diff options
-rw-r--r-- | core/API/DataTablePostProcessor.php | 2 | ||||
-rw-r--r-- | core/Tracker/TrackerCodeGenerator.php | 4 | ||||
-rwxr-xr-x | core/Twig.php | 2 | ||||
-rwxr-xr-x | core/Updates/1.7.2-rc7.php | 2 | ||||
-rw-r--r-- | core/testMinimumPhpVersion.php | 2 | ||||
-rw-r--r-- | misc/others/api_rest_call.php | 2 | ||||
-rw-r--r-- | misc/others/tracker_simpleImageTracker.php | 2 | ||||
-rw-r--r-- | plugins/Actions/Reports/GetPageTitles.php | 2 | ||||
-rw-r--r-- | plugins/Dashboard/Dashboard.php | 2 | ||||
-rw-r--r-- | plugins/Monolog/Handler/WebNotificationHandler.php | 2 | ||||
-rw-r--r-- | plugins/Overlay/Controller.php | 6 | ||||
-rw-r--r-- | plugins/Referrers/Controller.php | 6 | ||||
-rw-r--r-- | tests/PHPUnit/System/AutoSuggestAPITest.php | 2 | ||||
-rw-r--r-- | tests/PHPUnit/System/LabelFilterTest.php | 2 | ||||
-rw-r--r-- | tests/javascript/piwik.php | 2 |
15 files changed, 20 insertions, 20 deletions
diff --git a/core/API/DataTablePostProcessor.php b/core/API/DataTablePostProcessor.php index c4eb7441d0..a292139053 100644 --- a/core/API/DataTablePostProcessor.php +++ b/core/API/DataTablePostProcessor.php @@ -397,7 +397,7 @@ class DataTablePostProcessor // this is needed because Proxy uses Common::getRequestVar which in turn // uses Common::sanitizeInputValue. This causes the > that separates recursive labels // to become > and we need to undo that here. - $label = str_replace( htmlentities('>'), '>', $label); + $label = str_replace( htmlentities('>', ENT_COMPAT | ENT_HTML401, 'UTF-8'), '>', $label); return $label; } diff --git a/core/Tracker/TrackerCodeGenerator.php b/core/Tracker/TrackerCodeGenerator.php index 79b80e8bf1..fcfe889661 100644 --- a/core/Tracker/TrackerCodeGenerator.php +++ b/core/Tracker/TrackerCodeGenerator.php @@ -169,14 +169,14 @@ class TrackerCodeGenerator $setTrackerUrl = 'var u=((document.location.protocol === "https:") ? "https://{$httpsPiwikUrl}/" : "http://{$piwikUrl}/");'; $codeImpl['httpsPiwikUrl'] = rtrim($codeImpl['httpsPiwikUrl'], "/"); } - $codeImpl = array('setTrackerUrl' => htmlentities($setTrackerUrl)) + $codeImpl; + $codeImpl = array('setTrackerUrl' => htmlentities($setTrackerUrl, ENT_COMPAT | ENT_HTML401, 'UTF-8')) + $codeImpl; $view = new View('@Morpheus/javascriptCode'); $view->disableCacheBuster(); $view->loadAsync = $codeImpl['loadAsync']; $view->trackNoScript = $codeImpl['trackNoScript']; $jsCode = $view->render(); - $jsCode = htmlentities($jsCode); + $jsCode = htmlentities($jsCode, ENT_COMPAT | ENT_HTML401, 'UTF-8'); foreach ($codeImpl as $keyToReplace => $replaceWith) { $jsCode = str_replace('{$' . $keyToReplace . '}', $replaceWith, $jsCode); diff --git a/core/Twig.php b/core/Twig.php index 827c0c411f..c36452055b 100755 --- a/core/Twig.php +++ b/core/Twig.php @@ -373,7 +373,7 @@ class Twig { $rawSafeDecoded = new Twig_SimpleFilter('rawSafeDecoded', function ($string) { $string = str_replace('+', '%2B', $string); - $string = str_replace(' ', html_entity_decode(' '), $string); + $string = str_replace(' ', html_entity_decode(' ', ENT_COMPAT | ENT_HTML401, 'UTF-8'), $string); $string = SafeDecodeLabel::decodeLabelSafe($string); diff --git a/core/Updates/1.7.2-rc7.php b/core/Updates/1.7.2-rc7.php index 41ddbd342c..4ba26ae3d3 100755 --- a/core/Updates/1.7.2-rc7.php +++ b/core/Updates/1.7.2-rc7.php @@ -50,7 +50,7 @@ class Updates_1_7_2_rc7 extends Updates $idDashboard = $dashboard['iddashboard']; $login = $dashboard['login']; $layout = $dashboard['layout']; - $layout = html_entity_decode($layout); + $layout = html_entity_decode($layout, ENT_COMPAT | ENT_HTML401, 'UTF-8'); $layout = str_replace("\\\"", "\"", $layout); $migrations[] = $this->migration->db->boundSql($updateQuery, array($layout, $idDashboard, $login)); diff --git a/core/testMinimumPhpVersion.php b/core/testMinimumPhpVersion.php index a841724606..9f4bffd57a 100644 --- a/core/testMinimumPhpVersion.php +++ b/core/testMinimumPhpVersion.php @@ -133,7 +133,7 @@ if (!function_exists('Piwik_GetErrorMessagePage')) { } if ($optionalTrace) { - $optionalTrace = '<h2>Stack trace</h2><pre>' . htmlentities($optionalTrace) . '</pre>'; + $optionalTrace = '<h2>Stack trace</h2><pre>' . htmlentities($optionalTrace, ENT_COMPAT | ENT_HTML401, 'UTF-8') . '</pre>'; } if ($isCli === null) { diff --git a/misc/others/api_rest_call.php b/misc/others/api_rest_call.php index 67c3f9e4ba..b6275f8755 100644 --- a/misc/others/api_rest_call.php +++ b/misc/others/api_rest_call.php @@ -22,7 +22,7 @@ if (!$content) { print("<h1>Keywords for the last month</h1>\n"); foreach ($content as $row) { - $keyword = htmlspecialchars(html_entity_decode(urldecode($row['label']), ENT_QUOTES), ENT_QUOTES); + $keyword = htmlspecialchars(html_entity_decode(urldecode($row['label']), ENT_QUOTES, 'UTF-8'), ENT_QUOTES, 'UTF-8'); $hits = $row['nb_visits']; print("<b>$keyword</b> ($hits hits)<br>\n"); diff --git a/misc/others/tracker_simpleImageTracker.php b/misc/others/tracker_simpleImageTracker.php index 6bcaf21fd1..2f10fe279d 100644 --- a/misc/others/tracker_simpleImageTracker.php +++ b/misc/others/tracker_simpleImageTracker.php @@ -24,7 +24,7 @@ $trackingURL = Piwik_getUrlTrackPageView($idSite = 16, $customTitle = 'This titl This page loads a Simple Tracker request to Piwik website id=1 <?php -echo '<img src="' . htmlentities($trackingURL) . '" alt="" />'; +echo '<img src="' . htmlentities($trackingURL, ENT_COMPAT | ENT_HTML401, 'UTF-8') . '" alt="" />'; ?> </body> </html>
\ No newline at end of file diff --git a/plugins/Actions/Reports/GetPageTitles.php b/plugins/Actions/Reports/GetPageTitles.php index 5a5e0581e9..ddddb2e0ae 100644 --- a/plugins/Actions/Reports/GetPageTitles.php +++ b/plugins/Actions/Reports/GetPageTitles.php @@ -29,7 +29,7 @@ class GetPageTitles extends Base $this->dimension = new PageTitle(); $this->name = Piwik::translate('Actions_SubmenuPageTitles'); $this->documentation = Piwik::translate('Actions_PageTitlesReportDocumentation', - array('<br />', htmlentities('<title>'))); + array('<br />', htmlentities('<title>', ENT_COMPAT | ENT_HTML401, 'UTF-8'))); $this->order = 5; $this->metrics = array('nb_hits', 'nb_visits'); diff --git a/plugins/Dashboard/Dashboard.php b/plugins/Dashboard/Dashboard.php index 86cf3ec2cd..7392ea119b 100644 --- a/plugins/Dashboard/Dashboard.php +++ b/plugins/Dashboard/Dashboard.php @@ -243,7 +243,7 @@ class Dashboard extends \Piwik\Plugin return $layout; } - $layout = html_entity_decode($layout); + $layout = html_entity_decode($layout, ENT_COMPAT | ENT_HTML401, 'UTF-8'); $layout = str_replace("\\\"", "\"", $layout); $layout = str_replace("\n", "", $layout); diff --git a/plugins/Monolog/Handler/WebNotificationHandler.php b/plugins/Monolog/Handler/WebNotificationHandler.php index 7b3098d315..5f0de1bb8c 100644 --- a/plugins/Monolog/Handler/WebNotificationHandler.php +++ b/plugins/Monolog/Handler/WebNotificationHandler.php @@ -37,7 +37,7 @@ class WebNotificationHandler extends AbstractProcessingHandler break; } - $message = $record['level_name'] . ': ' . htmlentities($record['message']); + $message = $record['level_name'] . ': ' . htmlentities($record['message'], ENT_COMPAT | ENT_HTML401, 'UTF-8'); $notification = new Notification($message); $notification->context = $context; diff --git a/plugins/Overlay/Controller.php b/plugins/Overlay/Controller.php index 6327d34ddf..4ccdcf0b18 100644 --- a/plugins/Overlay/Controller.php +++ b/plugins/Overlay/Controller.php @@ -194,7 +194,7 @@ class Controller extends \Piwik\Plugin\Controller $url = Common::unsanitizeInputValue($url); $message = Piwik::translate('Overlay_RedirectUrlError', array($url, "\n")); - $message = nl2br(htmlentities($message)); + $message = nl2br(htmlentities($message, ENT_COMPAT | ENT_HTML401, 'UTF-8')); $view = new View('@Overlay/showErrorWrongDomain'); $this->addCustomLogoInfo($view); @@ -204,11 +204,11 @@ class Controller extends \Piwik\Plugin\Controller // TODO use $idSite to link to the correct row. This is tricky because the #rowX ids don't match // the site ids when sites have been deleted. $url = 'index.php?module=SitesManager&action=index'; - $troubleshoot = htmlentities(Piwik::translate('Overlay_RedirectUrlErrorAdmin')); + $troubleshoot = htmlentities(Piwik::translate('Overlay_RedirectUrlErrorAdmin'), ENT_COMPAT | ENT_HTML401, 'UTF-8'); $troubleshoot = sprintf($troubleshoot, '<a href="' . $url . '" target="_top">', '</a>'); $view->troubleshoot = $troubleshoot; } else { - $view->troubleshoot = htmlentities(Piwik::translate('Overlay_RedirectUrlErrorUser')); + $view->troubleshoot = htmlentities(Piwik::translate('Overlay_RedirectUrlErrorUser'), ENT_COMPAT | ENT_HTML401, 'UTF-8'); } $this->outputCORSHeaders(); diff --git a/plugins/Referrers/Controller.php b/plugins/Referrers/Controller.php index 31429d7885..f9df7e39d4 100644 --- a/plugins/Referrers/Controller.php +++ b/plugins/Referrers/Controller.php @@ -380,7 +380,7 @@ function DisplayTopKeywords($url = "") } // Display the list in HTML - $url = htmlspecialchars($url, ENT_QUOTES); + $url = htmlspecialchars($url, ENT_QUOTES, \'UTF-8\'); $output = "<h2>Top Keywords for <a href=\'$url\'>$url</a></h2><ul>"; foreach($keywords as $keyword) { $output .= "<li>". $keyword . "</li>"; @@ -418,7 +418,7 @@ function DisplayTopKeywords($url = "") } // Display the list in HTML - $url = htmlspecialchars($url, ENT_QUOTES); + $url = htmlspecialchars($url, ENT_QUOTES, 'UTF-8'); $output = "<h2>Top Keywords for <a href=\'$url\'>$url</a></h2><ul>"; foreach ($keywords as $keyword) { $output .= "<li>" . $keyword . "</li>"; @@ -434,7 +434,7 @@ function DisplayTopKeywords($url = "") echo "</div><br/> <p style='padding: 0 12px;'>Here is the PHP function that you can paste in your pages:</P> - <textarea style='padding: 0 12px;height:auto;width:auto;margin-left:12px;' cols=60 rows=8><?php\n" . htmlspecialchars($code) . "\n DisplayTopKeywords();</textarea> + <textarea style='padding: 0 12px;height:auto;width:auto;margin-left:12px;' cols=60 rows=8><?php\n" . htmlspecialchars($code, ENT_COMPAT | ENT_HTML401, 'UTF-8') . "\n DisplayTopKeywords();</textarea> "; echo " diff --git a/tests/PHPUnit/System/AutoSuggestAPITest.php b/tests/PHPUnit/System/AutoSuggestAPITest.php index 8a3900cf8d..414dfccd5f 100644 --- a/tests/PHPUnit/System/AutoSuggestAPITest.php +++ b/tests/PHPUnit/System/AutoSuggestAPITest.php @@ -104,7 +104,7 @@ class AutoSuggestAPITest extends SystemTestCase $topSegmentValue = Common::forceDotAsSeparatorForDecimalPoint($topSegmentValue); } // Now build the segment request - $segmentValue = rawurlencode(html_entity_decode($topSegmentValue)); + $segmentValue = rawurlencode(html_entity_decode($topSegmentValue, ENT_COMPAT | ENT_HTML401, 'UTF-8')); $params['segment'] = $params['segmentToComplete'] . '==' . $segmentValue; unset($params['segmentToComplete']); $this->runApiTests($api, $params); diff --git a/tests/PHPUnit/System/LabelFilterTest.php b/tests/PHPUnit/System/LabelFilterTest.php index 809409754b..f19828638d 100644 --- a/tests/PHPUnit/System/LabelFilterTest.php +++ b/tests/PHPUnit/System/LabelFilterTest.php @@ -113,7 +113,7 @@ class LabelFilterTest extends SystemTestCase ); $return[] = array('Referrers.getSearchEngines', $searchEngineTest); - $searchEngineTest['otherRequestParameters']['label'] = urlencode('Google>' . urlencode(html_entity_decode($keyword))); + $searchEngineTest['otherRequestParameters']['label'] = urlencode('Google>' . urlencode(html_entity_decode($keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8'))); $return[] = array('Referrers.getSearchEngines', $searchEngineTest); // test the ! operator diff --git a/tests/javascript/piwik.php b/tests/javascript/piwik.php index 0c38317175..20f7c41aa4 100644 --- a/tests/javascript/piwik.php +++ b/tests/javascript/piwik.php @@ -80,7 +80,7 @@ function logRequest($db, $uri, $data) { } if (isset($_GET['requests'])) { - $token = htmlentities($_GET['requests']); + $token = htmlentities($_GET['requests'], ENT_COMPAT | ENT_HTML401, 'UTF-8'); $ua = $_SERVER['HTTP_USER_AGENT']; echo "<html><head><title>$token</title></head><body>\n"; |