities and tags. - $body = html_entity_decode(strip_tags($body), ENT_COMPAT, LANG_CHARSET); + $body = serendipity_entity_decode(strip_tags($body), ENT_COMPAT, LANG_CHARSET); // replace whitespace with single space $body = preg_replace('@\s+@s', ' ', $body); diff --git a/include/functions_upgrader.inc.php b/include/functions_upgrader.inc.php index abe1a16e..ddb8579f 100644 --- a/include/functions_upgrader.inc.php +++ b/include/functions_upgrader.inc.php @@ -347,7 +347,7 @@ function serendipity_upgrader_rename_plugins() { $plugin['name'] = str_replace('serendipity_html_nugget_plugin', 'serendipity_plugin_html_nugget', $plugin['name']); $pluginparts = explode(':', $plugin['name']); - echo "\n"; + echo "\n"; serendipity_db_query("UPDATE {$serendipity['dbPrefix']}plugins SET name = '" . serendipity_db_escape_string($plugin['name']) . "', path = '" . serendipity_db_escape_string($pluginparts[0]) . "' WHERE name = '" . serendipity_db_escape_string($origname) . "'"); } } @@ -362,7 +362,7 @@ function serendipity_upgrader_rename_plugins() { $config['name'] = str_replace('serendipity_html_nugget_plugin', 'serendipity_plugin_html_nugget', $config['name']); $configparts = explode(':', $config['name']); - echo "\n"; + echo "\n"; serendipity_db_query("UPDATE {$serendipity['dbPrefix']}config SET name = '" . serendipity_db_escape_string($config['name']) . "' WHERE name = '" . serendipity_db_escape_string($origname) . "'"); } } diff --git a/include/genpage.inc.php b/include/genpage.inc.php index 9ecc2fcd..a831dc43 100644 --- a/include/genpage.inc.php +++ b/include/genpage.inc.php @@ -39,7 +39,7 @@ switch ($serendipity['GET']['action']) { if (!is_array($entry) || count($entry) < 1 || !is_array($entry[0])) { unset($serendipity['GET']['id']); $entry = array(array()); - $serendipity['head_title'] = htmlspecialchars($serendipity['blogTitle']); + $serendipity['head_title'] = serendipity_specialchars($serendipity['blogTitle']); $serendipity['head_subtitle'] = ''; $serendipity['smarty']->assign('head_title', $serendipity['head_title']); $serendipity['smarty']->assign('head_subtitle', $serendipity['head_subtitle']); diff --git a/include/plugin_api.inc.php b/include/plugin_api.inc.php index c6020e96..b2b645ed 100644 --- a/include/plugin_api.inc.php +++ b/include/plugin_api.inc.php @@ -215,7 +215,7 @@ class serendipity_plugin_api $serendipity['debug']['pluginload'][] = "Installing plugin: " . print_r(func_get_args(), true); - $iq = "INSERT INTO {$serendipity['dbPrefix']}plugins (name, sort_order, placement, authorid, path) values ('" . htmlspecialchars($key) . "', $nextidx, '$default_placement', '$authorid', '" . htmlspecialchars($pluginPath) . "')"; + $iq = "INSERT INTO {$serendipity['dbPrefix']}plugins (name, sort_order, placement, authorid, path) values ('" . serendipity_specialchars($key) . "', $nextidx, '$default_placement', '$authorid', '" . serendipity_specialchars($pluginPath) . "')"; $serendipity['debug']['pluginload'][] = $iq; serendipity_db_query($iq); serendipity_plugin_api::hook_event('backend_plugins_new_instance', $key, array('default_placement' => $default_placement)); @@ -230,7 +230,7 @@ class serendipity_plugin_api $plugin->install(); } else { $serendipity['debug']['pluginload'][] = "Loading plugin failed painfully. File not found?"; - echo '' . ERROR . ': ' . htmlspecialchars($key) . ' (' . htmlspecialchars($pluginPath) . ')'; + echo '' . ERROR . ': ' . serendipity_specialchars($key) . ' (' . serendipity_specialchars($pluginPath) . ')'; } return $key; @@ -933,7 +933,7 @@ class serendipity_plugin_api ob_end_clean(); if ($loggedin) { - $content .= '

    ' . EDIT . '
    '; + $content .= '
    ' . EDIT . '
    '; } if ($show_plugin !== false) { diff --git a/include/template_api.inc.php b/include/template_api.inc.php index 77c662f2..feb87a8e 100644 --- a/include/template_api.inc.php +++ b/include/template_api.inc.php @@ -129,7 +129,7 @@ class serendipity_smarty_emulator { } elseif (function_exists($funcname)) { return call_user_func($funcname, $params, $this); } else { - return "ERROR: " . htmlspecialchars($funcname) . " NOT FOUND."; + return "ERROR: " . serendipity_specialchars($funcname) . " NOT FOUND."; } } @@ -326,7 +326,7 @@ class serendipity_smarty_emulator_xml extends serendipity_smarty_emulator { $this->assign($val, null, $level + 1); echo str_repeat("\t", $level) . "\n"; } else { - echo str_repeat("\t", $level) . "<$openkey>" . htmlspecialchars($val) . "\n"; + echo str_repeat("\t", $level) . "<$openkey>" . serendipity_specialchars($val) . "\n"; } } } diff --git a/index.php b/index.php index 08923e6e..a416e578 100644 --- a/index.php +++ b/index.php @@ -305,8 +305,8 @@ if (preg_match(PAT_ARCHIVES, $uri, $matches) || isset($serendipity['GET']['range $title = serendipity_db_query("SELECT title FROM {$serendipity['dbPrefix']}entries WHERE id=$id AND isdraft = 'false' " . (!serendipity_db_bool($serendipity['showFutureEntries']) ? " AND timestamp <= " . serendipity_db_time() : ''), true); if (is_array($title)) { - $serendipity['head_title'] = htmlspecialchars($title[0]); - $serendipity['head_subtitle'] = htmlspecialchars($serendipity['blogTitle']); + $serendipity['head_title'] = serendipity_specialchars($title[0]); + $serendipity['head_subtitle'] = serendipity_specialchars($serendipity['blogTitle']); } else { $serendipity['view'] = '404'; $serendipity['viewtype'] = '404_1'; @@ -464,7 +464,7 @@ if (preg_match(PAT_ARCHIVES, $uri, $matches) || isset($serendipity['GET']['range } else { $serendipity['head_title'] = $cInfo['category_name']; if (isset($serendipity['GET']['page'])) { - $serendipity['head_title'] .= " - " . htmlspecialchars($serendipity['GET']['page']); + $serendipity['head_title'] .= " - " . serendipity_specialchars($serendipity['GET']['page']); } $serendipity['head_subtitle'] = $serendipity['blogTitle']; } @@ -545,7 +545,7 @@ if (preg_match(PAT_ARCHIVES, $uri, $matches) || isset($serendipity['GET']['range } $serendipity['GET']['action'] = 'search'; - $serendipity['GET']['searchTerm'] = urldecode(htmlspecialchars(strip_tags(implode(' ', $search)))); + $serendipity['GET']['searchTerm'] = urldecode(serendipity_specialchars(strip_tags(implode(' ', $search)))); include(S9Y_INCLUDE_PATH . 'include/genpage.inc.php'); } elseif (preg_match(PAT_CSS, $uri, $matches)) { serendipity_smarty_init(); @@ -631,7 +631,7 @@ if (preg_match(PAT_ARCHIVES, $uri, $matches) || isset($serendipity['GET']['range } } - $serendipity['head_title'] = COMMENTS_FROM . ' ' . htmlspecialchars($serendipity['GET']['viewCommentAuthor']); + $serendipity['head_title'] = COMMENTS_FROM . ' ' . serendipity_specialchars($serendipity['GET']['viewCommentAuthor']); if (isset($timedesc['start']) && isset($timedesc['end'])) { $serendipity['head_title'] .= ' (' . $timedesc['start'] . ' - ' . $timedesc['end'] . ')'; } elseif (isset($timedesc['start'])) { diff --git a/rss.php b/rss.php index 73828add..a60e069c 100644 --- a/rss.php +++ b/rss.php @@ -116,15 +116,15 @@ if (isset($serendipity['serendipityRealname'])) { if (!empty($serendipity['GET']['category'])) { $cInfo = serendipity_fetchCategoryInfo((int)$serendipity['GET']['category']); - $title = serendipity_utf8_encode(htmlspecialchars($title . ' - '. $cInfo['category_name'])); + $title = serendipity_utf8_encode(serendipity_specialchars($title . ' - '. $cInfo['category_name'])); } elseif (!empty($serendipity['GET']['viewAuthor'])) { list($aInfo) = serendipity_fetchAuthor((int)$serendipity['GET']['viewAuthor']); - $title = serendipity_utf8_encode(htmlspecialchars($aInfo['realname'] . ' - '. $title )); + $title = serendipity_utf8_encode(serendipity_specialchars($aInfo['realname'] . ' - '. $title )); } else { - $title = serendipity_utf8_encode(htmlspecialchars($title)); + $title = serendipity_utf8_encode(serendipity_specialchars($title)); } -$description = serendipity_utf8_encode(htmlspecialchars($description)); +$description = serendipity_utf8_encode(serendipity_specialchars($description)); $metadata = array( 'title' => $title, @@ -244,7 +244,7 @@ if (!$metadata['template_file'] || $metadata['template_file'] == 'feed_' . $file die("Invalid RSS version specified or RSS-template file not found\n"); } -$self_url = 'http://' . $_SERVER['HTTP_HOST'] . htmlspecialchars($_SERVER['REQUEST_URI']); +$self_url = 'http://' . $_SERVER['HTTP_HOST'] . serendipity_specialchars($_SERVER['REQUEST_URI']); if (!is_array($entries)) { $entries = array(); }