|
|
@@ -125,7 +125,7 @@ function ViewErrorLog()
|
|
|
'time' => timeformat($row['log_time']),
|
|
|
'timestamp' => $row['log_time'],
|
|
|
'url' => array(
|
|
|
- 'html' => htmlspecialchars((substr($row['url'], 0, 1) == '?' ? $scripturl : '') . $row['url']),
|
|
|
+ 'html' => $smcFunc['htmlspecialchars']((substr($row['url'], 0, 1) == '?' ? $scripturl : '') . $row['url']),
|
|
|
'href' => base64_encode($smcFunc['db_escape_wildcard_string']($row['url']))
|
|
|
),
|
|
|
'message' => array(
|
|
|
@@ -206,15 +206,15 @@ function ViewErrorLog()
|
|
|
$context['filter']['value']['html'] = '<a href="' . $scripturl . '?action=profile;u=' . $id . '">' . $user_profile[$id]['real_name'] . '</a>';
|
|
|
}
|
|
|
elseif ($filter['variable'] == 'url')
|
|
|
- $context['filter']['value']['html'] = '\'' . strtr(htmlspecialchars((substr($filter['value']['sql'], 0, 1) == '?' ? $scripturl : '') . $filter['value']['sql']), array('\_' => '_')) . '\'';
|
|
|
+ $context['filter']['value']['html'] = '\'' . strtr($smcFunc['htmlspecialchars']((substr($filter['value']['sql'], 0, 1) == '?' ? $scripturl : '') . $filter['value']['sql']), array('\_' => '_')) . '\'';
|
|
|
elseif ($filter['variable'] == 'message')
|
|
|
{
|
|
|
- $context['filter']['value']['html'] = '\'' . strtr(htmlspecialchars($filter['value']['sql']), array("\n" => '<br />', '<br />' => '<br />', "\t" => ' ', '\_' => '_', '\\%' => '%', '\\\\' => '\\')) . '\'';
|
|
|
+ $context['filter']['value']['html'] = '\'' . strtr($smcFunc['htmlspecialchars']($filter['value']['sql']), array("\n" => '<br />', '<br />' => '<br />', "\t" => ' ', '\_' => '_', '\\%' => '%', '\\\\' => '\\')) . '\'';
|
|
|
$context['filter']['value']['html'] = preg_replace('~&lt;span class=&quot;remove&quot;&gt;(.+?)&lt;/span&gt;~', '$1', $context['filter']['value']['html']);
|
|
|
}
|
|
|
elseif ($filter['variable'] == 'error_type')
|
|
|
{
|
|
|
- $context['filter']['value']['html'] = '\'' . strtr(htmlspecialchars($filter['value']['sql']), array("\n" => '<br />', '<br />' => '<br />', "\t" => ' ', '\_' => '_', '\\%' => '%', '\\\\' => '\\')) . '\'';
|
|
|
+ $context['filter']['value']['html'] = '\'' . strtr($smcFunc['htmlspecialchars']($filter['value']['sql']), array("\n" => '<br />', '<br />' => '<br />', "\t" => ' ', '\_' => '_', '\\%' => '%', '\\\\' => '\\')) . '\'';
|
|
|
}
|
|
|
else
|
|
|
$context['filter']['value']['html'] = &$filter['value']['sql'];
|
|
|
@@ -333,6 +333,8 @@ function deleteErrors()
|
|
|
function ViewFile()
|
|
|
{
|
|
|
global $context, $txt, $boarddir, $sourcedir, $cachedir;
|
|
|
+ global $smcFunc;
|
|
|
+
|
|
|
// Check for the administrative permission to do this.
|
|
|
isAllowedTo('admin_forum');
|
|
|
|
|
|
@@ -347,7 +349,7 @@ function ViewFile()
|
|
|
|
|
|
// Make sure the file we are looking for is one they are allowed to look at
|
|
|
if ($ext != '.php' || (strpos($file, $real_board) === false && strpos($file, $real_source) === false) || ($basename == 'settings.php' || $basename == 'settings_bak.php') || strpos($file, $real_cache) !== false || !is_readable($file))
|
|
|
- fatal_lang_error('error_bad_file', true, array(htmlspecialchars($file)));
|
|
|
+ fatal_lang_error('error_bad_file', true, array($smcFunc['htmlspecialchars']($file)));
|
|
|
|
|
|
// get the min and max lines
|
|
|
$min = $line - 20 <= 0 ? 1 : $line - 20;
|
|
|
@@ -356,7 +358,7 @@ function ViewFile()
|
|
|
if ($max <= 0 || $min >= $max)
|
|
|
fatal_lang_error('error_bad_line');
|
|
|
|
|
|
- $file_data = explode('<br />', highlight_php_code(htmlspecialchars(implode('', file($file)))));
|
|
|
+ $file_data = explode('<br />', highlight_php_code($smcFunc['htmlspecialchars'](implode('', file($file)))));
|
|
|
|
|
|
// We don't want to slice off too many so lets make sure we stop at the last one
|
|
|
$max = min($max, max(array_keys($file_data)));
|
Suki