Encode UTF characters into HTML entities (from ChristianB, fix #57).

NOTE: teams that have name display issues will have to edit their description once the projects update the code.

svn path=/trunk/boinc/; revision=12691

html/inc/util.inc

@@ -695,4 +695,12 @@ function select_from_array($name, $array, $selection) {
     return $out;
 }
 
+// Convert to entities, while preserving already-encoded entities. 
+// Do NOT use if $str contains valid HTML tags.
+function boinc_htmlentities($str) { 
+    $str = html_entity_decode($str, ENT_COMPAT, "UTF-8"); 
+    $str = htmlentities($str, ENT_COMPAT, "UTF-8"); 
+    return $str; 
+} 
+
 ?>

html/user/edit_user_info_action.php

@@ -8,7 +8,7 @@ require_once("../inc/countries.inc");
 db_init();
 $user = get_logged_in_user();
 
-$name = process_user_text(post_str("user_name"));
+$name = boinc_htmlentities(process_user_text(post_str("user_name")));
 if ($name != strip_tags($name)) {
     error_page("HTML tags not allowed in name");
 }

html/user/forum_moderate_thread.php

@@ -65,7 +65,6 @@ if (get_str('action')=="hide") {
     $selectbox .= '</option>';  
     
     row2("Destination forum:", $selectbox);  
-    //todo display where to move the thread as a dropdown instead of having to get ID
 } elseif (get_str('action')=="title") {
 
     echo "<input type=hidden name=action value=title>";

html/user/team_create_action.php

@@ -8,7 +8,7 @@ db_init();
 
 $user = get_logged_in_user();
 
-$name = process_user_text(strip_tags(post_str("name"))); 
+$name = boinc_htmlentities(process_user_text(strip_tags(post_str("name")))); 
 if (strlen($name) == 0) {
     error_page("Must set team name");
 }
@@ -17,13 +17,13 @@ $url = process_user_text(strip_tags(post_str("url", true)));
 if (strstr($url, "http://")) {
     $url = substr($url, 7);
 }
-$type = process_user_text(strip_tags(post_str("type", true))); 
+$type = process_user_text(strip_tags(post_str("type", true)));
 if (!is_valid_team_type($type)) {
     $type = 'None';
 }
 
 $name_html = process_user_text(post_str("name_html", true));
-$description = process_user_text(post_str("description", true));
+$description = boinc_htmlentities(process_user_text(post_str("description", true)));
 $country = process_user_text(post_str("country", true));
 
 if (!is_valid_country($country)) {

html/user/team_edit_action.php

@@ -12,27 +12,27 @@ if ($user->teamid == $teamid) {
 
     $team = lookup_team($teamid);
     require_founder_login($user, $team);
-
+    
     $team_url = process_user_text(strip_tags(post_str("url", true)));
     $x = strstr($team_url, "http://");
     if ($x) {
         $team_url = substr($team_url, 7);
     }
-    $team_name = process_user_text(strip_tags(post_str("name")));
+    $team_name = boinc_htmlentities(process_user_text(strip_tags(post_str("name"))));
     $team_name_lc = strtolower($team_name);
     $team_name_html = process_user_text(post_str("name_html", true)); //Do we really not want to
-    $team_description = process_user_text(post_str("description", true)); //scrub out bad HTML tags?
-	$type = process_user_text(post_str("type", true));
-	$country = process_user_text(post_str("country", true));
-
-	if (! is_numeric($teamid)) {
-		error_page("Team ID must be numeric.");
-	}
-
-	if (strlen($team_name) == 0) { // Should be caught up with the post_str("name"),
-		error_page("Must specify team name"); // but you can never be too safe.
-	}
-
+    $team_description = boinc_htmlentities(process_user_text(post_str("description", true))); //scrub out bad HTML tags?
+    $type = process_user_text(post_str("type", true));
+    $country = process_user_text(post_str("country", true));
+    
+    if (! is_numeric($teamid)) {
+        error_page("Team ID must be numeric.");
+    }
+    
+    if (strlen($team_name) == 0) { // Should be caught up with the post_str("name"),
+        error_page("Must specify team name"); // but you can never be too safe.
+    }
+    
     $query_team_table = sprintf(
         "update team set name = '%s',
         name_lc = '%s',