Patch bug52204 for Website problem Bug #52204
Patch version 2010-10-26 19:26 UTC
Return to Bug #52204 |
Download this patch
Patch Revisions:
Developer: kalle@php.net
Index: cal.php
===================================================================
--- cal.php (revision 304919)
+++ cal.php (working copy)
@@ -30,13 +30,13 @@
if ($id) {
// Try to load event by ID and display header and info for that event
if ($event = load_event($id)) {
- site_header("Event: " . stripslashes(htmlentities($event['sdesc'], ENT_QUOTES, 'UTF-8')));
+ site_header("Event: " . stripslashes(htmlentities($event['sdesc'], ENT_QUOTES | ENT_IGNORE, 'UTF-8')));
display_event($event, 0);
$begun = TRUE;
}
// Unable to find event, put this to the error messages' list
else {
- $errors[] = "There is no event for specified id ('".htmlentities($id, ENT_QUOTES, 'UTF-8')."')";
+ $errors[] = "There is no event for specified id ('".htmlentities($id, ENT_QUOTES | ENT_IGNORE, 'UTF-8')."')";
}
}
@@ -68,14 +68,14 @@
// Wrong date specified
else {
- $errors[] = "The specified date (".htmlentities("$cy/$cm/$cd", ENT_QUOTES, 'UTF-8').") was not valid.";
+ $errors[] = "The specified date (".htmlentities("$cy/$cm/$cd", ENT_QUOTES | ENT_IGNORE, 'UTF-8').") was not valid.";
unset($cm); unset($cd); unset($cy);
}
}
// Check if month and year is valid
if ($cm && $cy && !checkdate($cm,1,$cy)) {
- $errors[] = "The specified year and month (".htmlentities("$cy, $cm", ENT_QUOTES, 'UTF-8').") are not valid.";
+ $errors[] = "The specified year and month (".htmlentities("$cy, $cm", ENT_QUOTES | ENT_IGNORE, 'UTF-8').") are not valid.";
unset($cm); unset($cy);
}
@@ -221,7 +221,7 @@
($COUNTRY == $event['country'] ? "<strong>" : ""),
'<a class="cat' . $event['category'] . '" href="/cal.php',
"?id=$event[id]&cm=$cm&cy=$cy", '">',
- stripslashes(htmlentities($event['sdesc'], ENT_QUOTES, 'UTF-8')),
+ stripslashes(htmlentities($event['sdesc'], ENT_QUOTES | ENT_IGNORE, 'UTF-8')),
'</a>',
($COUNTRY == $event['country'] ? "</strong>" : ""),
'</div>';
Index: include/layout.inc
===================================================================
--- include/layout.inc (revision 304919)
+++ include/layout.inc (working copy)
@@ -60,7 +60,7 @@
// Stats pages still need this
function commonHeader($title) { site_header($title); }
-
+ | ENT_IGNORE
function site_header($title = '', $config = array())
{
global $EXPL_LANG, $SIDEBAR_DATA, $RSIDEBAR_DATA, $PAGE_COLUMNS, $PGI;
@@ -467,9 +467,9 @@
//
function make_popup_link ($url, $linktext=false, $target=false, $windowprops="", $extras=false) {
return sprintf("<a href=\"%s\" target=\"%s\" onclick=\"window.open('%s','%s','%s');return false;\"%s>%s</a>",
- htmlspecialchars($url, ENT_QUOTES),
+ htmlspecialchars($url, ENT_QUOTES | ENT_IGNORE),
($target ? $target : "_new"),
- htmlspecialchars($url, ENT_QUOTES),
+ htmlspecialchars($url, ENT_QUOTES | ENT_IGNORE),
($target ? $target : "_new"),
$windowprops,
($extras ? ' '.$extras : ''),
@@ -615,9 +615,9 @@
}
// Print link in case we have one
- if ($event['url']) { echo '<a href="', htmlentities($event['url'], ENT_QUOTES, 'UTF-8'),'" class="url">'; }
+ if ($event['url']) { echo '<a href="', htmlentities($event['url'], ENT_QUOTES | ENT_IGNORE, 'UTF-8'),'" class="url">'; }
// Print event description
- echo "<b class='summary'>", stripslashes(htmlentities($event['sdesc'], ENT_QUOTES, 'UTF-8')), "</b>";
+ echo "<b class='summary'>", stripslashes(htmlentities($event['sdesc'], ENT_QUOTES | ENT_IGNORE, 'UTF-8')), "</b>";
// End link
if ($event['url']) { echo "</a>"; }
@@ -659,8 +659,8 @@
// If we have an URL, print it out
if ($event['url']) {
echo '<br /><br /><b>URL:</b> ',
- '<a href="', htmlentities($event['url'], ENT_QUOTES, 'UTF-8'), '">',
- htmlentities($event['url'], ENT_QUOTES, 'UTF-8'), '</a>';
+ '<a href="', htmlentities($event['url'], ENT_QUOTES | ENT_IGNORE, 'UTF-8'), '">',
+ htmlentities($event['url'], ENT_QUOTES | ENT_IGNORE, 'UTF-8'), '</a>';
}
?>
</td></tr>
Index: include/prepend.inc
===================================================================
--- include/prepend.inc (revision 304919)
+++ include/prepend.inc (working copy)
@@ -15,6 +15,13 @@
date_default_timezone_set("UTC");
}
+// As of PHP 5.3.0 multibyte sequence errors are no longer
+// silent. Prior to that version this bitfield does not exist
+// so define it to prevent notices on older versions
+if (!defined("ENT_IGNORE")) {
+ define("ENT_IGNORE", 0);
+}
+
// Prevent cross site scripting problems
unset($RSIDEBAR_DATA);
unset($SIDEBAR_DATA);
Index: my.php
===================================================================
--- my.php (revision 304919)
+++ my.php (working copy)
@@ -117,10 +117,10 @@
$langpref,
"Last seen language" =>
- (isset($_COOKIE['LAST_LANG']) ? htmlentities($_COOKIE['LAST_LANG'], ENT_QUOTES) : "None"),
+ (isset($_COOKIE['LAST_LANG']) ? htmlentities($_COOKIE['LAST_LANG'], ENT_QUOTES | ENT_IGNORE, 'UTF-8') : "None"),
"Your Accept-Language browser setting" =>
- (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? htmlentities($_SERVER['HTTP_ACCEPT_LANGUAGE'], ENT_QUOTES) : "None"),
+ (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? htmlentities($_SERVER['HTTP_ACCEPT_LANGUAGE'], ENT_QUOTES | ENT_IGNORE, 'UTF-8') : "None"),
"The mirror's default language" =>
default_language(),
Index: source.php
===================================================================
--- source.php (revision 304919)
+++ source.php (working copy)
@@ -41,7 +41,7 @@
exit;
}
-echo "<h1>Source of: " . htmlentities($_GET['url']) . "</h1>";
+echo "<h1>Source of: " . htmlentities($_GET['url'], ENT_IGNORE, 'UTF-8') . "</h1>";
// Get dirname of the specified URL part
$dir = dirname($_GET['url']);
Index: submit-event.php
===================================================================
--- submit-event.php (revision 304919)
+++ submit-event.php (working copy)
@@ -178,8 +178,8 @@
<th class="subr">Start Date</th>
<td>
<select name="smonth"><option></option><?php display_options($months, $_POST['smonth'])?></select>
- <input type="text" name="sday" size="2" maxlength="2" value="<?php echo htmlentities($_POST['sday'], ENT_QUOTES, 'UTF-8')?>" />
- <input type="text" name="syear" size="4" maxlength="4" value="<?php echo $_POST['syear'] ? htmlentities($_POST['syear'], ENT_QUOTES, 'UTF-8') : date("Y")?>" />
+ <input type="text" name="sday" size="2" maxlength="2" value="<?php echo htmlentities($_POST['sday'], ENT_QUOTES | ENT_IGNORE, 'UTF-8')?>" />
+ <input type="text" name="syear" size="4" maxlength="4" value="<?php echo $_POST['syear'] ? htmlentities($_POST['syear'], ENT_QUOTES | ENT_IGNORE, 'UTF-8') : date("Y")?>" />
<input type="radio" id="single" name="type" value="single"<?php if ($_POST['type'] == 'single' || !$_POST['type']) echo ' checked="checked"';?> />
<label for="single">One day (no end-date required)</label>
</td>
@@ -188,8 +188,8 @@
<th class="subr">End Date</th>
<td>
<select name="emonth"><option></option><?php display_options($months, $_POST['emonth'])?></select>
- <input type="text" name="eday" size="2" maxlength="2" value="<?php echo htmlentities($_POST['eday'], ENT_QUOTES, 'UTF-8')?>" />
- <input type="text" name="eyear" size="4" maxlength="4" value="<?php echo $_POST['eyear'] ? htmlentities($_POST['eyear'], ENT_QUOTES, 'UTF-8') : date("Y")?>" />
+ <input type="text" name="eday" size="2" maxlength="2" value="<?php echo htmlentities($_POST['eday'], ENT_QUOTES | ENT_IGNORE, 'UTF-8')?>" />
+ <input type="text" name="eyear" size="4" maxlength="4" value="<?php echo $_POST['eyear'] ? htmlentities($_POST['eyear'], ENT_QUOTES | ENT_IGNORE, 'UTF-8') : date("Y")?>" />
<input type="radio" id="multi" name="type" value="multi"<?php if ($_POST['type'] == 'multi') echo ' checked="checked"';?> />
<label for="multi">Multi-day event</label>
</td>
@@ -205,11 +205,11 @@
</tr>
<tr>
<th class="subr">Short Description</th>
- <td><input type="text" name="sdesc" class="max" value="<?php echo htmlentities($_POST['sdesc'], ENT_QUOTES, 'UTF-8')?>" size="32" maxlength="32" /></td>
+ <td><input type="text" name="sdesc" class="max" value="<?php echo htmlentities($_POST['sdesc'], ENT_QUOTES | ENT_IGNORE, 'UTF-8')?>" size="32" maxlength="32" /></td>
</tr>
<tr>
<th class="subr">URL</th>
- <td><input type="text" name="url" size="40" maxlength="128" class="max" value="<?php echo htmlentities($_POST['url'], ENT_QUOTES, 'UTF-8')?>" /></td>
+ <td><input type="text" name="url" size="40" maxlength="128" class="max" value="<?php echo htmlentities($_POST['url'], ENT_QUOTES | ENT_IGNORE, 'UTF-8')?>" /></td>
</tr>
<tr>
<th class="subr">Country</th>
@@ -234,13 +234,13 @@
<tr>
<th class="subr">Email</th>
<td>
- <input type="text" name="email" size="40" maxlength="128" class="max" value="<?php echo htmlentities($_POST['email'], ENT_QUOTES, 'UTF-8')?>" /><br />
+ <input type="text" name="email" size="40" maxlength="128" class="max" value="<?php echo htmlentities($_POST['email'], ENT_QUOTES | ENT_IGNORE, 'UTF-8')?>" /><br />
<small>This email address is only used to contact you about the listing, it will not displayed along with the listing.</small>
</td>
</tr>
<tr>
<th class="subr">Long Description</th>
- <td><textarea name="ldesc" cols="60" rows="10" wrap="virtual" class="max"><?php echo htmlentities($_POST['ldesc'], ENT_QUOTES, 'UTF-8');?></textarea></td>
+ <td><textarea name="ldesc" cols="60" rows="10" wrap="virtual" class="max"><?php echo htmlentities($_POST['ldesc'], ENT_QUOTES | ENT_IGNORE, 'UTF-8');?></textarea></td>
</tr>
<tr>
<th colspan="2">
@@ -265,7 +265,7 @@
foreach ($options as $k => $v) {
echo '<option value="', $k, '"',
($k == $current ? ' selected="selected"' : ''),
- '>', htmlentities($v, ENT_QUOTES, 'UTF-8'), "</option>\n";
+ '>', htmlentities($v, ENT_QUOTES | ENT_IGNORE, 'UTF-8'), "</option>\n";
}
}
|
Copyright © 2001-2024 The PHP Group