last2014/uwuzu-mirror
1
0
Fork 0
mirror of https://github.com/Daichimarukana/uwuzu.git synced 2026-06-05 03:24:41 +00:00
Code Activity

uwuzu v1.3.3 new_planet

Browse Source
This commit is contained in:
Daichimarukana
2024-03-06 17:34:02 +09:00
parent 3e37062d80
commit e0b3b93414
13 changed files with 255 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files
home/index.php
+24 -24
View File
@@ -190,7 +190,7 @@ $notificationcount = $notiData['notification_count'];
//-----------------URLから取得----------------
if(isset($_GET['text'])) {
$ueuse = htmlentities($_GET['text']);
$ueuse = htmlspecialchars($_GET['text'], ENT_QUOTES, 'UTF-8', false);
}
//-------------------------------------------
@@ -222,10 +222,10 @@ function get_mentions_userid($postText) {
}
if( !empty($_POST['btn_submit']) ) {
$ueuse = htmlentities($_POST['ueuse']);
$ueuse = htmlspecialchars($_POST['ueuse'], ENT_QUOTES, 'UTF-8', false);
if(isset($_POST['nsfw_chk'])){
$nsfw_chk = htmlentities($_POST['nsfw_chk']);
$nsfw_chk = htmlspecialchars($_POST['nsfw_chk'], ENT_QUOTES, 'UTF-8', false);
}else{
$nsfw_chk = "false";
}
@@ -241,8 +241,8 @@ if( !empty($_POST['btn_submit']) ) {
$error_message[] = '内容を入力してください。(INPUT_PLEASE)';
} else {
// 文字数を確認
if( (int)htmlspecialchars(file_get_contents($mojisizefile), ENT_QUOTES, 'UTF-8') < mb_strlen($ueuse, 'UTF-8') ) {
$error_message[] = '内容は'.htmlspecialchars(file_get_contents($mojisizefile), ENT_QUOTES, 'UTF-8').'文字以内で入力してください。(INPUT_OVER_MAX_COUNT)';
if( (int)htmlspecialchars(file_get_contents($mojisizefile), ENT_QUOTES, 'UTF-8', false) < mb_strlen($ueuse, 'UTF-8') ) {
$error_message[] = '内容は'.htmlspecialchars(file_get_contents($mojisizefile), ENT_QUOTES, 'UTF-8', false).'文字以内で入力してください。(INPUT_OVER_MAX_COUNT)';
}
// 禁止url確認
@@ -490,21 +490,21 @@ if( !empty($_POST['btn_submit']) ) {
// SQL作成
$stmt = $pdo->prepare("INSERT INTO ueuse (username, account, uniqid, ueuse, photo1, photo2, photo3, photo4, video1, datetime, abi, nsfw) VALUES (:username, :account, :uniqid, :ueuse, :photo1, :photo2, :photo3, :photo4, :video1, :datetime, :abi, :nsfw)");
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':account', $userid, PDO::PARAM_STR);
$stmt->bindParam(':uniqid', $uniqid, PDO::PARAM_STR);
$stmt->bindParam(':ueuse', $ueuse, PDO::PARAM_STR);
$stmt->bindParam(':username', htmlspecialchars($username, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':account', htmlspecialchars($userid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':uniqid', htmlspecialchars($uniqid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':ueuse', htmlspecialchars($ueuse, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':photo1', $photo1, PDO::PARAM_STR);
$stmt->bindParam(':photo2', $photo2, PDO::PARAM_STR);
$stmt->bindParam(':photo3', $photo3, PDO::PARAM_STR);
$stmt->bindParam(':photo4', $photo4, PDO::PARAM_STR);
$stmt->bindParam(':video1', $video1, PDO::PARAM_STR);
$stmt->bindParam(':datetime', $datetime, PDO::PARAM_STR);
$stmt->bindParam(':photo1', htmlspecialchars($photo1, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':photo2', htmlspecialchars($photo2, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':photo3', htmlspecialchars($photo3, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':photo4', htmlspecialchars($photo4, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':video1', htmlspecialchars($video1, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':datetime', htmlspecialchars($datetime, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':nsfw', $save_nsfw, PDO::PARAM_STR);
$stmt->bindParam(':nsfw', htmlspecialchars($save_nsfw, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':abi', $abi, PDO::PARAM_STR);
$stmt->bindParam(':abi', htmlspecialchars($abi, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
// SQLクエリの実行
$res = $stmt->execute();
@@ -531,14 +531,14 @@ if( !empty($_POST['btn_submit']) ) {
$stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)");
$stmt->bindParam(':fromuserid', htmlentities($fromuserid), PDO::PARAM_STR);
$stmt->bindParam(':touserid', htmlentities($touserid), PDO::PARAM_STR);
$stmt->bindParam(':msg', $msg, PDO::PARAM_STR);
$stmt->bindParam(':url', htmlentities($url), PDO::PARAM_STR);
$stmt->bindParam(':userchk', htmlentities($userchk), PDO::PARAM_STR);
$stmt->bindParam(':title', htmlentities($title), PDO::PARAM_STR);
$stmt->bindParam(':fromuserid', htmlspecialchars($fromuserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':touserid', htmlspecialchars($touserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':msg', htmlspecialchars($msg, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':url', htmlspecialchars($url, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':userchk', htmlspecialchars($userchk, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':title', htmlspecialchars($title, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
$stmt->bindParam(':datetime', htmlentities($datetime), PDO::PARAM_STR);
$stmt->bindParam(':datetime', htmlspecialchars($datetime, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
// SQLクエリの実行
$res = $stmt->execute();