<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: auth.php,v 1.19 2005/06/13 14:02:07 henoheno Exp $
-// Copyright (C) 2003-2005 PukiWiki Developers Team
+// $Id: auth.php,v 1.22 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C) 2003-2005, 2007 PukiWiki Developers Team
// License: GPL v2 or (at your option) any later version
//
// Authentication related functions
} else {
// With exit
$body = $title = str_replace('$1',
- htmlspecialchars(strip_bracket($page)), $_title_cannotedit);
+ htmlsc(strip_bracket($page)), $_title_cannotedit);
if (is_freeze($page))
$body .= '(<a href="' . $script . '?cmd=unfreeze&page=' .
rawurlencode($page) . '">' . $_msg_unfreeze . '</a>)';
}
if ($exit_flag) {
$body = $title = str_replace('$1',
- htmlspecialchars(strip_bracket($page)), $title_cannot);
+ htmlsc(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
catbody($title, $page, $body);
exit;
* @access public
* @author
* @create
- * @version $Id: backup.php,v 1.12 2006/02/02 13:27:57 henoheno Exp $
+ * @version $Id: backup.php,v 1.13 2011/01/25 15:01:01 henoheno Exp $
* Copyright (C)
* 2002-2006 PukiWiki Developers Team
* 2001-2002 Originally written by yu-ji
$body = preg_replace("/\n*$/", "\n", $body);
$fp = _backup_fopen($page, 'wb')
- or die_message('Cannot open ' . htmlspecialchars(_backup_get_filename($page)) .
+ or die_message('Cannot open ' . htmlsc(_backup_get_filename($page)) .
'<br />Maybe permission is not writable or filename is too long');
_backup_fputs($fp, $strout);
_backup_fputs($fp, $body);
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: convert_html.php,v 1.18 2006/05/13 07:29:58 henoheno Exp $
+// $Id: convert_html.php,v 1.21 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2005 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
$text = $matches[5];
} else if ($matches[3]) {
$name = $matches[2] ? 'background-color' : 'color';
- $this->style[$name] = $name . ':' . htmlspecialchars($matches[3]) . ';';
+ $this->style[$name] = $name . ':' . htmlsc($matches[3]) . ';';
$text = $matches[5];
} else if ($matches[4]) {
- $this->style['size'] = 'font-size:' . htmlspecialchars($matches[4]) . 'px;';
+ $this->style['size'] = 'font-size:' . htmlsc($matches[4]) . 'px;';
$text = $matches[5];
}
}
{
global $preformat_ltrim;
parent::Element();
- $this->elements[] = htmlspecialchars(
+ $this->elements[] = htmlsc(
(! $preformat_ltrim || $text == '' || $text{0} != ' ') ? $text : substr($text, 1));
}
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: diff.php,v 1.7 2005/12/10 12:48:02 henoheno Exp $
+// $Id: diff.php,v 1.10 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2003-2005 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
$do_update_diff_table .= '<tr>';
$params = array($_obj->get('left'), $_obj->get('right'), $_obj->text());
foreach ($params as $key=>$text) {
- $text = htmlspecialchars($text);
+ $text = htmlsc($text);
if (trim($text) == '') $text = ' ';
$do_update_diff_table .= '<' . $tags[$key] .
' class="style_' . $tags[$key] . '">' . $text .
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: file.php,v 1.72 2006/06/11 14:42:09 henoheno Exp $
+// $Id: file.php,v 1.95 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2006 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
// File replacement (Edit)
if (! is_pagename($page))
- die_message(str_replace('$1', htmlspecialchars($page),
+ die_message(str_replace('$1', htmlsc($page),
str_replace('$2', 'WikiName', $_msg_invalidiwn)));
$str = rtrim(preg_replace('/' . "\r" . '/', '', $str)) . "\n";
$timestamp = ($file_exists && $notimestamp) ? filemtime($file) : FALSE;
$fp = fopen($file, 'a') or die('fopen() failed: ' .
- htmlspecialchars(basename($dir) . '/' . encode($page) . '.txt') .
+ htmlsc(basename($dir) . '/' . encode($page) . '.txt') .
'<br />' . "\n" .
'Maybe permission is not writable or filename is too long');
set_file_buffer($fp, 0);
// Add
array_unshift($lines, '-' . format_date(UTIME) . ' - ' . $_page .
- htmlspecialchars($subject) . "\n");
+ htmlsc($subject) . "\n");
// Get latest $limit reports
$lines = array_splice($lines, 0, $limit);
// Update
$fp = fopen(get_filename($recentpage), 'w') or
die_message('Cannot write page file ' .
- htmlspecialchars($recentpage) .
+ htmlsc($recentpage) .
'<br />Maybe permission is not writable or filename is too long');
set_file_buffer($fp, 0);
flock($fp, LOCK_EX);
// Open
pkwk_touch_file($file);
$fp = fopen($file, 'r+') or
- die_message('Cannot open ' . htmlspecialchars($whatsnew));
+ die_message('Cannot open ' . htmlsc($whatsnew));
set_file_buffer($fp, 0);
flock($fp, LOCK_EX);
ftruncate($fp, 0);
rewind($fp);
foreach ($recent_pages as $_page=>$time)
- fputs($fp, '-' . htmlspecialchars(format_date($time)) .
- ' - ' . '[[' . htmlspecialchars($_page) . ']]' . "\n");
+ fputs($fp, '-' . htmlsc(format_date($time)) .
+ ' - ' . '[[' . htmlsc($_page) . ']]' . "\n");
fputs($fp, '#norelated' . "\n"); // :)
flock($fp, LOCK_UN);
$file = get_filename($whatsnew);
pkwk_touch_file($file);
$fp = fopen($file, 'r+') or
- die_message('Cannot open ' . htmlspecialchars($whatsnew));
+ die_message('Cannot open ' . htmlsc($whatsnew));
set_file_buffer($fp, 0);
flock($fp, LOCK_EX);
ftruncate($fp, 0);
rewind($fp);
foreach (array_keys($recent_pages) as $page) {
$time = $recent_pages[$page];
- $s_lastmod = htmlspecialchars(format_date($time));
- $s_page = htmlspecialchars($page);
+ $s_lastmod = htmlsc(format_date($time));
+ $s_page = htmlsc($page);
fputs($fp, '-' . $s_lastmod . ' - [[' . $s_page . ']]' . "\n");
}
fputs($fp, '#norelated' . "\n"); // :)
$lockfile = CACHE_DIR . 'pkwk_chown.lock';
$flock = fopen($lockfile, 'a') or
die('pkwk_chown(): fopen() failed for: CACHEDIR/' .
- basename(htmlspecialchars($lockfile)));
+ basename(htmlsc($lockfile)));
flock($flock, LOCK_EX) or die('pkwk_chown(): flock() failed for lock');
// Check owner
$stat = stat($filename) or
- die('pkwk_chown(): stat() failed for: ' . basename(htmlspecialchars($filename)));
+ die('pkwk_chown(): stat() failed for: ' . basename(htmlsc($filename)));
if ($stat[4] === $php_uid) {
// NOTE: Windows always here
$result = TRUE; // Seems the same UID. Nothing to do
// NOTE: Not 'r+'. Don't check write permission here
$ffile = fopen($filename, 'r') or
die('pkwk_chown(): fopen() failed for: ' .
- basename(htmlspecialchars($filename)));
+ basename(htmlsc($filename)));
// Try to chown by re-creating files
// NOTE:
return $result;
} else {
die('pkwk_touch_file(): Invalid UID and (not writable for the directory or not a flie): ' .
- htmlspecialchars(basename($filename)));
+ htmlsc(basename($filename)));
}
}
?>
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: func.php,v 1.73 2006/05/15 16:41:39 teanan Exp $
+// $Id: func.php,v 1.104 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2006 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
return FALSE;
} else {
$fp = fopen(get_filename($page), 'rb') or
- die('is_freeze(): fopen() failed: ' . htmlspecialchars($page));
+ die('is_freeze(): fopen() failed: ' . htmlsc($page));
flock($fp, LOCK_SH) or die('is_freeze(): flock() failed');
rewind($fp);
$buffer = fgets($fp, 9);
flock($fp, LOCK_UN) or die('is_freeze(): flock() failed');
- fclose($fp) or die('is_freeze(): fclose() failed: ' . htmlspecialchars($page));
+ fclose($fp) or die('is_freeze(): fclose() failed: ' . htmlsc($page));
$is_freeze[$page] = ($buffer != FALSE && rtrim($buffer, "\r\n") == '#freeze');
return $is_freeze[$page];
$char = mb_substr($word_nm, $pos, 1, SOURCE_ENCODING);
// Just normalized one? (ASCII char or Zenkaku-Katakana?)
- $or = array(preg_quote($do_escape ? htmlspecialchars($char) : $char, $quote));
+ $or = array(preg_quote($do_escape ? htmlsc($char) : $char, $quote));
if (strlen($char) == 1) {
// An ASCII (single-byte) character
foreach (array(strtoupper($char), strtolower($char)) as $_char) {
if ($non_format) return array_keys($pages);
$r_word = rawurlencode($word);
- $s_word = htmlspecialchars($word);
+ $s_word = htmlsc($word);
if (empty($pages))
return str_replace('$1', $s_word, $_msg_notfoundresult);
$retval = '<ul>' . "\n";
foreach (array_keys($pages) as $page) {
$r_page = rawurlencode($page);
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$passage = $show_passage ? ' ' . get_passage(get_filetime($page)) : '';
$retval .= ' <li><a href="' . $script . '?cmd=read&page=' .
$r_page . '&word=' . $r_word . '">' . $s_page .
global $rule_page;
if (! is_page($rule_page)) {
- return '<p>Sorry, page \'' . htmlspecialchars($rule_page) .
+ return '<p>Sorry, page \'' . htmlsc($rule_page) .
'\' unavailable.</p>';
} else {
return convert_html(get_source($rule_page));
if (isset($script_directory_index)) {
if (! file_exists($script_directory_index))
die_message('Directory index file not found: ' .
- htmlspecialchars($script_directory_index));
+ htmlsc($script_directory_index));
$matches = array();
if (preg_match('#^(.+/)' . preg_quote($script_directory_index, '#') . '$#',
$script, $matches)) $script = $matches[1];
return join($glue, $arr);
}
+// Sugar with default settings
+function htmlsc($string = '', $flags = ENT_QUOTES, $charset = CONTENT_CHARSET)
+{
+ return htmlspecialchars($string, $flags, $charset); // htmlsc()
+}
+
+
//// Compat ////
// is_a -- Returns TRUE if the object is of this class or has this class as one of its parents
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: html.php,v 1.57 2006/04/15 17:33:35 teanan Exp $
+// $Id: html.php,v 1.66 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2006 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
// Search words
if ($search_word_color && isset($vars['word'])) {
- $body = '<div class="small">' . $_msg_word . htmlspecialchars($vars['word']) .
+ $body = '<div class="small">' . $_msg_word . htmlsc($vars['word']) .
'</div>' . $hr . "\n" . $body;
// BugTrack2/106: Only variables can be passed by reference from PHP 5.0.5
$keys = get_search_words(array_keys($keys), TRUE);
$id = 0;
foreach ($keys as $key=>$pattern) {
- $s_key = htmlspecialchars($key);
+ $s_key = htmlsc($key);
$pattern = '/' .
'<textarea[^>]*>.*?<\/textarea>' . // Ignore textareas
'|' . '<[^>]*>' . // Ignore tags
foreach(get_existpages() as $_page) {
if ($_page == $whatsnew || check_non_list($_page))
continue;
- $s_page = htmlspecialchars($_page);
+ $s_page = htmlsc($_page);
$pages[$_page] = ' <option value="' . $s_page . '">' .
$s_page . '</option>';
}
}
$r_page = rawurlencode($page);
- $s_page = htmlspecialchars($page);
- $s_digest = htmlspecialchars($digest);
- $s_postdata = htmlspecialchars($refer . $postdata);
- $s_original = isset($vars['original']) ? htmlspecialchars($vars['original']) : $s_postdata;
+ $s_page = htmlsc($page);
+ $s_digest = htmlsc($digest);
+ $s_postdata = htmlsc($refer . $postdata);
+ $s_original = isset($vars['original']) ? htmlsc($vars['original']) : $s_postdata;
$b_preview = isset($vars['preview']); // TRUE when preview
$btn_preview = $b_preview ? $_btn_repreview : $_btn_preview;
if (check_non_list($page)) continue;
$r_page = rawurlencode($page);
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$passage = get_passage($lastmod);
$_links[] = $tag ?
'<a href="' . $script . '?' . $r_page . '" title="' .
{
global $script;
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$r_page = rawurlencode($page);
return '<a href="' . $script . '?plugin=related&page=' . $r_page .
if (version_compare(PHP_VERSION, '4.3.0', '>=')) {
if (headers_sent($file, $line))
die('Headers already sent at ' .
- htmlspecialchars($file) .
+ htmlsc($file) .
' line ' . $line . '.');
} else {
if (headers_sent())
break;
}
- $charset = htmlspecialchars($charset);
+ $charset = htmlsc($charset);
// Output XML or not
if ($type == PKWK_DTD_TYPE_XHTML) echo '<?xml version="1.0" encoding="' . $charset . '" ?>' . "\n";
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: init.php,v 1.46 2006/06/11 15:04:27 henoheno Exp $
+// $Id: init.php,v 1.57 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2006 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
// 'uni'(means UTF-8), 'English', or 'Japanese'
// SOURCE_ENCODING: Internal content encoding (for mbstring extension)
// 'UTF-8', 'ASCII', or 'EUC-JP'
-// CONTENT_CHARSET: Internal content encoding = Output content charset (for skin)
+// CONTENT_CHARSET: Internal content encoding = Output content charset
+// (for DTD, htmlsc())
// 'UTF-8', 'iso-8859-1', 'EUC-JP' or ...
switch (LANG){
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: link.php,v 1.11 2006/04/06 03:00:00 teanan Exp $
-// Copyright (C) 2003-2006 PukiWiki Developers Team
+// $Id: link.php,v 1.20 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C) 2003-2007 PukiWiki Developers Team
// License: GPL v2 or (at your option) any later version
//
// Backlinks / AutoLinks related functions
// ¥Ú¡¼¥¸¤¬Â¸ºß¤·¤Æ¤¤¤ë
if (! empty($rel_new)) {
$fp = fopen($rel_file, 'w')
- or die_message('cannot write ' . htmlspecialchars($rel_file));
+ or die_message('cannot write ' . htmlsc($rel_file));
fputs($fp, join("\t", $rel_new));
fclose($fp);
}
$rel = array_unique($rel);
if (! empty($rel)) {
$fp = fopen(CACHE_DIR . encode($page) . '.rel', 'w')
- or die_message('cannot write ' . htmlspecialchars(CACHE_DIR . encode($page) . '.rel'));
+ or die_message('cannot write ' . htmlsc(CACHE_DIR . encode($page) . '.rel'));
fputs($fp, join("\t", $rel));
fclose($fp);
}
foreach ($ref as $page=>$arr) {
$fp = fopen(CACHE_DIR . encode($page) . '.ref', 'w')
- or die_message('cannot write ' . htmlspecialchars(CACHE_DIR . encode($page) . '.ref'));
+ or die_message('cannot write ' . htmlsc(CACHE_DIR . encode($page) . '.ref'));
foreach ($arr as $ref_page=>$ref_auto)
fputs($fp, $ref_page . "\t" . $ref_auto . "\n");
fclose($fp);
}
if ($is_page || ! $all_auto) {
$fp = fopen($ref_file, 'w')
- or die_message('cannot write ' . htmlspecialchars($ref_file));
+ or die_message('cannot write ' . htmlsc($ref_file));
fputs($fp, $ref);
fclose($fp);
}
unlink($ref_file);
if (($is_page || ! $all_auto) && $ref != '') {
$fp = fopen($ref_file, 'w')
- or die_message('cannot write ' . htmlspecialchars($ref_file));
+ or die_message('cannot write ' . htmlsc($ref_file));
fputs($fp, $ref);
fclose($fp);
}
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: make_link.php,v 1.30 2005/12/10 07:57:30 henoheno Exp $
+// $Id: make_link.php,v 1.38 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2003-2005 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
$string = preg_replace_callback('/' . $this->pattern . '/x',
array(& $this, 'replace'), $string);
- $arr = explode("\x08", make_line_rules(htmlspecialchars($string)));
+ $arr = explode("\x08", make_line_rules(htmlsc($string)));
$retval = '';
while (! empty($arr)) {
$retval .= array_shift($arr) . array_shift($this->result);
$obj = $this->get_converter($arr);
$this->result[] = ($obj !== NULL && $obj->set($arr, $this->page) !== FALSE) ?
- $obj->toString() : make_line_rules(htmlspecialchars($arr[0]));
+ $obj->toString() : make_line_rules(htmlsc($arr[0]));
return "\x08"; // Add a mark into latest processed part
}
$this->type = $type;
if (! PKWK_DISABLE_INLINE_IMAGE_FROM_URI &&
is_url($alias) && preg_match('/\.(gif|png|jpe?g)$/i', $alias)) {
- $alias = '<img src="' . htmlspecialchars($alias) . '" alt="' . $name . '" />';
+ $alias = '<img src="' . htmlsc($alias) . '" alt="' . $name . '" />';
} else if ($alias != '') {
if ($converter === NULL)
$converter = new InlineConverter(array('plugin'));
} else {
// No such plugin, or Failed
$body = (($body == '') ? '' : '{' . $body . '}') . ';';
- return make_line_rules(htmlspecialchars('&' . $this->plain) . $body);
+ return make_line_rules(htmlsc('&' . $this->plain) . $body);
}
}
}
function set($arr, $page)
{
list(, , $alias, $name) = $this->splice($arr);
- return parent::setParam($page, htmlspecialchars($name),
+ return parent::setParam($page, htmlsc($name),
'', 'url', $alias == '' ? $name : $alias);
}
function set($arr, $page)
{
list(, $name, $alias) = $this->splice($arr);
- return parent::setParam($page, htmlspecialchars($name), '', 'url', $alias);
+ return parent::setParam($page, htmlsc($name), '', 'url', $alias);
}
function toString()
$url = get_interwiki_url($name, $this->param);
$this->url = ($url === FALSE) ?
$script . '?' . rawurlencode('[[' . $name . ':' . $this->param . ']]') :
- htmlspecialchars($url);
+ htmlsc($url);
return parent::setParam(
$page,
- htmlspecialchars($name . ':' . $this->param),
+ htmlsc($name . ':' . $this->param),
'',
'InterWikiName',
$alias == '' ? $name . ':' . $this->param : $alias
{
global $script, $vars, $link_compact, $related, $_symbol_noexists;
- $s_page = htmlspecialchars(strip_bracket($page));
+ $s_page = htmlsc(strip_bracket($page));
$s_alias = ($alias == '') ? $s_page : $alias;
if ($page == '') return '<a href="' . $anchor . '">' . $s_alias . '</a>';
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: plugin.php,v 1.15 2005/07/03 14:16:23 henoheno Exp $
+// $Id: plugin.php,v 1.20 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2005 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
$name = strtolower($name);
if(isset($exist[$name])) {
if (++$count[$name] > PKWK_PLUGIN_CALL_TIME_LIMIT)
- die('Alert: plugin "' . htmlspecialchars($name) .
+ die('Alert: plugin "' . htmlsc($name) .
'" was called over ' . PKWK_PLUGIN_CALL_TIME_LIMIT .
' times. SPAM or someting?<br />' . "\n" .
'<a href="' . get_script_uri() . '?cmd=edit&page='.
$digest = $_digest; // Revert
if ($retvar === FALSE) {
- return htmlspecialchars('#' . $name .
+ return htmlsc('#' . $name .
($args != '' ? '(' . $args . ')' : ''));
} else if (PKWK_ENCODING_HINT != '') {
// Insert a hidden field, supports idenrtifying text enconding
if($retvar === FALSE) {
// Do nothing
- return htmlspecialchars('&' . $name . ($args ? '(' . $args . ')' : '') . ';');
+ return htmlsc('&' . $name . ($args ? '(' . $args . ')' : '') . ';');
} else {
return $retvar;
}
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: pukiwiki.php,v 1.11 2005/09/11 05:58:33 henoheno Exp $
+// $Id: pukiwiki.php,v 1.23 2011/01/25 15:01:01 henoheno Exp $
//
// PukiWiki 1.4.*
// Copyright (C) 2002-2005 by PukiWiki Developers Team
}
} else {
// Not found
- $msg = 'plugin=' . htmlspecialchars($plugin) .
+ $msg = 'plugin=' . htmlsc($plugin) .
' is not implemented.';
$retvars = array('msg'=>$msg,'body'=>$msg);
$base = & $defaultpage;
}
}
-$title = htmlspecialchars(strip_bracket($base));
+$title = htmlsc(strip_bracket($base));
$page = make_search($base);
if (isset($retvars['msg']) && $retvars['msg'] != '') {
$title = str_replace('$1', $title, $retvars['msg']);
} else {
if ($base == '' || ! is_page($base)) {
$base = & $defaultpage;
- $title = htmlspecialchars(strip_bracket($base));
+ $title = htmlsc(strip_bracket($base));
$page = make_search($base);
}
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: amazon.inc.php,v 1.15 2005/04/09 03:18:06 henoheno Exp $
+// $Id: amazon.inc.php,v 1.16 2011/01/25 15:01:01 henoheno Exp $
// Id: amazon.inc.php,v 1.1 2003/07/24 13:00:00 ´×¼Ë
//
// Amazon plugin: Book-review maker via amazon.com/amazon.jp
// ¥ì¥Ó¥å¡¼ºîÀ®
if (PKWK_READONLY) return ''; // Show nothing
- $s_page = htmlspecialchars($vars['page']);
+ $s_page = htmlsc($vars['page']);
if ($s_page == '') $s_page = isset($vars['refer']) ? $vars['refer'] : '';
$ret = <<<EOD
<form action="$script" method="post">
if ($align == 'clear') return '<div style="clear:both"></div>'; // ²þ¹ÔÁÞÆþ
if ($align != 'left') $align = 'right'; // ÇÛÃÖ·èÄê
- $asin_all = htmlspecialchars($aryargs[0]); // for XSS
+ $asin_all = htmlsc($aryargs[0]); // for XSS
if (is_asin() == FALSE && $align != 'clear') return FALSE;
if ($aryargs[2] != '') {
// ¥¿¥¤¥È¥ë»ØÄê
- $title = $alt = htmlspecialchars($aryargs[2]); // for XSS
+ $title = $alt = htmlsc($aryargs[2]); // for XSS
if ($alt == 'image') {
$alt = plugin_amazon_get_asin_title();
if ($alt == '') return FALSE;
$s_page = isset($vars['refer']) ? $vars['refer'] : '';
$asin_all = isset($vars['asin']) ?
- htmlspecialchars(rawurlencode(strip_bracket($vars['asin']))) : '';
+ htmlsc(rawurlencode(strip_bracket($vars['asin']))) : '';
if (! is_asin()) {
$retvars['msg'] = '¥Ö¥Ã¥¯¥ì¥Ó¥å¡¼ÊÔ½¸';
list($asin_all) = func_get_args();
- $asin_all = htmlspecialchars($asin_all); // for XSS
+ $asin_all = htmlsc($asin_all); // for XSS
if (! is_asin()) return FALSE;
$title = plugin_amazon_get_asin_title();
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: aname.inc.php,v 1.27 2005/09/18 09:32:55 henoheno Exp $
+// $Id: aname.inc.php,v 1.28 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2005 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
return plugin_aname_usage($convert, 'ID too long');
if (! preg_match(PLUGIN_ANAME_ID_REGEX, $id))
return plugin_aname_usage($convert, 'Invalid ID string: ' .
- htmlspecialchars($id));
+ htmlsc($id));
$_id[$id] = TRUE; // Set
}
- if ($convert) $body = htmlspecialchars($body);
- $id = htmlspecialchars($id); // Insurance
+ if ($convert) $body = htmlsc($body);
+ $id = htmlsc($id); // Insurance
$class = $f_super ? 'anchor_super' : 'anchor';
$attr_id = $f_noid ? '' : ' id="' . $id . '"';
$url = $f_full ? get_script_uri() . '?' . rawurlencode($vars['page']) : '';
<?php
-// $Id: article.inc.php,v 1.25 2005/09/24 01:12:29 henoheno Exp $
+// $Id: article.inc.php,v 1.28 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2005 PukiWiki Developers Team
// 2002 Originally written by OKAWARA,Satoshi <kawara@dml.co.jp>
$body = $_msg_collided . "\n";
- $s_refer = htmlspecialchars($post['refer']);
- $s_digest = htmlspecialchars($post['digest']);
- $s_postdata = htmlspecialchars($postdata_input);
+ $s_refer = htmlsc($post['refer']);
+ $s_digest = htmlsc($post['digest']);
+ $s_postdata = htmlsc($postdata_input);
$body .= <<<EOD
<form action="$script?cmd=preview" method="post">
<div>
$article_no = $numbers[$vars['page']]++;
- $s_page = htmlspecialchars($vars['page']);
- $s_digest = htmlspecialchars($digest);
- $name_cols = PLUGIN_ARTICLE_NAME_COLS;
+ $s_page = htmlsc($vars['page']);
+ $s_digest = htmlsc($digest);
+ $name_cols = PLUGIN_ARTICLE_NAME_COLS;
$subject_cols = PLUGIN_ARTICLE_SUBJECT_COLS;
$article_rows = PLUGIN_ARTICLE_ROWS;
$article_cols = PLUGIN_ARTICLE_COLS;
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: attach.inc.php,v 1.82 2006/04/14 23:51:12 teanan Exp $
+// $Id: attach.inc.php,v 1.92 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2003-2006 PukiWiki Developers Team
// 2002-2003 PANDA <panda@arino.jp> http://home.arino.jp/
global $script, $vars, $_attach_messages;
$r_page = rawurlencode($page);
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$navi = <<<EOD
<span class="small">
[<a href="$script?plugin=attach&pcmd=list&refer=$r_page">{$_attach_messages['msg_list']}</a>]
$param = '&file=' . rawurlencode($this->file) . '&refer=' . rawurlencode($this->page) .
($this->age ? '&age=' . $this->age : '');
$title = $this->time_str . ' ' . $this->size_str;
- $label = ($showicon ? PLUGIN_ATTACH_FILE_ICON : '') . htmlspecialchars($this->file);
+ $label = ($showicon ? PLUGIN_ATTACH_FILE_ICON : '') . htmlsc($this->file);
if ($this->age) {
$label .= ' (backup No.' . $this->age . ')';
}
global $script, $_attach_messages;
$r_page = rawurlencode($this->page);
- $s_page = htmlspecialchars($this->page);
- $s_file = htmlspecialchars($this->file);
+ $s_page = htmlsc($this->page);
+ $s_file = htmlsc($this->file);
$s_err = ($err == '') ? '' : '<p style="font-weight:bold">' . $_attach_messages[$err] . '</p>';
$msg_rename = '';
}
$info = $this->toString(TRUE, FALSE);
- $retval = array('msg'=>sprintf($_attach_messages['msg_info'], htmlspecialchars($this->file)));
+ $retval = array('msg'=>sprintf($_attach_messages['msg_info'], htmlsc($this->file)));
$retval['body'] = <<< EOD
<p class="small">
[<a href="$script?plugin=attach&pcmd=list&refer=$r_page">{$_attach_messages['msg_list']}</a>]
break;
}
}
- $filename = htmlspecialchars($filename);
+ $filename = htmlsc($filename);
ini_set('default_charset', '');
mb_http_output('pass');
$_files[$age] = $this->files[$file][$age]->toString(FALSE, TRUE);
}
if (! isset($_files[0])) {
- $_files[0] = htmlspecialchars($file);
+ $_files[0] = htmlsc($file);
}
ksort($_files);
$_file = $_files[0];
<?php
-// $Id: back.inc.php,v 1.9 2005/06/20 14:57:34 henoheno Exp $
+// $Id: back.inc.php,v 1.10 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2003-2004 PukiWiki Developers Team
// 2002 Katsumi Saito <katsumi@jo1upk.ymt.prug.or.jp>
list($word, $align, $hr, $href) = array_pad(func_get_args(), 4, '');
$word = trim($word);
- $word = ($word == '') ? $_msg_back_word : htmlspecialchars($word);
+ $word = ($word == '') ? $_msg_back_word : htmlsc($word);
$align = strtolower(trim($align));
switch($align){
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: backup.inc.php,v 1.27 2005/12/10 12:48:02 henoheno Exp $
+// $Id: backup.inc.php,v 1.29 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2005 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
if ($page == '') return array('msg'=>$_title_backuplist, 'body'=>plugin_backup_get_list_all());
check_readable($page, true, true);
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$r_page = rawurlencode($page);
$action = isset($vars['action']) ? $vars['action'] : '';
$s_action = $r_action = '';
if ($action != '') {
- $s_action = htmlspecialchars($action);
+ $s_action = htmlsc($action);
$r_action = rawurlencode($action);
}
$body .= plugin_backup_diff(do_diff($old, $cur));
} else if ($s_action == 'source') {
$title = & $_title_backupsource;
- $body .= '<pre>' . htmlspecialchars(join('', $backups[$s_age]['data'])) .
+ $body .= '<pre>' . htmlsc(join('', $backups[$s_age]['data'])) .
'</pre>' . "\n";
} else {
if (PLUGIN_BACKUP_DISABLE_BACKUP_RENDERING) {
}
$script = get_script_uri();
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$body .= <<<EOD
<p>$_msg_backup_adminpass</p>
<form action="$script" method="post">
</ul>
EOD;
- return $ul . '<pre>' . diff_style_to_css(htmlspecialchars($str)) . '</pre>' . "\n";
+ return $ul . '<pre>' . diff_style_to_css(htmlsc($str)) . '</pre>' . "\n";
}
function plugin_backup_get_list($page)
$script = get_script_uri();
$r_page = rawurlencode($page);
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$retval = array();
$retval[0] = <<<EOD
<ul>
<?php
-// $Id: bugtrack.inc.php,v 1.25 2005/04/03 03:33:47 henoheno Exp $
+// PukiWiki - Yet another WikiWikiWeb clone.
+// $Id: bugtrack.inc.php,v 1.27 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C)
+// 2002-2005, 2007 PukiWiki Developers Team
+// 2002 Y.MASUI GPL2 http://masui.net/pukiwiki/ masui@masui.net
//
// PukiWiki BugTrack plugin
//
$selected = '';
for ($i = 0; $i < $count; ++$i) {
if ($i == ($count - 1)) $selected = ' selected="selected"'; // The last one
- $priority_list = htmlspecialchars($_plugin_bugtrack['priority_list'][$i]);
+ $priority_list = htmlsc($_plugin_bugtrack['priority_list'][$i]);
$select_priority .= ' <option value="' . $priority_list . '"' .
$selected . '>' . $priority_list . '</option>' . "\n";
}
$select_state = "\n";
for ($i = 0; $i < count($_plugin_bugtrack['state_list']); ++$i) {
- $state_list = htmlspecialchars($_plugin_bugtrack['state_list'][$i]);
+ $state_list = htmlsc($_plugin_bugtrack['state_list'][$i]);
$select_state .= ' <option value="' . $state_list . '">' .
$state_list . '</option>' . "\n";
}
} else {
$encoded_category = '<select name="category" id="_p_bugtrack_category_' . $id . '">';
foreach ($category as $_category) {
- $s_category = htmlspecialchars($_category);
+ $s_category = htmlsc($_category);
$encoded_category .= '<option value="' . $s_category . '">' .
$s_category . '</option>' . "\n";
}
}
$script = get_script_uri();
- $s_base = htmlspecialchars($base);
- $s_name = htmlspecialchars($_plugin_bugtrack['name']);
- $s_category = htmlspecialchars($_plugin_bugtrack['category']);
- $s_priority = htmlspecialchars($_plugin_bugtrack['priority']);
- $s_state = htmlspecialchars($_plugin_bugtrack['state']);
- $s_pname = htmlspecialchars($_plugin_bugtrack['pagename']);
- $s_pnamec = htmlspecialchars($_plugin_bugtrack['pagename_comment']);
- $s_version = htmlspecialchars($_plugin_bugtrack['version']);
- $s_versionc = htmlspecialchars($_plugin_bugtrack['version_comment']);
- $s_summary = htmlspecialchars($_plugin_bugtrack['summary']);
- $s_body = htmlspecialchars($_plugin_bugtrack['body']);
- $s_submit = htmlspecialchars($_plugin_bugtrack['submit']);
+ $s_base = htmlsc($base);
+ $s_name = htmlsc($_plugin_bugtrack['name']);
+ $s_category = htmlsc($_plugin_bugtrack['category']);
+ $s_priority = htmlsc($_plugin_bugtrack['priority']);
+ $s_state = htmlsc($_plugin_bugtrack['state']);
+ $s_pname = htmlsc($_plugin_bugtrack['pagename']);
+ $s_pnamec = htmlsc($_plugin_bugtrack['pagename_comment']);
+ $s_version = htmlsc($_plugin_bugtrack['version']);
+ $s_versionc = htmlsc($_plugin_bugtrack['version_comment']);
+ $s_summary = htmlsc($_plugin_bugtrack['summary']);
+ $s_body = htmlsc($_plugin_bugtrack['body']);
+ $s_submit = htmlsc($_plugin_bugtrack['submit']);
$body = <<<EOD
<form action="$script" method="post">
<table border="0">
foreach ($data as $line) {
list($page, $no, $summary, $name, $priority, $state, $category) = $line;
foreach (array('summary', 'name', 'priority', 'state', 'category') as $item)
- $$item = htmlspecialchars($$item);
+ $$item = htmlsc($$item);
$page_link = make_pagelink($page);
$state_no = array_search($state, $_plugin_bugtrack['state_sort']);
if ($state_no === NULL || $state_no === FALSE) $state_no = $count_list;
- $bgcolor = htmlspecialchars($_plugin_bugtrack['state_bgcolor'][$state_no]);
+ $bgcolor = htmlsc($_plugin_bugtrack['state_bgcolor'][$state_no]);
$row = <<<EOD
<tr>
}
$table_html = ' <tr>' . "\n";
- $bgcolor = htmlspecialchars($_plugin_bugtrack['header_bgcolor']);
+ $bgcolor = htmlsc($_plugin_bugtrack['header_bgcolor']);
foreach (array('pagename', 'state', 'priority', 'category', 'name', 'summary') as $item)
$table_html .= ' <th style="background-color:' . $bgcolor . '">' .
- htmlspecialchars($_plugin_bugtrack[$item]) . '</th>' . "\n";
+ htmlsc($_plugin_bugtrack[$item]) . '</th>' . "\n";
$table_html .= ' </tr>' . "\n";
for ($i = 0; $i <= $count_list; ++$i) {
<?php
-// $Id: calendar.inc.php,v 1.21 2005/05/04 04:56:39 henoheno Exp $
+// $Id: calendar.inc.php,v 1.22 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2003,2005 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
$dt = sprintf('%04d%02d%02d', $year, $m_num, $day);
$name = $prefix . $dt;
$r_page = rawurlencode($name);
- $s_page = htmlspecialchars($name);
+ $s_page = htmlsc($name);
$refer = ($cmd == 'edit') ? '&refer=' . rawurlencode($page) : '';
<?php
-// $Id: calendar2.inc.php,v 1.23 2005/05/01 07:38:57 henoheno Exp $
+// $Id: calendar2.inc.php,v 1.24 2011/01/25 15:01:01 henoheno Exp $
//
// Calendar2 plugin
//
$prefix = $base . '/';
}
$r_base = rawurlencode($base);
- $s_base = htmlspecialchars($base);
+ $s_base = htmlsc($base);
$r_prefix = rawurlencode($prefix);
- $s_prefix = htmlspecialchars($prefix);
+ $s_prefix = htmlsc($prefix);
$yr = substr($date_str, 0, 4);
$mon = substr($date_str, 4, 2);
$dt = sprintf('%4d-%02d-%02d', $year, $m_num, $day);
$page = $prefix . $dt;
$r_page = rawurlencode($page);
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
if ($wday == 0 && $day > 1)
$ret .=
$yy = sprintf('%04d.%02d', substr($date, 0, 4),substr($date, 4, 2));
$aryargs = array($vars['page'], $date);
- $s_page = htmlspecialchars($vars['page']);
+ $s_page = htmlsc($vars['page']);
$ret['msg'] = 'calendar ' . $s_page . '/' . $yy;
$ret['body'] = call_user_func_array('plugin_calendar2_convert', $aryargs);
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: calendar_viewer.inc.php,v 1.34 2005/06/05 12:46:59 henoheno Exp $
+// $Id: calendar_viewer.inc.php,v 1.37 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C) 2002-2005, 2007 PukiWiki Developers Team
+// License: GPL v2 or (at your option) any later version
//
// Calendar viewer plugin - List pages that calendar/calnedar2 plugin created
// (Based on calendar and recent plugin)
// Avoid Loop etc.
if (isset($viewed[$pagename])) {
- $s_page = htmlspecialchars($pagename);
+ $s_page = htmlsc($pagename);
return "#calendar_viewer(): You already view: $s_page<br />";
} else {
$viewed[$pagename] = TRUE; // Valid
if (PLUGIN_CALENDAR_VIEWER_DATE_FORMAT !== FALSE) {
$time = strtotime(basename($page)); // $date_sep must be assumed '-' or ''!
if ($time == -1) {
- $s_page = htmlspecialchars($page); // Failed. Why?
+ $s_page = htmlsc($page); // Failed. Why?
} else {
$week = $weeklabels[date('w', $time)];
- $s_page = htmlspecialchars(str_replace(
+ $s_page = htmlsc(str_replace(
array('$w' ),
array($week),
date(PLUGIN_CALENDAR_VIEWER_DATE_FORMAT, $time)
));
}
} else {
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
}
if (PKWK_READONLY) {
// ¥Ê¥Ó¥²¡¼¥ÈÍѤΥê¥ó¥¯¤òËöÈø¤ËÄɲÃ
if ($left_YM != '' || $right_YM != '') {
- $s_date_sep = htmlspecialchars($date_sep);
+ $s_date_sep = htmlsc($date_sep);
$left_link = $right_link = '';
$link = $script . '?plugin=calendar_viewer&mode=' . $mode .
'&file=' . $enc_pagename . '&date_sep=' . $s_date_sep . '&';
$return_vars_array['body'] = call_user_func_array('plugin_calendar_viewer_convert', $args_array);
//$return_vars_array['msg'] = 'calendar_viewer ' . $vars['page'] . '/' . $page_YM;
- $return_vars_array['msg'] = 'calendar_viewer ' . htmlspecialchars($vars['page']);
+ $return_vars_array['msg'] = 'calendar_viewer ' . htmlsc($vars['page']);
if ($vars['page'] != '') $return_vars_array['msg'] .= '/';
if (preg_match('/\*/', $page_YM)) {
// ¤¦¡¼¤ó¡¢n·ïɽ¼¨¤Î»þ¤Ï¤Ê¤ó¤Æ¥Ú¡¼¥¸Ì¾¤Ë¤·¤¿¤é¤¤¤¤¡©
} else {
- $return_vars_array['msg'] .= htmlspecialchars($page_YM);
+ $return_vars_array['msg'] .= htmlsc($page_YM);
}
$vars['page'] = $page;
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: color.inc.php,v 1.22 2005/06/16 15:04:08 henoheno Exp $
+// $Id: color.inc.php,v 1.25 2011/01/25 15:01:01 henoheno Exp $
//
// Text color plugin
global $pkwk_dtd;
$args = func_get_args();
- $text = strip_autolink(array_pop($args)); // Already htmlspecialchars(text)
+ $text = strip_autolink(array_pop($args)); // Already htmlsc(text)
list($color, $bgcolor) = array_pad($args, 2, '');
if ($color != '' && $bgcolor != '' && $text == '') {
// Maybe the old style: '&color(foreground,text);'
- $text = htmlspecialchars($bgcolor);
+ $text = htmlsc($bgcolor);
$bgcolor = '';
}
if (($color == '' && $bgcolor == '') || $text == '' || func_num_args() > 3)
// Invalid color
foreach(array($color, $bgcolor) as $col){
if ($col != '' && ! preg_match(PLUGIN_COLOR_REGEX, $col))
- return '&color():Invalid color: ' . htmlspecialchars($col) . ';';
+ return '&color():Invalid color: ' . htmlsc($col) . ';';
}
if (PLUGIN_COLOR_ALLOW_CSS === TRUE || ! isset($pkwk_dtd) || $pkwk_dtd == PKWK_DTD_XHTML_1_1) {
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: comment.inc.php,v 1.36 2006/01/28 14:54:51 teanan Exp $
+// $Id: comment.inc.php,v 1.41 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2005 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
(in_array('below', $options) ? '0' : PLUGIN_COMMENT_DIRECTION_DEFAULT);
$script = get_script_uri();
- $s_page = htmlspecialchars($vars['page']);
+ $s_page = htmlsc($vars['page']);
$string = <<<EOD
<br />
<form action="$script" method="post">
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: diff.inc.php,v 1.18 2005/12/10 12:48:02 henoheno Exp $
+// $Id: diff.inc.php,v 1.20 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2005 PukiWiki Developers Team
// 2002 Originally written by yu-ji
global $_title_diff_delete;
$r_page = rawurlencode($page);
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$menu = array(
'<li>' . $_msg_addline . '</li>',
$menu[] = '<li><a href="' . $script . '?cmd=diff&action=delete&page=' .
$r_page . '">' . str_replace('$1', $s_page, $_title_diff_delete) . '</a></li>';
}
- $msg = '<pre>' . diff_style_to_css(htmlspecialchars(join('', file($filename)))) . '</pre>' . "\n";
+ $msg = '<pre>' . diff_style_to_css(htmlsc(join('', file($filename)))) . '</pre>' . "\n";
} else if ($is_page) {
- $diffdata = trim(htmlspecialchars(join('', get_source($page))));
+ $diffdata = trim(htmlsc(join('', get_source($page))));
$msg = '<pre><span class="diff_added">' . $diffdata . '</span></pre>' . "\n";
} else {
return array('msg'=>$_title_diff, 'body'=>$_msg_notfound);
}
}
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$body .= <<<EOD
<p>$_msg_diff_adminpass</p>
<form action="$script" method="post">
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: edit.inc.php,v 1.40 2006/03/21 14:26:25 henoheno Exp $
-// Copyright (C) 2001-2006 PukiWiki Developers Team
+// $Id: edit.inc.php,v 1.49 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C) 2001-2007 PukiWiki Developers Team
// License: GPL v2 or (at your option) any later version
//
// Edit plugin (cmd=edit)
$ispage = is_page($s_page);
// Paragraph edit enabled or not
- $short = htmlspecialchars('Edit');
+ $short = htmlsc('Edit');
if ($fixed_heading_anchor_edit && $editable && $ispage && ! $isfreeze) {
// Paragraph editing
$id = rawurlencode($id);
- $title = htmlspecialchars(sprintf('Edit %s', $page));
+ $title = htmlsc(sprintf('Edit %s', $page));
$icon = '<img src="' . IMAGE_DIR . 'paraedit.png' .
'" width="9" height="9" alt="' .
$short . '" title="' . $title . '" /> ';
$title = 'Edit %s';
$icon = 'edit.png';
}
- $title = htmlspecialchars(sprintf($title, $s_page));
+ $title = htmlsc(sprintf($title, $s_page));
$icon = '<img src="' . IMAGE_DIR . $icon .
'" width="20" height="20" alt="' .
$short . '" title="' . $title . '" />';
if ($postdata == '') {
page_write($page, $postdata);
$retvars['msg' ] = $_title_deleted;
- $retvars['body'] = str_replace('$1', htmlspecialchars($page), $_title_deleted);
+ $retvars['body'] = str_replace('$1', htmlsc($page), $_title_deleted);
if ($trackback) tb_delete($page);
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: freeze.inc.php,v 1.9 2004/12/16 13:32:19 henoheno Exp $
+// $Id: freeze.inc.php,v 1.12 2011/01/25 15:01:01 henoheno Exp $
+// Copyright: 2003-2004, 2007 PukiWiki Developers Team
+// License: GPL v2 or (at your option) any later version
//
// Freeze(Lock) plugin
if (is_freeze($page)) {
// Freezed already
$msg = & $_title_isfreezed;
- $body = str_replace('$1', htmlspecialchars(strip_bracket($page)),
+ $body = str_replace('$1', htmlsc(strip_bracket($page)),
$_title_isfreezed);
} else if ($pass !== NULL && pkwk_login($pass)) {
} else {
// Show a freeze form
$msg = & $_title_freeze;
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$body = ($pass === NULL) ? '' : "<p><strong>$_msg_invalidpass</strong></p>\n";
$body .= <<<EOD
<p>$_msg_freezing</p>
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: include.inc.php,v 1.21 2004/12/30 13:26:43 henoheno Exp $
+// $Id: include.inc.php,v 1.23 2011/01/25 15:01:01 henoheno Exp $
//
// Include-once plugin
}
}
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$r_page = rawurlencode($page);
$link = '<a href="' . $script . '?' . $r_page . '">' . $s_page . '</a>'; // Read link
<?php
-// $Id: includesubmenu.inc.php,v 1.5 2004/07/31 03:09:20 henoheno Exp $
+// $Id: includesubmenu.inc.php,v 1.7 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C) 2002-2004, 2007 PukiWiki Developers Team
+// License: GPL v2 or (at your option) any later version
+//
+// Including submenu
function plugin_includesubmenu_convert()
{
if ($ShowPageName) {
$r_page = rawurlencode($SubMenuPageName);
- $s_page = htmlspecialchars($SubMenuPageName);
+ $s_page = htmlsc($SubMenuPageName);
$link = "<a href=\"$script?cmd=edit&page=$r_page\">$s_page</a>";
$body = "<h1>$link</h1>\n$body";
}
<?php
-// $Id: insert.inc.php,v 1.13 2005/01/23 07:35:55 henoheno Exp $
+// $Id: insert.inc.php,v 1.16 2011/01/25 15:01:01 henoheno Exp $
//
// Text inserting box plugin
$body = '';
if (md5(@join('', get_source($vars['refer']))) != $vars['digest']) {
$title = $_title_collided;
- $body = $_msg_collided . "\n";
+ $body = $_msg_collided . "\n";
- $s_refer = htmlspecialchars($vars['refer']);
- $s_digest = htmlspecialchars($vars['digest']);
- $s_postdata_input = htmlspecialchars($postdata_input);
+ $s_refer = htmlsc($vars['refer']);
+ $s_digest = htmlsc($vars['digest']);
+ $s_postdata_input = htmlsc($postdata_input);
$body .= <<<EOD
<form action="$script?cmd=preview" method="post">
$insert_no = $numbers[$vars['page']]++;
- $s_page = htmlspecialchars($vars['page']);
- $s_digest = htmlspecialchars($digest);
- $s_cols = INSERT_COLS;
- $s_rows = INSERT_ROWS;
- $string = <<<EOD
+ $s_page = htmlsc($vars['page']);
+ $s_digest = htmlsc($digest);
+ $s_cols = INSERT_COLS;
+ $s_rows = INSERT_ROWS;
+ $string = <<<EOD
<form action="$script" method="post">
<div>
<input type="hidden" name="insert_no" value="$insert_no" />
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: interwiki.inc.php,v 1.10 2004/12/04 14:48:32 henoheno Exp $
+// $Id: interwiki.inc.php,v 1.11 2011/01/25 15:01:01 henoheno Exp $
//
// InterWiki redirection plugin (OBSOLETE)
return array(
'msg' => $_title_invalidiwn,
'body' => str_replace(array('$1', '$2'),
- array(htmlspecialchars(''),
+ array(htmlsc(''),
make_pagelink('InterWikiName')),
$_msg_invalidiwn));
}
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: lookup.inc.php,v 1.22 2005/07/18 18:59:27 teanan Exp $
+// $Id: lookup.inc.php,v 1.23 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2005 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
if ($num == 0 || $num > 3) return PLUGIN_LOOKUP_USAGE;
$args = func_get_args();
- $interwiki = htmlspecialchars(trim($args[0]));
- $button = isset($args[1]) ? trim($args[1]) : '';
- $button = ($button != '') ? htmlspecialchars($button) : 'lookup';
- $default = ($num > 2) ? htmlspecialchars(trim($args[2])) : '';
- $s_page = htmlspecialchars($vars['page']);
+ $interwiki = htmlsc(trim($args[0]));
+ $button = isset($args[1]) ? trim($args[1]) : '';
+ $button = ($button != '') ? htmlsc($button) : 'lookup';
+ $default = ($num > 2) ? htmlsc(trim($args[2])) : '';
+ $s_page = htmlsc($vars['page']);
++$id;
$script = get_script_uri();
$url = get_interwiki_url($inter, $page);
if ($url === FALSE) {
$msg = sprintf('InterWikiName "%s" not found', $inter);
- $msg = htmlspecialchars($msg);
+ $msg = htmlsc($msg);
return array('msg'=>'Not found', 'body'=>$msg);
}
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-//
-// $Id: ls2.inc.php,v 1.23 2004/12/05 11:37:37 henoheno Exp $
+// $Id: ls2.inc.php,v 1.30 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C)
+// 2002-2004, 2006-2007 PukiWiki Developers Team
+// 2002 panda http://home.arino.jp/?ls2.inc.php
+// 2002 Y.MASUI GPL2 http://masui.net/pukiwiki/ masui@masui.net (ls.inc.php)
+// License: GPL version 2
//
// List plugin 2
$body = plugin_ls2_show_lists($prefix, $params);
return array('body'=>$body,
- 'msg'=>str_replace('$1', htmlspecialchars($prefix), $_ls2_msg_title));
+ 'msg'=>str_replace('$1', htmlsc($prefix), $_ls2_msg_title));
}
function plugin_ls2_convert()
array_walk($args, 'plugin_ls2_check_arg', & $params);
$title = (! empty($params['_args'])) ? join(',', $params['_args']) : // Manual
- str_replace('$1', htmlspecialchars($prefix), $_ls2_msg_title); // Auto
+ str_replace('$1', htmlsc($prefix), $_ls2_msg_title); // Auto
if (! $params['link'])
return plugin_ls2_show_lists($prefix, $params);
if (! $is_done) $params["page_$page"] = ++$_ls2_anchor;
$r_page = rawurlencode($page);
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$title = $s_page . ' ' . get_pg_passage($page, FALSE);
$href = $script . '?cmd=read&page=' . $r_page;
$params['_done'] = TRUE;
}
- $params['_args'][] = htmlspecialchars($value); // Link title
+ $params['_args'][] = htmlsc($value); // Link title
}
?>
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: map.inc.php,v 1.14 2005/01/10 09:17:11 henoheno Exp $
+// $Id: map.inc.php,v 1.18 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C) 2002-2005, 2007 PukiWiki Developers Team
+// License: GPL v2 or (at your option) any later version
//
// Site map plugin
$nodes[$refer]->chain($nodes);
$retval['body'] .= '<ul>' . "\n" . $nodes[$refer]->toString($nodes) . '</ul>' . "\n";
$retval['body'] .= '<hr />' . "\n" .
- '<p>Not related from ' . htmlspecialchars($refer) . '</p>' . "\n";
+ '<p>Not related from ' . htmlsc($refer) . '</p>' . "\n";
$keys = array_keys($nodes);
sort($keys);
$retval['body'] .= '<ul>' . "\n";
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: md5.inc.php,v 1.24 2006/05/04 05:04:43 henoheno Exp $
+// $Id: md5.inc.php,v 1.25 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C) 2001-2006 PukiWiki Developers Team
// License: GPL v2 or (at your option) any later version
//
if (strlen($value) > PKWK_PASSPHRASE_LIMIT_LENGTH)
die_message('Limit: malicious message length');
- if ($value != '') $value = 'value="' . htmlspecialchars($value) . '" ';
+ if ($value != '') $value = 'value="' . htmlsc($value) . '" ';
$sha1_enabled = function_exists('sha1');
$sha1_checked = $md5_checked = '';
<?php
-// $Id: memo.inc.php,v 1.14 2005/01/23 08:01:29 henoheno Exp $
+// $Id: memo.inc.php,v 1.17 2011/01/25 15:01:01 henoheno Exp $
//
// Memo box plugin
$title = $_title_collided;
$body = $_msg_collided . "\n";
- $s_refer = htmlspecialchars($vars['refer']);
- $s_digest = htmlspecialchars($vars['digest']);
- $s_postdata_input = htmlspecialchars($postdata_input);
+ $s_refer = htmlsc($vars['refer']);
+ $s_digest = htmlsc($vars['digest']);
+ $s_postdata_input = htmlsc($postdata_input);
$body .= <<<EOD
<form action="$script?cmd=preview" method="post">
$data = implode(',', $data); // Care all arguments
$data = str_replace(',', ',', $data); // Unescape commas
$data = str_replace('"', '"', $data); // Unescape double quotes
- $data = htmlspecialchars(str_replace('\n', "\n", $data));
+ $data = htmlsc(str_replace('\n', "\n", $data));
if (PKWK_READONLY) {
$_script = '';
$_submit = '<input type="submit" name="memo" value="' . $_btn_memo_update . '" />';
}
- $s_page = htmlspecialchars($vars['page']);
- $s_digest = htmlspecialchars($digest);
+ $s_page = htmlsc($vars['page']);
+ $s_digest = htmlsc($digest);
$s_cols = MEMO_COLS;
$s_rows = MEMO_ROWS;
$string = <<<EOD
/////////////////////////////////////////////////
// PukiWiki - Yet another WikiWikiWeb clone.
//
-// $Id: menu.inc.php,v 1.8 2004/11/27 12:23:02 henoheno Exp $
+// $Id: menu.inc.php,v 1.10 2011/01/25 15:01:01 henoheno Exp $
//
// ¥µ¥Ö¥á¥Ë¥å¡¼¤ò»ÈÍѤ¹¤ë
if ($num > 0) {
// Try to change default 'MenuBar' page name (only)
if ($num > 1) return '#menu(): Zero or One argument needed';
- if ($menu !== NULL) return '#menu(): Already set: ' . htmlspecialchars($menu);
+ if ($menu !== NULL) return '#menu(): Already set: ' . htmlsc($menu);
$args = func_get_args();
if (! is_page($args[0])) {
- return '#menu(): No such page: ' . htmlspecialchars($args[0]);
+ return '#menu(): No such page: ' . htmlsc($args[0]);
} else {
$menu = $args[0]; // Set
return '';
if (! is_page($page)) {
return '';
} else if ($vars['page'] == $page) {
- return '<!-- #menu(): You already view ' . htmlspecialchars($page) . ' -->';
+ return '<!-- #menu(): You already view ' . htmlsc($page) . ' -->';
} else {
// Cut fixed anchors
$menutext = preg_replace('/^(\*{1,3}.*)\[#[A-Za-z][\w-]+\](.*)$/m', '$1$2', get_source($page));
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: navi.inc.php,v 1.22 2005/04/02 06:33:39 henoheno Exp $
+// $Id: navi.inc.php,v 1.24 2011/01/25 15:01:01 henoheno Exp $
//
// Navi plugin: Show DocBook-like navigation bar and contents
$is_home = ($home == $current);
if (! is_page($home)) {
return '#navi(contents-page-name): No such page: ' .
- htmlspecialchars($home) . '<br />';
+ htmlsc($home) . '<br />';
} else if (! $is_home &&
! preg_match('/^' . preg_quote($home, '/') . '/', $current)) {
- return '#navi(' . htmlspecialchars($home) .
+ return '#navi(' . htmlsc($home) .
'): Not a child page like: ' .
- htmlspecialchars($home . '/' . basename($current)) .
+ htmlsc($home . '/' . basename($current)) .
'<br />';
}
$reverse = (strtolower($reverse) == 'reverse');
foreach (array('start'=>$home, 'next'=>$next,
'prev'=>$prev, 'up'=>$up) as $rel=>$_page) {
if ($_page != '') {
- $s_page = htmlspecialchars($_page);
+ $s_page = htmlsc($_page);
$r_page = rawurlencode($_page);
$head_tags[] = ' <link rel="' .
$rel . '" href="' . $script .
return '#navi(contents-page-name): You already view the result<br />';
} else if ($count == 1) {
// Sentinel only: Show usage and warning
- $home = htmlspecialchars($home);
+ $home = htmlsc($home);
$ret .= '#navi(' . $home . '): No child page like: ' .
$home . '/Foo';
} else {
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: new.inc.php,v 1.9 2005/06/16 15:04:08 henoheno Exp $
+// $Id: new.inc.php,v 1.10 2011/01/25 15:01:01 henoheno Exp $
//
// New! plugin
//
if ($timestamp === -1) return '&new([nodate]){date}: Invalid date string;';
$timestamp -= ZONETIME;
- $retval = in_array('nodate', $args) ? '' : htmlspecialchars($date);
+ $retval = in_array('nodate', $args) ? '' : htmlsc($date);
} else {
// Show 'New!' message by the timestamp of the page
if (func_num_args() > 3) return '&new(pagename[,nolink]);';
<?php
-// $Id: newpage.inc.php,v 1.15 2005/02/27 09:35:16 henoheno Exp $
+// $Id: newpage.inc.php,v 1.16 2011/01/25 15:01:01 henoheno Exp $
//
// Newpage plugin
if (func_num_args()) list($newpage) = func_get_args();
if (! preg_match('/^' . $BracketName . '$/', $newpage)) $newpage = '';
- $s_page = htmlspecialchars(isset($vars['refer']) ? $vars['refer'] : $vars['page']);
- $s_newpage = htmlspecialchars($newpage);
+ $s_page = htmlsc(isset($vars['refer']) ? $vars['refer'] : $vars['page']);
+ $s_newpage = htmlsc($newpage);
++$id;
$ret = <<<EOD
<?php
// PukiWiki - Yet another WikiWikiWeb clone
//
-// $Id: paint.inc.php,v 1.18 2005/01/29 02:49:41 henoheno Exp $
+// $Id: paint.inc.php,v 1.20 2011/01/25 15:01:01 henoheno Exp $
//
// Paint plugin
if (array_key_exists('refer',$vars))
{
$r_refer = rawurlencode($vars['refer']);
- $s_refer = htmlspecialchars($vars['refer']);
+ $s_refer = htmlsc($vars['refer']);
}
$link = "<p><a href=\"$script?$r_refer\">$s_refer</a></p>";;
$f_w = (is_numeric($width) and $width > 0) ? $width : PAINT_DEFAULT_WIDTH;
$f_h = (is_numeric($height) and $height > 0) ? $height : PAINT_DEFAULT_HEIGHT;
$f_refer = array_key_exists('refer',$vars) ? encode($vars['refer']) : ''; // BBSPainter.jar¤¬shift-jis¤ËÊÑ´¹¤¹¤ë¤Î¤ò²óÈò
- $f_digest = array_key_exists('digest',$vars) ? htmlspecialchars($vars['digest']) : '';
+ $f_digest = array_key_exists('digest',$vars) ? htmlsc($vars['digest']) : '';
$f_no = (array_key_exists('paint_no',$vars) and is_numeric($vars['paint_no'])) ?
$vars['paint_no'] + 0 : 0;
}
//XSSÀȼåÀÌäÂê - ³°Éô¤«¤éÍ褿ÊÑ¿ô¤ò¥¨¥¹¥±¡¼¥×
- $f_page = htmlspecialchars($vars['page']);
+ $f_page = htmlsc($vars['page']);
$max = sprintf($_paint_messages['msg_max'],PAINT_MAX_WIDTH,PAINT_MAX_HEIGHT);
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: pcomment.inc.php,v 1.43 2005/10/04 14:31:22 henoheno Exp $
+// $Id: pcomment.inc.php,v 1.48 2011/01/25 15:01:01 henoheno Exp $
//
// pcomment plugin - Show/Insert comments into specified (another) page
//
$_page = get_fullname(strip_bracket($page), $vars_page);
if (!is_pagename($_page))
- return sprintf($_pcmt_messages['err_pagename'], htmlspecialchars($_page));
+ return sprintf($_pcmt_messages['err_pagename'], htmlsc($_page));
$dir = PLUGIN_PCOMMENT_DIRECTION_DEFAULT;
if ($params['below']) {
'<input type="radio" name="reply" value="0" tabindex="0" checked="checked" />' : '';
$comment = '<input type="text" name="msg" size="' . PLUGIN_PCOMMENT_SIZE_MSG . '" />';
- $s_page = htmlspecialchars($page);
- $s_refer = htmlspecialchars($vars_page);
- $s_nodate = htmlspecialchars($params['nodate']);
- $s_count = htmlspecialchars($count);
+ $s_page = htmlsc($page);
+ $s_refer = htmlsc($vars_page);
+ $s_nodate = htmlsc($params['nodate']);
+ $s_count = htmlsc($count);
$form_start = '<form action="' . get_script_uri() . '" method="post">' . "\n";
$form = <<<EOD
$msg = rtrim($msg);
if (! is_page($page)) {
- $postdata = '[[' . htmlspecialchars(strip_bracket($refer)) . ']]' . "\n\n" .
+ $postdata = '[[' . htmlsc(strip_bracket($refer)) . ']]' . "\n\n" .
'-' . $msg . "\n";
} else {
$postdata = get_source($page);
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: popular.inc.php,v 1.16 2005/12/18 15:28:01 henoheno Exp $
+// $Id: popular.inc.php,v 1.20 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C)
+// 2003-2005, 2007 PukiWiki Developers Team
+// 2002 Kazunori Mizushima <kazunori@uc.netyou.jp>
+// License: WHERE IS THE RECORD?
//
// Popular pages plugin: Show an access ranking of this wiki
// -- like recent plugin, using counter plugin's count --
foreach ($counters as $page=>$count) {
$page = substr($page, 1);
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
if ($page == $vars['page']) {
// No need to link itself, notifies where you just read
$pg_passage = get_pg_passage($page,FALSE);
/////////////////////////////////////////////////
// PukiWiki - Yet another WikiWikiWeb clone.
//
-// $Id: random.inc.php,v 1.8 2004/09/10 14:18:34 henoheno Exp $
+// $Id: random.inc.php,v 1.9 2011/01/25 15:01:01 henoheno Exp $
//
/*
return "<p><a href=\"$script?plugin=random&refer=" .
rawurlencode($vars['page']) . '">' .
- htmlspecialchars($title) . '</a></p>';
+ htmlsc($title) . '</a></p>';
}
function plugin_random_action()
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: read.inc.php,v 1.8 2005/01/15 13:57:07 henoheno Exp $
+// $Id: read.inc.php,v 1.9 2011/01/25 15:01:01 henoheno Exp $
//
// Read plugin: Show a page and InterWiki
// ̵¸ú¤Ê¥Ú¡¼¥¸Ì¾
return array(
'msg'=>$_title_invalidwn,
- 'body'=>str_replace('$1', htmlspecialchars($page),
+ 'body'=>str_replace('$1', htmlsc($page),
str_replace('$2', 'WikiName', $_msg_invalidiwn))
);
}
<?php
-// $Id: recent.inc.php,v 1.23 2006/03/05 14:59:29 henoheno Exp $
+// $Id: recent.inc.php,v 1.27 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2006 PukiWiki Developers Team
// 2002 Y.MASUI http://masui.net/pukiwiki/ masui@masui.net
'<ul class="recent_list">' . "\n";
}
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
if($page == $vars['page']) {
// No need to link to the page you just read, or notify where you just read
$items .= ' <li>' . $s_page . '</li>' . "\n";
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: ref.inc.php,v 1.50 2006/02/24 01:35:34 teanan Exp $
+// $Id: ref.inc.php,v 1.51 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2006 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
// Promote new design
if ($is_file_default && $is_file_second) {
// Because of race condition NOW
- $params['_error'] = htmlspecialchars('The same file name "' .
+ $params['_error'] = htmlsc('The same file name "' .
$name . '" at both page: "' . $page . '" and "' . $_arg .
'". Try ref(pagename/filename) to specify one of them');
} else {
$is_file = is_file($file);
}
if (! $is_file) {
- $params['_error'] = htmlspecialchars('File not found: "' .
+ $params['_error'] = htmlsc('File not found: "' .
$name . '" at page "' . $page . '"');
return $params;
}
if (PKWK_DISABLE_INLINE_IMAGE_FROM_URI) {
//$params['_error'] = 'PKWK_DISABLE_INLINE_IMAGE_FROM_URI prohibits this';
//return $params;
- $url = htmlspecialchars($name);
+ $url = htmlsc($name);
$params['_body'] = '<a href="' . $url . '">' . $url . '</a>';
return $params;
}
- $url = $url2 = htmlspecialchars($name);
- $title = htmlspecialchars(preg_match('/([^\/]+)$/', $name, $matches) ? $matches[1] : $url);
+ $url = $url2 = htmlsc($name);
+ $title = htmlsc(preg_match('/([^\/]+)$/', $name, $matches) ? $matches[1] : $url);
$is_image = (! $params['noimg'] && preg_match(PLUGIN_REF_IMAGE, $name));
} else { // źÉÕ¥Õ¥¡¥¤¥ë
- $title = htmlspecialchars($name);
+ $title = htmlsc($name);
$is_image = (! $params['noimg'] && preg_match(PLUGIN_REF_IMAGE, $name));
}
if (! empty($_title)) {
- $title = htmlspecialchars(join(',', $_title));
+ $title = htmlsc(join(',', $_title));
if ($is_image) $title = make_line_rules($title);
}
}
break;
}
}
- $file = htmlspecialchars($filename);
+ $file = htmlsc($filename);
$size = filesize($ref);
// Output
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: related.inc.php,v 1.7 2005/12/18 15:28:55 henoheno Exp $
+// $Id: related.inc.php,v 1.11 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C) 2005, 2007 PukiWiki Developers Team
+// License: GPL v2 or (at your option) any later version
//
// Related plugin: Show Backlinks for the page
// Result
$r_word = rawurlencode($_page);
- $s_word = htmlspecialchars($_page);
+ $s_word = htmlsc($_page);
$msg = 'Backlinks for: ' . $s_word;
$retval = '<a href="' . $script . '?' . $r_word . '">' .
'Return to ' . $s_word .'</a><br />'. "\n";
$retval .= '<ul>' . "\n";
foreach ($data as $page=>$time) {
$r_page = rawurlencode($page);
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$passage = get_passage($time);
$retval .= ' <li><a href="' . $script . '?' . $r_page . '">' . $s_page .
'</a> ' . $passage . '</li>' . "\n";
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: rename.inc.php,v 1.27 2005/02/27 07:57:26 henoheno Exp $
+// $Id: rename.inc.php,v 1.38 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C) 2002-2005, 2007 PukiWiki Developers Team
+// License: GPL v2 or (at your option) any later version
//
// Rename plugin: Rename page-name and related data
//
foreach ($page as $_page) $tmp .= '<br />' . $_page;
$page = $tmp;
}
- if ($page != '') $body = sprintf($body, htmlspecialchars($page));
+ if ($page != '') $body = sprintf($body, htmlsc($page));
$msg = sprintf($_rename_messages['err'], $body);
return $msg;
}
$select_refer = plugin_rename_getselecttag($refer);
- $s_src = htmlspecialchars(plugin_rename_getvar('src'));
- $s_dst = htmlspecialchars(plugin_rename_getvar('dst'));
+ $s_src = htmlsc(plugin_rename_getvar('src'));
+ $s_dst = htmlsc(plugin_rename_getvar('dst'));
$ret = array();
$ret['msg'] = $_rename_messages['msg_title'];
'<input type="checkbox" name="related" id="_p_rename_related" value="1" checked="checked" /><br />';
$msg_rename = sprintf($_rename_messages['msg_rename'], make_pagelink($refer));
- $s_page = htmlspecialchars($page);
- $s_refer = htmlspecialchars($refer);
+ $s_page = htmlsc($page);
+ $s_refer = htmlsc($refer);
$ret = array();
$ret['msg'] = $_rename_messages['msg_title'];
$method = plugin_rename_getvar('method');
if ($method == 'regex') {
- $s_src = htmlspecialchars(plugin_rename_getvar('src'));
- $s_dst = htmlspecialchars(plugin_rename_getvar('dst'));
+ $s_src = htmlsc(plugin_rename_getvar('src'));
+ $s_dst = htmlsc(plugin_rename_getvar('dst'));
$msg .= $_rename_messages['msg_regex'] . '<br />';
$input .= '<input type="hidden" name="method" value="regex" />';
$input .= '<input type="hidden" name="src" value="' . $s_src . '" />';
$input .= '<input type="hidden" name="dst" value="' . $s_dst . '" />';
} else {
- $s_refer = htmlspecialchars(plugin_rename_getvar('refer'));
- $s_page = htmlspecialchars(plugin_rename_getvar('page'));
- $s_related = htmlspecialchars(plugin_rename_getvar('related'));
+ $s_refer = htmlsc(plugin_rename_getvar('refer'));
+ $s_page = htmlsc(plugin_rename_getvar('page'));
+ $s_related = htmlsc(plugin_rename_getvar('related'));
$msg .= $_rename_messages['msg_page'] . '<br />';
$input .= '<input type="hidden" name="method" value="page" />';
$input .= '<input type="hidden" name="refer" value="' . $s_refer . '" />';
foreach ($exists as $page=>$arr) {
$msg .= '<li>' . make_pagelink(decode($page));
$msg .= $_rename_messages['msg_arrow'];
- $msg .= htmlspecialchars(decode($pages[$page]));
+ $msg .= htmlsc(decode($pages[$page]));
if (! empty($arr)) {
$msg .= '<ul>' . "\n";
foreach ($arr as $ofile=>$nfile)
foreach ($pages as $old=>$new)
$ret['body'] .= '<li>' . make_pagelink(decode($old)) .
$_rename_messages['msg_arrow'] .
- htmlspecialchars(decode($new)) . '</li>' . "\n";
+ htmlsc(decode($new)) . '</li>' . "\n";
$ret['body'] .= '</ul>' . "\n";
return $ret;
}
if ($_page == $whatsnew) continue;
$selected = ($_page == $page) ? ' selected' : '';
- $s_page = htmlspecialchars($_page);
+ $s_page = htmlsc($_page);
$pages[$_page] = '<option value="' . $s_page . '"' . $selected . '>' .
$s_page . '</option>';
}
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: ruby.inc.php,v 1.6 2005/05/07 07:41:31 henoheno Exp $
+// $Id: ruby.inc.php,v 1.8 2011/01/25 15:01:01 henoheno Exp $
//
// Ruby annotation plugin: Add a pronounciation into kanji-word or acronym(s)
// See also about ruby: http://www.w3.org/TR/ruby/
if ($ruby == '' || $body == '') return PLUGIN_RUBY_USAGE;
return '<ruby><rb>' . $body . '</rb>' . '<rp>(</rp>' .
- '<rt>' . htmlspecialchars($ruby) . '</rt>' . '<rp>)</rp>' .
+ '<rt>' . htmlsc($ruby) . '</rt>' . '<rp>)</rp>' .
'</ruby>';
}
?>
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: search.inc.php,v 1.13 2005/11/29 18:19:51 teanan Exp $
+// $Id: search.inc.php,v 1.14 2011/01/25 15:01:01 henoheno Exp $
//
// Search plugin
global $post, $vars, $_title_result, $_title_search, $_msg_searching;
if (PLUGIN_SEARCH_DISABLE_GET_ACCESS) {
- $s_word = isset($post['word']) ? htmlspecialchars($post['word']) : '';
+ $s_word = isset($post['word']) ? htmlsc($post['word']) : '';
} else {
- $s_word = isset($vars['word']) ? htmlspecialchars($vars['word']) : '';
+ $s_word = isset($vars['word']) ? htmlsc($vars['word']) : '';
}
if (strlen($s_word) > PLUGIN_SEARCH_MAX_LENGTH) {
unset($vars['word']); // Stop using $_msg_word at lib/html.php
++$_num;
if (PLUGIN_SEARCH_MAX_BASE < $_num) break;
$label_id = '_p_search_base_id_' . $_num;
- $s_base = htmlspecialchars($base);
+ $s_base = htmlsc($base);
$base_str = '<strong>' . $s_base . '</strong>';
$base_label = str_replace('$1', $base_str, $_search_pages);
$base_msg .=<<<EOD
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: setlinebreak.inc.php,v 1.4 2005/04/02 06:27:38 henoheno Exp $
+// $Id: setlinebreak.inc.php,v 1.5 2011/01/25 15:01:01 henoheno Exp $
//
// Set linebreak plugin - on/of linebreak-to-'<br />' conversion
//
default:
return '#setlinebreak: Invalid argument: ' .
- htmlspecialchars($args[0]) . '<br />';
+ htmlsc($args[0]) . '<br />';
}
}
return '';
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: showrss.inc.php,v 1.21 2006/05/05 04:32:09 henoheno Exp $
+// $Id: showrss.inc.php,v 1.22 2011/01/25 15:01:01 henoheno Exp $
// Id:showrss.inc.php,v 1.40 2003/03/18 11:52:58 hiro Exp
// Copyright (C):
// 2002-2006 PukiWiki Developers Team
$class = ($template == '' || $template == 'default') ? 'ShowRSS_html' : 'ShowRSS_html_' . $template;
if (! is_numeric($cachehour))
- return '#showrss: Cache-lifetime seems not numeric: ' . htmlspecialchars($cachehour) . '<br />' . "\n";
+ return '#showrss: Cache-lifetime seems not numeric: ' . htmlsc($cachehour) . '<br />' . "\n";
if (! class_exists($class))
- return '#showrss: Template not found: ' . htmlspecialchars($template) . '<br />' . "\n";
+ return '#showrss: Template not found: ' . htmlsc($template) . '<br />' . "\n";
if (! is_url($uri))
- return '#showrss: Seems not URI: ' . htmlspecialchars($uri) . '<br />' . "\n";
+ return '#showrss: Seems not URI: ' . htmlsc($uri) . '<br />' . "\n";
list($rss, $time) = plugin_showrss_get_rss($uri, $cachehour);
if ($rss === FALSE) return '#showrss: Failed fetching RSS from the server<br />' . "\n";
function escape($str)
{
- // Unescape already-escaped chars (<, >, &, ...) in RSS body before htmlspecialchars()
+ // Unescape already-escaped chars (<, >, &, ...) in RSS body before htmlsc()
$str = strtr($str, array_flip(get_html_translation_table(ENT_COMPAT)));
// Escape
- $str = htmlspecialchars($str);
+ $str = htmlsc($str);
// Encoding conversion
$str = mb_convert_encoding($str, SOURCE_ENCODING, $this->encoding);
return trim($str);
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: source.inc.php,v 1.14 2005/01/29 02:07:58 henoheno Exp $
+// $Id: source.inc.php,v 1.16 2011/01/25 15:01:01 henoheno Exp $
//
// Source plugin
return array('msg' => $_source_messages['msg_title'],
'body' => '<pre id="source">' .
- htmlspecialchars(join('', get_source($page))) . '</pre>');
+ htmlsc(join('', get_source($page))) . '</pre>');
}
?>
<?php
-// $Id: stationary.inc.php,v 1.8 2006/02/07 06:26:42 teanan Exp $
+// $Id: stationary.inc.php,v 1.9 2011/01/25 15:01:01 henoheno Exp $
//
// Stationary plugin
// License: The same as PukiWiki
$result = join(',', $args);
}
- return '#stationary(' . htmlspecialchars($result) . ')<br />';
+ return '#stationary(' . htmlsc($result) . ')<br />';
}
// In-line type plugin: &stationary; or &stationary(foo); , or &stationary(foo){bar};
$args[$key] = trim($args[$key]);
$result = join(',', $args);
- return '&stationary(' . htmlspecialchars($result) . '){' . $body . '};';
+ return '&stationary(' . htmlsc($result) . '){' . $body . '};';
}
// Action-type plugin: ?plugin=stationary&foo=bar
$msg = 'Message';
$body = 'Message body';
- return array('msg'=>htmlspecialchars($msg), 'body'=>htmlspecialchars($body));
+ return array('msg' => htmlsc($msg), 'body' => htmlsc($body));
}
?>
<?php
-// $Id: template.inc.php,v 1.21 2005/02/27 08:06:48 henoheno Exp $
+// $Id: template.inc.php,v 1.22 2011/01/25 15:01:01 henoheno Exp $
//
// Load template plugin
}
$begin_select = $end_select = '';
for ($i = 0; $i < count($lines); $i++) {
- $line = htmlspecialchars(mb_strimwidth($lines[$i], 0, MAX_LEN, '...'));
+ $line = htmlsc(mb_strimwidth($lines[$i], 0, MAX_LEN, '...'));
$tag = ($i == $begin) ? ' selected="selected"' : '';
$begin_select .= "<option value=\"$i\"$tag>$line</option>\n";
$end_select .= "<option value=\"$i\"$tag>$line</option>\n";
}
- $_page = htmlspecialchars($page);
+ $_page = htmlsc($page);
$msg = $tag = '';
if ($is_page) {
$msg = $_err_template_already;
$msg = str_replace('$1', $_page, $_err_template_invalid);
}
- $s_refer = htmlspecialchars($vars['refer']);
+ $s_refer = htmlsc($vars['refer']);
$s_page = ($page == '') ? str_replace('$1', $s_refer, $_msg_template_page) : $_page;
$ret = <<<EOD
<form action="$script" method="post">
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: topicpath.inc.php,v 1.6 2005/01/29 14:31:04 henoheno Exp $
+// $Id: topicpath.inc.php,v 1.9 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C)
+// 2004-2005 PukiWiki Developers Team
+// 2003 reimy (Some bug fix)
+// 2003 t.m (Migrate to 1.3)
+// 2003 Nibun-no-ni (Originally written for PukiWiki 1.4.x)
+// License: GPL (any version)
//
// 'topicpath' plugin for PukiWiki, available under GPL
while (! empty($parts)) {
$_landing = join('/', $parts);
$landing = rawurlencode($_landing);
- $element = htmlspecialchars(array_pop($parts));
+ $element = htmlsc(array_pop($parts));
if (! $b_link) {
// This page ($_landing == $page)
$b_link = TRUE;
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: tracker.inc.php,v 1.34 2005/11/28 17:48:30 teanan Exp $
+// $Id: tracker.inc.php,v 1.124 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C) 2003-2005, 2007 PukiWiki Developers Team
+// License: GPL v2 or (at your option) any later version
//
// Issue tracker plugin (See Also bugtrack plugin)
if (!$config->read())
{
- return "<p>config file '".htmlspecialchars($config_name)."' not found.</p>";
+ return "<p>config file '".htmlsc($config_name)."' not found.</p>";
}
$config->config_name = $config_name;
{
return array(
'msg'=>'cannot write',
- 'body'=>'page name ('.htmlspecialchars($refer).') is not valid.'
+ 'body'=>'page name ('.htmlsc($refer).') is not valid.'
);
}
if (!is_page($source))
{
return array(
'msg'=>'cannot write',
- 'body'=>'page template ('.htmlspecialchars($source).') is not exist.'
+ 'body'=>'page template ('.htmlsc($source).') is not exist.'
);
}
// ¥Ú¡¼¥¸Ì¾¤ò·èÄê
function get_tag()
{
- $s_name = htmlspecialchars($this->name);
- $s_size = htmlspecialchars($this->values[0]);
- $s_value = htmlspecialchars($this->default_value);
+ $s_name = htmlsc($this->name);
+ $s_size = htmlsc($this->values[0]);
+ $s_value = htmlsc($this->default_value);
return "<input type=\"text\" name=\"$s_name\" size=\"$s_size\" value=\"$s_value\" />";
}
}
function get_tag()
{
- $s_name = htmlspecialchars($this->name);
- $s_cols = htmlspecialchars($this->values[0]);
- $s_rows = htmlspecialchars($this->values[1]);
- $s_value = htmlspecialchars($this->default_value);
+ $s_name = htmlsc($this->name);
+ $s_cols = htmlsc($this->values[0]);
+ $s_rows = htmlsc($this->values[1]);
+ $s_value = htmlsc($this->default_value);
return "<textarea name=\"$s_name\" cols=\"$s_cols\" rows=\"$s_rows\">$s_value</textarea>";
}
function format_cell($str)
}
function get_tag()
{
- $s_name = htmlspecialchars($this->name);
- $s_size = htmlspecialchars($this->values[0]);
+ $s_name = htmlsc($this->name);
+ $s_size = htmlsc($this->values[0]);
return "<input type=\"text\" name=\"$s_name\" size=\"$s_size\" />";
}
function get_key($str)
function get_tag()
{
- $s_name = htmlspecialchars($this->name);
- $s_size = htmlspecialchars($this->values[0]);
+ $s_name = htmlsc($this->name);
+ $s_size = htmlsc($this->values[0]);
return "<input type=\"file\" name=\"$s_name\" size=\"$s_size\" />";
}
function format_value($str)
$id = 0;
foreach ($this->config->get($this->name) as $option)
{
- $s_option = htmlspecialchars($option[0]);
+ $s_option = htmlsc($option[0]);
$checked = trim($option[0]) == trim($this->default_value) ? ' checked="checked"' : '';
++$id;
$s_id = '_p_tracker_' . $s_name . '_' . $this->id . '_' . $id;
function get_tag($empty=FALSE)
{
- $s_name = htmlspecialchars($this->name);
+ $s_name = htmlsc($this->name);
$s_size = (array_key_exists(0,$this->values) and is_numeric($this->values[0])) ?
- ' size="'.htmlspecialchars($this->values[0]).'"' : '';
+ ' size="'.htmlsc($this->values[0]).'"' : '';
$s_multiple = (array_key_exists(1,$this->values) and strtolower($this->values[1]) == 'multiple') ?
' multiple="multiple"' : '';
$retval = "<select name=\"{$s_name}[]\"$s_size$s_multiple>\n";
$defaults = array_flip(preg_split('/\s*,\s*/',$this->default_value,-1,PREG_SPLIT_NO_EMPTY));
foreach ($this->config->get($this->name) as $option)
{
- $s_option = htmlspecialchars($option[0]);
+ $s_option = htmlsc($option[0]);
$selected = array_key_exists(trim($option[0]),$defaults) ? ' selected="selected"' : '';
$retval .= " <option value=\"$s_option\"$selected>$s_option</option>\n";
}
function get_tag($empty=FALSE)
{
- $s_name = htmlspecialchars($this->name);
+ $s_name = htmlsc($this->name);
$defaults = array_flip(preg_split('/\s*,\s*/',$this->default_value,-1,PREG_SPLIT_NO_EMPTY));
$retval = '';
$id = 0;
foreach ($this->config->get($this->name) as $option)
{
- $s_option = htmlspecialchars($option[0]);
+ $s_option = htmlsc($option[0]);
$checked = array_key_exists(trim($option[0]),$defaults) ?
' checked="checked"' : '';
++$id;
function get_tag($empty=FALSE)
{
- $s_name = htmlspecialchars($this->name);
- $s_default = htmlspecialchars($this->default_value);
+ $s_name = htmlsc($this->name);
+ $s_default = htmlsc($this->default_value);
$retval = "<input type=\"hidden\" name=\"$s_name\" value=\"$s_default\" />\n";
return $retval;
{
function get_tag()
{
- $s_title = htmlspecialchars($this->title);
- $s_page = htmlspecialchars($this->page);
- $s_refer = htmlspecialchars($this->refer);
- $s_config = htmlspecialchars($this->config->config_name);
+ $s_title = htmlsc($this->title);
+ $s_page = htmlsc($this->page);
+ $s_refer = htmlsc($this->refer);
+ $s_config = htmlsc($this->config->config_name);
return <<<EOD
<input type="submit" value="$s_title" />
if (!$config->read())
{
- return "<p>config file '".htmlspecialchars($config_name)."' is not exist.";
+ return "<p>config file '".htmlsc($config_name)."' is not exist.";
}
$config->config_name = $config_name;
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: unfreeze.inc.php,v 1.10 2004/12/18 01:24:21 henoheno Exp $
+// $Id: unfreeze.inc.php,v 1.14 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C) 2003-2004, 2007 PukiWiki Developers Team
+// License: GPL v2 or (at your option) any later version
//
// Unfreeze(Unlock) plugin
if (! is_freeze($page)) {
// Unfreezed already
$msg = & $_title_isunfreezed;
- $body = str_replace('$1', htmlspecialchars(strip_bracket($page)),
+ $body = str_replace('$1', htmlsc(strip_bracket($page)),
$_title_isunfreezed);
} else if ($pass !== NULL && pkwk_login($pass)) {
} else {
// Show unfreeze form
$msg = & $_title_unfreeze;
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
$body = ($pass === NULL) ? '' : "<p><strong>$_msg_invalidpass</strong></p>\n";
$body .= <<<EOD
<p>$_msg_unfreezing</p>
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: vote.inc.php,v 1.23 2005/04/02 06:33:39 henoheno Exp $
+// $Id: vote.inc.php,v 1.27 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C) 2002-2005, 2007 PukiWiki Developers Team
+// License: GPL v2 or (at your option) any later version
//
// Vote box plugin
if (md5(@join('', get_source($vars['refer']))) != $vars['digest']) {
$title = $_title_collided;
- $s_refer = htmlspecialchars($vars['refer']);
- $s_digest = htmlspecialchars($vars['digest']);
- $s_postdata_input = htmlspecialchars($postdata_input);
+ $s_refer = htmlsc($vars['refer']);
+ $s_digest = htmlsc($vars['digest']);
+ $s_postdata_input = htmlsc($postdata_input);
$body = <<<EOD
$_msg_collided
<form action="$script?cmd=preview" method="post">
}
$args = func_get_args();
- $s_page = htmlspecialchars($page);
- $s_digest = htmlspecialchars($digest);
+ $s_page = htmlsc($page);
+ $s_digest = htmlsc($digest);
$body = <<<EOD
<form action="$_script" method="post">
<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// $Id: yetlist.inc.php,v 1.28 2006/05/07 03:55:26 henoheno Exp $
+// $Id: yetlist.inc.php,v 1.29 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C) 2001-2006 PukiWiki Developers Team
// License: GPL v2 or (at your option) any later version
//
foreach ($refer as $_refer) {
$r_refer = rawurlencode($_refer);
$link_refs[] = '<a href="' . $script . '?' . $r_refer . '">' .
- htmlspecialchars($_refer) . '</a>';
+ htmlsc($_refer) . '</a>';
}
$link_ref = join(' ', $link_refs);
unset($link_refs);
- $s_page = htmlspecialchars($page);
+ $s_page = htmlsc($page);
if (PKWK_READONLY) {
$href = $s_page;
} else {
<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: tdiary.skin.php,v 1.30 2006/03/07 14:03:02 henoheno Exp $
+// $Id: tdiary.skin.php,v 1.37 2011/01/25 15:01:01 henoheno Exp $
// Copyright (C)
// 2002-2006 PukiWiki Developers Team
// 2001-2002 Originally written by yu-ji
$theme_css = SKIN_DIR . 'theme/' . $theme . '/' . $theme . '.css';
if (! file_exists($theme_css)) {
echo 'tDiary theme wrapper: ';
- echo 'Theme not found: ' . htmlspecialchars($theme_css) . '<br />';
+ echo 'Theme not found: ' . htmlsc($theme_css) . '<br />';
echo 'You can get tdiary-theme from: ';
echo 'http://sourceforge.net/projects/tdiary/';
exit;
<?php echo $head_tag ?>
</head>
-<body><!-- Theme:<?php echo htmlspecialchars($theme) . ' Sidebar:' . $sidebar ?> -->
+<body><!-- Theme:<?php echo htmlsc($theme) . ' Sidebar:' . $sidebar ?> -->
<?php if ($menu && $sidebar == 'strict') { ?>
<!-- Sidebar top -->
$title = '';
if ($disable_backlink) {
if ($_page != '') {
- $title = htmlspecialchars($_page);
+ $title = htmlsc($_page);
} else {
$title = $page; // Search, or something message
}
if ($page != '') {
$title = $page;
} else {
- $title = htmlspecialchars($_page);
+ $title = htmlsc($_page);
}
}
$title_date = $title_text = '';