diff options
author | dweller <dweller@cabin.digital> | 2024-03-12 01:36:42 +0200 |
---|---|---|
committer | dweller <dweller@cabin.digital> | 2024-03-12 01:36:42 +0200 |
commit | 00d13178df1b85d621f1789a50feb89e06217143 (patch) | |
tree | 997d1cab37509caa0bd597515ced4ff157f15a66 | |
parent | 3bfe2491e5930d40ef7691bea17c19a9ec64719a (diff) |
if using older PHP version (like 7), the default flags for htmlspecialchars() are suboptimal, _sigh_HEADmaster
Diffstat (limited to '')
-rw-r--r-- | common.php | 1 | ||||
-rw-r--r-- | index.php | 4 | ||||
-rw-r--r-- | search.php | 10 |
3 files changed, 8 insertions, 7 deletions
@@ -20,6 +20,7 @@ $section = trim($_GET['section'] ?? null); $arch = trim($_GET['arch'] ?? null); + $hsc_flags = ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401; /* function dbg_print($data) @@ -54,7 +54,7 @@ <form action="/search.php"> <div id="query_wrap"> <div id="query_icon"></div> - <input id="query" type='search' value='<?php if($action === 'lmmtfy') echo htmlspecialchars($query);?>' name='query' autocorrect="off" autocapitalize="none" required autofocus/> + <input id="query" type='search' value='<?php if($action === 'lmmtfy') echo htmlspecialchars($query, $hsc_flags);?>' name='query' autocorrect="off" autocapitalize="none" required autofocus/> <button id="btn_def" type='submit' value='man' name='action' class="btn-def" aria-hidden="true" tabindex="-1"></button> <input type="checkbox" id="query_opts_toggle"/> <div id="query_opts"> @@ -81,7 +81,7 @@ if((strlen($arch) > 0) && ($arch == $a)) $sel = 'selected="selected"'; - $a = htmlspecialchars($a); + $a = htmlspecialchars($a, $hsc_flags); echo "<option value='$a' $sel>$a</option>"; } ?> @@ -48,7 +48,7 @@ <nav id="search_pane"> <form> <div id="query_wrap"> - <input id="query" type='search' value='<?= htmlspecialchars($query);?>' name='query' autocorrect="off" autocapitalize="none" required/> + <input id="query" type='search' value='<?= htmlspecialchars($query, $hsc_flags);?>' name='query' autocorrect="off" autocapitalize="none" required/> <button id="btn_def" type='submit' value='man' name='action' class="btn-def" aria-hidden="true" tabindex="-1"></button> <input type="checkbox" id="query_opts_toggle"/> <div id="query_opts"> @@ -75,7 +75,7 @@ if((strlen($arch) > 0) && ($arch == $a)) $sel = 'selected="selected"'; - $a = htmlspecialchars($a); + $a = htmlspecialchars($a, $hsc_flags); echo "<option value='$a' $sel>$a</option>"; } ?> @@ -182,9 +182,9 @@ $url = "$root/search.php?query=". urlencode($name) ."§ion=". urlencode($sect) ."&arch=". urlencode($arch) ."&action=man"; - $fname = htmlspecialchars($fname); - $fsect = htmlspecialchars($fsect); - $desc = htmlspecialchars($desc); + $fname = htmlspecialchars($fname, $hsc_flags); + $fsect = htmlspecialchars($fsect, $hsc_flags); + $desc = htmlspecialchars($desc, $hsc_flags); echo '<dl>'; echo " <dt><a href='".$url."'>$fname($fsect)</a></dt>"; |