diff -ur pukiwiki-1.4.7_notb_utf8/INSTALL.txt pukiwiki-1_5_0_utf8/INSTALL.txt --- pukiwiki-1.4.7_notb_utf8/INSTALL.txt Sun Oct 22 05:41:09 2006 +++ pukiwiki-1_5_0_utf8/INSTALL.txt Sun Jul 13 13:03:56 2014 @@ -1,7 +1,7 @@ 名前 PukiWiki - 自由にページを追加・削除・編集できるWebページ構築スクリプト - Version 1.4.6 + Version 1.5.0 Copyright (C) 2001-2005 PukiWiki Developers Team 2001-2002 yu-ji (Based on PukiWiki 1.3 by yu-ji) Binary files pukiwiki-1.4.7_notb_utf8/README.en.txt.zip and pukiwiki-1_5_0_utf8/README.en.txt.zip differ diff -ur pukiwiki-1.4.7_notb_utf8/README.txt pukiwiki-1_5_0_utf8/README.txt --- pukiwiki-1.4.7_notb_utf8/README.txt Sun Oct 22 05:41:09 2006 +++ pukiwiki-1_5_0_utf8/README.txt Sun Jul 13 13:03:57 2014 @@ -1,7 +1,7 @@ 名前 PukiWiki - 自由にページを追加・削除・編集できるWebページ構築スクリプト - Version 1.4.7 + Version 1.5.0 Copyright (C) 2001-2006 PukiWiki Developers Team 2001-2002 yu-ji (Based on PukiWiki 1.3 by yu-ji) Binary files pukiwiki-1.4.7_notb_utf8/UPDATING.en.txt.zip and pukiwiki-1_5_0_utf8/UPDATING.en.txt.zip differ diff -ur pukiwiki-1.4.7_notb_utf8/lib/auth.php pukiwiki-1_5_0_utf8/lib/auth.php --- pukiwiki-1.4.7_notb_utf8/lib/auth.php Sun Oct 22 05:41:10 2006 +++ pukiwiki-1_5_0_utf8/lib/auth.php Sun Jul 13 13:03:57 2014 @@ -1,7 +1,7 @@ ' . $_msg_unfreeze . ')'; @@ -214,7 +214,7 @@ } if ($exit_flag) { $body = $title = str_replace('$1', - htmlspecialchars(strip_bracket($page)), $title_cannot); + htmlsc(strip_bracket($page)), $title_cannot); $page = str_replace('$1', make_search($page), $title_cannot); catbody($title, $page, $body); exit; diff -ur pukiwiki-1.4.7_notb_utf8/lib/backup.php pukiwiki-1_5_0_utf8/lib/backup.php --- pukiwiki-1.4.7_notb_utf8/lib/backup.php Sun Oct 22 05:41:10 2006 +++ pukiwiki-1_5_0_utf8/lib/backup.php Sun Jul 13 13:03:57 2014 @@ -11,7 +11,7 @@ * @access public * @author * @create - * @version $Id: backup.php,v 1.12 2006/02/02 13:27:57 henoheno Exp $ + * @version $Id: backup.php,v 1.13 2011/01/25 15:01:01 henoheno Exp $ * Copyright (C) * 2002-2006 PukiWiki Developers Team * 2001-2002 Originally written by yu-ji @@ -67,7 +67,7 @@ $body = preg_replace("/\n*$/", "\n", $body); $fp = _backup_fopen($page, 'wb') - or die_message('Cannot open ' . htmlspecialchars(_backup_get_filename($page)) . + or die_message('Cannot open ' . htmlsc(_backup_get_filename($page)) . '
Maybe permission is not writable or filename is too long'); _backup_fputs($fp, $strout); _backup_fputs($fp, $body); diff -ur pukiwiki-1.4.7_notb_utf8/lib/convert_html.php pukiwiki-1_5_0_utf8/lib/convert_html.php --- pukiwiki-1.4.7_notb_utf8/lib/convert_html.php Sun Oct 22 05:41:10 2006 +++ pukiwiki-1_5_0_utf8/lib/convert_html.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,6 @@ style[$name] = $name . ':' . htmlspecialchars($matches[3]) . ';'; + $this->style[$name] = $name . ':' . htmlsc($matches[3]) . ';'; $text = $matches[5]; } else if ($matches[4]) { - $this->style['size'] = 'font-size:' . htmlspecialchars($matches[4]) . 'px;'; + $this->style['size'] = 'font-size:' . htmlsc($matches[4]) . 'px;'; $text = $matches[5]; } } @@ -726,7 +726,7 @@ { global $preformat_ltrim; parent::Element(); - $this->elements[] = htmlspecialchars( + $this->elements[] = htmlsc( (! $preformat_ltrim || $text == '' || $text{0} != ' ') ? $text : substr($text, 1)); } diff -ur pukiwiki-1.4.7_notb_utf8/lib/diff.php pukiwiki-1_5_0_utf8/lib/diff.php --- pukiwiki-1.4.7_notb_utf8/lib/diff.php Sun Oct 22 05:41:10 2006 +++ pukiwiki-1_5_0_utf8/lib/diff.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,6 @@ '; $params = array($_obj->get('left'), $_obj->get('right'), $_obj->text()); foreach ($params as $key=>$text) { - $text = htmlspecialchars($text); + $text = htmlsc($text); if (trim($text) == '') $text = ' '; $do_update_diff_table .= '<' . $tags[$key] . ' class="style_' . $tags[$key] . '">' . $text . diff -ur pukiwiki-1.4.7_notb_utf8/lib/file.php pukiwiki-1_5_0_utf8/lib/file.php --- pukiwiki-1.4.7_notb_utf8/lib/file.php Sun Oct 22 05:41:10 2006 +++ pukiwiki-1_5_0_utf8/lib/file.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,6 @@ ' . "\n" . 'Maybe permission is not writable or filename is too long'); set_file_buffer($fp, 0); @@ -285,7 +285,7 @@ // Add array_unshift($lines, '-' . format_date(UTIME) . ' - ' . $_page . - htmlspecialchars($subject) . "\n"); + htmlsc($subject) . "\n"); // Get latest $limit reports $lines = array_splice($lines, 0, $limit); @@ -293,7 +293,7 @@ // Update $fp = fopen(get_filename($recentpage), 'w') or die_message('Cannot write page file ' . - htmlspecialchars($recentpage) . + htmlsc($recentpage) . '
Maybe permission is not writable or filename is too long'); set_file_buffer($fp, 0); flock($fp, LOCK_EX); @@ -377,7 +377,7 @@ // Open pkwk_touch_file($file); $fp = fopen($file, 'r+') or - die_message('Cannot open ' . htmlspecialchars($whatsnew)); + die_message('Cannot open ' . htmlsc($whatsnew)); set_file_buffer($fp, 0); flock($fp, LOCK_EX); @@ -385,8 +385,8 @@ ftruncate($fp, 0); rewind($fp); foreach ($recent_pages as $_page=>$time) - fputs($fp, '-' . htmlspecialchars(format_date($time)) . - ' - ' . '[[' . htmlspecialchars($_page) . ']]' . "\n"); + fputs($fp, '-' . htmlsc(format_date($time)) . + ' - ' . '[[' . htmlsc($_page) . ']]' . "\n"); fputs($fp, '#norelated' . "\n"); // :) flock($fp, LOCK_UN); @@ -441,15 +441,15 @@ $file = get_filename($whatsnew); pkwk_touch_file($file); $fp = fopen($file, 'r+') or - die_message('Cannot open ' . htmlspecialchars($whatsnew)); + die_message('Cannot open ' . htmlsc($whatsnew)); set_file_buffer($fp, 0); flock($fp, LOCK_EX); ftruncate($fp, 0); rewind($fp); foreach (array_keys($recent_pages) as $page) { $time = $recent_pages[$page]; - $s_lastmod = htmlspecialchars(format_date($time)); - $s_page = htmlspecialchars($page); + $s_lastmod = htmlsc(format_date($time)); + $s_page = htmlsc($page); fputs($fp, '-' . $s_lastmod . ' - [[' . $s_page . ']]' . "\n"); } fputs($fp, '#norelated' . "\n"); // :) @@ -730,12 +730,12 @@ $lockfile = CACHE_DIR . 'pkwk_chown.lock'; $flock = fopen($lockfile, 'a') or die('pkwk_chown(): fopen() failed for: CACHEDIR/' . - basename(htmlspecialchars($lockfile))); + basename(htmlsc($lockfile))); flock($flock, LOCK_EX) or die('pkwk_chown(): flock() failed for lock'); // Check owner $stat = stat($filename) or - die('pkwk_chown(): stat() failed for: ' . basename(htmlspecialchars($filename))); + die('pkwk_chown(): stat() failed for: ' . basename(htmlsc($filename))); if ($stat[4] === $php_uid) { // NOTE: Windows always here $result = TRUE; // Seems the same UID. Nothing to do @@ -746,7 +746,7 @@ // NOTE: Not 'r+'. Don't check write permission here $ffile = fopen($filename, 'r') or die('pkwk_chown(): fopen() failed for: ' . - basename(htmlspecialchars($filename))); + basename(htmlsc($filename))); // Try to chown by re-creating files // NOTE: @@ -786,7 +786,7 @@ return $result; } else { die('pkwk_touch_file(): Invalid UID and (not writable for the directory or not a flie): ' . - htmlspecialchars(basename($filename))); + htmlsc(basename($filename))); } } ?> diff -ur pukiwiki-1.4.7_notb_utf8/lib/func.php pukiwiki-1_5_0_utf8/lib/func.php --- pukiwiki-1.4.7_notb_utf8/lib/func.php Sun Oct 22 05:41:10 2006 +++ pukiwiki-1_5_0_utf8/lib/func.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,6 @@ ' . "\n"; foreach (array_keys($pages) as $page) { $r_page = rawurlencode($page); - $s_page = htmlspecialchars($page); + $s_page = htmlsc($page); $passage = $show_passage ? ' ' . get_passage(get_filetime($page)) : ''; $retval .= '
  • ' . $s_page . @@ -304,11 +304,11 @@ // Decode page name function decode($key) { - return hex2bin($key); + return pkwk_hex2bin($key); } // Inversion of bin2hex() -function hex2bin($hex_string) +function pkwk_hex2bin($hex_string) { // preg_match : Avoid warning : pack(): Type H: illegal hex digit ... // (string) : Always treat as string (not int etc). See BugTrack2/31 @@ -356,14 +356,14 @@ foreach($pages as $file=>$page) { $r_page = rawurlencode($page); - $s_page = htmlspecialchars($page, ENT_QUOTES); + $s_page = htmlsc($page, ENT_QUOTES); $passage = get_pg_passage($page); $str = '
  • ' . $s_page . '' . $passage; if ($withfilename) { - $s_file = htmlspecialchars($file); + $s_file = htmlsc($file); $str .= "\n" . ' ' . "\n" . ' '; } @@ -431,7 +431,7 @@ global $rule_page; if (! is_page($rule_page)) { - return '

    Sorry, page \'' . htmlspecialchars($rule_page) . + return '

    Sorry, page \'' . htmlsc($rule_page) . '\' unavailable.

    '; } else { return convert_html(get_source($rule_page)); @@ -631,7 +631,7 @@ if (isset($script_directory_index)) { if (! file_exists($script_directory_index)) die_message('Directory index file not found: ' . - htmlspecialchars($script_directory_index)); + htmlsc($script_directory_index)); $matches = array(); if (preg_match('#^(.+/)' . preg_quote($script_directory_index, '#') . '$#', $script, $matches)) $script = $matches[1]; @@ -700,6 +700,13 @@ } return join($glue, $arr); } + +// Sugar with default settings +function htmlsc($string = '', $flags = ENT_COMPAT, $charset = CONTENT_CHARSET) +{ + return htmlspecialchars($string, $flags, $charset); // htmlsc() +} + //// Compat //// diff -ur pukiwiki-1.4.7_notb_utf8/lib/html.php pukiwiki-1_5_0_utf8/lib/html.php --- pukiwiki-1.4.7_notb_utf8/lib/html.php Sun Oct 22 05:41:10 2006 +++ pukiwiki-1_5_0_utf8/lib/html.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,6 @@ ' . $_msg_word . htmlspecialchars($vars['word']) . + $body = '
    ' . $_msg_word . htmlsc($vars['word']) . '
    ' . $hr . "\n" . $body; // BugTrack2/106: Only variables can be passed by reference from PHP 5.0.5 @@ -132,7 +132,7 @@ $keys = get_search_words(array_keys($keys), TRUE); $id = 0; foreach ($keys as $key=>$pattern) { - $s_key = htmlspecialchars($key); + $s_key = htmlsc($key); $pattern = '/' . ']*>.*?<\/textarea>' . // Ignore textareas '|' . '<[^>]*>' . // Ignore tags @@ -190,7 +190,7 @@ foreach(get_existpages() as $_page) { if ($_page == $whatsnew || check_non_list($_page)) continue; - $s_page = htmlspecialchars($_page); + $s_page = htmlsc($_page); $pages[$_page] = ' '; } @@ -210,10 +210,10 @@ } $r_page = rawurlencode($page); - $s_page = htmlspecialchars($page); - $s_digest = htmlspecialchars($digest); - $s_postdata = htmlspecialchars($refer . $postdata); - $s_original = isset($vars['original']) ? htmlspecialchars($vars['original']) : $s_postdata; + $s_page = htmlsc($page); + $s_digest = htmlsc($digest); + $s_postdata = htmlsc($refer . $postdata); + $s_original = isset($vars['original']) ? htmlsc($vars['original']) : $s_postdata; $b_preview = isset($vars['preview']); // TRUE when preview $btn_preview = $b_preview ? $_btn_repreview : $_btn_preview; @@ -293,7 +293,7 @@ if (check_non_list($page)) continue; $r_page = rawurlencode($page); - $s_page = htmlspecialchars($page); + $s_page = htmlsc($page); $passage = get_passage($lastmod); $_links[] = $tag ? '=')) { if (headers_sent($file, $line)) die('Headers already sent at ' . - htmlspecialchars($file) . + htmlsc($file) . ' line ' . $line . '.'); } else { if (headers_sent()) @@ -509,7 +509,7 @@ break; } - $charset = htmlspecialchars($charset); + $charset = htmlsc($charset); // Output XML or not if ($type == PKWK_DTD_TYPE_XHTML) echo '' . "\n"; diff -ur pukiwiki-1.4.7_notb_utf8/lib/init.php pukiwiki-1_5_0_utf8/lib/init.php --- pukiwiki-1.4.7_notb_utf8/lib/init.php Sun Oct 22 05:41:13 2006 +++ pukiwiki-1_5_0_utf8/lib/init.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,6 @@ PukiWiki ' . S_VERSION . '' . ' Copyright © 2001-2006' . @@ -61,7 +61,8 @@ // 'uni'(means UTF-8), 'English', or 'Japanese' // SOURCE_ENCODING: Internal content encoding (for mbstring extension) // 'UTF-8', 'ASCII', or 'EUC-JP' -// CONTENT_CHARSET: Internal content encoding = Output content charset (for skin) +// CONTENT_CHARSET: Internal content encoding = Output content charset +// (for DTD, htmlsc()) // 'UTF-8', 'iso-8859-1', 'EUC-JP' or ... switch (LANG){ diff -ur pukiwiki-1.4.7_notb_utf8/lib/link.php pukiwiki-1_5_0_utf8/lib/link.php --- pukiwiki-1.4.7_notb_utf8/lib/link.php Sun Oct 22 05:41:10 2006 +++ pukiwiki-1_5_0_utf8/lib/link.php Sun Jul 13 13:03:57 2014 @@ -1,7 +1,7 @@ $arr) { $fp = fopen(CACHE_DIR . encode($page) . '.ref', 'w') - or die_message('cannot write ' . htmlspecialchars(CACHE_DIR . encode($page) . '.ref')); + or die_message('cannot write ' . htmlsc(CACHE_DIR . encode($page) . '.ref')); foreach ($arr as $ref_page=>$ref_auto) fputs($fp, $ref_page . "\t" . $ref_auto . "\n"); fclose($fp); @@ -199,7 +199,7 @@ } if ($is_page || ! $all_auto) { $fp = fopen($ref_file, 'w') - or die_message('cannot write ' . htmlspecialchars($ref_file)); + or die_message('cannot write ' . htmlsc($ref_file)); fputs($fp, $ref); fclose($fp); } @@ -228,7 +228,7 @@ unlink($ref_file); if (($is_page || ! $all_auto) && $ref != '') { $fp = fopen($ref_file, 'w') - or die_message('cannot write ' . htmlspecialchars($ref_file)); + or die_message('cannot write ' . htmlsc($ref_file)); fputs($fp, $ref); fclose($fp); } diff -ur pukiwiki-1.4.7_notb_utf8/lib/make_link.php pukiwiki-1_5_0_utf8/lib/make_link.php --- pukiwiki-1.4.7_notb_utf8/lib/make_link.php Sun Oct 22 05:41:10 2006 +++ pukiwiki-1_5_0_utf8/lib/make_link.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,6 @@ pattern . '/x', array(& $this, 'replace'), $string); - $arr = explode("\x08", make_line_rules(htmlspecialchars($string))); + $arr = explode("\x08", make_line_rules(htmlsc($string))); $retval = ''; while (! empty($arr)) { $retval .= array_shift($arr) . array_shift($this->result); @@ -108,7 +108,7 @@ $obj = $this->get_converter($arr); $this->result[] = ($obj !== NULL && $obj->set($arr, $this->page) !== FALSE) ? - $obj->toString() : make_line_rules(htmlspecialchars($arr[0])); + $obj->toString() : make_line_rules(htmlsc($arr[0])); return "\x08"; // Add a mark into latest processed part } @@ -187,7 +187,7 @@ $this->type = $type; if (! PKWK_DISABLE_INLINE_IMAGE_FROM_URI && is_url($alias) && preg_match('/\.(gif|png|jpe?g)$/i', $alias)) { - $alias = '' . $name . ''; + $alias = '' . $name . ''; } else if ($alias != '') { if ($converter === NULL) $converter = new InlineConverter(array('plugin')); @@ -270,7 +270,7 @@ } else { // No such plugin, or Failed $body = (($body == '') ? '' : '{' . $body . '}') . ';'; - return make_line_rules(htmlspecialchars('&' . $this->plain) . $body); + return make_line_rules(htmlsc('&' . $this->plain) . $body); } } } @@ -374,7 +374,7 @@ function set($arr, $page) { list(, , $alias, $name) = $this->splice($arr); - return parent::setParam($page, htmlspecialchars($name), + return parent::setParam($page, htmlsc($name), '', 'url', $alias == '' ? $name : $alias); } @@ -418,7 +418,7 @@ function set($arr, $page) { list(, $name, $alias) = $this->splice($arr); - return parent::setParam($page, htmlspecialchars($name), '', 'url', $alias); + return parent::setParam($page, htmlsc($name), '', 'url', $alias); } function toString() @@ -520,11 +520,11 @@ $url = get_interwiki_url($name, $this->param); $this->url = ($url === FALSE) ? $script . '?' . rawurlencode('[[' . $name . ':' . $this->param . ']]') : - htmlspecialchars($url); + htmlsc($url); return parent::setParam( $page, - htmlspecialchars($name . ':' . $this->param), + htmlsc($name . ':' . $this->param), '', 'InterWikiName', $alias == '' ? $name . ':' . $this->param : $alias @@ -708,7 +708,7 @@ { global $script, $vars, $link_compact, $related, $_symbol_noexists; - $s_page = htmlspecialchars(strip_bracket($page)); + $s_page = htmlsc(strip_bracket($page)); $s_alias = ($alias == '') ? $s_page : $alias; if ($page == '') return '' . $s_alias . ''; diff -ur pukiwiki-1.4.7_notb_utf8/lib/plugin.php pukiwiki-1_5_0_utf8/lib/plugin.php --- pukiwiki-1.4.7_notb_utf8/lib/plugin.php Sun Oct 22 05:41:10 2006 +++ pukiwiki-1_5_0_utf8/lib/plugin.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,6 @@ PKWK_PLUGIN_CALL_TIME_LIMIT) - die('Alert: plugin "' . htmlspecialchars($name) . + die('Alert: plugin "' . htmlsc($name) . '" was called over ' . PKWK_PLUGIN_CALL_TIME_LIMIT . ' times. SPAM or someting?
    ' . "\n" . ' @@ -147,12 +147,12 @@ if ($align == 'clear') return '
    '; // 改行挿入 if ($align != 'left') $align = 'right'; // 配置決定 - $asin_all = htmlspecialchars($aryargs[0]); // for XSS + $asin_all = htmlsc($aryargs[0]); // for XSS if (is_asin() == FALSE && $align != 'clear') return FALSE; if ($aryargs[2] != '') { // タイトル指定 - $title = $alt = htmlspecialchars($aryargs[2]); // for XSS + $title = $alt = htmlsc($aryargs[2]); // for XSS if ($alt == 'image') { $alt = plugin_amazon_get_asin_title(); if ($alt == '') return FALSE; @@ -195,7 +195,7 @@ $s_page = isset($vars['refer']) ? $vars['refer'] : ''; $asin_all = isset($vars['asin']) ? - htmlspecialchars(rawurlencode(strip_bracket($vars['asin']))) : ''; + htmlsc(rawurlencode(strip_bracket($vars['asin']))) : ''; if (! is_asin()) { $retvars['msg'] = 'ブックレビュー編集'; @@ -236,7 +236,7 @@ list($asin_all) = func_get_args(); - $asin_all = htmlspecialchars($asin_all); // for XSS + $asin_all = htmlsc($asin_all); // for XSS if (! is_asin()) return FALSE; $title = plugin_amazon_get_asin_title(); diff -ur pukiwiki-1.4.7_notb_utf8/plugin/aname.inc.php pukiwiki-1_5_0_utf8/plugin/aname.inc.php --- pukiwiki-1.4.7_notb_utf8/plugin/aname.inc.php Sun Oct 22 05:41:10 2006 +++ pukiwiki-1_5_0_utf8/plugin/aname.inc.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,6 @@ @@ -93,9 +93,9 @@ $body = $_msg_collided . "\n"; - $s_refer = htmlspecialchars($post['refer']); - $s_digest = htmlspecialchars($post['digest']); - $s_postdata = htmlspecialchars($postdata_input); + $s_refer = htmlsc($post['refer']); + $s_digest = htmlsc($post['digest']); + $s_postdata = htmlsc($postdata_input); $body .= <<
    @@ -152,9 +152,9 @@ $article_no = $numbers[$vars['page']]++; - $s_page = htmlspecialchars($vars['page']); - $s_digest = htmlspecialchars($digest); - $name_cols = PLUGIN_ARTICLE_NAME_COLS; + $s_page = htmlsc($vars['page']); + $s_digest = htmlsc($digest); + $name_cols = PLUGIN_ARTICLE_NAME_COLS; $subject_cols = PLUGIN_ARTICLE_SUBJECT_COLS; $article_rows = PLUGIN_ARTICLE_ROWS; $article_cols = PLUGIN_ARTICLE_COLS; diff -ur pukiwiki-1.4.7_notb_utf8/plugin/attach.inc.php pukiwiki-1_5_0_utf8/plugin/attach.inc.php --- pukiwiki-1.4.7_notb_utf8/plugin/attach.inc.php Sun Oct 22 05:41:10 2006 +++ pukiwiki-1_5_0_utf8/plugin/attach.inc.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,6 @@ http://home.arino.jp/ @@ -389,7 +389,7 @@ global $script, $vars, $_attach_messages; $r_page = rawurlencode($page); - $s_page = htmlspecialchars($page); + $s_page = htmlsc($page); $navi = << [{$_attach_messages['msg_list']}] @@ -502,7 +502,7 @@ $param = '&file=' . rawurlencode($this->file) . '&refer=' . rawurlencode($this->page) . ($this->age ? '&age=' . $this->age : ''); $title = $this->time_str . ' ' . $this->size_str; - $label = ($showicon ? PLUGIN_ATTACH_FILE_ICON : '') . htmlspecialchars($this->file); + $label = ($showicon ? PLUGIN_ATTACH_FILE_ICON : '') . htmlsc($this->file); if ($this->age) { $label .= ' (backup No.' . $this->age . ')'; } @@ -522,8 +522,8 @@ global $script, $_attach_messages; $r_page = rawurlencode($this->page); - $s_page = htmlspecialchars($this->page); - $s_file = htmlspecialchars($this->file); + $s_page = htmlsc($this->page); + $s_file = htmlsc($this->file); $s_err = ($err == '') ? '' : '

    ' . $_attach_messages[$err] . '

    '; $msg_rename = ''; @@ -564,7 +564,7 @@ } $info = $this->toString(TRUE, FALSE); - $retval = array('msg'=>sprintf($_attach_messages['msg_info'], htmlspecialchars($this->file))); + $retval = array('msg'=>sprintf($_attach_messages['msg_info'], htmlsc($this->file))); $retval['body'] = <<< EOD

    [{$_attach_messages['msg_list']}] @@ -711,13 +711,13 @@ break; } } - $filename = htmlspecialchars($filename); + $utf8filename = mb_convert_encoding($filename, 'UTF-8', 'auto'); ini_set('default_charset', ''); mb_http_output('pass'); pkwk_common_headers(); - header('Content-Disposition: inline; filename="' . $filename . '"'); + header('Content-Disposition: inline; filename="' . $filename . '"; filename*=utf-8\'\'' . rawurlencode($utf8filename)); header('Content-Length: ' . $this->size); header('Content-Type: ' . $this->type); @@ -763,7 +763,7 @@ $_files[$age] = $this->files[$file][$age]->toString(FALSE, TRUE); } if (! isset($_files[0])) { - $_files[0] = htmlspecialchars($file); + $_files[0] = htmlsc($file); } ksort($_files); $_file = $_files[0]; diff -ur pukiwiki-1.4.7_notb_utf8/plugin/back.inc.php pukiwiki-1_5_0_utf8/plugin/back.inc.php --- pukiwiki-1.4.7_notb_utf8/plugin/back.inc.php Sun Oct 22 05:41:10 2006 +++ pukiwiki-1_5_0_utf8/plugin/back.inc.php Sun Jul 13 13:03:57 2014 @@ -1,5 +1,5 @@ @@ -23,7 +23,7 @@ list($word, $align, $hr, $href) = array_pad(func_get_args(), 4, ''); $word = trim($word); - $word = ($word == '') ? $_msg_back_word : htmlspecialchars($word); + $word = ($word == '') ? $_msg_back_word : htmlsc($word); $align = strtolower(trim($align)); switch($align){ diff -ur pukiwiki-1.4.7_notb_utf8/plugin/backup.inc.php pukiwiki-1_5_0_utf8/plugin/backup.inc.php --- pukiwiki-1.4.7_notb_utf8/plugin/backup.inc.php Sun Oct 22 05:41:11 2006 +++ pukiwiki-1_5_0_utf8/plugin/backup.inc.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,6 @@ $_title_backuplist, 'body'=>plugin_backup_get_list_all()); check_readable($page, true, true); - $s_page = htmlspecialchars($page); + $s_page = htmlsc($page); $r_page = rawurlencode($page); $action = isset($vars['action']) ? $vars['action'] : ''; @@ -33,7 +33,7 @@ $s_action = $r_action = ''; if ($action != '') { - $s_action = htmlspecialchars($action); + $s_action = htmlsc($action); $r_action = rawurlencode($action); } @@ -107,7 +107,7 @@ $body .= plugin_backup_diff(do_diff($old, $cur)); } else if ($s_action == 'source') { $title = & $_title_backupsource; - $body .= '

    ' . htmlspecialchars(join('', $backups[$s_age]['data'])) .
+		$body .= '
    ' . htmlsc(join('', $backups[$s_age]['data'])) .
 			'
    ' . "\n";
 	} else {
 		if (PLUGIN_BACKUP_DISABLE_BACKUP_RENDERING) {
@@ -145,7 +145,7 @@
 	}
 
 	$script = get_script_uri();
-	$s_page = htmlspecialchars($page);
+	$s_page = htmlsc($page);
 	$body .= <<$_msg_backup_adminpass
    
 
    
@@ -172,7 +172,7 @@
 
 EOD;
 
-	return $ul . '
    ' . diff_style_to_css(htmlspecialchars($str)) . '
    ' . "\n";
+	return $ul . '
    ' . diff_style_to_css(htmlsc($str)) . '
    ' . "\n";
 }
 
 function plugin_backup_get_list($page)
@@ -182,7 +182,7 @@
 
 	$script = get_script_uri();
 	$r_page = rawurlencode($page);
-	$s_page = htmlspecialchars($page);
+	$s_page = htmlsc($page);
 	$retval = array();
 	$retval[0] = <<
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/bugtrack.inc.php pukiwiki-1_5_0_utf8/plugin/bugtrack.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/bugtrack.inc.php	Sun Oct 22 05:41:11 2006
+++ pukiwiki-1_5_0_utf8/plugin/bugtrack.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,5 +1,9 @@
 ' . $priority_list . '' . "\n";
 	}
 
 	$select_state = "\n";
 	for ($i = 0; $i < count($_plugin_bugtrack['state_list']); ++$i) {
-		$state_list = htmlspecialchars($_plugin_bugtrack['state_list'][$i]);
+		$state_list = htmlsc($_plugin_bugtrack['state_list'][$i]);
 		$select_state .= '    ' . "\n";
 	}
@@ -92,7 +96,7 @@
 	} else {
 		$encoded_category = '
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/interwiki.inc.php pukiwiki-1_5_0_utf8/plugin/interwiki.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/interwiki.inc.php	Sun Oct 22 05:41:11 2006
+++ pukiwiki-1_5_0_utf8/plugin/interwiki.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,6 +1,6 @@
  $_title_invalidiwn,
 		'body' => str_replace(array('$1', '$2'),
-			array(htmlspecialchars(''),
+			array(htmlsc(''),
 			make_pagelink('InterWikiName')),
 			$_msg_invalidiwn));
 }
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/lookup.inc.php pukiwiki-1_5_0_utf8/plugin/lookup.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/lookup.inc.php	Sun Oct 22 05:41:11 2006
+++ pukiwiki-1_5_0_utf8/plugin/lookup.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,6 +1,6 @@
  3) return PLUGIN_LOOKUP_USAGE;
 
 	$args = func_get_args();
-	$interwiki = htmlspecialchars(trim($args[0]));
-	$button    = isset($args[1]) ? trim($args[1]) : '';
-	$button    = ($button != '') ? htmlspecialchars($button) : 'lookup';
-	$default   = ($num > 2) ? htmlspecialchars(trim($args[2])) : '';
-	$s_page    = htmlspecialchars($vars['page']);
+	$interwiki = htmlsc(trim($args[0]));
+	$button    = isset($args[1]) ? trim($args[1])         : '';
+	$button    = ($button != '') ? htmlsc($button)        : 'lookup';
+	$default   = ($num > 2)      ? htmlsc(trim($args[2])) : '';
+	$s_page    = htmlsc($vars['page']);
 	++$id;
 
 	$script = get_script_uri();
@@ -54,7 +54,7 @@
 	$url = get_interwiki_url($inter, $page);
 	if ($url === FALSE) {
 		$msg = sprintf('InterWikiName "%s" not found', $inter);
-		$msg = htmlspecialchars($msg);
+		$msg = htmlsc($msg);
 		return array('msg'=>'Not found', 'body'=>$msg);
 	}
 
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/ls2.inc.php pukiwiki-1_5_0_utf8/plugin/ls2.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/ls2.inc.php	Sun Oct 22 05:41:11 2006
+++ pukiwiki-1_5_0_utf8/plugin/ls2.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,7 +1,11 @@
 $body,
-		'msg'=>str_replace('$1', htmlspecialchars($prefix), $_ls2_msg_title));
+		'msg'=>str_replace('$1', htmlsc($prefix), $_ls2_msg_title));
 }
 
 function plugin_ls2_convert()
@@ -66,10 +71,11 @@
 	}
 	if ($prefix == '') $prefix = strip_bracket($vars['page']) . '/';
 
-	array_walk($args, 'plugin_ls2_check_arg', & $params);
+	foreach ($args as $arg)
+		plugin_ls2_check_arg($arg, $params);
 
 	$title = (! empty($params['_args'])) ? join(',', $params['_args']) :   // Manual
-		str_replace('$1', htmlspecialchars($prefix), $_ls2_msg_title); // Auto
+		str_replace('$1', htmlsc($prefix), $_ls2_msg_title); // Auto
 
 	if (! $params['link'])
 		return plugin_ls2_show_lists($prefix, $params);
@@ -99,10 +105,10 @@
 	natcasesort($pages);
 	if ($params['reverse']) $pages = array_reverse($pages);
 
-	foreach ($pages as $page) $params["page_$page"] = 0;
+	foreach ($pages as $page) $params['page_ ' . $page] = 0;
 
 	if (empty($pages)) {
-		return str_replace('$1', htmlspecialchars($prefix), $_ls2_err_nopages);
+		return str_replace('$1', htmlsc($prefix), $_ls2_err_nopages);
 	} else {
 		$params['result'] = $params['saved'] = array();
 		foreach ($pages as $page)
@@ -121,7 +127,7 @@
 	if (! $is_done) $params["page_$page"] = ++$_ls2_anchor;
 
 	$r_page = rawurlencode($page);
-	$s_page = htmlspecialchars($page);
+	$s_page = htmlsc($page);
 	$title  = $s_page . ' ' . get_pg_passage($page, FALSE);
 	$href   = $script . '?cmd=read&page=' . $r_page;
 
@@ -196,7 +202,7 @@
 }
 
 // オプションを解析する
-function plugin_ls2_check_arg($value, $key, & $params)
+function plugin_ls2_check_arg($value, & $params)
 {
 	if ($value == '') {
 		$params['_done'] = TRUE;
@@ -214,6 +220,6 @@
 		$params['_done'] = TRUE;
 	}
 
-	$params['_args'][] = htmlspecialchars($value); // Link title
+	$params['_args'][] = htmlsc($value); // Link title
 }
 ?>
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/map.inc.php pukiwiki-1_5_0_utf8/plugin/map.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/map.inc.php	Sun Oct 22 05:41:11 2006
+++ pukiwiki-1_5_0_utf8/plugin/map.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,6 +1,8 @@
 chain($nodes);
 		$retval['body'] .= '
      ' . "\n" . $nodes[$refer]->toString($nodes) . '
    ' . "\n";
 		$retval['body'] .= '
    ' . "\n" .
-			'
    Not related from ' . htmlspecialchars($refer) . '
    ' . "\n";
+			'
    Not related from ' . htmlsc($refer) . '
    ' . "\n";
 		$keys = array_keys($nodes);
 		sort($keys);
 		$retval['body'] .= '
      ' . "\n";
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/md5.inc.php pukiwiki-1_5_0_utf8/plugin/md5.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/md5.inc.php	Sun Oct 22 05:41:11 2006
+++ pukiwiki-1_5_0_utf8/plugin/md5.inc.php	Sun Jul 13 13:03:56 2014
@@ -1,6 +1,6 @@
  PKWK_PASSPHRASE_LIMIT_LENGTH)
 		die_message('Limit: malicious message length');
 
-	if ($value != '') $value = 'value="' . htmlspecialchars($value) . '" ';
+	if ($value != '') $value = 'value="' . htmlsc($value) . '" ';
 
 	$sha1_enabled = function_exists('sha1');
 	$sha1_checked = $md5_checked = '';
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/memo.inc.php pukiwiki-1_5_0_utf8/plugin/memo.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/memo.inc.php	Sun Oct 22 05:41:11 2006
+++ pukiwiki-1_5_0_utf8/plugin/memo.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,5 +1,5 @@
 
@@ -79,7 +79,7 @@
 	$data = implode(',', $data);	// Care all arguments
 	$data = str_replace(',', ',', $data); // Unescape commas
 	$data = str_replace('"', '"', $data); // Unescape double quotes
-	$data = htmlspecialchars(str_replace('\n', "\n", $data));
+	$data = htmlsc(str_replace('\n', "\n", $data));
 
 	if (PKWK_READONLY) {
 		$_script = '';
@@ -89,8 +89,8 @@
 		$_submit = '';
 	}
 
-	$s_page   = htmlspecialchars($vars['page']);
-	$s_digest = htmlspecialchars($digest);
+	$s_page   = htmlsc($vars['page']);
+	$s_digest = htmlsc($digest);
 	$s_cols   = MEMO_COLS;
 	$s_rows   = MEMO_ROWS;
 	$string   = << 0) {
 		// Try to change default 'MenuBar' page name (only)
 		if ($num > 1)       return '#menu(): Zero or One argument needed';
-		if ($menu !== NULL) return '#menu(): Already set: ' . htmlspecialchars($menu);
+		if ($menu !== NULL) return '#menu(): Already set: ' . htmlsc($menu);
 		$args = func_get_args();
 		if (! is_page($args[0])) {
-			return '#menu(): No such page: ' . htmlspecialchars($args[0]);
+			return '#menu(): No such page: ' . htmlsc($args[0]);
 		} else {
 			$menu = $args[0]; // Set
 			return '';
@@ -48,7 +48,7 @@
 		if (! is_page($page)) {
 			return '';
 		} else if ($vars['page'] == $page) {
-			return '';
+			return '';
 		} else {
 			// Cut fixed anchors
 			$menutext = preg_replace('/^(\*{1,3}.*)\[#[A-Za-z][\w-]+\](.*)$/m', '$1$2', get_source($page));
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/navi.inc.php pukiwiki-1_5_0_utf8/plugin/navi.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/navi.inc.php	Sun Oct 22 05:41:11 2006
+++ pukiwiki-1_5_0_utf8/plugin/navi.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,6 +1,6 @@
 ';
+				htmlsc($home) . '
      ';
 		} else if (! $is_home &&
 		    ! preg_match('/^' . preg_quote($home, '/') . '/', $current)) {
-			return '#navi(' . htmlspecialchars($home) .
+			return '#navi(' . htmlsc($home) .
 				'): Not a child page like: ' .
-				htmlspecialchars($home . '/' . basename($current)) .
+				htmlsc($home . '/' . basename($current)) .
 				'
      ';
 		}
 		$reverse = (strtolower($reverse) == 'reverse');
@@ -128,7 +128,7 @@
 			foreach (array('start'=>$home, 'next'=>$next,
 			    'prev'=>$prev, 'up'=>$up) as $rel=>$_page) {
 				if ($_page != '') {
-					$s_page = htmlspecialchars($_page);
+					$s_page = htmlsc($_page);
 					$r_page = rawurlencode($_page);
 					$head_tags[] = ' $s_refer
      ";;
 
@@ -109,7 +109,7 @@
 		$f_w = (is_numeric($width) and $width > 0) ? $width : PAINT_DEFAULT_WIDTH;
 		$f_h = (is_numeric($height) and $height > 0) ? $height : PAINT_DEFAULT_HEIGHT;
 		$f_refer = array_key_exists('refer',$vars) ? encode($vars['refer']) : ''; // BBSPainter.jarがshift-jisに変換するのを回避
-		$f_digest = array_key_exists('digest',$vars) ? htmlspecialchars($vars['digest']) : '';
+		$f_digest = array_key_exists('digest',$vars) ? htmlsc($vars['digest']) : '';
 		$f_no = (array_key_exists('paint_no',$vars) and is_numeric($vars['paint_no'])) ?
 			$vars['paint_no'] + 0 : 0;
 
@@ -185,7 +185,7 @@
 	}
 
 	//XSS脆弱性問題 - 外部から来た変数をエスケープ
-	$f_page = htmlspecialchars($vars['page']);
+	$f_page = htmlsc($vars['page']);
 
 	$max = sprintf($_paint_messages['msg_max'],PAINT_MAX_WIDTH,PAINT_MAX_HEIGHT);
 
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/pcomment.inc.php pukiwiki-1_5_0_utf8/plugin/pcomment.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/pcomment.inc.php	Sun Oct 22 05:41:11 2006
+++ pukiwiki-1_5_0_utf8/plugin/pcomment.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,6 +1,6 @@
 FALSE,
 		'nodate'=>FALSE,
@@ -78,20 +76,18 @@
 		'_args' =>array()
 	);
 
-	// BugTrack2/106: Only variables can be passed by reference from PHP 5.0.5
-	$args = func_get_args(); // with array_walk()
-	array_walk($args, 'plugin_pcomment_check_arg', & $params);
+	foreach(func_get_args() as $arg)
+		plugin_pcomment_check_arg($arg, $params);
 
 	$vars_page = isset($vars['page']) ? $vars['page'] : '';
 	$page  = (isset($params['_args'][0]) && $params['_args'][0] != '') ? $params['_args'][0] :
 		sprintf(PLUGIN_PCOMMENT_PAGE, strip_bracket($vars_page));
-	$count = (isset($params['_args'][1]) && $params['_args'][1] != '') ? $params['_args'][1] : 0;
-	if ($count == 0 && $count !== '0')
-		$count = PLUGIN_PCOMMENT_NUM_COMMENTS;
+	$count = isset($params['_args'][1]) ? intval($params['_args'][1]) : 0;
+	if ($count == 0) $count = PLUGIN_PCOMMENT_NUM_COMMENTS;
 
 	$_page = get_fullname(strip_bracket($page), $vars_page);
 	if (!is_pagename($_page))
-		return sprintf($_pcmt_messages['err_pagename'], htmlspecialchars($_page));
+		return sprintf($_pcmt_messages['err_pagename'], htmlsc($_page));
 
 	$dir = PLUGIN_PCOMMENT_DIRECTION_DEFAULT;
 	if ($params['below']) {
@@ -119,10 +115,10 @@
 			'' : '';
 		$comment = '';
 
-		$s_page   = htmlspecialchars($page);
-		$s_refer  = htmlspecialchars($vars_page);
-		$s_nodate = htmlspecialchars($params['nodate']);
-		$s_count  = htmlspecialchars($count);
+		$s_page   = htmlsc($page);
+		$s_refer  = htmlsc($vars_page);
+		$s_nodate = htmlsc($params['nodate']);
+		$s_count  = htmlsc($count);
 
 		$form_start = '' . "\n";
 		$form = <<
+// License: WHERE IS THE RECORD?
 //
 // Popular pages plugin: Show an access ranking of this wiki
 // -- like recent plugin, using counter plugin's count --
@@ -76,7 +80,7 @@
 		foreach ($counters as $page=>$count) {
 			$page = substr($page, 1);
 
-			$s_page = htmlspecialchars($page);
+			$s_page = htmlsc($page);
 			if ($page == $vars['page']) {
 				// No need to link itself, notifies where you just read
 				$pg_passage = get_pg_passage($page,FALSE);
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/random.inc.php pukiwiki-1_5_0_utf8/plugin/random.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/random.inc.php	Sun Oct 22 05:41:11 2006
+++ pukiwiki-1_5_0_utf8/plugin/random.inc.php	Sun Jul 13 13:03:56 2014
@@ -2,7 +2,7 @@
 /////////////////////////////////////////////////
 // PukiWiki - Yet another WikiWikiWeb clone.
 //
-// $Id: random.inc.php,v 1.8 2004/09/10 14:18:34 henoheno Exp $
+// $Id: random.inc.php,v 1.9 2011/01/25 15:01:01 henoheno Exp $
 //
 
 /*
@@ -30,7 +30,7 @@
 
 	return "
      ' .
-		htmlspecialchars($title) . '
      ';
+		htmlsc($title) . '
      ';
 }
 
 function plugin_random_action()
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/read.inc.php pukiwiki-1_5_0_utf8/plugin/read.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/read.inc.php	Sun Oct 22 05:41:11 2006
+++ pukiwiki-1_5_0_utf8/plugin/read.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,6 +1,6 @@
 $_title_invalidwn,
-			'body'=>str_replace('$1', htmlspecialchars($page),
+			'body'=>str_replace('$1', htmlsc($page),
 				str_replace('$2', 'WikiName', $_msg_invalidiwn))
 		);
 	}
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/recent.inc.php pukiwiki-1_5_0_utf8/plugin/recent.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/recent.inc.php	Sun Oct 22 05:41:11 2006
+++ pukiwiki-1_5_0_utf8/plugin/recent.inc.php	Sun Jul 13 13:03:56 2014
@@ -1,5 +1,5 @@
 ' . "\n";
 		}
 
-		$s_page = htmlspecialchars($page);
+		$s_page = htmlsc($page);
 		if($page == $vars['page']) {
 			// No need to link to the page you just read, or notify where you just read
 			$items .= ' 
    • ' . $s_page . '
      • ' . "\n";
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/ref.inc.php pukiwiki-1_5_0_utf8/plugin/ref.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/ref.inc.php	Sun Oct 22 05:41:12 2006
+++ pukiwiki-1_5_0_utf8/plugin/ref.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,6 +1,6 @@
 ' . $url . '';
 			return $params;
 		}
 
-		$url = $url2 = htmlspecialchars($name);
-		$title = htmlspecialchars(preg_match('/([^\/]+)$/', $name, $matches) ? $matches[1] : $url);
+		$url = $url2 = htmlsc($name);
+		$title = htmlsc(preg_match('/([^\/]+)$/', $name, $matches) ? $matches[1] : $url);
 
 		$is_image = (! $params['noimg'] && preg_match(PLUGIN_REF_IMAGE, $name));
 
@@ -254,7 +254,7 @@
 
 	} else { // 添付ファイル
 
-		$title = htmlspecialchars($name);
+		$title = htmlsc($name);
 
 		$is_image = (! $params['noimg'] && preg_match(PLUGIN_REF_IMAGE, $name));
 
@@ -306,7 +306,7 @@
 		}
 
 		if (! empty($_title)) {
-			$title = htmlspecialchars(join(',', $_title));
+			$title = htmlsc(join(',', $_title));
 			if ($is_image) $title = make_line_rules($title);
 		}
 	}
@@ -420,12 +420,12 @@
 			break;
 		}
 	}
-	$file = htmlspecialchars($filename);
+	$utf8filename = mb_convert_encoding($filename, 'UTF-8', 'auto');
 	$size = filesize($ref);
 
 	// Output
 	pkwk_common_headers();
-	header('Content-Disposition: inline; filename="' . $filename . '"');
+	header('Content-Disposition: inline; filename="' . $filename . '"; filename*=utf-8\'\'' . rawurlencode($utf8filename));
 	header('Content-Length: ' . $size);
 	header('Content-Type: '   . $type);
 	@readfile($ref);
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/referer.inc.php pukiwiki-1_5_0_utf8/plugin/referer.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/referer.inc.php	Sun Oct 22 05:41:12 2006
+++ pukiwiki-1_5_0_utf8/plugin/referer.inc.php	Sun Jul 13 13:03:57 2014
@@ -99,8 +99,8 @@
 		list($ltime, $stime, $count, $url, $enable) = $arr;
 
 		// 非ASCIIキャラクタ(だけ)をURLエンコードしておく BugTrack/440
-		$e_url = htmlspecialchars(preg_replace('/([" \x80-\xff]+)/e', 'rawurlencode("$1")', $url));
-		$s_url = htmlspecialchars(mb_convert_encoding(rawurldecode($url), SOURCE_ENCODING, 'auto'));
+		$e_url = htmlsc(preg_replace('/([" \x80-\xff]+)/e', 'rawurlencode("$1")', $url));
+		$s_url = htmlsc(mb_convert_encoding(rawurldecode($url), SOURCE_ENCODING, 'auto'));
 
 		$lpass = get_passage($ltime, FALSE); // 最終更新日時からの経過時間
 		$spass = get_passage($stime, FALSE); // 初回登録日時からの経過時間
@@ -164,7 +164,7 @@
 		// BGCOLOR(#88ff88)
 		$matches = array();
 		foreach ($pconfig_color as $x)
-			$color[$x[0]] = htmlspecialchars(
+			$color[$x[0]] = htmlsc(
 				preg_match('/BGCOLOR\(([^)]+)\)/si', $x[1], $matches) ?
 					$matches[1] : $x[1]);
 	}
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/related.inc.php pukiwiki-1_5_0_utf8/plugin/related.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/related.inc.php	Sun Oct 22 05:41:12 2006
+++ pukiwiki-1_5_0_utf8/plugin/related.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,6 +1,8 @@
 ' .
 		'Return to ' . $s_word .'
      '. "\n";
@@ -44,7 +46,7 @@
 		$retval .= '
        ' . "\n";
 		foreach ($data as $page=>$time) {
 			$r_page  = rawurlencode($page);
-			$s_page  = htmlspecialchars($page);
+			$s_page  = htmlsc($page);
 			$passage = get_passage($time);
 			$retval .= ' 
      • ' . $s_page .
 				' ' . $passage . '
        • ' . "\n";
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/rename.inc.php pukiwiki-1_5_0_utf8/plugin/rename.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/rename.inc.php	Sun Oct 22 05:41:12 2006
+++ pukiwiki-1_5_0_utf8/plugin/rename.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,6 +1,8 @@
 ' . $_page;
 		$page = $tmp;
 	}
-	if ($page != '') $body = sprintf($body, htmlspecialchars($page));
+	if ($page != '') $body = sprintf($body, htmlsc($page));
 
 	$msg = sprintf($_rename_messages['err'], $body);
 	return $msg;
@@ -101,8 +103,8 @@
 	}
 	$select_refer = plugin_rename_getselecttag($refer);
 
-	$s_src = htmlspecialchars(plugin_rename_getvar('src'));
-	$s_dst = htmlspecialchars(plugin_rename_getvar('dst'));
+	$s_src = htmlsc(plugin_rename_getvar('src'));
+	$s_dst = htmlsc(plugin_rename_getvar('dst'));
 
 	$ret = array();
 	$ret['msg']  = $_rename_messages['msg_title'];
@@ -143,8 +145,8 @@
 		'
        ';
 
 	$msg_rename = sprintf($_rename_messages['msg_rename'], make_pagelink($refer));
-	$s_page  = htmlspecialchars($page);
-	$s_refer = htmlspecialchars($refer);
+	$s_page  = htmlsc($page);
+	$s_refer = htmlsc($refer);
 
 	$ret = array();
 	$ret['msg']  = $_rename_messages['msg_title'];
@@ -228,16 +230,16 @@
 
 	$method = plugin_rename_getvar('method');
 	if ($method == 'regex') {
-		$s_src = htmlspecialchars(plugin_rename_getvar('src'));
-		$s_dst = htmlspecialchars(plugin_rename_getvar('dst'));
+		$s_src = htmlsc(plugin_rename_getvar('src'));
+		$s_dst = htmlsc(plugin_rename_getvar('dst'));
 		$msg   .= $_rename_messages['msg_regex'] . '
        ';
 		$input .= '';
 		$input .= '';
 		$input .= '';
 	} else {
-		$s_refer   = htmlspecialchars(plugin_rename_getvar('refer'));
-		$s_page    = htmlspecialchars(plugin_rename_getvar('page'));
-		$s_related = htmlspecialchars(plugin_rename_getvar('related'));
+		$s_refer   = htmlsc(plugin_rename_getvar('refer'));
+		$s_page    = htmlsc(plugin_rename_getvar('page'));
+		$s_related = htmlsc(plugin_rename_getvar('related'));
 		$msg   .= $_rename_messages['msg_page'] . '
        ';
 		$input .= '';
 		$input .= '';
@@ -250,7 +252,7 @@
 		foreach ($exists as $page=>$arr) {
 			$msg .= '
      • ' . make_pagelink(decode($page));
 			$msg .= $_rename_messages['msg_arrow'];
-			$msg .= htmlspecialchars(decode($pages[$page]));
+			$msg .= htmlsc(decode($pages[$page]));
 			if (! empty($arr)) {
 				$msg .= '
          ' . "\n";
 				foreach ($arr as $ofile=>$nfile)
@@ -289,7 +291,7 @@
 	foreach ($pages as $old=>$new)
 		$ret['body'] .= '
        • ' .  make_pagelink(decode($old)) .
 			$_rename_messages['msg_arrow'] .
-			htmlspecialchars(decode($new)) .  '
          • ' . "\n";
+			htmlsc(decode($new)) .  '' . "\n";
 	$ret['body'] .= '
        ' . "\n";
 	return $ret;
 }
@@ -407,7 +409,7 @@
 		if ($_page == $whatsnew) continue;
 
 		$selected = ($_page == $page) ? ' selected' : '';
-		$s_page = htmlspecialchars($_page);
+		$s_page = htmlsc($_page);
 		$pages[$_page] = '';
 	}
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/ruby.inc.php pukiwiki-1_5_0_utf8/plugin/ruby.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/ruby.inc.php	Sun Oct 22 05:41:12 2006
+++ pukiwiki-1_5_0_utf8/plugin/ruby.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,6 +1,6 @@
 ' . $body . '' . '(' .
-		'' .  htmlspecialchars($ruby) . '' . ')' .
+		'' .  htmlsc($ruby) . '' . ')' .
 		'';
 }
 ?>
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/search.inc.php pukiwiki-1_5_0_utf8/plugin/search.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/search.inc.php	Sun Oct 22 05:41:12 2006
+++ pukiwiki-1_5_0_utf8/plugin/search.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,6 +1,6 @@
  PLUGIN_SEARCH_MAX_LENGTH) {
 		unset($vars['word']); // Stop using $_msg_word at lib/html.php
@@ -81,7 +81,7 @@
 			++$_num;
 			if (PLUGIN_SEARCH_MAX_BASE < $_num) break;
 			$label_id = '_p_search_base_id_' . $_num;
-			$s_base   = htmlspecialchars($base);
+			$s_base   = htmlsc($base);
 			$base_str = '' . $s_base . '';
 			$base_label = str_replace('$1', $base_str, $_search_pages);
 			$base_msg  .=<<' conversion
 //
@@ -41,7 +41,7 @@
 
 		default:
 			return '#setlinebreak: Invalid argument: ' .
-				htmlspecialchars($args[0]) . '
        ';
+				htmlsc($args[0]) . '
        ';
 		}
 	}
 	return '';
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/showrss.inc.php pukiwiki-1_5_0_utf8/plugin/showrss.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/showrss.inc.php	Sun Oct 22 05:41:12 2006
+++ pukiwiki-1_5_0_utf8/plugin/showrss.inc.php	Sun Jul 13 13:03:56 2014
@@ -1,6 +1,6 @@
 ' . "\n";
+		return '#showrss: Cache-lifetime seems not numeric: ' . htmlsc($cachehour) . '
        ' . "\n";
 	if (! class_exists($class))
-		return '#showrss: Template not found: ' . htmlspecialchars($template) . '
        ' . "\n";
+		return '#showrss: Template not found: ' . htmlsc($template) . '
        ' . "\n";
 	if (! is_url($uri))
-		return '#showrss: Seems not URI: ' . htmlspecialchars($uri) . '
        ' . "\n";
+		return '#showrss: Seems not URI: ' . htmlsc($uri) . '
        ' . "\n";
 
 	list($rss, $time) = plugin_showrss_get_rss($uri, $cachehour);
 	if ($rss === FALSE) return '#showrss: Failed fetching RSS from the server
        ' . "\n";
@@ -247,10 +247,10 @@
 
 	function escape($str)
 	{
-		// Unescape already-escaped chars (<, >, &, ...) in RSS body before htmlspecialchars()
+		// Unescape already-escaped chars (<, >, &, ...) in RSS body before htmlsc()
 		$str = strtr($str, array_flip(get_html_translation_table(ENT_COMPAT)));
 		// Escape
-		$str = htmlspecialchars($str);
+		$str = htmlsc($str);
 		// Encoding conversion
 		$str = mb_convert_encoding($str, SOURCE_ENCODING, $this->encoding);
 		return trim($str);
diff -ur pukiwiki-1.4.7_notb_utf8/plugin/source.inc.php pukiwiki-1_5_0_utf8/plugin/source.inc.php
--- pukiwiki-1.4.7_notb_utf8/plugin/source.inc.php	Sun Oct 22 05:41:12 2006
+++ pukiwiki-1_5_0_utf8/plugin/source.inc.php	Sun Jul 13 13:03:57 2014
@@ -1,6 +1,6 @@
  $_source_messages['msg_title'],
 		'body' => '
        ' .
-		htmlspecialchars(join('', get_source($page))) . '
        ');
+		htmlsc(join('', get_source($page))) . '
    '); } ?> diff -ur pukiwiki-1.4.7_notb_utf8/plugin/stationary.inc.php pukiwiki-1_5_0_utf8/plugin/stationary.inc.php --- pukiwiki-1.4.7_notb_utf8/plugin/stationary.inc.php Sun Oct 22 05:41:12 2006 +++ pukiwiki-1_5_0_utf8/plugin/stationary.inc.php Sun Jul 13 13:03:57 2014 @@ -1,5 +1,5 @@ '; + return '#stationary(' . htmlsc($result) . ')
    '; } // In-line type plugin: &stationary; or &stationary(foo); , or &stationary(foo){bar}; @@ -56,7 +56,7 @@ $args[$key] = trim($args[$key]); $result = join(',', $args); - return '&stationary(' . htmlspecialchars($result) . '){' . $body . '};'; + return '&stationary(' . htmlsc($result) . '){' . $body . '};'; } // Action-type plugin: ?plugin=stationary&foo=bar @@ -69,6 +69,6 @@ $msg = 'Message'; $body = 'Message body'; - return array('msg'=>htmlspecialchars($msg), 'body'=>htmlspecialchars($body)); + return array('msg' => htmlsc($msg), 'body' => htmlsc($body)); } ?> diff -ur pukiwiki-1.4.7_notb_utf8/plugin/template.inc.php pukiwiki-1_5_0_utf8/plugin/template.inc.php --- pukiwiki-1.4.7_notb_utf8/plugin/template.inc.php Sun Oct 22 05:41:12 2006 +++ pukiwiki-1_5_0_utf8/plugin/template.inc.php Sun Jul 13 13:03:57 2014 @@ -1,5 +1,5 @@ $line\n"; @@ -52,7 +52,7 @@ $end_select .= "\n"; } - $_page = htmlspecialchars($page); + $_page = htmlsc($page); $msg = $tag = ''; if ($is_page) { $msg = $_err_template_already; @@ -61,7 +61,7 @@ $msg = str_replace('$1', $_page, $_err_template_invalid); } - $s_refer = htmlspecialchars($vars['refer']); + $s_refer = htmlsc($vars['refer']); $s_page = ($page == '') ? str_replace('$1', $s_refer, $_msg_template_page) : $_page; $ret = << diff -ur pukiwiki-1.4.7_notb_utf8/plugin/topicpath.inc.php pukiwiki-1_5_0_utf8/plugin/topicpath.inc.php --- pukiwiki-1.4.7_notb_utf8/plugin/topicpath.inc.php Sun Oct 22 05:41:12 2006 +++ pukiwiki-1_5_0_utf8/plugin/topicpath.inc.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,12 @@ read()) { - return "

    config file '".htmlspecialchars($config_name)."' not found.

    "; + return "

    config file '".htmlsc($config_name)."' not found.

    "; } $config->config_name = $config_name; @@ -89,7 +91,7 @@ $config = new Config('plugin/tracker/'.$config_name); if (!$config->read()) { - return "

    config file '".htmlspecialchars($config_name)."' not found.

    "; + return "

    config file '".htmlsc($config_name)."' not found.

    "; } $config->config_name = $config_name; $source = $config->page.'/page'; @@ -100,14 +102,14 @@ { return array( 'msg'=>'cannot write', - 'body'=>'page name ('.htmlspecialchars($refer).') is not valid.' + 'body'=>'page name ('.htmlsc($refer).') is not valid.' ); } if (!is_page($source)) { return array( 'msg'=>'cannot write', - 'body'=>'page template ('.htmlspecialchars($source).') is not exist.' + 'body'=>'page template ('.htmlsc($source).') is not exist.' ); } // ページ名を決定 @@ -197,7 +199,7 @@ if (!$config->read()) { - return "config file '".htmlspecialchars($config_name)."' not found."; + return "config file '".htmlsc($config_name)."' not found."; } $config->config_name = $config_name; @@ -299,9 +301,9 @@ function get_tag() { - $s_name = htmlspecialchars($this->name); - $s_size = htmlspecialchars($this->values[0]); - $s_value = htmlspecialchars($this->default_value); + $s_name = htmlsc($this->name); + $s_size = htmlsc($this->values[0]); + $s_value = htmlsc($this->default_value); return ""; } } @@ -341,10 +343,10 @@ function get_tag() { - $s_name = htmlspecialchars($this->name); - $s_cols = htmlspecialchars($this->values[0]); - $s_rows = htmlspecialchars($this->values[1]); - $s_value = htmlspecialchars($this->default_value); + $s_name = htmlsc($this->name); + $s_cols = htmlsc($this->values[0]); + $s_rows = htmlsc($this->values[1]); + $s_value = htmlsc($this->default_value); return ""; } function format_cell($str) @@ -383,8 +385,8 @@ } function get_tag() { - $s_name = htmlspecialchars($this->name); - $s_size = htmlspecialchars($this->values[0]); + $s_name = htmlsc($this->name); + $s_size = htmlsc($this->values[0]); return ""; } function get_key($str) @@ -412,8 +414,8 @@ function get_tag() { - $s_name = htmlspecialchars($this->name); - $s_size = htmlspecialchars($this->values[0]); + $s_name = htmlsc($this->name); + $s_size = htmlsc($this->values[0]); return ""; } function format_value($str) @@ -437,12 +439,12 @@ function get_tag() { - $s_name = htmlspecialchars($this->name); + $s_name = htmlsc($this->name); $retval = ''; $id = 0; foreach ($this->config->get($this->name) as $option) { - $s_option = htmlspecialchars($option[0]); + $s_option = htmlsc($option[0]); $checked = trim($option[0]) == trim($this->default_value) ? ' checked="checked"' : ''; ++$id; $s_id = '_p_tracker_' . $s_name . '_' . $this->id . '_' . $id; @@ -473,9 +475,9 @@ function get_tag($empty=FALSE) { - $s_name = htmlspecialchars($this->name); + $s_name = htmlsc($this->name); $s_size = (array_key_exists(0,$this->values) and is_numeric($this->values[0])) ? - ' size="'.htmlspecialchars($this->values[0]).'"' : ''; + ' size="'.htmlsc($this->values[0]).'"' : ''; $s_multiple = (array_key_exists(1,$this->values) and strtolower($this->values[1]) == 'multiple') ? ' multiple="multiple"' : ''; $retval = "\n"; return $retval; @@ -537,10 +539,10 @@ { function get_tag() { - $s_title = htmlspecialchars($this->title); - $s_page = htmlspecialchars($this->page); - $s_refer = htmlspecialchars($this->refer); - $s_config = htmlspecialchars($this->config->config_name); + $s_title = htmlsc($this->title); + $s_page = htmlsc($this->page); + $s_refer = htmlsc($this->refer); + $s_config = htmlsc($this->config->config_name); return << @@ -626,7 +628,7 @@ if (!$config->read()) { - return "

    config file '".htmlspecialchars($config_name)."' is not exist."; + return "

    config file '".htmlsc($config_name)."' is not exist."; } $config->config_name = $config_name; diff -ur pukiwiki-1.4.7_notb_utf8/plugin/unfreeze.inc.php pukiwiki-1_5_0_utf8/plugin/unfreeze.inc.php --- pukiwiki-1.4.7_notb_utf8/plugin/unfreeze.inc.php Sun Oct 22 05:41:12 2006 +++ pukiwiki-1_5_0_utf8/plugin/unfreeze.inc.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,8 @@ $_msg_invalidpass

    \n"; $body .= <<$_msg_unfreezing

    diff -ur pukiwiki-1.4.7_notb_utf8/plugin/versionlist.inc.php pukiwiki-1_5_0_utf8/plugin/versionlist.inc.php --- pukiwiki-1.4.7_notb_utf8/plugin/versionlist.inc.php Sun Oct 22 05:41:12 2006 +++ pukiwiki-1_5_0_utf8/plugin/versionlist.inc.php Sun Jul 13 13:03:57 2014 @@ -44,12 +44,12 @@ continue; } $data = join('',file($sdir.$file)); - $comment = array('file'=>htmlspecialchars($sdir.$file),'rev'=>'','date'=>''); + $comment = array('file'=>htmlsc($sdir.$file),'rev'=>'','date'=>''); if (preg_match('/\$'.'Id: (.+),v (\d+\.\d+) (\d{4}\/\d{2}\/\d{2} \d{2}:\d{2}:\d{2})/',$data,$matches)) { -// $comment['file'] = htmlspecialchars($sdir.$matches[1]); - $comment['rev'] = htmlspecialchars($matches[2]); - $comment['date'] = htmlspecialchars($matches[3]); +// $comment['file'] = htmlsc($sdir.$matches[1]); + $comment['rev'] = htmlsc($matches[2]); + $comment['date'] = htmlsc($matches[3]); } $comments[$sdir.$file] = $comment; } diff -ur pukiwiki-1.4.7_notb_utf8/plugin/vote.inc.php pukiwiki-1_5_0_utf8/plugin/vote.inc.php --- pukiwiki-1.4.7_notb_utf8/plugin/vote.inc.php Sun Oct 22 05:41:12 2006 +++ pukiwiki-1_5_0_utf8/plugin/vote.inc.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,8 @@ @@ -95,8 +97,8 @@ } $args = func_get_args(); - $s_page = htmlspecialchars($page); - $s_digest = htmlspecialchars($digest); + $s_page = htmlsc($page); + $s_digest = htmlsc($digest); $body = << diff -ur pukiwiki-1.4.7_notb_utf8/plugin/yetlist.inc.php pukiwiki-1_5_0_utf8/plugin/yetlist.inc.php --- pukiwiki-1.4.7_notb_utf8/plugin/yetlist.inc.php Sun Oct 22 05:41:12 2006 +++ pukiwiki-1_5_0_utf8/plugin/yetlist.inc.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,6 @@ ' . - htmlspecialchars($_refer) . ''; + htmlsc($_refer) . ''; } $link_ref = join(' ', $link_refs); unset($link_refs); - $s_page = htmlspecialchars($page); + $s_page = htmlsc($page); if (PKWK_READONLY) { $href = $s_page; } else { diff -ur pukiwiki-1.4.7_notb_utf8/skin/tdiary.skin.php pukiwiki-1_5_0_utf8/skin/tdiary.skin.php --- pukiwiki-1.4.7_notb_utf8/skin/tdiary.skin.php Sun Oct 22 05:41:12 2006 +++ pukiwiki-1_5_0_utf8/skin/tdiary.skin.php Sun Jul 13 13:03:57 2014 @@ -1,6 +1,6 @@ '; + echo 'Theme not found: ' . htmlsc($theme_css) . '
    '; echo 'You can get tdiary-theme from: '; echo 'http://sourceforge.net/projects/tdiary/'; exit; @@ -589,7 +589,7 @@ - + @@ -701,7 +701,7 @@ $title = ''; if ($disable_backlink) { if ($_page != '') { - $title = htmlspecialchars($_page); + $title = htmlsc($_page); } else { $title = $page; // Search, or something message } @@ -709,7 +709,7 @@ if ($page != '') { $title = $page; } else { - $title = htmlspecialchars($_page); + $title = htmlsc($_page); } } $title_date = $title_text = ''; Binary files pukiwiki-1.4.7_notb_utf8/wiki.en.zip and pukiwiki-1_5_0_utf8/wiki.en.zip differ