diff --git a/doku.php b/doku.php
index 42624fd2e8d908ec1fdec72b87e603a8c0c9e24f..eecf136ed4775ed1a40ab69e2105bdd4bef24a4d 100644
--- a/doku.php
+++ b/doku.php
@@ -62,7 +62,7 @@ if($DATE_AT) {
} else { // check for UNIX Timestamp
$date_parse = @date('Ymd',$DATE_AT);
if(!$date_parse || $date_parse === '19700101') {
- msg(sprintf($lang['unable_to_parse_date'], $DATE_AT));
+ msg(sprintf($lang['unable_to_parse_date'], hsc($DATE_AT)));
$DATE_AT = null;
}
}
diff --git a/inc/Mailer.class.php b/inc/Mailer.class.php
index b8b95a5b449d5b2ea682f54e4d6b4044d64aa4bf..cd328614357c19a4dabe38d4418759858a9d2963 100644
--- a/inc/Mailer.class.php
+++ b/inc/Mailer.class.php
@@ -357,12 +357,12 @@ class Mailer {
// FIXME: is there a way to encode the localpart of a emailaddress?
if(!utf8_isASCII($addr)) {
- msg(htmlspecialchars("E-Mail address <$addr> is not ASCII"), -1);
+ msg(hsc("E-Mail address <$addr> is not ASCII"), -1);
continue;
}
if(!mail_isvalid($addr)) {
- msg(htmlspecialchars("E-Mail address <$addr> is not valid"), -1);
+ msg(hsc("E-Mail address <$addr> is not valid"), -1);
continue;
}
diff --git a/inc/actions.php b/inc/actions.php
index adba2aa3233108d2ea4b3044067e1d24f5a77ca9..0e100bbfa8efad8d3d8d998d314def3969409d12 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -253,7 +253,7 @@ function act_validate($act) {
// check if action is disabled
if(!actionOK($act)){
- msg('Command disabled: '.htmlspecialchars($act),-1);
+ msg('Command disabled: '.hsc($act),-1);
return 'show';
}
@@ -261,7 +261,7 @@ function act_validate($act) {
if(!$conf['useacl'] && in_array($act,array('login','logout','register','admin',
'subscribe','unsubscribe','profile','revert',
'resendpwd','profile_delete'))){
- msg('Command unavailable: '.htmlspecialchars($act),-1);
+ msg('Command unavailable: '.hsc($act),-1);
return 'show';
}
@@ -273,7 +273,7 @@ function act_validate($act) {
'diff','recent','backlink','admin','subscribe','revert',
'unsubscribe','profile','profile_delete','resendpwd','recover',
'draftdel','sitemap','media')) && substr($act,0,7) != 'export_' ) {
- msg('Command unknown: '.htmlspecialchars($act),-1);
+ msg('Command unknown: '.hsc($act),-1);
return 'show';
}
return $act;
diff --git a/inc/html.php b/inc/html.php
index 1454edbf82b0df985ac29239d3e5d0ac8225c3d9..08e46fe24996ead5652bc29ccadbbdbb410ad83a 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -210,14 +210,14 @@ function html_btn($name, $id, $akey, $params, $method='get', $tooltip='', $label
if(is_array($params)){
foreach($params as $key => $val) {
$ret .= '<input type="hidden" name="'.$key.'" ';
- $ret .= 'value="'.htmlspecialchars($val).'" />';
+ $ret .= 'value="'.hsc($val).'" />';
}
}
if ($tooltip!='') {
- $tip = htmlspecialchars($tooltip);
+ $tip = hsc($tooltip);
}else{
- $tip = htmlspecialchars($label);
+ $tip = hsc($label);
}
$ret .= '<button type="submit" ';
@@ -582,7 +582,7 @@ function html_revisions($first=0, $media_id = false){
if($summary) {
$form->addElement(form_makeOpenTag('span', array('class' => 'sum')));
if(!$media_id) $form->addElement(' – ');
- $form->addElement('<bdi>' . htmlspecialchars($summary) . '</bdi>');
+ $form->addElement('<bdi>' . hsc($summary) . '</bdi>');
$form->addElement(form_makeCloseTag('span'));
}
@@ -665,7 +665,7 @@ function html_revisions($first=0, $media_id = false){
if ($info['sum']) {
$form->addElement(form_makeOpenTag('span', array('class' => 'sum')));
if(!$media_id) $form->addElement(' – ');
- $form->addElement('<bdi>'.htmlspecialchars($info['sum']).'</bdi>');
+ $form->addElement('<bdi>'.hsc($info['sum']).'</bdi>');
$form->addElement(form_makeCloseTag('span'));
}
@@ -876,7 +876,7 @@ function html_recent($first = 0, $show_changes = 'both') {
$form->addElement(html_wikilink(':' . $recent['id'], useHeading('navigation') ? null : $recent['id']));
}
$form->addElement(form_makeOpenTag('span', array('class' => 'sum')));
- $form->addElement(' – ' . htmlspecialchars($recent['sum']));
+ $form->addElement(' – ' . hsc($recent['sum']));
$form->addElement(form_makeCloseTag('span'));
$form->addElement(form_makeOpenTag('span', array('class' => 'user')));
diff --git a/inc/mail.php b/inc/mail.php
index 511401ce305f5bd6a81069eb972d048b89dca1d2..f72dbdeec3519b454cbdad44aafedfff2ecb93d0 100644
--- a/inc/mail.php
+++ b/inc/mail.php
@@ -210,12 +210,12 @@ function mail_encode_address($string,$header='',$names=true){
// FIXME: is there a way to encode the localpart of a emailaddress?
if(!utf8_isASCII($addr)){
- msg(htmlspecialchars("E-Mail address <$addr> is not ASCII"),-1);
+ msg(hsc("E-Mail address <$addr> is not ASCII"),-1);
continue;
}
if(!mail_isvalid($addr)){
- msg(htmlspecialchars("E-Mail address <$addr> is not valid"),-1);
+ msg(hsc("E-Mail address <$addr> is not valid"),-1);
continue;
}
diff --git a/inc/media.php b/inc/media.php
index 45565db083b7577b159c0f43f71e8a98111c045a..f72cdd5e4895cf5ec8c04ae15428b7e52da0f36e 100644
--- a/inc/media.php
+++ b/inc/media.php
@@ -1734,9 +1734,9 @@ function media_printimgdetail($item, $fullscreen=false){
// print EXIF/IPTC data
if($t || $d || $k ){
echo '<p>';
- if($t) echo '<strong>'.htmlspecialchars($t).'</strong><br />';
- if($d) echo htmlspecialchars($d).'<br />';
- if($t) echo '<em>'.htmlspecialchars($k).'</em>';
+ if($t) echo '<strong>'.hsc($t).'</strong><br />';
+ if($d) echo hsc($d).'<br />';
+ if($t) echo '<em>'.hsc($k).'</em>';
echo '</p>';
}
echo '</div>';
diff --git a/inc/template.php b/inc/template.php
index fd0522c059c2ab4af7a707eef29599e820a71e29..b962e8d239d82ed0ef8b3b9e12a03c65cbc907ae 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -866,7 +866,7 @@ function tpl_searchform($ajax = true, $autocomplete = true) {
print '<form action="'.wl().'" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no">';
print '<input type="hidden" name="do" value="search" />';
print '<input type="text" ';
- if($ACT == 'search') print 'value="'.htmlspecialchars($QUERY).'" ';
+ if($ACT == 'search') print 'value="'.hsc($QUERY).'" ';
print 'placeholder="'.$lang['btn_search'].'" ';
if(!$autocomplete) print 'autocomplete="off" ';
print 'id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" />';
diff --git a/install.php b/install.php
index 6398b199f986580dc4766496eae9f7f2f01d6ad0..1811ab8c1640ce024194f817c0689e6608c1de3c 100644
--- a/install.php
+++ b/install.php
@@ -161,7 +161,7 @@ function print_form($d){
include(DOKU_CONF.'license.php');
if(!is_array($d)) $d = array();
- $d = array_map('htmlspecialchars',$d);
+ $d = array_map('hsc',$d);
if(!isset($d['acl'])) $d['acl']=1;
if(!isset($d['pop'])) $d['pop']=1;
@@ -216,9 +216,9 @@ function print_form($d){
if(empty($d['license'])) $d['license'] = 'cc-by-sa';
foreach($license as $key => $lic){
echo '<label for="lic_'.$key.'">';
- echo '<input type="radio" name="d[license]" value="'.htmlspecialchars($key).'" id="lic_'.$key.'"'.
+ echo '<input type="radio" name="d[license]" value="'.hsc($key).'" id="lic_'.$key.'"'.
(($d['license'] === $key)?' checked="checked"':'').'>';
- echo htmlspecialchars($lic['name']);
+ echo hsc($lic['name']);
if($lic['url']) echo ' <a href="'.$lic['url'].'" target="_blank"><sup>[?]</sup></a>';
echo '</label>';
}
diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php
index 37ec6ea03b8cdc9b531fb8928458f0d9b258bce2..475e4a4ba0fb3efadcef42babc2f7d157213e6ac 100644
--- a/lib/exe/ajax.php
+++ b/lib/exe/ajax.php
@@ -26,7 +26,7 @@ if(function_exists($callfn)){
}else{
$evt = new Doku_Event('AJAX_CALL_UNKNOWN', $call);
if ($evt->advise_before()) {
- print "AJAX call '".htmlspecialchars($call)."' unknown!\n";
+ print "AJAX call '".hsc($call)."' unknown!\n";
exit;
}
$evt->advise_after();
@@ -422,13 +422,13 @@ function ajax_linkwiz(){
if($item['type'] == 'u'){
$name = $lang['upperns'];
}else{
- $name = htmlspecialchars($item['id']);
+ $name = hsc($item['id']);
}
- echo '<a href="'.$link.'" title="'.htmlspecialchars($item['id']).'" class="wikilink1">'.$name.'</a>';
+ echo '<a href="'.$link.'" title="'.hsc($item['id']).'" class="wikilink1">'.$name.'</a>';
if(!blank($item['title'])){
- echo '<span>'.htmlspecialchars($item['title']).'</span>';
+ echo '<span>'.hsc($item['title']).'</span>';
}
echo '</div>';
}
diff --git a/lib/exe/opensearch.php b/lib/exe/opensearch.php
index 98f5f52d5af154158c33d22c1b45f25c3e526ff3..b00b2b7710be98ef0ce9796c81b22563e1594d67 100644
--- a/lib/exe/opensearch.php
+++ b/lib/exe/opensearch.php
@@ -28,7 +28,7 @@ if(file_exists(DOKU_INC.'favicon.ico')){
header('Content-Type: application/opensearchdescription+xml; charset=utf-8');
echo '<?xml version="1.0"?>'.NL;
echo '<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">'.NL;
-echo ' <ShortName>'.htmlspecialchars($conf['title']).'</ShortName>'.NL;
+echo ' <ShortName>'.hsc($conf['title']).'</ShortName>'.NL;
echo ' <Image width="16" height="16" type="image/x-icon">'.$ico.'</Image>'.NL;
echo ' <Url type="text/html" template="'.DOKU_URL.DOKU_SCRIPT.'?do=search&id={searchTerms}" />'.NL;
echo ' <Url type="application/x-suggestions+json" template="'.
diff --git a/lib/tpl/index.php b/lib/tpl/index.php
index 558f262a7ad4fa090234db761ab67d2048764022..fb368840e6ceee26e5b7499954301b108138f16c 100644
--- a/lib/tpl/index.php
+++ b/lib/tpl/index.php
@@ -50,11 +50,11 @@ $ini = css_styleini($conf['template']);
if ($ini) {
echo '<table>';
- echo "<caption>".htmlspecialchars($conf['template'])."'s style.ini</caption>";
+ echo "<caption>".hsc($conf['template'])."'s style.ini</caption>";
foreach($ini['replacements'] as $key => $val){
echo '<tr>';
- echo '<td>'.htmlspecialchars($key).'</td>';
- echo '<td>'.htmlspecialchars($val).'</td>';
+ echo '<td>'.hsc($key).'</td>';
+ echo '<td>'.hsc($val).'</td>';
echo '<td>';
if(preg_match('/^#[0-f]{3,6}$/i',$val)){
echo '<div class="color" style="background-color:'.$val.';"> </div>';
@@ -64,7 +64,7 @@ if ($ini) {
}
echo '</table>';
} else {
- echo "<p>Non-existent or invalid template or style.ini: <strong>".htmlspecialchars($conf['template'])."</strong></p>";
+ echo "<p>Non-existent or invalid template or style.ini: <strong>".hsc($conf['template'])."</strong></p>";
}
?>
</body>