if ($this->SCRIPT_DECODE_MODE == 'entities')
return str_replace(array('"', '<', '>'), array('"', '<', '>'), $s);
else
- return htmlspecialchars($s);
+ return html_specials_encode($s);
}
function db_escape($value = "", $nullify = false)
{
$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
- $value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
+ $value = html_specials_encode($value);
//reset default if second parameter is skipped
$nullify = ($nullify === null) ? (false) : ($nullify);
global $db;
$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
- $value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
+ $value = html_specials_encode($value);
//reset default if second parameter is skipped
$nullify = ($nullify === null) ? (false) : ($nullify);
// skip well known warnings we don't care about.
// Please use restrainedly to not risk loss of important messages
$excluded_warnings = array(
- 'html_entity_decode', 'htmlspecialchars', // nevermind encodings, special chars are processed anyway
- 'should be compatible with that', // ignore cpdf/frontreport wrapper warnings
- 'mysql extension is deprecated' // ignore strict warning in 5.4
+ 'html_entity_decode', // nevermind encodings, special chars are processed anyway
+ 'should be compatible with that', // ignore cpdf/frontreport wrapper warnings
+ 'mysql extension is deprecated' // ignore strict warning in 5.4
);
foreach($excluded_warnings as $ref) {
if (strpos($errstr, $ref) !== false) {
$this->sticky_date = 0;
$this->startup_tab = "orders";
}
- $this->transaction_days = $user['transaction_days'];
- $this->save_report_selections = $user['save_report_selections'];
- $this->use_date_picker = $user['use_date_picker'];
- $this->def_print_destination = $user['def_print_destination'];
- $this->def_print_orientation = $user['def_print_orientation'];
+ $this->transaction_days = @$user['transaction_days'];
+ $this->save_report_selections = @$user['save_report_selections'];
+ $this->use_date_picker = @$user['use_date_picker'];
+ $this->def_print_destination = @$user['def_print_destination'];
+ $this->def_print_orientation = @$user['def_print_orientation'];
if (!file_exists("$path_to_root/themes/$this->theme"))
$this->theme = "default";
_("Security settings have not been defined for your user account.")
. "<br>" . _("Please contact your system administrator.")
: _("Please remove \$security_groups and \$security_headings arrays from config.php file!");
- } elseif (!$_SESSION['SysPrefs']->db_ok && !$_SESSION["wa_current_user"]->can_access('SA_SOFTWAREUPGRADE')) {
+ } elseif (!$_SESSION['SysPrefs']->db_ok && !$_SESSION["wa_current_user"]->can_access('SA_SOFTWAREUPGRADE'))
+ {
$msg = _('Access to application has been blocked until database upgrade is completed by system administrator.');
}
return $data;
}
+/*
+ htmlspecialchars does not support certain encodings.
+ ISO-8859-2 fortunately has the same special characters positions as
+ ISO-8859-1, so fix is easy. If any other unsupported encoding is used,
+ add workaround here.
+*/
+function html_specials_encode($str)
+{
+ return htmlspecialchars($str, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ?
+ 'ISO-8859-1' : $_SESSION['language']->encoding);
+}
+
function html_cleanup(&$parms)
{
foreach($parms as $name => $value) {
-// $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
if (is_array($value))
html_cleanup($parms[$name]);
else
- $parms[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding);
+ $parms[$name] = html_specials_encode($value);
}
reset($parms); // needed for direct key() usage later throughout the sources
}
{
// strip ajax marker from uri, to force synchronous page reload
$_SESSION['timeout'] = array( 'uri'=>preg_replace('/JsHttpRequest=(?:(\d+)-)?([^&]+)/s',
- '', @htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2'
- ? 'ISO-8859-1' : $_SESSION['language']->encoding)),
+ '', html_specials_encode($_SERVER['REQUEST_URI'])),
'post' => $_POST);
include($path_to_root . "/access/login.php");
return $data;
}
+function html_specials_encode($str)
+{
+ return htmlspecialchars($str, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding);
+}
+
function html_cleanup(&$parms)
{
foreach($parms as $name => $value) {
-// $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
if (is_array($value))
html_cleanup($parms[$name]);
else
- $parms[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
+ $parms[$name] = html_specials_encode($value);
}
reset($parms); // needed for direct key() usage later throughout the sources
}
-
function check_page_security($page_security)
{
}
{
global $dflt_lang; // FIXME should be passed as params
+ $this->SetLang(@$this->formData['rep_lang'] ? $this->formData['rep_lang'] : $dflt_lang);
$doctype = $this->formData['doctype'];
$header2type = true;
if ($SysPrefs->pdf_debug == 1)
{
$pdfcode = $this->Output('','S');
- $pdfcode = str_replace("\n", "\n<br>", htmlspecialchars($pdfcode));
+ $pdfcode = str_replace("\n", "\n<br>", html_specials_encode($pdfcode));
echo '<html><body>';
echo trim($pdfcode);
echo '</body></html>';
projects / fa-stable.git / commitdiff