#305 Specified the charset in any call to htmlentities()

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@1110 a333f486-631f-4898-b8df-5754b55c2be0

addons/userrights/userrightsprofile.class.inc.php

@@ -180,7 +180,7 @@ class URP_Profiles extends UserRightsBaseClass
 				$oGrant = $oUserRights->GetClassStimulusGrant($this->GetKey(), $sClass, $sStimulusCode);
 				if (is_object($oGrant) && ($oGrant->Get('permission') == 'yes'))
 				{ 
-					$aStimuli[] = '<span title="'.$sStimulusCode.': '.htmlentities($oStimulus->GetDescription()).'">'.htmlentities($oStimulus->GetLabel()).'</span>';
+					$aStimuli[] = '<span title="'.$sStimulusCode.': '.htmlentities($oStimulus->GetDescription(), ENT_QUOTES, 'UTF-8').'">'.htmlentities($oStimulus->GetLabel(), ENT_QUOTES, 'UTF-8').'</span>';
 				}
 			}
 			$sStimuli = implode(', ', $aStimuli);

addons/userrights/userrightsprojection.class.inc.php

@@ -119,7 +119,7 @@ class URP_Profiles extends UserRightsBaseClass
 				$oGrant = $oUserRights->GetClassStimulusGrant($this->GetKey(), $sClass, $sStimulusCode);
 				if (is_object($oGrant) && ($oGrant->Get('permission') == 'yes'))
 				{ 
-					$aStimuli[] = '<span title="'.$sStimulusCode.': '.htmlentities($oStimulus->GetDescription()).'">'.htmlentities($oStimulus->GetLabel()).'</span>';
+					$aStimuli[] = '<span title="'.$sStimulusCode.': '.htmlentities($oStimulus->GetDescription(), ENT_QUOTES, 'UTF-8').'">'.htmlentities($oStimulus->GetLabel(), ENT_QUOTES, 'UTF-8').'</span>';
 				}
 			}
 			$sStimuli = implode(', ', $aStimuli);

application/cmdbabstract.class.inc.php

@@ -1687,7 +1687,7 @@ EOF
 				break;
 				
 				default:
-				$oPage->add("<pre>".htmlentities(MyHelpers::beautifulstr($data, 1000, true))."</pre>\n");			
+				$oPage->add("<pre>".htmlentities(MyHelpers::beautifulstr($data, 1000, true), ENT_QUOTES, 'UTF-8')."</pre>\n");			
 			}
 			break;
 

application/template.class.inc.php

@@ -161,7 +161,7 @@ class DisplayTemplate
 				$oPage->AddTabContainer('Tabs_'.$iTabContainerCount);
 				$oPage->SetCurrentTabContainer('Tabs_'.$iTabContainerCount);
 				$iTabContainerCount++;
-				//$oPage->p('Content:<pre>'.htmlentities($sContent).'</pre>');
+				//$oPage->p('Content:<pre>'.htmlentities($sContent, ENT_QUOTES, 'UTF-8').'</pre>');
 				$oTemplate = new DisplayTemplate($sContent);
 				$oTemplate->Render($oPage, array()); // no params to apply, they have already been applied
 				$oPage->SetCurrentTabContainer('');
@@ -185,7 +185,7 @@ class DisplayTemplate
 				$oPage->SetCurrentTab(Dict::S(str_replace('_', ' ', $aAttributes['name'])));
 				$oTemplate = new DisplayTemplate($sContent);
 				$oTemplate->Render($oPage, array()); // no params to apply, they have already been applied
-				//$oPage->p('iTop Tab Content:<pre>'.htmlentities($sContent).'</pre>');
+				//$oPage->p('iTop Tab Content:<pre>'.htmlentities($sContent, ENT_QUOTES, 'UTF-8').'</pre>');
 				$oPage->SetCurrentTab('');
 			break;
 			
@@ -195,7 +195,7 @@ class DisplayTemplate
 				$oPage->StartCollapsibleSection(Dict::S($sName), $bOpen);
 				$oTemplate = new DisplayTemplate($sContent);
 				$oTemplate->Render($oPage, array()); // no params to apply, they have already been applied
-				//$oPage->p('iTop Tab Content:<pre>'.htmlentities($sContent).'</pre>');
+				//$oPage->p('iTop Tab Content:<pre>'.htmlentities($sContent, ENT_QUOTES, 'UTF-8').'</pre>');
 				$oPage->EndCollapsibleSection();
 			break;
 			
@@ -241,7 +241,7 @@ class DisplayTemplate
 		</itoptabs>';
 		
 		$oPage = new iTopWebPage('Unit Test');
-		//$oPage->add("Template content: <pre>".htmlentities($sTemplate)."</pre>\n");
+		//$oPage->add("Template content: <pre>".htmlentities($sTemplate, ENT_QUOTES, 'UTF-8')."</pre>\n");
 		$oTemplate = new DisplayTemplate($sTemplate);
 		$oTemplate->Render($oPage, array('class'=>'Network device','pkey'=> 271, 'name' => 'deliversw01.mecanorama.fr', 'org_id' => 3));
 		$oPage->output();

core/MyHelpers.class.inc.php

@@ -443,9 +443,9 @@ class Str
 	public static function pure2html($pure, $maxLength = false)
 	{
 		// Check for HTML entities, but be careful the DB is in UTF-8
-		return $maxLength
-			? htmlentities(substr($pure, 0, $maxLength), ENT_COMPAT, 'UTF-8')
-			: htmlentities($pure, ENT_COMPAT, 'UTF-8');
+		return $maxLength                                         
+			? htmlentities(substr($pure, 0, $maxLength), ENT_QUOTES, 'UTF-8')
+			: htmlentities($pure, ENT_QUOTES, 'UTF-8');
 	}
 	public static function pure2sql($pure, $maxLength = false)
 	{

core/config.class.inc.php

@@ -458,7 +458,7 @@ class Config
 		if (strlen($sNoise) > 0)
 		{
 			// Note: sNoise is an html output, but so far it was ok for me (e.g. showing the entire call stack) 
-			throw new ConfigException('Syntax error in configuration file', array('file' => $sConfigFile, 'error' => '<tt>'.htmlentities($sNoise).'</tt>'));
+			throw new ConfigException('Syntax error in configuration file', array('file' => $sConfigFile, 'error' => '<tt>'.htmlentities($sNoise, ENT_QUOTES, 'UTF-8').'</tt>'));
 		}
 
 		if (!isset($MySettings) || !is_array($MySettings))

core/metamodel.class.php

@@ -2579,7 +2579,7 @@ abstract class MetaModel
 		if (count($aCleanFixes) == 0) return;
 
 		echo "<form action=\"$sRepairUrl\" method=\"POST\">\n";
-		echo "   <input type=\"hidden\" name=\"$sSQLStatementArgName\" value=\"".htmlentities(implode("##SEP##", $aCleanFixes))."\">\n";
+		echo "   <input type=\"hidden\" name=\"$sSQLStatementArgName\" value=\"".htmlentities(implode("##SEP##", $aCleanFixes), ENT_QUOTES, 'UTF-8')."\">\n";
 		echo "   <input type=\"submit\" value=\" Apply changes (".count($aCleanFixes)." queries) \">\n";
 		echo "</form>\n";
 	}
@@ -2779,14 +2779,14 @@ abstract class MetaModel
 		$sRes = '';
 
 		$sRes .= "// Dictionnay conventions\n";
-		$sRes .= htmlentities("// Class:<class_name>\n");
-		$sRes .= htmlentities("// Class:<class_name>+\n");
-		$sRes .= htmlentities("// Class:<class_name>/Attribute:<attribute_code>\n");
-		$sRes .= htmlentities("// Class:<class_name>/Attribute:<attribute_code>+\n");
-		$sRes .= htmlentities("// Class:<class_name>/Attribute:<attribute_code>/Value:<value>\n");
-		$sRes .= htmlentities("// Class:<class_name>/Attribute:<attribute_code>/Value:<value>+\n");
-		$sRes .= htmlentities("// Class:<class_name>/Stimulus:<stimulus_code>\n");
-		$sRes .= htmlentities("// Class:<class_name>/Stimulus:<stimulus_code>+\n");
+		$sRes .= htmlentities("// Class:<class_name>\n", ENT_QUOTES, 'UTF-8');
+		$sRes .= htmlentities("// Class:<class_name>+\n", ENT_QUOTES, 'UTF-8');
+		$sRes .= htmlentities("// Class:<class_name>/Attribute:<attribute_code>\n", ENT_QUOTES, 'UTF-8');
+		$sRes .= htmlentities("// Class:<class_name>/Attribute:<attribute_code>+\n", ENT_QUOTES, 'UTF-8');
+		$sRes .= htmlentities("// Class:<class_name>/Attribute:<attribute_code>/Value:<value>\n", ENT_QUOTES, 'UTF-8');
+		$sRes .= htmlentities("// Class:<class_name>/Attribute:<attribute_code>/Value:<value>+\n", ENT_QUOTES, 'UTF-8');
+		$sRes .= htmlentities("// Class:<class_name>/Stimulus:<stimulus_code>\n", ENT_QUOTES, 'UTF-8');
+		$sRes .= htmlentities("// Class:<class_name>/Stimulus:<stimulus_code>+\n", ENT_QUOTES, 'UTF-8');
 		$sRes .= "\n";
 
 		// Note: I did not use EnumCategories(), because a given class maybe found in several categories

core/oql/oqlexception.class.inc.php

@@ -52,19 +52,19 @@ class OQLException extends CoreException
 
 	public function getHtmlDesc($sHighlightHtmlBegin = '<b>', $sHighlightHtmlEnd = '</b>')
 	{
-		$sRet = htmlentities($this->m_MyIssue.", found '".$this->m_sUnexpected."' in: ");
-		$sRet .= htmlentities(substr($this->m_sInput, 0, $this->m_iCol));
-		$sRet .= $sHighlightHtmlBegin.htmlentities(substr($this->m_sInput, $this->m_iCol, strlen($this->m_sUnexpected))).$sHighlightHtmlEnd;
-		$sRet .= htmlentities(substr($this->m_sInput, $this->m_iCol + strlen($this->m_sUnexpected)));
+		$sRet = htmlentities($this->m_MyIssue.", found '".$this->m_sUnexpected."' in: ", ENT_QUOTES, 'UTF-8');
+		$sRet .= htmlentities(substr($this->m_sInput, 0, $this->m_iCol), ENT_QUOTES, 'UTF-8');
+		$sRet .= $sHighlightHtmlBegin.htmlentities(substr($this->m_sInput, $this->m_iCol, strlen($this->m_sUnexpected)), ENT_QUOTES, 'UTF-8').$sHighlightHtmlEnd;
+		$sRet .= htmlentities(substr($this->m_sInput, $this->m_iCol + strlen($this->m_sUnexpected)), ENT_QUOTES, 'UTF-8');
 
 		if (!is_null($this->m_aExpecting) && (count($this->m_aExpecting) > 0))
 		{
 			$sExpectations = '{'.implode(', ', $this->m_aExpecting).'}';
-			$sRet .= ", expecting ".htmlentities($sExpectations); 
+			$sRet .= ", expecting ".htmlentities($sExpectations, ENT_QUOTES, 'UTF-8'); 
 			$sSuggest = self::FindClosestString($this->m_sUnexpected, $this->m_aExpecting);
 			if (strlen($sSuggest) > 0)
 			{
-				$sRet .= ", I would suggest to use '$sHighlightHtmlBegin".htmlentities($sSuggest)."$sHighlightHtmlEnd'";
+				$sRet .= ", I would suggest to use '$sHighlightHtmlBegin".htmlentities($sSuggest, ENT_QUOTES, 'UTF-8')."$sHighlightHtmlEnd'";
 			}
 		}
 

pages/run_query.php

@@ -70,8 +70,8 @@ function ShowExamples($oP, $sExpression)
 			}
 			//$aDisplayData[$sTopic][] = array(
 			$aDisplayData[Dict::S('UI:RunQuery:QueryExamples')][] = array(
-				'desc' => "<div style=\"$sHighlight\">".htmlentities($sDescription)."</div>",
-				'oql' => "<div style=\"$sHighlight\">".htmlentities($sOql)."</div>",
+				'desc' => "<div style=\"$sHighlight\">".htmlentities($sDescription, ENT_QUOTES, 'UTF-8')."</div>",
+				'oql' => "<div style=\"$sHighlight\">".htmlentities($sOql, ENT_QUOTES, 'UTF-8')."</div>",
 				'go' => "<form method=\"get\"><input type=\"hidden\" name=\"expression\" value=\"$sOql\"><input type=\"submit\" value=\"".Dict::S('UI:Button:Test')."\" $sDisable></form>\n",
 			);
 		}

pages/schema.php

@@ -321,9 +321,9 @@ function DisplayClassesList($oPage)
 	{
 		$oPage->add("<li>".MakeRelationHLink($sRelCode)."\n");
 		$oPage->add("<ul>\n");
-		$oPage->add("<li>Description: ".htmlentities(MetaModel::GetRelationDescription($sRelCode))."</li>\n");
-		$oPage->add("<li>Verb up: ".htmlentities(MetaModel::GetRelationVerbUp($sRelCode))."</li>\n");
-		$oPage->add("<li>Verb down: ".htmlentities(MetaModel::GetRelationVerbDown($sRelCode))."</li>\n");
+		$oPage->add("<li>Description: ".htmlentities(MetaModel::GetRelationDescription($sRelCode), ENT_QUOTES, 'UTF-8')."</li>\n");
+		$oPage->add("<li>Verb up: ".htmlentities(MetaModel::GetRelationVerbUp($sRelCode), ENT_QUOTES, 'UTF-8')."</li>\n");
+		$oPage->add("<li>Verb down: ".htmlentities(MetaModel::GetRelationVerbDown($sRelCode), ENT_QUOTES, 'UTF-8')."</li>\n");
 		$oPage->add("</ul>\n");
 		$oPage->add("</li>\n");
 	}

test/testlist.inc.php

@@ -268,7 +268,7 @@ a2?;?b?;?c?
 				}
 				else
 				{
-					$sCellValue = htmlentities($sCell);
+					$sCellValue = htmlentities($sCell, ENT_QUOTES, 'UTF-8');
 				}
 
 				if (!isset($aExpectedResult[$iRow][$iCol]))
@@ -1178,11 +1178,11 @@ class TestItopEfficiency extends TestBizModel
 		foreach ($aStats as $sOQL => $aResults)
 		{
 			$aValues = array();
-			$aValues['OQL'] = htmlentities($sOQL);
+			$aValues['OQL'] = htmlentities($sOQL, ENT_QUOTES, 'UTF-8');
 
 			foreach($aResults as $sDesc => $sInfo)
 			{
-				$aValues[$sDesc] = htmlentities($sInfo);
+				$aValues[$sDesc] = htmlentities($sInfo, ENT_QUOTES, 'UTF-8');
 			}
 			$aData[] = $aValues;
 		}
@@ -1290,11 +1290,11 @@ class TestQueries extends TestBizModel
 		foreach ($aStats as $sOQL => $aResults)
 		{
 			$aValues = array();
-			$aValues['OQL'] = htmlentities($sOQL);
+			$aValues['OQL'] = htmlentities($sOQL, ENT_QUOTES, 'UTF-8');
 
 			foreach($aResults as $sDesc => $sInfo)
 			{
-				$aValues[$sDesc] = htmlentities($sInfo);
+				$aValues[$sDesc] = htmlentities($sInfo, ENT_QUOTES, 'UTF-8');
 			}
 			$aData[] = $aValues;
 		}
@@ -2028,7 +2028,7 @@ class TestDataExchange extends TestBizModel
 				{
 					$sCsvDataViewable = $sCsvData;
 				}
-				$sCsvDataViewable = htmlentities($sCsvDataViewable);
+				$sCsvDataViewable = htmlentities($sCsvDataViewable, ENT_QUOTES, 'UTF-8');
 		
 				echo "<div style=\"\">\n";
 				echo "      <pre class=\"vardump\">$sCsvDataViewable</pre>\n";
@@ -2117,8 +2117,8 @@ class TestDataExchange extends TestBizModel
 					),
 				),
 			),
-		);
-		$aXXXXScenarios = array(
+		//);
+		//$aXXXXScenarios = array(
 			array(
 				'desc' => 'Update then delete with retention (to complete with manual testing) and reconciliation on org/name',
 				'login' => 'admin',
@@ -2170,8 +2170,8 @@ class TestDataExchange extends TestBizModel
 					),
 				),
 			),
-		);
-		$aXXScenarios = array(
+		//);
+		//$aXXScenarios = array(
 			array(
 				'desc' => 'Simple scenario loading a few ApplicationSolution',
 				'login' => 'admin',

webservices/createfrommail.php

@@ -177,7 +177,7 @@ for($index = 1; $index <= $iNbMessages; $index++)
 				{
 					$sTextBody = $oStructure->parts[$iPartIndex]->body;
 					$bFound = true;
-					//echo "<p>HTML text found ! (".htmlentities($sTextBody).")</p>\n";
+					//echo "<p>HTML text found ! (".htmlentities($sTextBody, ENT_QUOTES, 'UTF-8').")</p>\n";
 				}
 				$iPartIndex++;
 			}