| Révision | e72eb8997265134c2ecc95173e2570d99e7cbcee (tree) |
|---|---|
| l'heure | 2014-06-02 06:01:07 |
| Auteur |  umorigu <umorigu@gmai...> |
| Commiter | umorigu |
Replace 'htmlspecialchars' by 'htmlsc'
The behavior of 'htmlspecialchars' has changed in PHP 5.4.
The default value of 3rd parameter $encoding is UTF-8.
Almost all EUC_JP characters are handled as invalid UTF-8
sequence and that cause empty output.
http://docs.php.net/manual/en/function.htmlspecialchars.php
The solution used in 'htmlsc' is setting $encoding explicitly.
lib/func.php (diff) plugin/ls2.inc.php (diff) plugin/referer.inc.php (diff) plugin/tracker.inc.php (diff) plugin/versionlist.inc.php (diff)| @@ -356,14 +356,14 @@ function page_list($pages, $cmd = 'read', $withfilename = FALSE) | ||
| 356 | 356 | |
| 357 | 357 | foreach($pages as $file=>$page) { |
| 358 | 358 | $r_page = rawurlencode($page); |
| 359 | - $s_page = htmlspecialchars($page, ENT_QUOTES); | |
| 359 | + $s_page = htmlsc($page, ENT_QUOTES); | |
| 360 | 360 | $passage = get_pg_passage($page); |
| 361 | 361 | |
| 362 | 362 | $str = ' <li><a href="' . $href . $r_page . '">' . |
| 363 | 363 | $s_page . '</a>' . $passage; |
| 364 | 364 | |
| 365 | 365 | if ($withfilename) { |
| 366 | - $s_file = htmlspecialchars($file); | |
| 366 | + $s_file = htmlsc($file); | |
| 367 | 367 | $str .= "\n" . ' <ul><li>' . $s_file . '</li></ul>' . |
| 368 | 368 | "\n" . ' '; |
| 369 | 369 | } |
| @@ -106,7 +106,7 @@ function plugin_ls2_show_lists($prefix, & $params) | ||
| 106 | 106 | foreach ($pages as $page) $params["page_$page"] = 0; |
| 107 | 107 | |
| 108 | 108 | if (empty($pages)) { |
| 109 | - return str_replace('$1', htmlspecialchars($prefix), $_ls2_err_nopages); | |
| 109 | + return str_replace('$1', htmlsc($prefix), $_ls2_err_nopages); | |
| 110 | 110 | } else { |
| 111 | 111 | $params['result'] = $params['saved'] = array(); |
| 112 | 112 | foreach ($pages as $page) |
| @@ -99,8 +99,8 @@ function plugin_referer_body($page, $sort) | ||
| 99 | 99 | list($ltime, $stime, $count, $url, $enable) = $arr; |
| 100 | 100 | |
| 101 | 101 | // 非ASCIIキャラクタ(だけ)をURLエンコードしておく BugTrack/440 |
| 102 | - $e_url = htmlspecialchars(preg_replace('/([" \x80-\xff]+)/e', 'rawurlencode("$1")', $url)); | |
| 103 | - $s_url = htmlspecialchars(mb_convert_encoding(rawurldecode($url), SOURCE_ENCODING, 'auto')); | |
| 102 | + $e_url = htmlsc(preg_replace('/([" \x80-\xff]+)/e', 'rawurlencode("$1")', $url)); | |
| 103 | + $s_url = htmlsc(mb_convert_encoding(rawurldecode($url), SOURCE_ENCODING, 'auto')); | |
| 104 | 104 | |
| 105 | 105 | $lpass = get_passage($ltime, FALSE); // 最終更新日時からの経過時間 |
| 106 | 106 | $spass = get_passage($stime, FALSE); // 初回登録日時からの経過時間 |
| @@ -164,7 +164,7 @@ function plugin_referer_set_color() | ||
| 164 | 164 | // BGCOLOR(#88ff88) |
| 165 | 165 | $matches = array(); |
| 166 | 166 | foreach ($pconfig_color as $x) |
| 167 | - $color[$x[0]] = htmlspecialchars( | |
| 167 | + $color[$x[0]] = htmlsc( | |
| 168 | 168 | preg_match('/BGCOLOR\(([^)]+)\)/si', $x[1], $matches) ? |
| 169 | 169 | $matches[1] : $x[1]); |
| 170 | 170 | } |
| @@ -91,7 +91,7 @@ function plugin_tracker_action() | ||
| 91 | 91 | $config = new Config('plugin/tracker/'.$config_name); |
| 92 | 92 | if (!$config->read()) |
| 93 | 93 | { |
| 94 | - return "<p>config file '".htmlspecialchars($config_name)."' not found.</p>"; | |
| 94 | + return "<p>config file '".htmlsc($config_name)."' not found.</p>"; | |
| 95 | 95 | } |
| 96 | 96 | $config->config_name = $config_name; |
| 97 | 97 | $source = $config->page.'/page'; |
| @@ -199,7 +199,7 @@ function plugin_tracker_inline() | ||
| 199 | 199 | |
| 200 | 200 | if (!$config->read()) |
| 201 | 201 | { |
| 202 | - return "config file '".htmlspecialchars($config_name)."' not found."; | |
| 202 | + return "config file '".htmlsc($config_name)."' not found."; | |
| 203 | 203 | } |
| 204 | 204 | |
| 205 | 205 | $config->config_name = $config_name; |
| @@ -439,7 +439,7 @@ class Tracker_field_radio extends Tracker_field_format | ||
| 439 | 439 | |
| 440 | 440 | function get_tag() |
| 441 | 441 | { |
| 442 | - $s_name = htmlspecialchars($this->name); | |
| 442 | + $s_name = htmlsc($this->name); | |
| 443 | 443 | $retval = ''; |
| 444 | 444 | $id = 0; |
| 445 | 445 | foreach ($this->config->get($this->name) as $option) |
| @@ -44,12 +44,12 @@ function plugin_versionlist_convert() | ||
| 44 | 44 | continue; |
| 45 | 45 | } |
| 46 | 46 | $data = join('',file($sdir.$file)); |
| 47 | - $comment = array('file'=>htmlspecialchars($sdir.$file),'rev'=>'','date'=>''); | |
| 47 | + $comment = array('file'=>htmlsc($sdir.$file),'rev'=>'','date'=>''); | |
| 48 | 48 | if (preg_match('/\$'.'Id: (.+),v (\d+\.\d+) (\d{4}\/\d{2}\/\d{2} \d{2}:\d{2}:\d{2})/',$data,$matches)) |
| 49 | 49 | { |
| 50 | -// $comment['file'] = htmlspecialchars($sdir.$matches[1]); | |
| 51 | - $comment['rev'] = htmlspecialchars($matches[2]); | |
| 52 | - $comment['date'] = htmlspecialchars($matches[3]); | |
| 50 | +// $comment['file'] = htmlsc($sdir.$matches[1]); | |
| 51 | + $comment['rev'] = htmlsc($matches[2]); | |
| 52 | + $comment['date'] = htmlsc($matches[3]); | |
| 53 | 53 | } |
| 54 | 54 | $comments[$sdir.$file] = $comment; |
| 55 | 55 | } |
Fork