Attached Files |
htmlspecialchars_encoding_core_fix.patch [^] (15,383 bytes) 2012-11-02 09:13
[Show Content]
Index: install.php
===================================================================
--- install.php (revision 15597)
+++ install.php (working copy)
@@ -1732,7 +1732,7 @@
*/
function DBErrorHandler($code, $msg, $sql)
{
- $this->errorMessage = 'Query: <br />'.htmlspecialchars($sql).'<br />execution result is error:<br />['.$code.'] '.$msg;
+ $this->errorMessage = 'Query: <br />'.htmlspecialchars($sql, null, 'UTF-8').'<br />execution result is error:<br />['.$code.'] '.$msg;
return true;
}
Index: install/install_toolkit.php
===================================================================
--- install/install_toolkit.php (revision 15437)
+++ install/install_toolkit.php (working copy)
@@ -412,7 +412,7 @@
$this->Conn->Query($sql);
if ($this->Conn->getErrorCode() != 0) {
if (is_object($this->_installator)) {
- $this->_installator->errorMessage = 'Error: ('.$this->Conn->getErrorCode().') '.$this->Conn->getErrorMsg().'<br /><br />Last Database Query:<br /><textarea cols="70" rows="10" readonly>'.htmlspecialchars($sql).'</textarea>';
+ $this->_installator->errorMessage = 'Error: ('.$this->Conn->getErrorCode().') '.$this->Conn->getErrorMsg().'<br /><br />Last Database Query:<br /><textarea cols="70" rows="10" readonly>'.htmlspecialchars($sql, null, 'UTF-8').'</textarea>';
$this->_installator->LastQueryNum = $i + 1;
}
return false;
@@ -728,7 +728,7 @@
$image_src = $this->Application->BaseURL() . $image_src;
}
- $ret[] = '<img src="' . $image_src . '" alt="' . htmlspecialchars($module_name) . '" title="' . htmlspecialchars($module_name) . '" style="vertical-align:middle; margin: 3px 0 3px 5px"/>';
+ $ret[] = '<img src="' . $image_src . '" alt="' . htmlspecialchars($module_name, null, 'UTF-8') . '" title="' . htmlspecialchars($module_name, null, 'UTF-8') . '" style="vertical-align:middle; margin: 3px 0 3px 5px"/>';
}
if (array_key_exists('description', $module_info) && $module_info['description']) {
Index: kernel/db/db_event_handler.php
===================================================================
--- kernel/db/db_event_handler.php (revision 15575)
+++ kernel/db/db_event_handler.php (working copy)
@@ -3482,7 +3482,7 @@
echo '<suggestions>';
foreach ($data as $item) {
- echo '<item>' . htmlspecialchars($item) . '</item>';
+ echo '<item>' . htmlspecialchars($item, null, CHARSET) . '</item>';
}
echo '</suggestions>';
Index: kernel/db/db_tag_processor.php
===================================================================
--- kernel/db/db_tag_processor.php (revision 15437)
+++ kernel/db/db_tag_processor.php (working copy)
@@ -897,7 +897,7 @@
if (!array_key_exists('no_special', $params) || !$params['no_special']) {
// when no_special parameter NOT SET apply htmlspecialchars
- $value = htmlspecialchars($value);
+ $value = htmlspecialchars($value, null, CHARSET);
}
if (array_key_exists('checked', $params) && $params['checked']) {
@@ -2275,7 +2275,7 @@
}
if ( !array_key_exists('no_special', $params) || !$params['no_special'] ) {
- $ret = htmlspecialchars($ret);
+ $ret = htmlspecialchars($ret, null, CHARSET);
}
return $ret;
Index: kernel/nparser/nparser.php
===================================================================
--- kernel/nparser/nparser.php (revision 15437)
+++ kernel/nparser/nparser.php (working copy)
@@ -838,7 +838,7 @@
$icon_url = $base_url . 'core/admin_templates/img/top_frame/icons/' . $btn_name . '_mode.png';
$block_editor = '
- <div id="' . $container_id . '" params="' . $param_string . '" class="' . $btn_container_class . '" title="' . htmlspecialchars($block_title) . '">
+ <div id="' . $container_id . '" params="' . $param_string . '" class="' . $btn_container_class . '" title="' . htmlspecialchars($block_title, null, CHARSET) . '">
<button style="background-image: url(' . $icon_url . ');" class="cms-btn-new ' . $btn_class . '" id="' . $container_id . '_btn">' . $btn_text . '</button>
<div class="cms-btn-content">
%s
Index: kernel/processors/main_processor.php
===================================================================
--- kernel/processors/main_processor.php (revision 15588)
+++ kernel/processors/main_processor.php (working copy)
@@ -304,7 +304,7 @@
$ret = ($ret === false && isset($params['no_null'])) ? '' : $ret;
if (getArrayValue($params, 'special') || getArrayValue($params, 'htmlchars')) {
- $ret = htmlspecialchars($ret);
+ $ret = htmlspecialchars($ret, null, CHARSET);
}
if (getArrayValue($params, 'urlencode')) {
@@ -610,7 +610,7 @@
}
if ( isset($params['escape']) && $params['escape'] ) {
- $translation = htmlspecialchars($translation, ENT_QUOTES);
+ $translation = htmlspecialchars($translation, ENT_QUOTES, CHARSET);
$translation = addslashes($translation);
}
Index: kernel/processors/tag_processor.php
===================================================================
--- kernel/processors/tag_processor.php (revision 15437)
+++ kernel/processors/tag_processor.php (working copy)
@@ -202,7 +202,7 @@
function PostProcess($ret, $flag_values)
{
if ($flag_values['html_escape']) {
- $ret = htmlspecialchars($ret);
+ $ret = htmlspecialchars($ret, null, CHARSET);
}
if ($flag_values['js_escape']) {
$ret = addslashes($ret);
@@ -329,7 +329,7 @@
{
// echo " prefix : $prefix <br>";
if (!isset($this->Prefixes[$prefix]))
- $this->Application->ApplicationDie ("<b>Filepath and ClassName for prefix $prefix not defined while processing ".htmlspecialchars($tag->GetFullTag())."!</b>");
+ $this->Application->ApplicationDie ("<b>Filepath and ClassName for prefix $prefix not defined while processing ".htmlspecialchars($tag->GetFullTag(), null, CHARSET)."!</b>");
include_once($this->Prefixes[$prefix]['path']);
$ClassName = $this->Prefixes[$prefix]['class'];
$a_processor = new $ClassName($prefix);
Index: kernel/utility/debugger.php
===================================================================
--- kernel/utility/debugger.php (revision 15597)
+++ kernel/utility/debugger.php (working copy)
@@ -1147,7 +1147,7 @@
$value = '<b class="debug_error">no value</b>';
}
else {
- $value = htmlspecialchars($this->print_r($value, true));
+ $value = htmlspecialchars($this->print_r($value, true), null, 'UTF-8');
}
echo '<tr><td>' . $prefix . '</td><td>' . $key . '</td><td>' . $value . '</td></tr>';
Index: kernel/utility/http_query.php
===================================================================
--- kernel/utility/http_query.php (revision 15569)
+++ kernel/utility/http_query.php (working copy)
@@ -633,7 +633,7 @@
}
if (!$this->Application->isAdmin) {
- $value = htmlspecialchars($value);
+ $value = htmlspecialchars($value, null, CHARSET);
}
$array[$key] = $value;
Index: units/categories/categories_tag_processor.php
===================================================================
--- units/categories/categories_tag_processor.php (revision 15531)
+++ units/categories/categories_tag_processor.php (working copy)
@@ -1691,7 +1691,7 @@
{
$phrase = $this->Application->Phrase($title, false, true);
- return $tabs . 'a_toolbar.AddButton( new ToolBarButton("' . $name . '", "' . htmlspecialchars($phrase) . '") );';
+ return $tabs . 'a_toolbar.AddButton( new ToolBarButton("' . $name . '", "' . htmlspecialchars($phrase, null, CHARSET) . '") );';
}
function _getThemeFileId()
Index: units/configuration/configuration_event_handler.php
===================================================================
--- units/configuration/configuration_event_handler.php (revision 15590)
+++ units/configuration/configuration_event_handler.php (working copy)
@@ -529,7 +529,7 @@
$suggestion_module = in_array('In-Portal', $suggestion_modules) ? 'In-Portal' : implode(', ', $suggestion_modules);
$suggestion_title = $suggestion_value . ' <em style="color: grey;">' . $of_label . ' ' . $suggestion_module . '</em>';
- echo '<item value="' . htmlspecialchars($suggestion_value) . '">' . htmlspecialchars($suggestion_title) . '</item>';
+ echo '<item value="' . htmlspecialchars($suggestion_value, null, CHARSET) . '">' . htmlspecialchars($suggestion_title, null, CHARSET) . '</item>';
}
echo '</suggestions>';
Index: units/email_events/email_events_event_handler.php
===================================================================
--- units/email_events/email_events_event_handler.php (revision 15542)
+++ units/email_events/email_events_event_handler.php (working copy)
@@ -550,7 +550,7 @@
echo '<suggestions>';
foreach ($data as $item) {
- echo '<item>' . htmlspecialchars($item) . '</item>';
+ echo '<item>' . htmlspecialchars($item, null, CHARSET) . '</item>';
}
echo '</suggestions>';
Index: units/fck/fck_eh.php
===================================================================
--- units/fck/fck_eh.php (revision 15445)
+++ units/fck/fck_eh.php (working copy)
@@ -96,7 +96,7 @@
$title = $title . ' (' . $page_path . ')';
$real_url = $this->Application->HREF($template, '_FRONT_END_', array('pass' => 'm'), 'index.php');
- $res .= '<CmsPage real_url="' . $real_url . '" path="@@' . $id . '@@" title="' . htmlspecialchars($title, ENT_QUOTES) . '" st_id="' . $id . '" serverpath="" />' . "\n";
+ $res .= '<CmsPage real_url="' . $real_url . '" path="@@' . $id . '@@" title="' . htmlspecialchars($title, ENT_QUOTES, CHARSET) . '" st_id="' . $id . '" serverpath="" />' . "\n";
}
$res.= "</CmsPages>";
Index: units/helpers/controls/minput_helper.php
===================================================================
--- units/helpers/controls/minput_helper.php (revision 15437)
+++ units/helpers/controls/minput_helper.php (working copy)
@@ -40,7 +40,7 @@
if (!in_array($field_name, $use_fields)) {
continue;
}
- $xml .= '<field name="' . $field_name . '">' . htmlspecialchars($field_value) . '</field>';
+ $xml .= '<field name="' . $field_name . '">' . htmlspecialchars($field_value, null, CHARSET) . '</field>';
}
$xml .= '</record>';
}
Index: units/helpers/deployment_helper.php
===================================================================
--- units/helpers/deployment_helper.php (revision 15588)
+++ units/helpers/deployment_helper.php (working copy)
@@ -422,7 +422,7 @@
}
elseif ( $sql ) {
$this->toLog($sql . ' ... ', false);
- echo mb_substr(trim(preg_replace('/(\n|\t| )+/is', ' ', ($this->isCommandLine ? $sql : htmlspecialchars($sql)))), 0, self::SQL_TRIM_LENGTH) . ' ... ';
+ echo mb_substr(trim(preg_replace('/(\n|\t| )+/is', ' ', ($this->isCommandLine ? $sql : htmlspecialchars($sql, null, CHARSET)))), 0, self::SQL_TRIM_LENGTH) . ' ... ';
$this->Conn->Query($sql);
@@ -563,7 +563,7 @@
$html_color = $html_color_map[$color][$bold ? 'bold' : 'normal'];
- return '<span style="color: ' . $html_color . '">' . htmlspecialchars($text) . '</span>';
+ return '<span style="color: ' . $html_color . '">' . htmlspecialchars($text, null, CHARSET) . '</span>';
}
/**
@@ -579,7 +579,7 @@
return "\033[1m" . $text . "\033[0m";
}
- return '<strong>' . htmlspecialchars($text) . '</strong>';
+ return '<strong>' . htmlspecialchars($text, null, CHARSET) . '</strong>';
}
/**
@@ -611,7 +611,7 @@
private function out($text, $new_line = false)
{
if ( !$this->isCommandLine ) {
- $text = htmlspecialchars($text);
+ $text = htmlspecialchars($text, null, CHARSET);
}
echo $text . ($new_line ? PHP_EOL : '');
Index: units/helpers/language_import_helper.php
===================================================================
--- units/helpers/language_import_helper.php (revision 15588)
+++ units/helpers/language_import_helper.php (working copy)
@@ -318,7 +318,7 @@
$ret .= "\t" . '<LANGUAGE Encoding="' . $this->_exportEncoding . '"';
foreach ($export_fields as $export_field) {
- $ret .= ' ' . $export_field . '="' . htmlspecialchars($language_info[$export_field], NULL, 'UTF-8') . '"';
+ $ret .= ' ' . $export_field . '="' . htmlspecialchars($language_info[$export_field], NULL, CHARSET) . '"';
}
$ret .= '>' . "\n";
@@ -363,8 +363,8 @@
$column_translation = base64_encode($column_translation);
}
else {
- $hint_translation = htmlspecialchars($hint_translation, NULL, 'UTF-8');
- $column_translation = htmlspecialchars($column_translation, NULL, 'UTF-8');
+ $hint_translation = htmlspecialchars($hint_translation, NULL, CHARSET);
+ $column_translation = htmlspecialchars($column_translation, NULL, CHARSET);
}
$attributes = Array (
Index: units/helpers/xml_helper.php
===================================================================
--- units/helpers/xml_helper.php (revision 15437)
+++ units/helpers/xml_helper.php (working copy)
@@ -534,7 +534,7 @@
$xml .= ' ';
$att_contents = array();
foreach ($this->OriginalAttributes as $name => $value) {
- $att_contents[] = $name.'="'.htmlspecialchars($value).'"';
+ $att_contents[] = $name.'="'.htmlspecialchars($value, null, CHARSET).'"';
}
$xml .= implode(' ', $att_contents);
}
Index: units/images/image_tag_processor.php
===================================================================
--- units/images/image_tag_processor.php (revision 15437)
+++ units/images/image_tag_processor.php (working copy)
@@ -40,7 +40,7 @@
$block_params['img_path'] = $image_url;
$image_dimensions = $this->ImageSize($block_params);
$block_params['img_size'] = $image_dimensions ? $image_dimensions : ' width="' . $block_params['DefaultWidth'] . '"';
- $block_params['alt'] = $object->GetField('AltName') ? $object->GetField('AltName') : htmlspecialchars($this->getItemTitle($parent_item));
+ $block_params['alt'] = $object->GetField('AltName') ? $object->GetField('AltName') : htmlspecialchars($this->getItemTitle($parent_item), null, CHARSET);
$block_params['align'] = array_key_exists('align', $block_params) ? $block_params['align'] : 'left';
}
@@ -447,7 +447,7 @@
$params['img_path'] = $image_url;
$image_dimensions = $this->ImageSize($params);
$params['img_size'] = $image_dimensions ? $image_dimensions : ' width="' . $params['DefaultWidth'] . '"';
- $params['alt'] = htmlspecialchars($object->GetField('AltName')); // really used ?
+ $params['alt'] = htmlspecialchars($object->GetField('AltName'), null, CHARSET); // really used ?
$params['name'] = $this->SelectParam($params, 'block,render_as');
$params['align'] = array_key_exists('align', $params) ? $params['align'] : 'left';
$params['no_editing'] = 1;
Index: units/logs/change_logs/changes_formatter.php
===================================================================
--- units/logs/change_logs/changes_formatter.php (revision 15515)
+++ units/logs/change_logs/changes_formatter.php (working copy)
@@ -79,6 +79,6 @@
$data = substr($data, 0, 50) . ' ...';
}
- return htmlspecialchars($data);
+ return htmlspecialchars($data, null, CHARSET);
}
}
\ No newline at end of file
htmlspecialchars_encoding_modules_fix.patch [^] (7,207 bytes) 2012-11-02 09:13
[Show Content]
Index: in-bulletin/units/helpers/post_helper.php
===================================================================
--- in-bulletin/units/helpers/post_helper.php (revision 15437)
+++ in-bulletin/units/helpers/post_helper.php (working copy)
@@ -158,7 +158,7 @@
function parsePostBody($post_body, $post_options, $sub_blocks)
{
// 1. escape all html sequences
- $post_body = htmlspecialchars($post_body, ENT_NOQUOTES); // don't touch quotes in bbcode attribute values
+ $post_body = htmlspecialchars($post_body, ENT_NOQUOTES, CHARSET); // don't touch quotes in bbcode attribute values
// 2. replace censored words
$post_body = $this->CensorText($post_body);
Index: in-commerce/units/gateways/gw_classes/google_checkout.php
===================================================================
--- in-commerce/units/gateways/gw_classes/google_checkout.php (revision 15437)
+++ in-commerce/units/gateways/gw_classes/google_checkout.php (working copy)
@@ -80,8 +80,8 @@
$cart_xml = Array ();
foreach ($order_items as $order_item) {
$cart_xml[] = ' <item>
- <item-name>'.htmlspecialchars($order_item['ProductName']).'</item-name>
- <item-description>'.htmlspecialchars($order_item[$ml_formatter->LangFieldName('DescriptionExcerpt')]).'</item-description>'.
+ <item-name>'.htmlspecialchars($order_item['ProductName'], null, CHARSET).'</item-name>
+ <item-description>'.htmlspecialchars($order_item[$ml_formatter->LangFieldName('DescriptionExcerpt')], null, CHARSET).'</item-description>'.
$this->getPriceXML('unit-price', $order_item['Price']).'
<quantity>'.$order_item['Quantity'].'</quantity>
</item>';
@@ -102,7 +102,7 @@
$shipping_xml = '';
foreach ($shipping_types as $shipping_name) {
- $shipping_xml .= ' <merchant-calculated-shipping name="'.htmlspecialchars($shipping_name).'">
+ $shipping_xml .= ' <merchant-calculated-shipping name="'.htmlspecialchars($shipping_name, null, CHARSET).'">
<price currency="USD">0.00</price>
</merchant-calculated-shipping>';
}
@@ -390,7 +390,7 @@
$shipping_name = $shipping_type['ShippingName'];
$processable_shipping_index = array_search($shipping_name, $process_shippings);
if ($processable_shipping_index !== false) {
- $shipping_types_xml .= '<result shipping-name="'.htmlspecialchars($shipping_name).'" address-id="'.$address_id.'">
+ $shipping_types_xml .= '<result shipping-name="'.htmlspecialchars($shipping_name, null, CHARSET).'" address-id="'.$address_id.'">
<shipping-rate currency="USD">'.sprintf('%01.2f', $shipping_type['TotalCost']).'</shipping-rate>
<shippable>true</shippable>
</result>';
@@ -402,7 +402,7 @@
// add unavailable shipping types
foreach ($process_shippings as $shipping_name) {
- $shipping_types_xml .= '<result shipping-name="'.htmlspecialchars($shipping_name).'" address-id="'.$address_id.'">
+ $shipping_types_xml .= '<result shipping-name="'.htmlspecialchars($shipping_name, null, CHARSET).'" address-id="'.$address_id.'">
<shipping-rate currency="USD">0.00</shipping-rate>
<shippable>false</shippable>
</result>';
Index: in-commerce/units/gateways/gw_classes/ideal_nl.php
===================================================================
--- in-commerce/units/gateways/gw_classes/ideal_nl.php (revision 15437)
+++ in-commerce/units/gateways/gw_classes/ideal_nl.php (working copy)
@@ -103,7 +103,7 @@
$error_msg = $trans_data->FindChildValue('message');
$this->parsed_responce['XML'] = $transaction_xml;
$this->Application->SetVar('failure_template', $this->Application->RecallVar('gw_cancel_template'));
- $this->parsed_responce['MESSAGE'] = $error_msg ? $error_msg : 'Unknown gateway error ('.htmlspecialchars($transaction_xml).')';
+ $this->parsed_responce['MESSAGE'] = $error_msg ? $error_msg : 'Unknown gateway error ('.htmlspecialchars($transaction_xml, null, CHARSET).')';
return false;
}
Index: in-commerce/units/gateways/gw_tag_processor.php
===================================================================
--- in-commerce/units/gateways/gw_tag_processor.php (revision 15437)
+++ in-commerce/units/gateways/gw_tag_processor.php (working copy)
@@ -50,7 +50,7 @@
$value = isset($this->ConfigValues[$id]) ? $this->ConfigValues[$id] : '';
if ( !array_key_exists('no_special', $params) || !$params['no_special'] ) {
- $value = htmlspecialchars($value);
+ $value = htmlspecialchars($value, null, CHARSET);
}
if ( getArrayValue($params, 'checked') ) {
Index: in-commerce/units/order_items/order_items_tag_processor.php
===================================================================
--- in-commerce/units/order_items/order_items_tag_processor.php (revision 15437)
+++ in-commerce/units/order_items/order_items_tag_processor.php (working copy)
@@ -126,7 +126,7 @@
$block_params['price_type'] = $price_type;
$block_params['sign'] = $price >= 0 ? '+' : '-';
}
- $block_params['value'] = htmlspecialchars($val);
+ $block_params['value'] = htmlspecialchars($val, null, CHARSET);
$block_params['type'] = $key_data['OptionType'];
}
$o .= $this->Application->ParseBlock($block_params, 1);
@@ -176,7 +176,7 @@
foreach ($values as $val) {
$i++;
$val = htmlspecialchars_decode($val);
- $block_params['value'] = htmlspecialchars($val);
+ $block_params['value'] = htmlspecialchars($val, null, CHARSET);
if ($price_types[$val] == '$') {
$iso = $this->GetISO($params['currency']);
$value = $this->AddCurrencySymbol(sprintf("%.2f", $this->ConvertCurrency($prices[$val], $iso)), $iso, true); // true to force sign
Index: in-commerce/units/product_options/product_options_tag_processor.php
===================================================================
--- in-commerce/units/product_options/product_options_tag_processor.php (revision 15437)
+++ in-commerce/units/product_options/product_options_tag_processor.php (working copy)
@@ -61,11 +61,11 @@
if ( getArrayValue($params, 'js') ) {
$block_params['id'] = addslashes($val);
- $block_params['value'] = htmlspecialchars($val);
+ $block_params['value'] = htmlspecialchars($val, null, CHARSET);
}
else {
- $block_params['id'] = htmlspecialchars($val);
- $block_params['value'] = htmlspecialchars($val);
+ $block_params['id'] = htmlspecialchars($val, null, CHARSET);
+ $block_params['value'] = htmlspecialchars($val, null, CHARSET);
}
if ( $conv_prices[$val] ) {
@@ -105,7 +105,7 @@
$option_value = array_key_exists($object->GetID(), $options) ? $options[$object->GetID()] : '';
if ( $object->GetDBField('OptionType') == OptionType::CHECKBOX ) {
- $selected = is_array($option_value) && in_array(htmlspecialchars($val), $option_value);
+ $selected = is_array($option_value) && in_array(htmlspecialchars($val, null, CHARSET), $option_value);
}
else { // radio buttons ?
$selected = htmlspecialchars_decode($option_value) == $val;
|