summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordweller <dweller@cabin.digital>2024-03-12 01:36:42 +0200
committerdweller <dweller@cabin.digital>2024-03-12 01:36:42 +0200
commit00d13178df1b85d621f1789a50feb89e06217143 (patch)
tree997d1cab37509caa0bd597515ced4ff157f15a66
parent3bfe2491e5930d40ef7691bea17c19a9ec64719a (diff)
if using older PHP version (like 7), the default flags for htmlspecialchars() are suboptimal, _sigh_HEADmaster
Diffstat (limited to '')
-rw-r--r--common.php1
-rw-r--r--index.php4
-rw-r--r--search.php10
3 files changed, 8 insertions, 7 deletions
diff --git a/common.php b/common.php
index 82c59a6..5f7c05a 100644
--- a/common.php
+++ b/common.php
@@ -20,6 +20,7 @@
$section = trim($_GET['section'] ?? null);
$arch = trim($_GET['arch'] ?? null);
+ $hsc_flags = ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401;
/*
function dbg_print($data)
diff --git a/index.php b/index.php
index 951be29..229cce2 100644
--- a/index.php
+++ b/index.php
@@ -54,7 +54,7 @@
<form action="/search.php">
<div id="query_wrap">
<div id="query_icon"></div>
- <input id="query" type='search' value='<?php if($action === 'lmmtfy') echo htmlspecialchars($query);?>' name='query' autocorrect="off" autocapitalize="none" required autofocus/>
+ <input id="query" type='search' value='<?php if($action === 'lmmtfy') echo htmlspecialchars($query, $hsc_flags);?>' name='query' autocorrect="off" autocapitalize="none" required autofocus/>
<button id="btn_def" type='submit' value='man' name='action' class="btn-def" aria-hidden="true" tabindex="-1"></button>
<input type="checkbox" id="query_opts_toggle"/>
<div id="query_opts">
@@ -81,7 +81,7 @@
if((strlen($arch) > 0) && ($arch == $a))
$sel = 'selected="selected"';
- $a = htmlspecialchars($a);
+ $a = htmlspecialchars($a, $hsc_flags);
echo "<option value='$a' $sel>$a</option>";
}
?>
diff --git a/search.php b/search.php
index e61da1b..522eeaf 100644
--- a/search.php
+++ b/search.php
@@ -48,7 +48,7 @@
<nav id="search_pane">
<form>
<div id="query_wrap">
- <input id="query" type='search' value='<?= htmlspecialchars($query);?>' name='query' autocorrect="off" autocapitalize="none" required/>
+ <input id="query" type='search' value='<?= htmlspecialchars($query, $hsc_flags);?>' name='query' autocorrect="off" autocapitalize="none" required/>
<button id="btn_def" type='submit' value='man' name='action' class="btn-def" aria-hidden="true" tabindex="-1"></button>
<input type="checkbox" id="query_opts_toggle"/>
<div id="query_opts">
@@ -75,7 +75,7 @@
if((strlen($arch) > 0) && ($arch == $a))
$sel = 'selected="selected"';
- $a = htmlspecialchars($a);
+ $a = htmlspecialchars($a, $hsc_flags);
echo "<option value='$a' $sel>$a</option>";
}
?>
@@ -182,9 +182,9 @@
$url = "$root/search.php?query=". urlencode($name) ."&section=". urlencode($sect)
."&arch=". urlencode($arch) ."&action=man";
- $fname = htmlspecialchars($fname);
- $fsect = htmlspecialchars($fsect);
- $desc = htmlspecialchars($desc);
+ $fname = htmlspecialchars($fname, $hsc_flags);
+ $fsect = htmlspecialchars($fsect, $hsc_flags);
+ $desc = htmlspecialchars($desc, $hsc_flags);
echo '<dl>';
echo " <dt><a href='".$url."'>$fname($fsect)</a></dt>";