diff --git a/bundled-libs/XML/RPC.php b/bundled-libs/XML/RPC.php index 311df55f..97066ff9 100644 --- a/bundled-libs/XML/RPC.php +++ b/bundled-libs/XML/RPC.php @@ -1057,7 +1057,7 @@ class XML_RPC_Response extends XML_RPC_Base { if ($fcode != 0) { $this->fn = $fcode; - $this->fs = htmlspecialchars($fstr); + $this->fs = serendipity_specialchars($fstr); } else { $this->xv = $val; } @@ -1452,7 +1452,7 @@ class XML_RPC_Message extends XML_RPC_Base $hdrfnd = 0; if ($this->debug) { print "\n
---GOT---\n";
-            print isset($_SERVER['SERVER_PROTOCOL']) ? htmlspecialchars($data) : $data;
+            print isset($_SERVER['SERVER_PROTOCOL']) ? serendipity_specialchars($data) : $data;
             print "\n---END---
\n"; } @@ -1704,7 +1704,7 @@ class XML_RPC_Value extends XML_RPC_Base $rs .= "\n"; reset($val); foreach ($val as $key2 => $val2) { - $rs .= "" . htmlspecialchars($key2) . "\n"; + $rs .= "" . serendipity_specialchars($key2) . "\n"; $rs .= $this->serializeval($val2); $rs .= "\n"; } @@ -1729,7 +1729,7 @@ class XML_RPC_Value extends XML_RPC_Base $rs .= "<${typ}>" . ($val ? '1' : '0') . ""; break; case $GLOBALS['XML_RPC_String']: - $rs .= "<${typ}>" . htmlspecialchars($val). ""; + $rs .= "<${typ}>" . serendipity_specialchars($val). ""; break; default: $rs .= "<${typ}>${val}"; diff --git a/include/compat.inc.php b/include/compat.inc.php index 7f9aabeb..5856a650 100644 --- a/include/compat.inc.php +++ b/include/compat.inc.php @@ -282,7 +282,7 @@ if (empty($_SERVER['REQUEST_URI'])) { // Some security issues if (isset($serendipity['GET']['searchTerm'])) { - $serendipity['GET']['searchTerm'] = htmlspecialchars(strip_tags($serendipity['GET']['searchTerm'])); + $serendipity['GET']['searchTerm'] = serendipity_specialchars(strip_tags($serendipity['GET']['searchTerm'])); } /** diff --git a/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php b/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php index da55fdf2..ae9fefaa 100644 --- a/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php +++ b/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php @@ -316,7 +316,7 @@ class serendipity_event_entryproperties extends serendipity_event ?>
- +
- + '; @@ -355,7 +355,7 @@ class serendipity_event_entryproperties extends serendipity_event $users = serendipity_fetchUsers('', 'hidden'); foreach($users AS $user) { ?> - + '; @@ -380,7 +380,7 @@ class serendipity_event_entryproperties extends serendipity_event } $avail_users =& $this->getValidAuthors(); foreach($avail_users AS $user) { - echo '' . "\n"; + echo '' . "\n"; } ?> @@ -414,7 +414,7 @@ class serendipity_event_entryproperties extends serendipity_event $selected = false; } - echo '' . "\n"; + echo '' . "\n"; } } ?> @@ -447,7 +447,7 @@ class serendipity_event_entryproperties extends serendipity_event foreach($fields AS $fieldname) { $fieldparts = explode(':', $fieldname); $fieldname = $fieldparts[0]; - $fieldname = htmlspecialchars(trim($fieldname)); + $fieldname = serendipity_specialchars(trim($fieldname)); if (isset($serendipity['POST']['properties'][$fieldname])) { $value = $serendipity['POST']['properties'][$fieldname]; @@ -459,7 +459,7 @@ class serendipity_event_entryproperties extends serendipity_event ?>
- +
'; foreach($entries AS $idx => $entry) { - printf('
  • ' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_BUILDING, $entry['id'], htmlspecialchars($entry['title'])); + printf('
  • ' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_BUILDING, $entry['id'], serendipity_specialchars($entry['title'])); $this->updateCache($entry); echo ' ' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHED . '
    • '; } @@ -620,10 +620,10 @@ class serendipity_event_entryproperties extends serendipity_event if ($to < $total) { ?>
    - +
    > @@ -268,7 +268,7 @@ class serendipity_event_mailer extends serendipity_event foreach($to AS $mailto) { if (!empty($mailto)) { - echo htmlspecialchars($mailto) . '...
    '; + echo serendipity_specialchars($mailto) . '...
    '; serendipity_sendMail($mailto, $mail['subject'], $mail['body'], $mail['from']); } } diff --git a/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php b/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php index 1abdb9dc..e4e045d9 100644 --- a/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php +++ b/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php @@ -781,7 +781,7 @@ var $filter_defaults; if ($use_gd) { return sprintf('CAPTCHA', $serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . md5(time()), - htmlspecialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2) + serendipity_specialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2) ); } else { $bgcolors = explode(',', $this->get_config('captcha_color', '255,0,255')); @@ -791,7 +791,7 @@ var $filter_defaults; for ($i = 1; $i <= $max_char; $i++) { $output .= sprintf('CAPTCHA ' . $i . '', $serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . $i . '_' . md5(time()), - htmlspecialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2) + serendipity_specialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2) ); } $output .= '
    '; @@ -1205,7 +1205,7 @@ var $filter_defaults; echo '
    '; echo '
    '; } elseif (isset($serendipity['POST']['captcha'])) { - echo ''; + echo ''; } echo ''; } diff --git a/plugins/serendipity_plugin_authors/serendipity_plugin_authors.php b/plugins/serendipity_plugin_authors/serendipity_plugin_authors.php index 9ab292ea..c450f942 100644 --- a/plugins/serendipity_plugin_authors/serendipity_plugin_authors.php +++ b/plugins/serendipity_plugin_authors/serendipity_plugin_authors.php @@ -107,7 +107,7 @@ class serendipity_plugin_authors extends serendipity_plugin { if ( !empty($image) ) { $html .= 'XML '; } - $html .= ''. htmlspecialchars($auth['realname']) . $entrycount . ''; + $html .= ''. serendipity_specialchars($auth['realname']) . $entrycount . ''; $html .= '' . "\n"; } } diff --git a/plugins/serendipity_plugin_calendar/serendipity_plugin_calendar.php b/plugins/serendipity_plugin_calendar/serendipity_plugin_calendar.php index 10d477a8..9cad1e70 100644 --- a/plugins/serendipity_plugin_calendar/serendipity_plugin_calendar.php +++ b/plugins/serendipity_plugin_calendar/serendipity_plugin_calendar.php @@ -307,7 +307,7 @@ class serendipity_plugin_calendar extends serendipity_plugin { $cellProps[$externalevents[$currDay]['Class']] = 1; } if (isset($externalevents[$currDay]['Title'])) { - $cellProps['Title'] = htmlspecialchars($externalevents[$currDay]['Title']); + $cellProps['Title'] = serendipity_specialchars($externalevents[$currDay]['Title']); } if (isset($externalevents[$currDay]['Extended'])) { foreach($externalevents[$currDay]['Extended'] as $ext_key => $ext_val) { diff --git a/plugins/serendipity_plugin_categories/serendipity_plugin_categories.php b/plugins/serendipity_plugin_categories/serendipity_plugin_categories.php index 01f956e1..176606df 100644 --- a/plugins/serendipity_plugin_categories/serendipity_plugin_categories.php +++ b/plugins/serendipity_plugin_categories/serendipity_plugin_categories.php @@ -268,7 +268,7 @@ class serendipity_plugin_categories extends serendipity_plugin { if ( !empty($image) ) { $html .= 'XML '; } - $html .= ''. htmlspecialchars($categories[$cid]['category_name']) .''; + $html .= ''. serendipity_specialchars($categories[$cid]['category_name']) .''; $html .= '' . "\n"; } } diff --git a/plugins/serendipity_plugin_comments/serendipity_plugin_comments.php b/plugins/serendipity_plugin_comments/serendipity_plugin_comments.php index 0164b741..24a8b605 100644 --- a/plugins/serendipity_plugin_comments/serendipity_plugin_comments.php +++ b/plugins/serendipity_plugin_comments/serendipity_plugin_comments.php @@ -213,9 +213,9 @@ class serendipity_plugin_comments extends serendipity_plugin substr($row['comment_url'], 0, 8) != 'https://') { $row['comment_url'] = 'http://' . $row['comment_url']; } - $user = '' . htmlspecialchars(strip_tags($row['user'])) . ''; + $user = '' . serendipity_specialchars(strip_tags($row['user'])) . ''; } else { - $user = htmlspecialchars(strip_tags($row['user'])); + $user = serendipity_specialchars(strip_tags($row['user'])); } $user = trim($user); @@ -256,10 +256,10 @@ class serendipity_plugin_comments extends serendipity_plugin '
    ' . PLUGIN_COMMENTS_ABOUT . '
    ', '
    ' . $user . '', - ' ' - . htmlspecialchars($row['subject']) + ' ' + . serendipity_specialchars($row['subject']) . '
    ' . "\n" - . '
    ' . htmlspecialchars(serendipity_strftime($dateformat, $row['stamp'])) . '
    ' . "\n" + . '
    ' . serendipity_specialchars(serendipity_strftime($dateformat, $row['stamp'])) . '
    ' . "\n" . '
    ' . strip_tags($entry['comment'], '
    ') . '
    ' . "\n\n" ); } diff --git a/plugins/serendipity_plugin_history/serendipity_plugin_history.php b/plugins/serendipity_plugin_history/serendipity_plugin_history.php index 7b6f266d..ce1f61e3 100644 --- a/plugins/serendipity_plugin_history/serendipity_plugin_history.php +++ b/plugins/serendipity_plugin_history/serendipity_plugin_history.php @@ -189,7 +189,7 @@ class serendipity_plugin_history extends serendipity_plugin $t = ($maxlength==0 || strlen($e[$x]['title'])<=$maxlength) ? $e[$x]['title'] : (trim(serendipity_mb('substr', $e[$x]['title'], 0, $maxlength-3)).' [...]'); - echo '"' . htmlspecialchars($t) . '"'; + echo '"' . serendipity_specialchars($t) . '"'; if ($full) { echo '
    ' . strip_tags($e[$x]['body']) . '
    '; } } diff --git a/plugins/serendipity_plugin_recententries/serendipity_plugin_recententries.php b/plugins/serendipity_plugin_recententries/serendipity_plugin_recententries.php index e01291e9..f1126d1e 100644 --- a/plugins/serendipity_plugin_recententries/serendipity_plugin_recententries.php +++ b/plugins/serendipity_plugin_recententries/serendipity_plugin_recententries.php @@ -241,9 +241,9 @@ class serendipity_plugin_recententries extends serendipity_plugin { $entry['title'] = '#' . $entry['id']; } - echo '
    ' . htmlspecialchars($entry['title']) . '
    ' . "\n" + echo '
    ' . serendipity_specialchars($entry['title']) . '
    ' . "\n" . '
    ' - . htmlspecialchars(serendipity_strftime($dateformat, $entry['timestamp'])) + . serendipity_specialchars(serendipity_strftime($dateformat, $entry['timestamp'])) . '
    ' . "\n"; } echo '' . "\n\n"; diff --git a/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php b/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php index 56875ff9..d9c16c62 100644 --- a/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php +++ b/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php @@ -507,7 +507,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin { $content .= '
    '; if ($use_rss_link) { - $content .= '
    '; + $content .= '
    '; } if (!empty($bulletimg)) { @@ -525,7 +525,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin { if ($escape_rss) { $content .= $this->decode($item[$rss_element]); } else { - $content .= htmlspecialchars($this->decode($item[$rss_element])); + $content .= serendipity_specialchars($this->decode($item[$rss_element])); } if ($smarty) { @@ -551,7 +551,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin { $item['timestamp'] = @strtotime(isset($item['pubdate']) ? $item['pubdate'] : $item['dc:date']); if (!($item['timestamp'] == -1) AND ($displaydate == 'true')) { $content .= '
    ' - . htmlspecialchars(serendipity_formatTime($dateformat, $item['timestamp'], false)) + . serendipity_specialchars(serendipity_formatTime($dateformat, $item['timestamp'], false)) . '
    '; } @@ -650,7 +650,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin { $content .= '
    '; if ($use_rss_link) { - $content .= '
    '; + $content .= '
    '; } if (!empty($bulletimg)) { @@ -668,7 +668,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin { if ($escape_rss) { $content .= $this->decode($item[$rss_element]); } else { - $content .= htmlspecialchars($this->decode($item[$rss_element])); + $content .= serendipity_specialchars($this->decode($item[$rss_element])); } if ($smarty) { @@ -694,7 +694,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin { $item['timestamp'] = @strtotime(isset($item['pubdate']) ? $item['pubdate'] : $item['dc:date']); if (!($item['timestamp'] == -1) AND ($displaydate == 'true')) { $content .= '
    ' - . htmlspecialchars(serendipity_formatTime($dateformat, $item['timestamp'], false)) + . serendipity_specialchars(serendipity_formatTime($dateformat, $item['timestamp'], false)) . '
    '; } @@ -782,23 +782,23 @@ class serendipity_plugin_remoterss extends serendipity_plugin { } if (!empty($item['text'])) { - $text = htmlspecialchars($this->decode($item['text'])); + $text = serendipity_specialchars($this->decode($item['text'])); } elseif (!empty($item['title'])) { - $text = htmlspecialchars($this->decode($item['title'])); + $text = serendipity_specialchars($this->decode($item['title'])); } elseif (!empty($item['description'])) { - $text = htmlspecialchars($this->decode($item['description'])); + $text = serendipity_specialchars($this->decode($item['description'])); } else { $text = ''; } if ($blogrolling === true && (!empty($text) || !empty($url))) { - $content .= '•     ' . $text . ""; + $content .= '• ' . $text . ""; if (isset($item['isRecent'])) { $content .= ' *'; } $content .= "
    "; } elseif ((isset($item['type']) && $item['type'] == 'url') || !empty($url)) { - $content .= '• ' . $text . ""; + $content .= '• ' . $text . ""; $content .= "
    "; } ++$i; diff --git a/serendipity_admin.php b/serendipity_admin.php index 2c36f43d..c0d79935 100644 --- a/serendipity_admin.php +++ b/serendipity_admin.php @@ -66,7 +66,7 @@ if (defined('IS_up2date') && IS_up2date === true && IS_installed === true) { $is_logged_in = serendipity_userLoggedIn(); if ($is_logged_in) { - $self_info = sprintf(USER_SELF_INFO, htmlspecialchars($serendipity['serendipityUser']), $serendipity['permissionLevels'][$serendipity['serendipityUserlevel']]); + $self_info = sprintf(USER_SELF_INFO, serendipity_specialchars($serendipity['serendipityUser']), $serendipity['permissionLevels'][$serendipity['serendipityUserlevel']]); } else { $self_info = ''; } diff --git a/serendipity_admin_image_selector.php b/serendipity_admin_image_selector.php index 1e30cf7c..b3b982b6 100644 --- a/serendipity_admin_image_selector.php +++ b/serendipity_admin_image_selector.php @@ -121,7 +121,7 @@ switch ($serendipity['GET']['step']) { serendipity_plugin_api::hook_event('media_getproperties_cached', $media['file']['props']['base_metadata'], $media['file']['realfile']); if ($file['is_image']) { - $file['finishJSFunction'] = $file['origfinishJSFunction'] = 'serendipity.serendipity_imageSelector_done(\'' . htmlspecialchars($serendipity['GET']['textarea']) . '\')'; + $file['finishJSFunction'] = $file['origfinishJSFunction'] = 'serendipity.serendipity_imageSelector_done(\'' . serendipity_specialchars($serendipity['GET']['textarea']) . '\')'; if (!empty($serendipity['GET']['filename_only']) && $serendipity['GET']['filename_only'] !== 'true') { $file['fast_select'] = true; @@ -277,11 +277,11 @@ switch ($serendipity['GET']['step']) { $media['case'] = 'default'; $add_url = ''; if (!empty($serendipity['GET']['htmltarget'])) { - $add_url .= '&serendipity[htmltarget]=' . htmlspecialchars($serendipity['GET']['htmltarget']); + $add_url .= '&serendipity[htmltarget]=' . serendipity_specialchars($serendipity['GET']['htmltarget']); } if (!empty($serendipity['GET']['filename_only'])) { - $add_url .= '&serendipity[filename_only]=' . htmlspecialchars($serendipity['GET']['filename_only']); + $add_url .= '&serendipity[filename_only]=' . serendipity_specialchars($serendipity['GET']['filename_only']); } if (!isset($serendipity['thumbPerPage2'])) { @@ -293,7 +293,7 @@ switch ($serendipity['GET']['step']) { isset($serendipity['GET']['page']) ? $serendipity['GET']['page'] : 1, $serendipity['thumbPerPage2'], ($serendipity['showMediaToolbar'] ? true : false), - '?serendipity[step]=1' . $add_url . '&serendipity[textarea]='. htmlspecialchars($serendipity['GET']['textarea']), + '?serendipity[step]=1' . $add_url . '&serendipity[textarea]='. serendipity_specialchars($serendipity['GET']['textarea']), true, null );