chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r13297] Fix encoding problem by using $charset inside calls to htmlentities() and htmlspecialchars

Browse Source
skala
Yannick Warnier 18 years ago
parent 8b0ecbd1bb
commit 92db3fdff5
6 changed files with 13 additions and 10 deletions
  1. 3
      main/user/class.php
  2. 4
      main/user/user.php
  3. 2
      main/user/userInfo.php
  4. 3
      main/user/userInfoLib.php
  5. 4
      main/user/user_add.php
  6. 7
      whoisonline.php

3
main/user/class.php
Unescape View File

@ -167,7 +167,8 @@ function get_class_data($from, $number_of_items, $column, $direction)
*/
function reg_filter($class_id)
{
$result = '<a href="'.api_get_self().'?'.api_get_cidreq().'&unsubscribe=yes&amp;class_id='.$class_id.'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang('ConfirmYourChoice'))).'\')) return false;"><img src="../img/delete.gif"/></a>';
global $charset;
$result = '<a href="'.api_get_self().'?'.api_get_cidreq().'&unsubscribe=yes&amp;class_id='.$class_id.'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang('ConfirmYourChoice'),ENT_QUOTES,$charset)).'\')) return false;"><img src="../img/delete.gif"/></a>';
return $result;
}
// Build search-form

4
main/user/user.php
Unescape View File

@ -455,7 +455,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
*/
function modify_filter($user_id)
{
global $origin,$_user, $_course, $is_allowed_to_track;
global $origin,$_user, $_course, $is_allowed_to_track,$charset;
$result="<div style='text-align: center'>";
@ -475,7 +475,7 @@ function modify_filter($user_id)
// unregister
if( $user_id != $_user['user_id'])
{
$result .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&unregister=yes&amp;user_id='.$user_id.'&amp;'.$sort_params.'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang('ConfirmYourChoice'))).'\')) return false;"><img border="0" alt="'.get_lang("Unreg").'" src="../img/delete.gif"/></a>';
$result .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&unregister=yes&amp;user_id='.$user_id.'&amp;'.$sort_params.'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang('ConfirmYourChoice'),ENT_QUOTES,$charset)).'\')) return false;"><img border="0" alt="'.get_lang("Unreg").'" src="../img/delete.gif"/></a>';
}
}

2
main/user/userInfo.php
Unescape View File

@ -265,7 +265,7 @@ elseif ($displayMode == "viewDefList")
// displays commands
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&removeDef=", $thisCat['catId'], "\">", "<img src=\"../img/delete.gif\" border=\"0\" alt=\"".get_lang('Remove')."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang('ConfirmYourChoice')))."')) return false;\">", "</a>", "<a href=\"".api_get_self()."?".api_get_cidreq()."&editDef=", $thisCat['catId'], "\">", "<img src=\"../img/edit.gif\" border=\"0\" alt=\"".get_lang('Edit')."\" />", "</a>", "<a href=\"".api_get_self()."?".api_get_cidreq()."&moveUpDef=", $thisCat['catId'], "\">", "<img src=\"../img/up.gif\" border=\"0\" alt=\"".get_lang('MoveUp')."\">", "</a>", "<a href=\"".api_get_self()."?".api_get_cidreq()."&moveDownDef=", $thisCat['catId'], "\">", "<img src=\"../img/down.gif\" border=\"0\" alt=\"".get_lang('MoveDown')."\">", "</a>\n";
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&removeDef=", $thisCat['catId'], "\">", "<img src=\"../img/delete.gif\" border=\"0\" alt=\"".get_lang('Remove')."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang('ConfirmYourChoice'),ENT_QUOTES,$charset))."')) return false;\">", "</a>", "<a href=\"".api_get_self()."?".api_get_cidreq()."&editDef=", $thisCat['catId'], "\">", "<img src=\"../img/edit.gif\" border=\"0\" alt=\"".get_lang('Edit')."\" />", "</a>", "<a href=\"".api_get_self()."?".api_get_cidreq()."&moveUpDef=", $thisCat['catId'], "\">", "<img src=\"../img/up.gif\" border=\"0\" alt=\"".get_lang('MoveUp')."\">", "</a>", "<a href=\"".api_get_self()."?".api_get_cidreq()."&moveDownDef=", $thisCat['catId'], "\">", "<img src=\"../img/down.gif\" border=\"0\" alt=\"".get_lang('MoveDown')."\">", "</a>\n";
} // end for each
} // end if ($catList)

3
main/user/userInfoLib.php
Unescape View File

@ -613,7 +613,8 @@ function get_cat_def_list()
function htmlize($phrase)
{
return nl2br(htmlspecialchars($phrase));
global $charset;
return nl2br(htmlspecialchars($phrase,ENT_QUOTES,$charset));
}

4
main/user/user_add.php
Unescape View File

@ -284,11 +284,11 @@ if(!empty($message))
<tr>
<td align="right"><?php echo get_lang('LastName'); ?> :</td>
<td><input type="text" size="15" name="lastname_form" value="<?php echo htmlentities(stripslashes($lastname_form)); ?>" /></td>
<td><input type="text" size="15" name="lastname_form" value="<?php echo htmlentities(stripslashes($lastname_form),ENT_QUOTES,$charset); ?>" /></td>
</tr>
<tr>
<td align="right"><?php echo get_lang('FirstName'); ?> :</td>
<td><input type="text" size="15" name="firstname_form" value="<?php echo htmlentities(stripslashes($firstname_form)); ?>" /></td>
<td><input type="text" size="15" name="firstname_form" value="<?php echo htmlentities(stripslashes($firstname_form),ENT_QUOTES,$charset); ?>" /></td>
</tr>
<tr>
<td align="right"><?php echo get_lang('OfficialCode'); ?> :</td>

7
whoisonline.php
Unescape View File

@ -1,4 +1,4 @@
<?php // $Id: whoisonline.php 12589 2007-06-13 16:22:58Z yannoo $
<?php // $Id: whoisonline.php 13297 2007-09-27 02:20:35Z yannoo $
/*
==============================================================================
Dokeos - elearning and course management software
@ -72,6 +72,7 @@ if ($_GET['chatid'] != '')
*/
function display_user_list($user_list, $_plugins)
{
global $charset;
if ($_GET["id"]=='')
{
$extra_params = array();
@ -89,7 +90,7 @@ function display_user_list($user_list, $_plugins)
$url = '?id='.$uid.$course_url;
if(strlen($user_info['picture_uri']) > 0)
{
$table_row[] = '<span style="display:none;">1</span><a href="'.$url.'"><img src="'.api_get_path(WEB_CODE_PATH).'upload/users/'.$user_info['picture_uri'].'" alt="'.htmlentities($user_info['firstName']).'" width="40" border="0"/></a>';
$table_row[] = '<span style="display:none;">1</span><a href="'.$url.'"><img src="'.api_get_path(WEB_CODE_PATH).'upload/users/'.$user_info['picture_uri'].'" alt="'.htmlentities($user_info['firstName'],ENT_QUOTES,$charset).'" width="40" border="0"/></a>';
}
else
{
@ -269,7 +270,7 @@ else
Display::display_header(get_lang('UsersOnLineList'));
Display::display_error_message(get_lang('AccessNotAllowed'));
}
$referer = empty($_GET['referer'])?'index.php':htmlentities(strip_tags($_GET['referer']));
$referer = empty($_GET['referer'])?'index.php':htmlentities(strip_tags($_GET['referer']),ENT_QUOTES,$charset);
echo '<a href="'.($_GET['id']?'javascript:window.history.back();':$referer).'">&lt; '.get_lang('Back').'</a>';
/*

Write Preview
Loading…
Cancel
Save