From: Janusz Dobrowolski Date: Sun, 11 Jan 2015 16:21:53 +0000 (+0100) Subject: Fixed problems with htmlspecialchars() function for not dupported encodings on newer... X-Git-Tag: v2.4.2~19^2~268 X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=918e4561ac1adc980f79c9c3cdbcf8d250a7fdc0;p=fa-stable.git Fixed problems with htmlspecialchars() function for not dupported encodings on newer php versions, fixed report encoding issue. --- diff --git a/includes/JsHttpRequest.php b/includes/JsHttpRequest.php index 78b0b2ce..f71c0ed2 100644 --- a/includes/JsHttpRequest.php +++ b/includes/JsHttpRequest.php @@ -187,7 +187,7 @@ class JsHttpRequest if ($this->SCRIPT_DECODE_MODE == 'entities') return str_replace(array('"', '<', '>'), array('"', '<', '>'), $s); else - return htmlspecialchars($s); + return html_specials_encode($s); } diff --git a/includes/db/connect_db_mysql.inc b/includes/db/connect_db_mysql.inc index 2f30aef0..301d49dd 100644 --- a/includes/db/connect_db_mysql.inc +++ b/includes/db/connect_db_mysql.inc @@ -124,7 +124,7 @@ function db_num_fields ($result) function db_escape($value = "", $nullify = false) { $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding); - $value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding); + $value = html_specials_encode($value); //reset default if second parameter is skipped $nullify = ($nullify === null) ? (false) : ($nullify); diff --git a/includes/db/connect_db_mysqli.inc b/includes/db/connect_db_mysqli.inc index 79e299e4..8900598a 100644 --- a/includes/db/connect_db_mysqli.inc +++ b/includes/db/connect_db_mysqli.inc @@ -127,7 +127,7 @@ function db_escape($value = "", $nullify = false) global $db; $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding); - $value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding); + $value = html_specials_encode($value); //reset default if second parameter is skipped $nullify = ($nullify === null) ? (false) : ($nullify); diff --git a/includes/errors.inc b/includes/errors.inc index 7c911fce..1bf3b3bd 100644 --- a/includes/errors.inc +++ b/includes/errors.inc @@ -61,9 +61,9 @@ function error_handler($errno, $errstr, $file, $line) { // skip well known warnings we don't care about. // Please use restrainedly to not risk loss of important messages $excluded_warnings = array( - 'html_entity_decode', 'htmlspecialchars', // nevermind encodings, special chars are processed anyway - 'should be compatible with that', // ignore cpdf/frontreport wrapper warnings - 'mysql extension is deprecated' // ignore strict warning in 5.4 + 'html_entity_decode', // nevermind encodings, special chars are processed anyway + 'should be compatible with that', // ignore cpdf/frontreport wrapper warnings + 'mysql extension is deprecated' // ignore strict warning in 5.4 ); foreach($excluded_warnings as $ref) { if (strpos($errstr, $ref) !== false) { diff --git a/includes/prefs/userprefs.inc b/includes/prefs/userprefs.inc index 060f764f..0f368477 100644 --- a/includes/prefs/userprefs.inc +++ b/includes/prefs/userprefs.inc @@ -93,11 +93,11 @@ class user_prefs $this->sticky_date = 0; $this->startup_tab = "orders"; } - $this->transaction_days = $user['transaction_days']; - $this->save_report_selections = $user['save_report_selections']; - $this->use_date_picker = $user['use_date_picker']; - $this->def_print_destination = $user['def_print_destination']; - $this->def_print_orientation = $user['def_print_orientation']; + $this->transaction_days = @$user['transaction_days']; + $this->save_report_selections = @$user['save_report_selections']; + $this->use_date_picker = @$user['use_date_picker']; + $this->def_print_destination = @$user['def_print_destination']; + $this->def_print_orientation = @$user['def_print_orientation']; if (!file_exists("$path_to_root/themes/$this->theme")) $this->theme = "default"; diff --git a/includes/session.inc b/includes/session.inc index 003adc78..d9fd8c30 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -240,7 +240,8 @@ function check_page_security($page_security) _("Security settings have not been defined for your user account.") . "
" . _("Please contact your system administrator.") : _("Please remove \$security_groups and \$security_headings arrays from config.php file!"); - } elseif (!$_SESSION['SysPrefs']->db_ok && !$_SESSION["wa_current_user"]->can_access('SA_SOFTWAREUPGRADE')) { + } elseif (!$_SESSION['SysPrefs']->db_ok && !$_SESSION["wa_current_user"]->can_access('SA_SOFTWAREUPGRADE')) + { $msg = _('Access to application has been blocked until database upgrade is completed by system administrator.'); } @@ -309,14 +310,25 @@ function strip_quotes($data) return $data; } +/* + htmlspecialchars does not support certain encodings. + ISO-8859-2 fortunately has the same special characters positions as + ISO-8859-1, so fix is easy. If any other unsupported encoding is used, + add workaround here. +*/ +function html_specials_encode($str) +{ + return htmlspecialchars($str, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? + 'ISO-8859-1' : $_SESSION['language']->encoding); +} + function html_cleanup(&$parms) { foreach($parms as $name => $value) { -// $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding); if (is_array($value)) html_cleanup($parms[$name]); else - $parms[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding); + $parms[$name] = html_specials_encode($value); } reset($parms); // needed for direct key() usage later throughout the sources } @@ -503,8 +515,7 @@ if (!defined('FA_LOGOUT_PHP_FILE')){ { // strip ajax marker from uri, to force synchronous page reload $_SESSION['timeout'] = array( 'uri'=>preg_replace('/JsHttpRequest=(?:(\d+)-)?([^&]+)/s', - '', @htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' - ? 'ISO-8859-1' : $_SESSION['language']->encoding)), + '', html_specials_encode($_SERVER['REQUEST_URI'])), 'post' => $_POST); include($path_to_root . "/access/login.php"); diff --git a/install/isession.inc b/install/isession.inc index a0ec7705..acf14202 100644 --- a/install/isession.inc +++ b/install/isession.inc @@ -39,19 +39,22 @@ function strip_quotes($data) return $data; } +function html_specials_encode($str) +{ + return htmlspecialchars($str, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding); +} + function html_cleanup(&$parms) { foreach($parms as $name => $value) { -// $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding); if (is_array($value)) html_cleanup($parms[$name]); else - $parms[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding); + $parms[$name] = html_specials_encode($value); } reset($parms); // needed for direct key() usage later throughout the sources } - function check_page_security($page_security) { } diff --git a/reporting/includes/pdf_report.inc b/reporting/includes/pdf_report.inc index 737a60c8..f0cad565 100644 --- a/reporting/includes/pdf_report.inc +++ b/reporting/includes/pdf_report.inc @@ -425,6 +425,7 @@ class FrontReport extends Cpdf { global $dflt_lang; // FIXME should be passed as params + $this->SetLang(@$this->formData['rep_lang'] ? $this->formData['rep_lang'] : $dflt_lang); $doctype = $this->formData['doctype']; $header2type = true; @@ -952,7 +953,7 @@ class FrontReport extends Cpdf if ($SysPrefs->pdf_debug == 1) { $pdfcode = $this->Output('','S'); - $pdfcode = str_replace("\n", "\n
", htmlspecialchars($pdfcode)); + $pdfcode = str_replace("\n", "\n
", html_specials_encode($pdfcode)); echo ''; echo trim($pdfcode); echo '';