mbirth/LuckyCoinkydink
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

Adjust remaining htmlspecialchars() accordingly

Browse Source
This commit is contained in:
Garvin Hicking
2014-11-24 10:13:40 +01:00
parent 26535ec09c
commit eab43b12f5
15 changed files with 48 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bundled-libs/XML/RPC.php
View File

@ -1057,7 +1057,7 @@ class XML_RPC_Response extends XML_RPC_Base
{ {
if ($fcode != 0) { if ($fcode != 0) {
$this->fn = $fcode; $this->fn = $fcode;
$this->fs = htmlspecialchars($fstr); $this->fs = serendipity_specialchars($fstr);
} else { } else {
$this->xv = $val; $this->xv = $val;
} }
@ -1452,7 +1452,7 @@ class XML_RPC_Message extends XML_RPC_Base
$hdrfnd = 0; $hdrfnd = 0;
if ($this->debug) { if ($this->debug) {
print "\n<pre>---GOT---\n"; print "\n<pre>---GOT---\n";
print isset($_SERVER['SERVER_PROTOCOL']) ? htmlspecialchars($data) : $data; print isset($_SERVER['SERVER_PROTOCOL']) ? serendipity_specialchars($data) : $data;
print "\n---END---</pre>\n"; print "\n---END---</pre>\n";
} }
@ -1704,7 +1704,7 @@ class XML_RPC_Value extends XML_RPC_Base
$rs .= "<struct>\n"; $rs .= "<struct>\n";
reset($val); reset($val);
foreach ($val as $key2 => $val2) { foreach ($val as $key2 => $val2) {
$rs .= "<member><name>" . htmlspecialchars($key2) . "</name>\n"; $rs .= "<member><name>" . serendipity_specialchars($key2) . "</name>\n";
$rs .= $this->serializeval($val2); $rs .= $this->serializeval($val2);
$rs .= "</member>\n"; $rs .= "</member>\n";
} }
@ -1729,7 +1729,7 @@ class XML_RPC_Value extends XML_RPC_Base
$rs .= "<${typ}>" . ($val ? '1' : '0') . "</${typ}>"; $rs .= "<${typ}>" . ($val ? '1' : '0') . "</${typ}>";
break; break;
case $GLOBALS['XML_RPC_String']: case $GLOBALS['XML_RPC_String']:
$rs .= "<${typ}>" . htmlspecialchars($val). "</${typ}>"; $rs .= "<${typ}>" . serendipity_specialchars($val). "</${typ}>";
break; break;
default: default:
$rs .= "<${typ}>${val}</${typ}>"; $rs .= "<${typ}>${val}</${typ}>";

2
include/compat.inc.php
View File

@ -282,7 +282,7 @@ if (empty($_SERVER['REQUEST_URI'])) {
// Some security issues // Some security issues
if (isset($serendipity['GET']['searchTerm'])) { if (isset($serendipity['GET']['searchTerm'])) {
$serendipity['GET']['searchTerm'] = htmlspecialchars(strip_tags($serendipity['GET']['searchTerm'])); $serendipity['GET']['searchTerm'] = serendipity_specialchars(strip_tags($serendipity['GET']['searchTerm']));
} }
/** /**

20
plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php
View File

@ -316,7 +316,7 @@ class serendipity_event_entryproperties extends serendipity_event
?> ?>
<div class="entryproperties_access_pw form_field"> <div class="entryproperties_access_pw form_field">
<label for="properties_access_pw"><?php echo PASSWORD; ?>:</label> <label for="properties_access_pw"><?php echo PASSWORD; ?>:</label>
<input id="properties_access_pw" name="serendipity[properties][entrypassword]" type="password" autocomplete="off" value="<?php echo htmlspecialchars($password); ?>"> <input id="properties_access_pw" name="serendipity[properties][entrypassword]" type="password" autocomplete="off" value="<?php echo serendipity_specialchars($password); ?>">
</div> </div>
<?php <?php
return true; return true;
@ -335,7 +335,7 @@ class serendipity_event_entryproperties extends serendipity_event
$group['name'] = constant($group['confvalue']); $group['name'] = constant($group['confvalue']);
} }
?> ?>
<option value="<?php echo $group['id']; ?>" <?php echo (in_array($group['id'], $access_groups) ? 'selected="selected"' : ''); ?>><?php echo htmlspecialchars($group['name']); ?></option> <option value="<?php echo $group['id']; ?>" <?php echo (in_array($group['id'], $access_groups) ? 'selected="selected"' : ''); ?>><?php echo serendipity_specialchars($group['name']); ?></option>
<?php <?php
} }
echo '</select>'; echo '</select>';
@ -355,7 +355,7 @@ class serendipity_event_entryproperties extends serendipity_event
$users = serendipity_fetchUsers('', 'hidden'); $users = serendipity_fetchUsers('', 'hidden');
foreach($users AS $user) { foreach($users AS $user) {
?> ?>
<option value="<?php echo $user['authorid']; ?>" <?php echo (in_array($user['authorid'], $access_users) ? 'selected="selected"' : ''); ?>><?php echo htmlspecialchars($user['realname']); ?></option> <option value="<?php echo $user['authorid']; ?>" <?php echo (in_array($user['authorid'], $access_users) ? 'selected="selected"' : ''); ?>><?php echo serendipity_specialchars($user['realname']); ?></option>
<?php <?php
} }
echo '</select>'; echo '</select>';
@ -380,7 +380,7 @@ class serendipity_event_entryproperties extends serendipity_event
} }
$avail_users =& $this->getValidAuthors(); $avail_users =& $this->getValidAuthors();
foreach($avail_users AS $user) { foreach($avail_users AS $user) {
echo '<option value="' . $user['authorid'] . '" ' . ($selected_user == $user['authorid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($user['realname']) . '</option>' . "\n"; echo '<option value="' . $user['authorid'] . '" ' . ($selected_user == $user['authorid'] ? ' selected="selected"' : '') . '>' . serendipity_specialchars($user['realname']) . '</option>' . "\n";
} }
?> ?>
</select> </select>
@ -414,7 +414,7 @@ class serendipity_event_entryproperties extends serendipity_event
$selected = false; $selected = false;
} }
echo '<option ' . ($selected ? 'selected="selected"' : '') . ' value="' . $plugin_data['p']->instance . '">' . htmlspecialchars($plugin_data['p']->title) . '</option>' . "\n"; echo '<option ' . ($selected ? 'selected="selected"' : '') . ' value="' . $plugin_data['p']->instance . '">' . serendipity_specialchars($plugin_data['p']->title) . '</option>' . "\n";
} }
} }
?> ?>
@ -447,7 +447,7 @@ class serendipity_event_entryproperties extends serendipity_event
foreach($fields AS $fieldname) { foreach($fields AS $fieldname) {
$fieldparts = explode(':', $fieldname); $fieldparts = explode(':', $fieldname);
$fieldname = $fieldparts[0]; $fieldname = $fieldparts[0];
$fieldname = htmlspecialchars(trim($fieldname)); $fieldname = serendipity_specialchars(trim($fieldname));
if (isset($serendipity['POST']['properties'][$fieldname])) { if (isset($serendipity['POST']['properties'][$fieldname])) {
$value = $serendipity['POST']['properties'][$fieldname]; $value = $serendipity['POST']['properties'][$fieldname];
@ -459,7 +459,7 @@ class serendipity_event_entryproperties extends serendipity_event
?> ?>
<div id="ep_column_<?php echo $fieldname; ?>" class="clearfix form_area"> <div id="ep_column_<?php echo $fieldname; ?>" class="clearfix form_area">
<label for="prop<?php echo $fieldname; ?>"><?php echo $fieldname; ?></label> <label for="prop<?php echo $fieldname; ?>"><?php echo $fieldname; ?></label>
<textarea id="prop<?php echo $fieldname; ?>" name="serendipity[properties][<?php echo $fieldname; ?>]"><?php echo htmlspecialchars($value); ?></textarea> <textarea id="prop<?php echo $fieldname; ?>" name="serendipity[properties][<?php echo $fieldname; ?>]"><?php echo serendipity_specialchars($value); ?></textarea>
<button class="customfieldMedia" type="button" name="insImage" title="<?php echo MEDIA ; ?>"><span class="icon-picture"></span><span class="visuallyhidden"><?php echo MEDIA ; ?></span></button> <button class="customfieldMedia" type="button" name="insImage" title="<?php echo MEDIA ; ?>"><span class="icon-picture"></span><span class="visuallyhidden"><?php echo MEDIA ; ?></span></button>
</div> </div>
<?php <?php
@ -610,7 +610,7 @@ class serendipity_event_entryproperties extends serendipity_event
if (is_array($entries)) { if (is_array($entries)) {
echo '<ul class="plainList">'; echo '<ul class="plainList">';
foreach($entries AS $idx => $entry) { foreach($entries AS $idx => $entry) {
printf('<li>' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_BUILDING, $entry['id'], htmlspecialchars($entry['title'])); printf('<li>' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_BUILDING, $entry['id'], serendipity_specialchars($entry['title']));
$this->updateCache($entry); $this->updateCache($entry);
echo ' ' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHED . '</li>'; echo ' ' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHED . '</li>';
} }
@ -620,10 +620,10 @@ class serendipity_event_entryproperties extends serendipity_event
if ($to < $total) { if ($to < $total) {
?> ?>
<script> <script>
if (confirm("<?php echo htmlspecialchars(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_FETCHNEXT); ?>")) { if (confirm("<?php echo serendipity_specialchars(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_FETCHNEXT); ?>")) {
location.href = "?serendipity[adminModule]=event_display&serendipity[adminAction]=buildcache&serendipity[page]=<?php echo ($page+1); ?>"; location.href = "?serendipity[adminModule]=event_display&serendipity[adminAction]=buildcache&serendipity[page]=<?php echo ($page+1); ?>";
} else { } else {
alert("<?php echo htmlspecialchars(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_ABORTED); ?>"); alert("<?php echo serendipity_specialchars(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_ABORTED); ?>");
} }
</script> </script>
<?php <?php

2
plugins/serendipity_event_gravatar/serendipity_event_gravatar.php
View File

@ -438,7 +438,7 @@ class serendipity_event_gravatar extends serendipity_event
$title = ''; $title = '';
$author = 'unknown'; $author = 'unknown';
if (isset($eventData['author'])) { if (isset($eventData['author'])) {
$author = htmlspecialchars($eventData['author']); $author = serendipity_specialchars($eventData['author']);
$title = $author; $title = $author;
} }

4
plugins/serendipity_event_mailer/serendipity_event_mailer.php
View File

@ -164,7 +164,7 @@ class serendipity_event_mailer extends serendipity_event
</div> </div>
<div class="form_field"> <div class="form_field">
<label title="<?php echo PLUGIN_EVENT_MAILER_RECIPIENT; ?>" for="properties_mailto"><?php echo PLUGIN_EVENT_MAILER_RECIPIENTS; ?></label> <label title="<?php echo PLUGIN_EVENT_MAILER_RECIPIENT; ?>" for="properties_mailto"><?php echo PLUGIN_EVENT_MAILER_RECIPIENTS; ?></label>
<input id="properties_mailto" type="text" name="serendipity[properties][mailto]" value="<?php echo htmlspecialchars($mailto); ?>"> <input id="properties_mailto" type="text" name="serendipity[properties][mailto]" value="<?php echo serendipity_specialchars($mailto); ?>">
</div> </div>
<div class="form_check"> <div class="form_check">
<input id="sendall" type="checkbox" value="true" name="serendipity[properties][sendentry_all]" <?php echo ($sendtoall ? 'checked="checked"': ''); ?>> <input id="sendall" type="checkbox" value="true" name="serendipity[properties][sendentry_all]" <?php echo ($sendtoall ? 'checked="checked"': ''); ?>>
@ -268,7 +268,7 @@ class serendipity_event_mailer extends serendipity_event
foreach($to AS $mailto) { foreach($to AS $mailto) {
if (!empty($mailto)) { if (!empty($mailto)) {
echo htmlspecialchars($mailto) . '...<br />'; echo serendipity_specialchars($mailto) . '...<br />';
serendipity_sendMail($mailto, $mail['subject'], $mail['body'], $mail['from']); serendipity_sendMail($mailto, $mail['subject'], $mail['body'], $mail['from']);
} }
} }

6
plugins/serendipity_event_spamblock/serendipity_event_spamblock.php
View File

@ -781,7 +781,7 @@ var $filter_defaults;
if ($use_gd) { if ($use_gd) {
return sprintf('<img src="%s" onclick="this.src=this.src + \'1\'" title="%s" alt="CAPTCHA" class="captcha" />', return sprintf('<img src="%s" onclick="this.src=this.src + \'1\'" title="%s" alt="CAPTCHA" class="captcha" />',
$serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . md5(time()), $serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . md5(time()),
htmlspecialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2) serendipity_specialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2)
); );
} else { } else {
$bgcolors = explode(',', $this->get_config('captcha_color', '255,0,255')); $bgcolors = explode(',', $this->get_config('captcha_color', '255,0,255'));
@ -791,7 +791,7 @@ var $filter_defaults;
for ($i = 1; $i <= $max_char; $i++) { for ($i = 1; $i <= $max_char; $i++) {
$output .= sprintf('<img src="%s" title="%s" alt="CAPTCHA ' . $i . '" class="captcha" />', $output .= sprintf('<img src="%s" title="%s" alt="CAPTCHA ' . $i . '" class="captcha" />',
$serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . $i . '_' . md5(time()), $serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . $i . '_' . md5(time()),
htmlspecialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2) serendipity_specialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2)
); );
} }
$output .= '</div>'; $output .= '</div>';
@ -1205,7 +1205,7 @@ var $filter_defaults;
echo '<br />'; echo '<br />';
echo '<label for="captcha">'. PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC3 . '</label><br /><input class="input_textbox" type="text" size="5" name="serendipity[captcha]" value="" id="captcha" />'; echo '<label for="captcha">'. PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC3 . '</label><br /><input class="input_textbox" type="text" size="5" name="serendipity[captcha]" value="" id="captcha" />';
} elseif (isset($serendipity['POST']['captcha'])) { } elseif (isset($serendipity['POST']['captcha'])) {
echo '<input type="hidden" name="serendipity[captcha]" value="' . htmlspecialchars($serendipity['POST']['captcha']) . '" />'; echo '<input type="hidden" name="serendipity[captcha]" value="' . serendipity_specialchars($serendipity['POST']['captcha']) . '" />';
} }
echo '</div>'; echo '</div>';
} }

2
plugins/serendipity_plugin_authors/serendipity_plugin_authors.php
View File

@ -107,7 +107,7 @@ class serendipity_plugin_authors extends serendipity_plugin {
if ( !empty($image) ) { if ( !empty($image) ) {
$html .= '<a class="serendipity_xml_icon" href="'. serendipity_feedAuthorURL($auth, 'serendipityHTTPPath') .'"><img src="'. $image .'" alt="XML" style="border: 0px" /></a> '; $html .= '<a class="serendipity_xml_icon" href="'. serendipity_feedAuthorURL($auth, 'serendipityHTTPPath') .'"><img src="'. $image .'" alt="XML" style="border: 0px" /></a> ';
} }
$html .= '<a href="'. serendipity_authorURL($auth, 'serendipityHTTPPath') .'" title="'. htmlspecialchars($auth['realname']) .'">'. htmlspecialchars($auth['realname']) . $entrycount . '</a>'; $html .= '<a href="'. serendipity_authorURL($auth, 'serendipityHTTPPath') .'" title="'. serendipity_specialchars($auth['realname']) .'">'. serendipity_specialchars($auth['realname']) . $entrycount . '</a>';
$html .= '</li>' . "\n"; $html .= '</li>' . "\n";
} }
} }

2
plugins/serendipity_plugin_calendar/serendipity_plugin_calendar.php
View File

@ -307,7 +307,7 @@ class serendipity_plugin_calendar extends serendipity_plugin {
$cellProps[$externalevents[$currDay]['Class']] = 1; $cellProps[$externalevents[$currDay]['Class']] = 1;
} }
if (isset($externalevents[$currDay]['Title'])) { if (isset($externalevents[$currDay]['Title'])) {
$cellProps['Title'] = htmlspecialchars($externalevents[$currDay]['Title']); $cellProps['Title'] = serendipity_specialchars($externalevents[$currDay]['Title']);
} }
if (isset($externalevents[$currDay]['Extended'])) { if (isset($externalevents[$currDay]['Extended'])) {
foreach($externalevents[$currDay]['Extended'] as $ext_key => $ext_val) { foreach($externalevents[$currDay]['Extended'] as $ext_key => $ext_val) {

2
plugins/serendipity_plugin_categories/serendipity_plugin_categories.php
View File

@ -268,7 +268,7 @@ class serendipity_plugin_categories extends serendipity_plugin {
if ( !empty($image) ) { if ( !empty($image) ) {
$html .= '<a class="serendipity_xml_icon" href="'. $categories[$cid]['feedCategoryURL'] .'"><img src="'. $image .'" alt="XML" style="border: 0px" /></a> '; $html .= '<a class="serendipity_xml_icon" href="'. $categories[$cid]['feedCategoryURL'] .'"><img src="'. $image .'" alt="XML" style="border: 0px" /></a> ';
} }
$html .= '<a href="'. $categories[$cid]['categoryURL'] .'" title="'. htmlspecialchars($cat['category_description']) .'" style="padding-left: '. $categories[$cid]['paddingPx'] .'px">'. htmlspecialchars($categories[$cid]['category_name']) .'</a>'; $html .= '<a href="'. $categories[$cid]['categoryURL'] .'" title="'. serendipity_specialchars($cat['category_description']) .'" style="padding-left: '. $categories[$cid]['paddingPx'] .'px">'. serendipity_specialchars($categories[$cid]['category_name']) .'</a>';
$html .= '</li>' . "\n"; $html .= '</li>' . "\n";
} }
} }

10
plugins/serendipity_plugin_comments/serendipity_plugin_comments.php
View File

@ -213,9 +213,9 @@ class serendipity_plugin_comments extends serendipity_plugin
substr($row['comment_url'], 0, 8) != 'https://') { substr($row['comment_url'], 0, 8) != 'https://') {
$row['comment_url'] = 'http://' . $row['comment_url']; $row['comment_url'] = 'http://' . $row['comment_url'];
} }
$user = '<a class="highlight" href="' . htmlspecialchars(strip_tags($row['comment_url'])) . '" title="' . htmlspecialchars(strip_tags($row['comment_title'])) . '">' . htmlspecialchars(strip_tags($row['user'])) . '</a>'; $user = '<a class="highlight" href="' . serendipity_specialchars(strip_tags($row['comment_url'])) . '" title="' . serendipity_specialchars(strip_tags($row['comment_title'])) . '">' . serendipity_specialchars(strip_tags($row['user'])) . '</a>';
} else { } else {
$user = htmlspecialchars(strip_tags($row['user'])); $user = serendipity_specialchars(strip_tags($row['user']));
} }
$user = trim($user); $user = trim($user);
@ -256,10 +256,10 @@ class serendipity_plugin_comments extends serendipity_plugin
'<div class="plugin_comment_wrap">' . PLUGIN_COMMENTS_ABOUT . '</div>', '<div class="plugin_comment_wrap">' . PLUGIN_COMMENTS_ABOUT . '</div>',
'<div class="plugin_comment_subject"><span class="plugin_comment_author">' . $user . '</span>', '<div class="plugin_comment_subject"><span class="plugin_comment_author">' . $user . '</span>',
' <a class="highlight" href="' . serendipity_archiveURL($row['entry_id'], $row['subject'], 'baseURL', true, array('timestamp' => $row['entrystamp'])) .'#c' . $row['comment_id'] . '" title="' . htmlspecialchars($row['subject']) . '">' ' <a class="highlight" href="' . serendipity_archiveURL($row['entry_id'], $row['subject'], 'baseURL', true, array('timestamp' => $row['entrystamp'])) .'#c' . $row['comment_id'] . '" title="' . serendipity_specialchars($row['subject']) . '">'
. htmlspecialchars($row['subject']) . serendipity_specialchars($row['subject'])
. '</a></div>' . "\n" . '</a></div>' . "\n"
. '<div class="plugin_comment_date">' . htmlspecialchars(serendipity_strftime($dateformat, $row['stamp'])) . '</div>' . "\n" . '<div class="plugin_comment_date">' . serendipity_specialchars(serendipity_strftime($dateformat, $row['stamp'])) . '</div>' . "\n"
. '<div class="plugin_comment_body">' . strip_tags($entry['comment'], '<br /><img><a>') . '</div>' . "\n\n" . '<div class="plugin_comment_body">' . strip_tags($entry['comment'], '<br /><img><a>') . '</div>' . "\n\n"
); );
} }

2
plugins/serendipity_plugin_history/serendipity_plugin_history.php
View File

@ -189,7 +189,7 @@ class serendipity_plugin_history extends serendipity_plugin
$t = ($maxlength==0 || strlen($e[$x]['title'])<=$maxlength) ? $t = ($maxlength==0 || strlen($e[$x]['title'])<=$maxlength) ?
$e[$x]['title'] : $e[$x]['title'] :
(trim(serendipity_mb('substr', $e[$x]['title'], 0, $maxlength-3)).' [...]'); (trim(serendipity_mb('substr', $e[$x]['title'], 0, $maxlength-3)).' [...]');
echo '<a href="' . $url . '" title="' . str_replace("'", "`", htmlspecialchars($e[$x]['title'])) . '">"' . htmlspecialchars($t) . '"</a></div>'; echo '<a href="' . $url . '" title="' . str_replace("'", "`", serendipity_specialchars($e[$x]['title'])) . '">"' . serendipity_specialchars($t) . '"</a></div>';
if ($full) if ($full)
{ echo '<div class="serendipity_history_body">' . strip_tags($e[$x]['body']) . '</div>'; } { echo '<div class="serendipity_history_body">' . strip_tags($e[$x]['body']) . '</div>'; }
} }

4
plugins/serendipity_plugin_recententries/serendipity_plugin_recententries.php
View File

@ -241,9 +241,9 @@ class serendipity_plugin_recententries extends serendipity_plugin {
$entry['title'] = '#' . $entry['id']; $entry['title'] = '#' . $entry['id'];
} }
echo '<dt class="serendipity_recententries_entrylink"><a href="' . $entryLink . '" title="' . htmlspecialchars($entry['title']) . '">' . htmlspecialchars($entry['title']) . '</a></dt>' . "\n" echo '<dt class="serendipity_recententries_entrylink"><a href="' . $entryLink . '" title="' . serendipity_specialchars($entry['title']) . '">' . serendipity_specialchars($entry['title']) . '</a></dt>' . "\n"
. '<dd class="serendipity_recententries_entrydate serendipitySideBarDate">' . '<dd class="serendipity_recententries_entrydate serendipitySideBarDate">'
. htmlspecialchars(serendipity_strftime($dateformat, $entry['timestamp'])) . serendipity_specialchars(serendipity_strftime($dateformat, $entry['timestamp']))
. '</dd>' . "\n"; . '</dd>' . "\n";
} }
echo '</dl>' . "\n\n"; echo '</dl>' . "\n\n";

22
plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php
View File

@ -507,7 +507,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
$content .= '<div class="rss_item">'; $content .= '<div class="rss_item">';
if ($use_rss_link) { if ($use_rss_link) {
$content .= '<div class="rss_link"><a href="' . htmlspecialchars($this->decode($item['link'])) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . '>'; $content .= '<div class="rss_link"><a href="' . serendipity_specialchars($this->decode($item['link'])) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . '>';
} }
if (!empty($bulletimg)) { if (!empty($bulletimg)) {
@ -525,7 +525,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
if ($escape_rss) { if ($escape_rss) {
$content .= $this->decode($item[$rss_element]); $content .= $this->decode($item[$rss_element]);
} else { } else {
$content .= htmlspecialchars($this->decode($item[$rss_element])); $content .= serendipity_specialchars($this->decode($item[$rss_element]));
} }
if ($smarty) { if ($smarty) {
@ -551,7 +551,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
$item['timestamp'] = @strtotime(isset($item['pubdate']) ? $item['pubdate'] : $item['dc:date']); $item['timestamp'] = @strtotime(isset($item['pubdate']) ? $item['pubdate'] : $item['dc:date']);
if (!($item['timestamp'] == -1) AND ($displaydate == 'true')) { if (!($item['timestamp'] == -1) AND ($displaydate == 'true')) {
$content .= '<div class="serendipitySideBarDate">' $content .= '<div class="serendipitySideBarDate">'
. htmlspecialchars(serendipity_formatTime($dateformat, $item['timestamp'], false)) . serendipity_specialchars(serendipity_formatTime($dateformat, $item['timestamp'], false))
. '</div>'; . '</div>';
} }
@ -650,7 +650,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
$content .= '<div class="rss_item">'; $content .= '<div class="rss_item">';
if ($use_rss_link) { if ($use_rss_link) {
$content .= '<div class="rss_link"><a href="' . htmlspecialchars($this->decode($item['link'])) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . '>'; $content .= '<div class="rss_link"><a href="' . serendipity_specialchars($this->decode($item['link'])) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . '>';
} }
if (!empty($bulletimg)) { if (!empty($bulletimg)) {
@ -668,7 +668,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
if ($escape_rss) { if ($escape_rss) {
$content .= $this->decode($item[$rss_element]); $content .= $this->decode($item[$rss_element]);
} else { } else {
$content .= htmlspecialchars($this->decode($item[$rss_element])); $content .= serendipity_specialchars($this->decode($item[$rss_element]));
} }
if ($smarty) { if ($smarty) {
@ -694,7 +694,7 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
$item['timestamp'] = @strtotime(isset($item['pubdate']) ? $item['pubdate'] : $item['dc:date']); $item['timestamp'] = @strtotime(isset($item['pubdate']) ? $item['pubdate'] : $item['dc:date']);
if (!($item['timestamp'] == -1) AND ($displaydate == 'true')) { if (!($item['timestamp'] == -1) AND ($displaydate == 'true')) {
$content .= '<div class="serendipitySideBarDate">' $content .= '<div class="serendipitySideBarDate">'
. htmlspecialchars(serendipity_formatTime($dateformat, $item['timestamp'], false)) . serendipity_specialchars(serendipity_formatTime($dateformat, $item['timestamp'], false))
. '</div>'; . '</div>';
} }
@ -782,23 +782,23 @@ class serendipity_plugin_remoterss extends serendipity_plugin {
} }
if (!empty($item['text'])) { if (!empty($item['text'])) {
$text = htmlspecialchars($this->decode($item['text'])); $text = serendipity_specialchars($this->decode($item['text']));
} elseif (!empty($item['title'])) { } elseif (!empty($item['title'])) {
$text = htmlspecialchars($this->decode($item['title'])); $text = serendipity_specialchars($this->decode($item['title']));
} elseif (!empty($item['description'])) { } elseif (!empty($item['description'])) {
$text = htmlspecialchars($this->decode($item['description'])); $text = serendipity_specialchars($this->decode($item['description']));
} else { } else {
$text = ''; $text = '';
} }
if ($blogrolling === true && (!empty($text) || !empty($url))) { if ($blogrolling === true && (!empty($text) || !empty($url))) {
$content .= '&bull; <a href="' . htmlspecialchars($url) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . ' title="' . $text . '">' . $text . "</a>"; $content .= '&bull; <a href="' . serendipity_specialchars($url) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . ' title="' . $text . '">' . $text . "</a>";
if (isset($item['isRecent'])) { if (isset($item['isRecent'])) {
$content .= ' <span style="color: Red; ">*</span>'; $content .= ' <span style="color: Red; ">*</span>';
} }
$content .= "<br />"; $content .= "<br />";
} elseif ((isset($item['type']) && $item['type'] == 'url') || !empty($url)) { } elseif ((isset($item['type']) && $item['type'] == 'url') || !empty($url)) {
$content .= '&bull; <a href="' . htmlspecialchars($url) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . ' title="' . $text . '">' . $text . "</a>"; $content .= '&bull; <a href="' . serendipity_specialchars($url) . '" ' . (!empty($target) ? 'target="'.$target.'"' : '') . ' title="' . $text . '">' . $text . "</a>";
$content .= "<br />"; $content .= "<br />";
} }
++$i; ++$i;

2
serendipity_admin.php
View File

@ -66,7 +66,7 @@ if (defined('IS_up2date') && IS_up2date === true && IS_installed === true) {
$is_logged_in = serendipity_userLoggedIn(); $is_logged_in = serendipity_userLoggedIn();
if ($is_logged_in) { if ($is_logged_in) {
$self_info = sprintf(USER_SELF_INFO, htmlspecialchars($serendipity['serendipityUser']), $serendipity['permissionLevels'][$serendipity['serendipityUserlevel']]); $self_info = sprintf(USER_SELF_INFO, serendipity_specialchars($serendipity['serendipityUser']), $serendipity['permissionLevels'][$serendipity['serendipityUserlevel']]);
} else { } else {
$self_info = ''; $self_info = '';
} }

8
serendipity_admin_image_selector.php
View File

@ -121,7 +121,7 @@ switch ($serendipity['GET']['step']) {
serendipity_plugin_api::hook_event('media_getproperties_cached', $media['file']['props']['base_metadata'], $media['file']['realfile']); serendipity_plugin_api::hook_event('media_getproperties_cached', $media['file']['props']['base_metadata'], $media['file']['realfile']);
if ($file['is_image']) { if ($file['is_image']) {
$file['finishJSFunction'] = $file['origfinishJSFunction'] = 'serendipity.serendipity_imageSelector_done(\'' . htmlspecialchars($serendipity['GET']['textarea']) . '\')'; $file['finishJSFunction'] = $file['origfinishJSFunction'] = 'serendipity.serendipity_imageSelector_done(\'' . serendipity_specialchars($serendipity['GET']['textarea']) . '\')';
if (!empty($serendipity['GET']['filename_only']) && $serendipity['GET']['filename_only'] !== 'true') { if (!empty($serendipity['GET']['filename_only']) && $serendipity['GET']['filename_only'] !== 'true') {
$file['fast_select'] = true; $file['fast_select'] = true;
@ -277,11 +277,11 @@ switch ($serendipity['GET']['step']) {
$media['case'] = 'default'; $media['case'] = 'default';
$add_url = ''; $add_url = '';
if (!empty($serendipity['GET']['htmltarget'])) { if (!empty($serendipity['GET']['htmltarget'])) {
$add_url .= '&amp;serendipity[htmltarget]=' . htmlspecialchars($serendipity['GET']['htmltarget']); $add_url .= '&amp;serendipity[htmltarget]=' . serendipity_specialchars($serendipity['GET']['htmltarget']);
} }
if (!empty($serendipity['GET']['filename_only'])) { if (!empty($serendipity['GET']['filename_only'])) {
$add_url .= '&amp;serendipity[filename_only]=' . htmlspecialchars($serendipity['GET']['filename_only']); $add_url .= '&amp;serendipity[filename_only]=' . serendipity_specialchars($serendipity['GET']['filename_only']);
} }
if (!isset($serendipity['thumbPerPage2'])) { if (!isset($serendipity['thumbPerPage2'])) {
@ -293,7 +293,7 @@ switch ($serendipity['GET']['step']) {
isset($serendipity['GET']['page']) ? $serendipity['GET']['page'] : 1, isset($serendipity['GET']['page']) ? $serendipity['GET']['page'] : 1,
$serendipity['thumbPerPage2'], $serendipity['thumbPerPage2'],
($serendipity['showMediaToolbar'] ? true : false), ($serendipity['showMediaToolbar'] ? true : false),
'?serendipity[step]=1' . $add_url . '&amp;serendipity[textarea]='. htmlspecialchars($serendipity['GET']['textarea']), '?serendipity[step]=1' . $add_url . '&amp;serendipity[textarea]='. serendipity_specialchars($serendipity['GET']['textarea']),
true, true,
null null
); );