diff --git a/main/wiki/export_html2pdf.php b/main/wiki/export_html2pdf.php index a597a34818..7a6e45108a 100644 --- a/main/wiki/export_html2pdf.php +++ b/main/wiki/export_html2pdf.php @@ -5,8 +5,8 @@ include("../inc/global.inc.php"); api_block_anonymous_users(); require('../plugin/html2fpdf/html2fpdf.php'); -$contentPDF=stripslashes(html_entity_decode($_POST['contentPDF'])); -$titlePDF=stripslashes(html_entity_decode($_POST['titlePDF'])); +$contentPDF=stripslashes(api_html_entity_decode($_POST['contentPDF'], ENT_QUOTES, $charset)); +$titlePDF=stripslashes(api_html_entity_decode($_POST['titlePDF'], ENT_QUOTES, $charset)); //activate Output -Buffer: ob_start(); @@ -25,4 +25,4 @@ $pdf->SetTitle($titlePDF); $pdf->SetKeywords('Dokeos Wiki'); $pdf->WriteHTML($htmlbuffer); $pdf->Output(); -?> \ No newline at end of file +?> diff --git a/main/wiki/index.php b/main/wiki/index.php index 740bae039d..755f80a13b 100644 --- a/main/wiki/index.php +++ b/main/wiki/index.php @@ -610,7 +610,7 @@ if ($_GET['action']=='usercontrib') $row[] = ''.$obj->title.''; $row[] =$obj->version; $row[] =$obj->comment; - //$row[] =strlen($obj->comment)>30 ? substr($obj->comment,0,30).'...' : $obj->comment; + //$row[] = api_strlen($obj->comment)>30 ? api_substr($obj->comment,0,30).'...' : $obj->comment; $row[] =$obj->progress.' %'; $row[] =$obj->score; //if(api_is_allowed_to_edit() || api_is_platform_admin()) @@ -1027,7 +1027,7 @@ if ($_GET['action']=='links') } echo '
'; - echo $LinksPagesFrom.': '.$ShowAssignment.' '.Security::remove_XSS($row['title']).''; + echo get_lang('LinksPagesFrom').': '.$ShowAssignment.' '.Security::remove_XSS($row['title']).''; echo '
'; //fix index to title Main page into linksto @@ -1277,7 +1277,7 @@ if ($_GET['action']=='edit') %'; echo '

'; - echo ''; //for save icon + echo ''; //for save icon echo '';//for save button echo ''; echo ''; @@ -1386,8 +1386,8 @@ if ($_GET['action']=='history' or Security::remove_XSS($_POST['HistoryDifference if (!empty($comment)) { - echo get_lang('Comments').': '.substr(htmlentities($row['comment']),0,100); - if (strlen($row['comment'])>100) + echo get_lang('Comments').': '.api_substr(api_htmlentities($row['comment'], ENT_QUOTES, $charset),0,100); + if (api_strlen($row['comment'])>100) { echo '... '; } @@ -1556,7 +1556,7 @@ if ($_GET['action']=='recentchanges') $row[] =$ShowAssignment; $row[] = ''.$obj->title.''; $row[] =$obj->version>1 ? get_lang('EditedBy') : get_lang('AddedBy'); - $row[] = $obj->user_id <>0 ? ''.$userinfo['lastname'].', '.$userinfo['firstname'].'' : get_lang('Anonymous').' ('.$obj->user_ip.')'; + $row[] = $obj->user_id <>0 ? ''.$userinfo['lastname'].', '.$userinfo['firstname'].'' : get_lang('Anonymous').' ('.$obj->user_ip.')'; $rows[] = $row; } @@ -2223,8 +2223,8 @@ function make_wiki_link_clickable($input) **/ function save_wiki() { - - global $tbl_wiki; + global $charset; + global $tbl_wiki; // NOTE: visibility, visibility_disc and ratinglock_disc changes are not made here, but through the interce buttons @@ -2232,7 +2232,7 @@ function save_wiki() $_clean['reflink']=Database::escape_string($_POST['reflink']); $_clean['title']=Database::escape_string($_POST['title']); - $_clean['content']= html_entity_decode(Database::escape_string(stripslashes($_POST['content']))); + $_clean['content']= api_html_entity_decode(Database::escape_string(stripslashes($_POST['content'])), ENT_QUOTES, $charset); $_clean['user_id']=(int)Database::escape_string(api_get_user_id()); $_clean['assignment']=Database::escape_string($_POST['assignment']); $_clean['comment']=Database::escape_string($_POST['comment']); @@ -2319,7 +2319,7 @@ function delete_wiki() **/ function save_new_wiki() { - + global $charset; global $tbl_wiki; global $assig_user_id; //need for assignments mode @@ -2376,7 +2376,7 @@ function save_new_wiki() $_clean['linksto'] = links_to($_clean['content']); //check wikilinks //filter no _uass - if(eregi("_uass",$_POST['title']) || (strtoupper(trim($_POST['title']))==strtoupper ('index') || strtoupper(trim(htmlentities($_POST['title'])))==strtoupper(htmlentities(get_lang('DefaultTitle'))))) + if (api_eregi('_uass', $_POST['title']) || (api_strtoupper(trim($_POST['title'])) == 'INDEX' || api_strtoupper(trim(api_htmlentities($_POST['title'], ENT_QUOTES, $charset))) == api_strtoupper(api_htmlentities(get_lang('DefaultTitle'), ENT_QUOTES, $charset)))) { $message= get_lang('GoAndEditMainPage'); Display::display_warning_message($message,false); @@ -2483,6 +2483,7 @@ function display_new_wiki_form() **/ function display_wiki_entry() { + global $charset; global $tbl_wiki; global $groupfilter; global $page; @@ -2629,8 +2630,8 @@ function display_wiki_entry() //page action: export to pdf echo ''; echo '
'; // also with export_tcpdf.php - echo ''; - echo ''; + echo ''; + echo ''; echo ''; echo '
'; echo ''; @@ -2641,8 +2642,8 @@ function display_wiki_entry() echo ''; echo '
'; echo ''; - echo ''; - echo ''; + echo ''; + echo ''; echo ''; echo '
'; echo ''; @@ -2662,7 +2663,7 @@ function display_wiki_entry() '; - echo ''.get_lang('Print').''; + echo ''.get_lang('Print').''; echo ''; @@ -3764,4 +3765,4 @@ function display_wiki_search_results($search_term, $search_content=0) echo get_lang('NoSearchResults'); } } -?> \ No newline at end of file +?>