Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

Encode UTF characters into HTML entities (from ChristianB, fix #57). 

NOTE: teams that have name display issues will have to edit their description once the projects update the code.

svn path=/trunk/boinc/; revision=12691
This commit is contained in:
Rytis Slatkevičius 2007-05-18 15:02:02 +00:00
parent c7cf11d4af
commit 1740f526d9
5 changed files with 26 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
html/inc/util.inc
View File

@ -695,4 +695,12 @@ function select_from_array($name, $array, $selection) {
return $out;
}
// Convert to entities, while preserving already-encoded entities.
// Do NOT use if $str contains valid HTML tags.
function boinc_htmlentities($str) {
$str = html_entity_decode($str, ENT_COMPAT, "UTF-8");
$str = htmlentities($str, ENT_COMPAT, "UTF-8");
return $str;
}
?>

2
html/user/edit_user_info_action.php
View File

@ -8,7 +8,7 @@ require_once("../inc/countries.inc");
db_init();
$user = get_logged_in_user();
$name = process_user_text(post_str("user_name"));
$name = boinc_htmlentities(process_user_text(post_str("user_name")));
if ($name != strip_tags($name)) {
error_page("HTML tags not allowed in name");
}

1
html/user/forum_moderate_thread.php
View File

@ -65,7 +65,6 @@ if (get_str('action')=="hide") {
$selectbox .= '</option>';
row2("Destination forum:", $selectbox);
//todo display where to move the thread as a dropdown instead of having to get ID
} elseif (get_str('action')=="title") {
echo "<input type=hidden name=action value=title>";

4
html/user/team_create_action.php
View File

@ -8,7 +8,7 @@ db_init();
$user = get_logged_in_user();
$name = process_user_text(strip_tags(post_str("name")));
$name = boinc_htmlentities(process_user_text(strip_tags(post_str("name"))));
if (strlen($name) == 0) {
error_page("Must set team name");
}
@ -23,7 +23,7 @@ if (!is_valid_team_type($type)) {
}
$name_html = process_user_text(post_str("name_html", true));
$description = process_user_text(post_str("description", true));
$description = boinc_htmlentities(process_user_text(post_str("description", true)));
$country = process_user_text(post_str("country", true));
if (!is_valid_country($country)) {

4
html/user/team_edit_action.php
View File

@ -18,10 +18,10 @@ if ($user->teamid == $teamid) {
if ($x) {
$team_url = substr($team_url, 7);
}
$team_name = process_user_text(strip_tags(post_str("name")));
$team_name = boinc_htmlentities(process_user_text(strip_tags(post_str("name"))));
$team_name_lc = strtolower($team_name);
$team_name_html = process_user_text(post_str("name_html", true)); //Do we really not want to
$team_description = process_user_text(post_str("description", true)); //scrub out bad HTML tags?
$team_description = boinc_htmlentities(process_user_text(post_str("description", true))); //scrub out bad HTML tags?
$type = process_user_text(post_str("type", true));
$country = process_user_text(post_str("country", true));