diff options
Diffstat (limited to 'phpBB')
28 files changed, 75 insertions, 115 deletions
diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php index 868421e988..a4e860b7bc 100644 --- a/phpBB/includes/acp/acp_ban.php +++ b/phpBB/includes/acp/acp_ban.php @@ -189,7 +189,7 @@ class acp_ban $template->assign_block_vars('ban_reason', array( 'BAN_ID' => $ban_id, 'REASON' => $reason, - 'A_REASON' => addslashes(utf8_html_entity_decode($reason))) + 'A_REASON' => addslashes(htmlspecialchars_decode($reason))) ); } } @@ -201,7 +201,7 @@ class acp_ban $template->assign_block_vars('ban_give_reason', array( 'BAN_ID' => $ban_id, 'REASON' => $reason, - 'A_REASON' => addslashes(utf8_html_entity_decode($reason))) + 'A_REASON' => addslashes(htmlspecialchars_decode($reason))) ); } } diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 445d33cacb..e4ea02ad4d 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -75,7 +75,7 @@ class acp_bbcodes $display_on_posting = request_var('display_on_posting', 0); $bbcode_match = request_var('bbcode_match', ''); - $bbcode_tpl = html_entity_decode(request_var('bbcode_tpl', '')); + $bbcode_tpl = htmlspecialchars_decode(request_var('bbcode_tpl', '')); $bbcode_helpline = request_var('bbcode_helpline', ''); break; } diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index 54f9816dea..5b79451634 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -150,13 +150,13 @@ class acp_email $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); - $messenger->subject(utf8_html_entity_decode($subject)); + $messenger->subject(htmlspecialchars_decode($subject)); $messenger->replyto($config['board_email']); $messenger->set_mail_priority($priority); $messenger->assign_vars(array( 'CONTACT_EMAIL' => $config['board_contact'], - 'MESSAGE' => utf8_html_entity_decode($message)) + 'MESSAGE' => htmlspecialchars_decode($message)) ); if (!($messenger->send($used_method))) diff --git a/phpBB/includes/acp/acp_inactive.php b/phpBB/includes/acp/acp_inactive.php index 5404393f69..2834d25181 100755 --- a/phpBB/includes/acp/acp_inactive.php +++ b/phpBB/includes/acp/acp_inactive.php @@ -107,7 +107,7 @@ class acp_inactive $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($row['username']), + 'USERNAME' => htmlspecialchars_decode($row['username']), 'REGISTER_DATE' => $user->format_date($row['user_regdate']), 'U_ACTIVATE' => "$board_url&mode=activate&u=" . $row['user_id'] . '&k=' . $row['user_actkey']) ); diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index f57a2688b0..0e32a9dc6a 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -829,9 +829,9 @@ class acp_language $this->add_to_archive($compress, $mod_files, $row['lang_iso'], 'mods'); // Write ISO File - $iso_src = html_entity_decode($row['lang_english_name']) . "\n"; - $iso_src .= utf8_html_entity_decode($row['lang_local_name']) . "\n"; - $iso_src .= utf8_html_entity_decode($row['lang_author']); + $iso_src = htmlspecialchars_decode($row['lang_english_name']) . "\n"; + $iso_src .= htmlspecialchars_decode($row['lang_local_name']) . "\n"; + $iso_src .= htmlspecialchars_decode($row['lang_author']); $compress->add_data($iso_src, 'language/' . $row['lang_iso'] . '/iso.txt'); // index.html files diff --git a/phpBB/includes/acp/acp_ranks.php b/phpBB/includes/acp/acp_ranks.php index 7b5789cb30..db96b173e8 100644 --- a/phpBB/includes/acp/acp_ranks.php +++ b/phpBB/includes/acp/acp_ranks.php @@ -55,7 +55,7 @@ class acp_ranks 'rank_title' => $rank_title, 'rank_special' => $special_rank, 'rank_min' => $min_posts, - 'rank_image' => html_entity_decode($rank_image) + 'rank_image' => htmlspecialchars_decode($rank_image) ); if ($rank_id) diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 99a1ab731f..4377dd7e20 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -783,7 +783,7 @@ pagination_sep = \'{PAGINATION_SEP}\' 'SELECTED_TEMPLATE' => $template_info['template_name'], 'TEMPLATE_FILE' => $template_file, - 'TEMPLATE_DATA' => htmlentities($template_data), + 'TEMPLATE_DATA' => htmlspecialchars($template_data), 'TEXT_ROWS' => $text_rows) ); } diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 77edefee69..b87524e911 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -305,8 +305,8 @@ class acp_users $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); $messenger->assign_vars(array( - 'WELCOME_MSG' => utf8_html_entity_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), - 'USERNAME' => utf8_html_entity_decode($user_row['username']), + 'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), + 'USERNAME' => htmlspecialchars_decode($user_row['username']), 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") ); diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index fd8e5cccfc..988da577c0 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -38,7 +38,7 @@ function init_ldap() $search = @ldap_search( $ldap, $config['ldap_base_dn'], - '(' . $config['ldap_uid'] . '=' . ldap_escape(utf8_html_entity_decode($user->data['username'])) . ')', + '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($user->data['username'])) . ')', (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), 0, 1 @@ -98,7 +98,7 @@ function login_ldap(&$username, &$password) $search = @ldap_search( $ldap, $config['ldap_base_dn'], - '(' . $config['ldap_uid'] . '=' . ldap_escape(utf8_html_entity_decode($username)) . ')', + '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')', (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), 0, 1 @@ -108,7 +108,7 @@ function login_ldap(&$username, &$password) if (is_array($ldap_result) && sizeof($ldap_result) > 1) { - if (@ldap_bind($ldap, $ldap_result[0]['dn'], html_entity_decode($password))) + if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password))) { @ldap_close($ldap); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index c3c8616567..c30bd867ae 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1900,7 +1900,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa 'S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_LOGIN) . '" alt="" title="" />', - 'L_LOGIN_CONFIRM_EXPLAIN' => sprintf($user->lang['LOGIN_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'), + 'L_LOGIN_CONFIRM_EXPLAIN' => sprintf($user->lang['LOGIN_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'), )); $err = $user->lang[$result['error_msg']]; @@ -1914,7 +1914,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa // Assign admin contact to some error messages if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') { - $err = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'); + $err = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'); } break; } @@ -2728,7 +2728,7 @@ function truncate_string($string, $max_length = 60, $allow_reply = true) $string = substr($string, 4); } - $_chars = utf8_str_split(utf8_html_entity_decode($string)); + $_chars = utf8_str_split(htmlspecialchars_decode($string)); $chars = array_map('htmlspecialchars', $_chars); // Now check the length ;) diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 327ed2955a..a24d7a38a7 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -191,8 +191,8 @@ class messenger // We add some standard variables we always use, no need to specify them always $this->vars['U_BOARD'] = (!isset($this->vars['U_BOARD'])) ? generate_board_url() : $this->vars['U_BOARD']; - $this->vars['EMAIL_SIG'] = (!isset($this->vars['EMAIL_SIG'])) ? str_replace('<br />', "\n", "-- \n" . utf8_html_entity_decode($config['board_email_sig'])) : $this->vars['EMAIL_SIG']; - $this->vars['SITENAME'] = (!isset($this->vars['SITENAME'])) ? utf8_html_entity_decode($config['sitename']) : $this->vars['SITENAME']; + $this->vars['EMAIL_SIG'] = (!isset($this->vars['EMAIL_SIG'])) ? str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'])) : $this->vars['EMAIL_SIG']; + $this->vars['SITENAME'] = (!isset($this->vars['SITENAME'])) ? htmlspecialchars_decode($config['sitename']) : $this->vars['SITENAME']; // Escape all quotes, else the eval will fail. $this->msg = str_replace ("'", "\'", $this->msg); diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 97beba9cbd..a16870f01c 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -1114,9 +1114,9 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id $messenger->im($addr['jabber'], $addr['name']); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($addr['name']), - 'TOPIC_TITLE' => utf8_html_entity_decode($topic_title), - 'FORUM_NAME' => utf8_html_entity_decode($forum_name), + 'USERNAME' => htmlspecialchars_decode($addr['name']), + 'TOPIC_TITLE' => htmlspecialchars_decode($topic_title), + 'FORUM_NAME' => htmlspecialchars_decode($forum_name), 'U_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id&e=0", 'U_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&e=0", diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 604ce308e8..58d854b928 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1596,9 +1596,9 @@ function pm_notification($mode, $author, $recipients, $subject, $message) $messenger->im($addr['jabber'], $addr['name']); $messenger->assign_vars(array( - 'SUBJECT' => utf8_html_entity_decode($subject), - 'AUTHOR_NAME' => utf8_html_entity_decode($author), - 'USERNAME' => utf8_html_entity_decode($addr['name']), + 'SUBJECT' => htmlspecialchars_decode($subject), + 'AUTHOR_NAME' => htmlspecialchars_decode($author), + 'USERNAME' => htmlspecialchars_decode($addr['name']), 'U_INBOX' => generate_board_url() . "/ucp.$phpEx?i=pm&folder=inbox") ); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 6be4a26182..56b92f850b 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1054,11 +1054,11 @@ function validate_string($string, $optional = false, $min = 0, $max = 0) return false; } - if ($min && utf8_strlen(utf8_html_entity_decode($string)) < $min) + if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min) { return 'TOO_SHORT'; } - else if ($max && utf8_strlen(utf8_html_entity_decode($string)) > $max) + else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max) { return 'TOO_LONG'; } @@ -2009,8 +2009,8 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($row['username']), - 'GROUP_NAME' => utf8_html_entity_decode($group_name), + 'USERNAME' => htmlspecialchars_decode($row['username']), + 'GROUP_NAME' => htmlspecialchars_decode($group_name), 'U_GROUP' => generate_board_url() . "/ucp.$phpEx?i=groups&mode=membership") ); diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index e1721fd1f4..0f6fae18ee 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -535,9 +535,9 @@ function approve_post($post_id_list, $mode) $messenger->im($post_data['user_jabber'], $post_data['username']); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($post_data['username']), - 'POST_SUBJECT' => utf8_html_entity_decode(censor_text($post_data['post_subject'])), - 'TOPIC_TITLE' => utf8_html_entity_decode(censor_text($post_data['topic_title'])), + 'USERNAME' => htmlspecialchars_decode($post_data['username']), + 'POST_SUBJECT' => htmlspecialchars_decode(censor_text($post_data['post_subject'])), + 'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($post_data['topic_title'])), 'U_VIEW_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t={$post_data['topic_id']}&e=0", 'U_VIEW_POST' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t={$post_data['topic_id']}&p=$post_id&e=$post_id") @@ -746,10 +746,10 @@ function disapprove_post($post_id_list, $mode) $messenger->im($post_data['user_jabber'], $post_data['username']); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($post_data['username']), - 'REASON' => utf8_html_entity_decode($disapprove_reason), - 'POST_SUBJECT' => utf8_html_entity_decode(censor_text($post_data['post_subject'])), - 'TOPIC_TITLE' => utf8_html_entity_decode(censor_text($post_data['topic_title']))) + 'USERNAME' => htmlspecialchars_decode($post_data['username']), + 'REASON' => htmlspecialchars_decode($disapprove_reason), + 'POST_SUBJECT' => htmlspecialchars_decode(censor_text($post_data['post_subject'])), + 'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($post_data['topic_title']))) ); $messenger->send($post_data['user_notify_type']); diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php index 78ac590706..ebd1295090 100755 --- a/phpBB/includes/mcp/mcp_reports.php +++ b/phpBB/includes/mcp/mcp_reports.php @@ -489,10 +489,10 @@ function close_report($post_id_list, $mode, $action) $messenger->im($reporter['user_jabber'], $reporter['username']); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($reporter['username']), - 'CLOSER_NAME' => utf8_html_entity_decode($user->data['username']), - 'POST_SUBJECT' => utf8_html_entity_decode(censor_text($post_info[$post_id]['post_subject'])), - 'TOPIC_TITLE' => utf8_html_entity_decode(censor_text($post_info[$post_id]['topic_title']))) + 'USERNAME' => htmlspecialchars_decode($reporter['username']), + 'CLOSER_NAME' => htmlspecialchars_decode($user->data['username']), + 'POST_SUBJECT' => htmlspecialchars_decode(censor_text($post_info[$post_id]['post_subject'])), + 'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($post_info[$post_id]['topic_title']))) ); $messenger->send($reporter['user_notify_type']); diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 90d08a64c5..ab5ee46824 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -419,7 +419,7 @@ class bbcode_firstpass extends bbcode } // Because highlight_string is specialcharing the text (but we already did this before), we have to reverse this in order to get correct results - $code = utf8_html_entity_decode($code); + $code = htmlspecialchars_decode($code); $code = highlight_string($code, true); $str_from = array('<span style="color: ', '<font color="syntax', '</font>', '<code>', '</code>','[', ']', '.', ':'); diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php index 3669e9ad02..53d0e98cd1 100755 --- a/phpBB/includes/search/fulltext_native.php +++ b/phpBB/includes/search/fulltext_native.php @@ -1323,7 +1323,7 @@ class fulltext_native extends search_backend /** * Replace HTML entities and NCRs */ - $text = html_entity_decode(utf8_decode_ncr($text), ENT_QUOTES); + $text = htmlspecialchars_decode(utf8_decode_ncr($text), ENT_QUOTES); /** * Load the UTF-8 normalizer diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php index ae37dc1fa8..b3cb27223a 100644 --- a/phpBB/includes/ucp/ucp_activate.php +++ b/phpBB/includes/ucp/ucp_activate.php @@ -93,7 +93,7 @@ class ucp_activate $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($user_row['username'])) + 'USERNAME' => htmlspecialchars_decode($user_row['username'])) ); $messenger->send($user_row['user_notify_type']); diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 9b698064ce..ad6bde9be7 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -188,8 +188,8 @@ class ucp_groups $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($row['username']), - 'GROUP_NAME' => utf8_html_entity_decode($group_row[$group_id]['group_name']), + 'USERNAME' => htmlspecialchars_decode($row['username']), + 'GROUP_NAME' => htmlspecialchars_decode($group_row[$group_id]['group_name']), 'U_PENDING' => generate_board_url() . "/ucp.$phpEx?i=groups&mode=manage&action=list&g=$group_id", 'U_GROUP' => generate_board_url() . "/memberlist.$phpEx?mode=group&g=$group_id") diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 861e86d94d..61e1aefcec 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -144,7 +144,7 @@ class ucp_profile $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($username), + 'USERNAME' => htmlspecialchars_decode($username), 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey") ); @@ -177,7 +177,7 @@ class ucp_profile $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($username), + 'USERNAME' => htmlspecialchars_decode($username), 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey") ); diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 6a889e4c3c..9db221520f 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -336,9 +336,9 @@ class ucp_register $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); $messenger->assign_vars(array( - 'WELCOME_MSG' => utf8_html_entity_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), - 'USERNAME' => utf8_html_entity_decode($data['username']), - 'PASSWORD' => html_entity_decode($data['new_password']), + 'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), + 'USERNAME' => htmlspecialchars_decode($data['username']), + 'PASSWORD' => htmlspecialchars_decode($data['new_password']), 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey") ); @@ -380,7 +380,7 @@ class ucp_register $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($data['username']), + 'USERNAME' => htmlspecialchars_decode($data['username']), 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey") ); @@ -494,7 +494,7 @@ class ucp_register 'EMAIL_CONFIRM' => (isset($data['email_confirm'])) ? $data['email_confirm'] : '', 'CONFIRM_IMG' => $confirm_image, - 'L_CONFIRM_EXPLAIN' => sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'), + 'L_CONFIRM_EXPLAIN' => sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'), 'L_REG_COND' => $l_reg_cond, 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_NEW_PASSWORD_EXPLAIN' => sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index 72eed6f33e..7ce82093ca 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -69,8 +69,8 @@ class ucp_remind $messenger->im($user_row['user_jabber'], $user_row['username']); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($user_row['username']), - 'PASSWORD' => html_entity_decode($user_password), + 'USERNAME' => htmlspecialchars_decode($user_row['username']), + 'PASSWORD' => htmlspecialchars_decode($user_password), 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") ); diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index ad104371a1..62e796bc4b 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -77,8 +77,8 @@ class ucp_resend $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); $messenger->assign_vars(array( - 'WELCOME_MSG' => utf8_html_entity_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), - 'USERNAME' => utf8_html_entity_decode($user_row['username']), + 'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), + 'USERNAME' => htmlspecialchars_decode($user_row['username']), 'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}") ); @@ -112,7 +112,7 @@ class ucp_resend $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($user_row['username']), + 'USERNAME' => htmlspecialchars_decode($user_row['username']), 'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}") ); diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php index fdf68d092e..aa29159d5e 100644 --- a/phpBB/includes/utf/utf_tools.php +++ b/phpBB/includes/utf/utf_tools.php @@ -967,44 +967,4 @@ function utf8_clean_string($text) return $text; } -if (version_compare(phpversion(), '5', '>=')) -{ - /** - * @ignore - */ - function utf8_html_entity_decode($string, $quote_style = ENT_COMPAT) - { - return html_entity_decode($string, $quote_style, 'UTF-8'); - } -} -else -{ - /** - * @todo needs documenting - */ - function utf8_html_entity_decode($string, $quote_style = ENT_COMPAT) - { - static $static_table; - - if ($static_table === null) - { - $static_table = array_map('utf8_encode', array_flip(get_html_translation_table(HTML_ENTITIES))); - } - - $modified_table = $static_table; - - if ($quote_style === ENT_QUOTES) - { - $modified_table['''] = "'"; - } - - if ($quote_style === ENT_NOQUOTES) - { - unset($modified_table['"']); - } - - return strtr($string, $modified_table); - } -} - ?>
\ No newline at end of file diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index 2fda22ddeb..36f99db0d3 100755 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -421,7 +421,7 @@ class install_install extends module } } - $dbpasswd = html_entity_decode($dbpasswd); + $dbpasswd = htmlspecialchars_decode($dbpasswd); $connect_test = $this->connect_check_db(true, $error, $dbms, $table_prefix, $dbhost, $dbuser, $dbpasswd, $dbname, $dbport); @@ -757,7 +757,7 @@ class install_install extends module } @fclose($fp); - $dbpasswd = html_entity_decode($dbpasswd); + $dbpasswd = htmlspecialchars_decode($dbpasswd); $load_extensions = implode(',', $load_extensions); // Time to convert the data provided into a config file @@ -981,7 +981,7 @@ class install_install extends module @dl($this->available_dbms[$dbms]['MODULE'] . ".$prefix"); } - $dbpasswd = html_entity_decode($dbpasswd); + $dbpasswd = htmlspecialchars_decode($dbpasswd); // Load the appropriate database class if not already loaded include($phpbb_root_path . 'includes/db/' . $this->available_dbms[$dbms]['DRIVER'] . '.' . $phpEx); @@ -1234,7 +1234,7 @@ class install_install extends module $$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, ''); } - $dbpasswd = html_entity_decode($dbpasswd); + $dbpasswd = htmlspecialchars_decode($dbpasswd); // Load the appropriate database class if not already loaded include($phpbb_root_path . 'includes/db/' . $this->available_dbms[$dbms]['DRIVER'] . '.' . $phpEx); @@ -1624,8 +1624,8 @@ class install_install extends module $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); $messenger->assign_vars(array( - 'USERNAME' => utf8_html_entity_decode($admin_name), - 'PASSWORD' => html_entity_decode($admin_pass1)) + 'USERNAME' => htmlspecialchars_decode($admin_name), + 'PASSWORD' => htmlspecialchars_decode($admin_pass1)) ); $messenger->send(NOTIFY_EMAIL); diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index e73277e5a0..53c7ed81c3 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -298,16 +298,16 @@ switch ($mode) $messenger = new messenger(false); $messenger->template('profile_send_im', $row['user_lang']); - $messenger->subject(utf8_html_entity_decode($subject)); + $messenger->subject(htmlspecialchars_decode($subject)); $messenger->replyto($user->data['user_email']); $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array( 'BOARD_EMAIL' => $config['board_contact'], - 'FROM_USERNAME' => utf8_html_entity_decode($user->data['username']), - 'TO_USERNAME' => utf8_html_entity_decode($row['username']), - 'MESSAGE' => utf8_html_entity_decode($message)) + 'FROM_USERNAME' => htmlspecialchars_decode($user->data['username']), + 'TO_USERNAME' => htmlspecialchars_decode($row['username']), + 'MESSAGE' => htmlspecialchars_decode($message)) ); $messenger->send(NOTIFY_IM); @@ -727,7 +727,7 @@ switch ($mode) if ($user_id) { - $messenger->subject(utf8_html_entity_decode($subject)); + $messenger->subject(htmlspecialchars_decode($subject)); $messenger->im($row['user_jabber'], $row['username']); $notify_type = $row['user_notify_type']; } @@ -743,15 +743,15 @@ switch ($mode) $messenger->assign_vars(array( 'BOARD_EMAIL' => $config['board_contact'], - 'TO_USERNAME' => utf8_html_entity_decode($row['to_name']), - 'FROM_USERNAME' => utf8_html_entity_decode($user->data['username']), - 'MESSAGE' => utf8_html_entity_decode($message)) + 'TO_USERNAME' => htmlspecialchars_decode($row['to_name']), + 'FROM_USERNAME' => htmlspecialchars_decode($user->data['username']), + 'MESSAGE' => htmlspecialchars_decode($message)) ); if ($topic_id) { $messenger->assign_vars(array( - 'TOPIC_NAME' => utf8_html_entity_decode($row['topic_title']), + 'TOPIC_NAME' => htmlspecialchars_decode($row['topic_title']), 'U_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=" . $row['forum_id'] . "&t=$topic_id") ); } diff --git a/phpBB/posting.php b/phpBB/posting.php index 3e11492323..cb55c4d0b8 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -1143,7 +1143,7 @@ if ($config['enable_post_confirm'] && !$user->data['is_registered'] && ($mode == 'S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_POST) . '" alt="" title="" />', - 'L_POST_CONFIRM_EXPLAIN' => sprintf($user->lang['POST_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'), + 'L_POST_CONFIRM_EXPLAIN' => sprintf($user->lang['POST_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'), )); } } |