Replace 'htmlspecialchars' by 'htmlsc'

The behavior of 'htmlspecialchars' has changed in PHP 5.4.
The default value of 3rd parameter $encoding is UTF-8.
Almost all EUC_JP characters are handled as invalid UTF-8
sequence and that cause empty output.
http://docs.php.net/manual/en/function.htmlspecialchars.php

The solution used in 'htmlsc' is setting $encoding explicitly.

diff --git a/lib/func.php b/lib/func.php
index 126e667..43db3dd 100644 (file)
--- a/lib/func.php
+++ b/lib/func.php
@@ -356,14 +356,14 @@ function page_list($pages, $cmd = 'read', $withfilename = FALSE)
 
        foreach($pages as $file=>$page) {
                $r_page  = rawurlencode($page);
-               $s_page  = htmlspecialchars($page, ENT_QUOTES);
+               $s_page  = htmlsc($page, ENT_QUOTES);
                $passage = get_pg_passage($page);
 
                $str = '   <li><a href="' . $href . $r_page . '">' .
                        $s_page . '</a>' . $passage;
 
                if ($withfilename) {
-                       $s_file = htmlspecialchars($file);
+                       $s_file = htmlsc($file);
                        $str .= "\n" . '    <ul><li>' . $s_file . '</li></ul>' .
                                "\n" . '   ';
                }

diff --git a/plugin/ls2.inc.php b/plugin/ls2.inc.php
index 12fa2b1..8495e8a 100644 (file)
--- a/plugin/ls2.inc.php
+++ b/plugin/ls2.inc.php
@@ -106,7 +106,7 @@ function plugin_ls2_show_lists($prefix, & $params)
        foreach ($pages as $page) $params["page_$page"] = 0;
 
        if (empty($pages)) {
-               return str_replace('$1', htmlspecialchars($prefix), $_ls2_err_nopages);
+               return str_replace('$1', htmlsc($prefix), $_ls2_err_nopages);
        } else {
                $params['result'] = $params['saved'] = array();
                foreach ($pages as $page)

diff --git a/plugin/referer.inc.php b/plugin/referer.inc.php
index 56f0c45..e7ba83a 100644 (file)
--- a/plugin/referer.inc.php
+++ b/plugin/referer.inc.php
@@ -99,8 +99,8 @@ function plugin_referer_body($page, $sort)
                list($ltime, $stime, $count, $url, $enable) = $arr;
 
                // ÈóASCII¥­¥ã¥é¥¯¥¿(¤À¤±)¤òURL¥¨¥ó¥³¡¼¥É¤·¤Æ¤ª¤¯ BugTrack/440
-               $e_url = htmlspecialchars(preg_replace('/([" \x80-\xff]+)/e', 'rawurlencode("$1")', $url));
-               $s_url = htmlspecialchars(mb_convert_encoding(rawurldecode($url), SOURCE_ENCODING, 'auto'));
+               $e_url = htmlsc(preg_replace('/([" \x80-\xff]+)/e', 'rawurlencode("$1")', $url));
+               $s_url = htmlsc(mb_convert_encoding(rawurldecode($url), SOURCE_ENCODING, 'auto'));
 
                $lpass = get_passage($ltime, FALSE); // ºÇ½ª¹¹¿·Æü»þ¤«¤é¤Î·Ð²á»þ´Ö
                $spass = get_passage($stime, FALSE); // ½é²óÅÐÏ¿Æü»þ¤«¤é¤Î·Ð²á»þ´Ö
@@ -164,7 +164,7 @@ function plugin_referer_set_color()
                // BGCOLOR(#88ff88)
                $matches = array();
                foreach ($pconfig_color as $x)
-                       $color[$x[0]] = htmlspecialchars(
+                       $color[$x[0]] = htmlsc(
                                preg_match('/BGCOLOR\(([^)]+)\)/si', $x[1], $matches) ?
                                        $matches[1] : $x[1]);
        }

diff --git a/plugin/tracker.inc.php b/plugin/tracker.inc.php
index 1b5df47..a222a6f 100644 (file)
--- a/plugin/tracker.inc.php
+++ b/plugin/tracker.inc.php
@@ -91,7 +91,7 @@ function plugin_tracker_action()
        $config = new Config('plugin/tracker/'.$config_name);
        if (!$config->read())
        {
-               return "<p>config file '".htmlspecialchars($config_name)."' not found.</p>";
+               return "<p>config file '".htmlsc($config_name)."' not found.</p>";
        }
        $config->config_name = $config_name;
        $source = $config->page.'/page';
@@ -199,7 +199,7 @@ function plugin_tracker_inline()
 
        if (!$config->read())
        {
-               return "config file '".htmlspecialchars($config_name)."' not found.";
+               return "config file '".htmlsc($config_name)."' not found.";
        }
 
        $config->config_name = $config_name;
@@ -439,7 +439,7 @@ class Tracker_field_radio extends Tracker_field_format
 
        function get_tag()
        {
-               $s_name = htmlspecialchars($this->name);
+               $s_name = htmlsc($this->name);
                $retval = '';
                $id = 0;
                foreach ($this->config->get($this->name) as $option)

diff --git a/plugin/versionlist.inc.php b/plugin/versionlist.inc.php
index c753060..a8cd838 100644 (file)
--- a/plugin/versionlist.inc.php
+++ b/plugin/versionlist.inc.php
@@ -44,12 +44,12 @@ function plugin_versionlist_convert()
                                continue;
                        }
                        $data = join('',file($sdir.$file));
-                       $comment = array('file'=>htmlspecialchars($sdir.$file),'rev'=>'','date'=>'');
+                       $comment = array('file'=>htmlsc($sdir.$file),'rev'=>'','date'=>'');
                        if (preg_match('/\$'.'Id: (.+),v (\d+\.\d+) (\d{4}\/\d{2}\/\d{2} \d{2}:\d{2}:\d{2})/',$data,$matches))
                        {
-//                             $comment['file'] = htmlspecialchars($sdir.$matches[1]);
-                               $comment['rev'] = htmlspecialchars($matches[2]);
-                               $comment['date'] = htmlspecialchars($matches[3]);
+//                             $comment['file'] = htmlsc($sdir.$matches[1]);
+                               $comment['rev'] = htmlsc($matches[2]);
+                               $comment['date'] = htmlsc($matches[3]);
                        }
                        $comments[$sdir.$file] = $comment;
                }