mirror of
https://github.com/Daichimarukana/uwuzu.git
synced 2026-06-05 11:34:41 +00:00
uwuzu v1.3.3 new_planet
This commit is contained in:
Daichimarukana
+21
-18
@@ -190,20 +190,22 @@ if(isset($_GET['token'])&&isset($_GET['type'])) {
|
|||||||
try {
|
try {
|
||||||
|
|
||||||
// SQL作成
|
// SQL作成
|
||||||
$stmt = $pdo->prepare("INSERT INTO ueuse (username, account, uniqid, ueuse, photo1, photo2, video1, datetime, abi) VALUES (:username, :account, :uniqid, :ueuse, :photo1, :photo2, :video1, :datetime, :abi)");
|
$stmt = $pdo->prepare("INSERT INTO ueuse (username, account, uniqid, ueuse, photo1, photo2, photo3, photo4, video1, datetime, abi) VALUES (:username, :account, :uniqid, :ueuse, :photo1, :photo2, :photo3, :photo4, :video1, :datetime, :abi)");
|
||||||
|
|
||||||
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
|
$stmt->bindParam(':username', htmlspecialchars($username, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':account', $userid, PDO::PARAM_STR);
|
$stmt->bindParam(':account', htmlspecialchars($userid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':uniqid', $uniqid, PDO::PARAM_STR);
|
$stmt->bindParam(':uniqid', htmlspecialchars($uniqid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':ueuse', $ueuse, PDO::PARAM_STR);
|
$stmt->bindParam(':ueuse', htmlspecialchars($ueuse, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':photo1', $nones, PDO::PARAM_STR);
|
$stmt->bindParam(':photo1', htmlspecialchars($nones, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':photo2', $nones, PDO::PARAM_STR);
|
$stmt->bindParam(':photo2', htmlspecialchars($nones, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':video1', $nones, PDO::PARAM_STR);
|
$stmt->bindParam(':photo3', htmlspecialchars($nones, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
$stmt->bindParam(':photo4', htmlspecialchars($nones, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
$stmt->bindParam(':video1', htmlspecialchars($nones, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':datetime', $datetime, PDO::PARAM_STR);
|
$stmt->bindParam(':datetime', htmlspecialchars($datetime, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':abi', $abi, PDO::PARAM_STR);
|
$stmt->bindParam(':abi', htmlspecialchars($abi, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
// SQLクエリの実行
|
// SQLクエリの実行
|
||||||
$res = $stmt->execute();
|
$res = $stmt->execute();
|
||||||
@@ -218,6 +220,7 @@ if(isset($_GET['token'])&&isset($_GET['type'])) {
|
|||||||
$pdo->beginTransaction();
|
$pdo->beginTransaction();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
$fromuserid = $userid;
|
||||||
$touserid = $mentionedUser;
|
$touserid = $mentionedUser;
|
||||||
$datetime = date("Y-m-d H:i:s");
|
$datetime = date("Y-m-d H:i:s");
|
||||||
$msg = "" . $ueuse . "";
|
$msg = "" . $ueuse . "";
|
||||||
@@ -226,16 +229,16 @@ if(isset($_GET['token'])&&isset($_GET['type'])) {
|
|||||||
$userchk = 'none';
|
$userchk = 'none';
|
||||||
|
|
||||||
// 通知用SQL作成
|
// 通知用SQL作成
|
||||||
$stmt = $pdo->prepare("INSERT INTO notification (touserid, msg, url, datetime, userchk, title) VALUES (:touserid, :msg, :url, :datetime, :userchk, :title)");
|
$stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)");
|
||||||
|
|
||||||
|
$stmt->bindParam(':fromuserid', htmlspecialchars($fromuserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
$stmt->bindParam(':touserid', htmlspecialchars($touserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
$stmt->bindParam(':msg', htmlspecialchars($msg, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
$stmt->bindParam(':url', htmlspecialchars($url, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
$stmt->bindParam(':userchk', htmlspecialchars($userchk, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
$stmt->bindParam(':title', htmlspecialchars($title, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':touserid', $touserid, PDO::PARAM_STR);
|
$stmt->bindParam(':datetime', htmlspecialchars($datetime, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':msg', $msg, PDO::PARAM_STR);
|
|
||||||
$stmt->bindParam(':url', $url, PDO::PARAM_STR);
|
|
||||||
$stmt->bindParam(':userchk', $userchk, PDO::PARAM_STR);
|
|
||||||
$stmt->bindParam(':title', $title, PDO::PARAM_STR);
|
|
||||||
|
|
||||||
$stmt->bindParam(':datetime', $datetime, PDO::PARAM_STR);
|
|
||||||
|
|
||||||
// SQLクエリの実行
|
// SQLクエリの実行
|
||||||
$res = $stmt->execute();
|
$res = $stmt->execute();
|
||||||
|
|||||||
+2
-1
@@ -488,6 +488,7 @@ main h1{
|
|||||||
width: auto;
|
width: auto;
|
||||||
height:auto;
|
height:auto;
|
||||||
margin-bottom: 12px;
|
margin-bottom: 12px;
|
||||||
|
overflow-wrap: break-all;
|
||||||
}
|
}
|
||||||
|
|
||||||
.userheader .hed img{
|
.userheader .hed img{
|
||||||
@@ -5706,7 +5707,7 @@ summary {
|
|||||||
overflow-wrap: break-word;
|
overflow-wrap: break-word;
|
||||||
margin-top: 32px;
|
margin-top: 32px;
|
||||||
margin-bottom: auto;
|
margin-bottom: auto;
|
||||||
margin-left: -6px;
|
margin-left: 0px;
|
||||||
font-size: 16px;
|
font-size: 16px;
|
||||||
color:var(--link-color);
|
color:var(--link-color);
|
||||||
text-decoration: none;
|
text-decoration: none;
|
||||||
|
|||||||
@@ -44,7 +44,56 @@ if (htmlentities(isset($_POST['uniqid'])) && htmlentities(isset($_POST['userid']
|
|||||||
$result2 = $query->fetch();
|
$result2 = $query->fetch();
|
||||||
|
|
||||||
if($result2["loginid"] === $loginid){
|
if($result2["loginid"] === $loginid){
|
||||||
|
$photo_query = $dbh->prepare("SELECT * FROM ueuse WHERE account = :userid AND uniqid = :uniqid");
|
||||||
|
$photo_query->bindValue(':userid', $postUserid);
|
||||||
|
$photo_query->bindValue(':uniqid', $postUniqid);
|
||||||
|
$photo_query->execute();
|
||||||
|
$photo_and_video = $photo_query->fetch();
|
||||||
|
|
||||||
|
if(!($photo_and_video["photo1"] == "none")){
|
||||||
|
$photoDelete1 = glob($photo_and_video["photo1"]); // 「-ユーザーID.拡張子」というパターンを検索
|
||||||
|
foreach ($photoDelete1 as $photo1) {
|
||||||
|
if (is_file($photo1)) {
|
||||||
|
unlink($photo1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(!($photo_and_video["photo2"] == "none")){
|
||||||
|
$photoDelete2 = glob($photo_and_video["photo2"]); // 「-ユーザーID.拡張子」というパターンを検索
|
||||||
|
foreach ($photoDelete2 as $photo2) {
|
||||||
|
if (is_file($photo2)) {
|
||||||
|
unlink($photo2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(!($photo_and_video["photo3"] == "none")){
|
||||||
|
$photoDelete3 = glob($photo_and_video["photo3"]); // 「-ユーザーID.拡張子」というパターンを検索
|
||||||
|
foreach ($photoDelete3 as $photo3) {
|
||||||
|
if (is_file($photo3)) {
|
||||||
|
unlink($photo3);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(!($photo_and_video["photo4"] == "none")){
|
||||||
|
$photoDelete4 = glob($photo_and_video["photo4"]); // 「-ユーザーID.拡張子」というパターンを検索
|
||||||
|
foreach ($photoDelete4 as $photo4) {
|
||||||
|
if (is_file($photo4)) {
|
||||||
|
unlink($photo4);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(!($photo_and_video["video1"] == "none")){
|
||||||
|
$videoDelete1 = glob($photo_and_video["video1"]); // 「-ユーザーID.拡張子」というパターンを検索
|
||||||
|
foreach ($videoDelete1 as $video1) {
|
||||||
|
if (is_file($video1)) {
|
||||||
|
unlink($video1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
||||||
$pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS);
|
$pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS);
|
||||||
|
|
||||||
// 削除クエリを実行
|
// 削除クエリを実行
|
||||||
|
|||||||
+23
-23
@@ -225,10 +225,10 @@ function get_mentions_userid($postText) {
|
|||||||
|
|
||||||
if( !empty($_POST['btn_submit']) ) {
|
if( !empty($_POST['btn_submit']) ) {
|
||||||
|
|
||||||
$ueuse = htmlentities($_POST['ueuse']);
|
$ueuse = htmlspecialchars($_POST['ueuse'], ENT_QUOTES, 'UTF-8', false);
|
||||||
|
|
||||||
if(isset($_POST['nsfw_chk'])){
|
if(isset($_POST['nsfw_chk'])){
|
||||||
$nsfw_chk = htmlentities($_POST['nsfw_chk']);
|
$nsfw_chk = htmlspecialchars($_POST['nsfw_chk'], ENT_QUOTES, 'UTF-8', false);
|
||||||
}else{
|
}else{
|
||||||
$nsfw_chk = "false";
|
$nsfw_chk = "false";
|
||||||
}
|
}
|
||||||
@@ -244,8 +244,8 @@ if( !empty($_POST['btn_submit']) ) {
|
|||||||
$error_message[] = '内容を入力してください。(INPUT_PLEASE)';
|
$error_message[] = '内容を入力してください。(INPUT_PLEASE)';
|
||||||
} else {
|
} else {
|
||||||
// 文字数を確認
|
// 文字数を確認
|
||||||
if( (int)htmlspecialchars(file_get_contents($mojisizefile), ENT_QUOTES, 'UTF-8') < mb_strlen($ueuse, 'UTF-8') ) {
|
if( (int)htmlspecialchars(file_get_contents($mojisizefile), ENT_QUOTES, 'UTF-8', false) < mb_strlen($ueuse, 'UTF-8') ) {
|
||||||
$error_message[] = '内容は'.htmlspecialchars(file_get_contents($mojisizefile), ENT_QUOTES, 'UTF-8').'文字以内で入力してください。(INPUT_OVER_MAX_COUNT)';
|
$error_message[] = '内容は'.htmlspecialchars(file_get_contents($mojisizefile), ENT_QUOTES, 'UTF-8', false).'文字以内で入力してください。(INPUT_OVER_MAX_COUNT)';
|
||||||
}
|
}
|
||||||
|
|
||||||
// 禁止url確認
|
// 禁止url確認
|
||||||
@@ -492,21 +492,21 @@ if( !empty($_POST['btn_submit']) ) {
|
|||||||
// SQL作成
|
// SQL作成
|
||||||
$stmt = $pdo->prepare("INSERT INTO ueuse (username, account, uniqid, ueuse, photo1, photo2, photo3, photo4, video1, datetime, abi, nsfw) VALUES (:username, :account, :uniqid, :ueuse, :photo1, :photo2, :photo3, :photo4, :video1, :datetime, :abi, :nsfw)");
|
$stmt = $pdo->prepare("INSERT INTO ueuse (username, account, uniqid, ueuse, photo1, photo2, photo3, photo4, video1, datetime, abi, nsfw) VALUES (:username, :account, :uniqid, :ueuse, :photo1, :photo2, :photo3, :photo4, :video1, :datetime, :abi, :nsfw)");
|
||||||
|
|
||||||
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
|
$stmt->bindParam(':username', htmlspecialchars($username, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':account', $userid, PDO::PARAM_STR);
|
$stmt->bindParam(':account', htmlspecialchars($userid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':uniqid', $uniqid, PDO::PARAM_STR);
|
$stmt->bindParam(':uniqid', htmlspecialchars($uniqid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':ueuse', $ueuse, PDO::PARAM_STR);
|
$stmt->bindParam(':ueuse', htmlspecialchars($ueuse, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':photo1', $photo1, PDO::PARAM_STR);
|
$stmt->bindParam(':photo1', htmlspecialchars($photo1, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':photo2', $photo2, PDO::PARAM_STR);
|
$stmt->bindParam(':photo2', htmlspecialchars($photo2, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':photo3', $photo3, PDO::PARAM_STR);
|
$stmt->bindParam(':photo3', htmlspecialchars($photo3, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':photo4', $photo4, PDO::PARAM_STR);
|
$stmt->bindParam(':photo4', htmlspecialchars($photo4, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':video1', $video1, PDO::PARAM_STR);
|
$stmt->bindParam(':video1', htmlspecialchars($video1, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':datetime', $datetime, PDO::PARAM_STR);
|
$stmt->bindParam(':datetime', htmlspecialchars($datetime, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':nsfw', $save_nsfw, PDO::PARAM_STR);
|
$stmt->bindParam(':nsfw', htmlspecialchars($save_nsfw, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':abi', $abi, PDO::PARAM_STR);
|
$stmt->bindParam(':abi', htmlspecialchars($abi, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
// SQLクエリの実行
|
// SQLクエリの実行
|
||||||
$res = $stmt->execute();
|
$res = $stmt->execute();
|
||||||
|
|
||||||
@@ -532,14 +532,14 @@ if( !empty($_POST['btn_submit']) ) {
|
|||||||
$stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)");
|
$stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)");
|
||||||
|
|
||||||
|
|
||||||
$stmt->bindParam(':fromuserid', htmlentities($fromuserid), PDO::PARAM_STR);
|
$stmt->bindParam(':fromuserid', htmlspecialchars($fromuserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':touserid', htmlentities($touserid), PDO::PARAM_STR);
|
$stmt->bindParam(':touserid', htmlspecialchars($touserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':msg', $msg, PDO::PARAM_STR);
|
$stmt->bindParam(':msg', htmlspecialchars($msg, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':url', htmlentities($url), PDO::PARAM_STR);
|
$stmt->bindParam(':url', htmlspecialchars($url, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':userchk', htmlentities($userchk), PDO::PARAM_STR);
|
$stmt->bindParam(':userchk', htmlspecialchars($userchk, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':title', htmlentities($title), PDO::PARAM_STR);
|
$stmt->bindParam(':title', htmlspecialchars($title, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':datetime', htmlentities($datetime), PDO::PARAM_STR);
|
$stmt->bindParam(':datetime', htmlspecialchars($datetime, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
// SQLクエリの実行
|
// SQLクエリの実行
|
||||||
$res = $stmt->execute();
|
$res = $stmt->execute();
|
||||||
|
|||||||
+24
-24
@@ -190,7 +190,7 @@ $notificationcount = $notiData['notification_count'];
|
|||||||
|
|
||||||
//-----------------URLから取得----------------
|
//-----------------URLから取得----------------
|
||||||
if(isset($_GET['text'])) {
|
if(isset($_GET['text'])) {
|
||||||
$ueuse = htmlentities($_GET['text']);
|
$ueuse = htmlspecialchars($_GET['text'], ENT_QUOTES, 'UTF-8', false);
|
||||||
}
|
}
|
||||||
|
|
||||||
//-------------------------------------------
|
//-------------------------------------------
|
||||||
@@ -222,10 +222,10 @@ function get_mentions_userid($postText) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if( !empty($_POST['btn_submit']) ) {
|
if( !empty($_POST['btn_submit']) ) {
|
||||||
$ueuse = htmlentities($_POST['ueuse']);
|
$ueuse = htmlspecialchars($_POST['ueuse'], ENT_QUOTES, 'UTF-8', false);
|
||||||
|
|
||||||
if(isset($_POST['nsfw_chk'])){
|
if(isset($_POST['nsfw_chk'])){
|
||||||
$nsfw_chk = htmlentities($_POST['nsfw_chk']);
|
$nsfw_chk = htmlspecialchars($_POST['nsfw_chk'], ENT_QUOTES, 'UTF-8', false);
|
||||||
}else{
|
}else{
|
||||||
$nsfw_chk = "false";
|
$nsfw_chk = "false";
|
||||||
}
|
}
|
||||||
@@ -241,8 +241,8 @@ if( !empty($_POST['btn_submit']) ) {
|
|||||||
$error_message[] = '内容を入力してください。(INPUT_PLEASE)';
|
$error_message[] = '内容を入力してください。(INPUT_PLEASE)';
|
||||||
} else {
|
} else {
|
||||||
// 文字数を確認
|
// 文字数を確認
|
||||||
if( (int)htmlspecialchars(file_get_contents($mojisizefile), ENT_QUOTES, 'UTF-8') < mb_strlen($ueuse, 'UTF-8') ) {
|
if( (int)htmlspecialchars(file_get_contents($mojisizefile), ENT_QUOTES, 'UTF-8', false) < mb_strlen($ueuse, 'UTF-8') ) {
|
||||||
$error_message[] = '内容は'.htmlspecialchars(file_get_contents($mojisizefile), ENT_QUOTES, 'UTF-8').'文字以内で入力してください。(INPUT_OVER_MAX_COUNT)';
|
$error_message[] = '内容は'.htmlspecialchars(file_get_contents($mojisizefile), ENT_QUOTES, 'UTF-8', false).'文字以内で入力してください。(INPUT_OVER_MAX_COUNT)';
|
||||||
}
|
}
|
||||||
|
|
||||||
// 禁止url確認
|
// 禁止url確認
|
||||||
@@ -490,21 +490,21 @@ if( !empty($_POST['btn_submit']) ) {
|
|||||||
// SQL作成
|
// SQL作成
|
||||||
$stmt = $pdo->prepare("INSERT INTO ueuse (username, account, uniqid, ueuse, photo1, photo2, photo3, photo4, video1, datetime, abi, nsfw) VALUES (:username, :account, :uniqid, :ueuse, :photo1, :photo2, :photo3, :photo4, :video1, :datetime, :abi, :nsfw)");
|
$stmt = $pdo->prepare("INSERT INTO ueuse (username, account, uniqid, ueuse, photo1, photo2, photo3, photo4, video1, datetime, abi, nsfw) VALUES (:username, :account, :uniqid, :ueuse, :photo1, :photo2, :photo3, :photo4, :video1, :datetime, :abi, :nsfw)");
|
||||||
|
|
||||||
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
|
$stmt->bindParam(':username', htmlspecialchars($username, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':account', $userid, PDO::PARAM_STR);
|
$stmt->bindParam(':account', htmlspecialchars($userid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':uniqid', $uniqid, PDO::PARAM_STR);
|
$stmt->bindParam(':uniqid', htmlspecialchars($uniqid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':ueuse', $ueuse, PDO::PARAM_STR);
|
$stmt->bindParam(':ueuse', htmlspecialchars($ueuse, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':photo1', $photo1, PDO::PARAM_STR);
|
$stmt->bindParam(':photo1', htmlspecialchars($photo1, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':photo2', $photo2, PDO::PARAM_STR);
|
$stmt->bindParam(':photo2', htmlspecialchars($photo2, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':photo3', $photo3, PDO::PARAM_STR);
|
$stmt->bindParam(':photo3', htmlspecialchars($photo3, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':photo4', $photo4, PDO::PARAM_STR);
|
$stmt->bindParam(':photo4', htmlspecialchars($photo4, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':video1', $video1, PDO::PARAM_STR);
|
$stmt->bindParam(':video1', htmlspecialchars($video1, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':datetime', $datetime, PDO::PARAM_STR);
|
$stmt->bindParam(':datetime', htmlspecialchars($datetime, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':nsfw', $save_nsfw, PDO::PARAM_STR);
|
$stmt->bindParam(':nsfw', htmlspecialchars($save_nsfw, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':abi', $abi, PDO::PARAM_STR);
|
$stmt->bindParam(':abi', htmlspecialchars($abi, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
// SQLクエリの実行
|
// SQLクエリの実行
|
||||||
$res = $stmt->execute();
|
$res = $stmt->execute();
|
||||||
@@ -531,14 +531,14 @@ if( !empty($_POST['btn_submit']) ) {
|
|||||||
$stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)");
|
$stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)");
|
||||||
|
|
||||||
|
|
||||||
$stmt->bindParam(':fromuserid', htmlentities($fromuserid), PDO::PARAM_STR);
|
$stmt->bindParam(':fromuserid', htmlspecialchars($fromuserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':touserid', htmlentities($touserid), PDO::PARAM_STR);
|
$stmt->bindParam(':touserid', htmlspecialchars($touserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':msg', $msg, PDO::PARAM_STR);
|
$stmt->bindParam(':msg', htmlspecialchars($msg, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':url', htmlentities($url), PDO::PARAM_STR);
|
$stmt->bindParam(':url', htmlspecialchars($url, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':userchk', htmlentities($userchk), PDO::PARAM_STR);
|
$stmt->bindParam(':userchk', htmlspecialchars($userchk, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':title', htmlentities($title), PDO::PARAM_STR);
|
$stmt->bindParam(':title', htmlspecialchars($title, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':datetime', htmlentities($datetime), PDO::PARAM_STR);
|
$stmt->bindParam(':datetime', htmlspecialchars($datetime, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
// SQLクエリの実行
|
// SQLクエリの実行
|
||||||
$res = $stmt->execute();
|
$res = $stmt->execute();
|
||||||
|
|||||||
@@ -73,7 +73,7 @@ if (isset($_GET['userid']) && isset($_GET['account_id'])) {
|
|||||||
|
|
||||||
if (!empty($message_array)) {
|
if (!empty($message_array)) {
|
||||||
foreach ($message_array as $value) {
|
foreach ($message_array as $value) {
|
||||||
$value["servericon"] = htmlspecialchars($serversettings["serverinfo"]["server_icon"], ENT_QUOTES, 'UTF-8');
|
$value["servericon"] = htmlspecialchars($serversettings["serverinfo"]["server_icon"], ENT_QUOTES, 'UTF-8', false);
|
||||||
if(!(empty($value['fromuserid']))){
|
if(!(empty($value['fromuserid']))){
|
||||||
if(!($value['fromuserid'] == "uwuzu-fromsys")){
|
if(!($value['fromuserid'] == "uwuzu-fromsys")){
|
||||||
$userQuery = $dbh->prepare("SELECT username,iconname FROM account WHERE userid = :userid");
|
$userQuery = $dbh->prepare("SELECT username,iconname FROM account WHERE userid = :userid");
|
||||||
|
|||||||
@@ -39,6 +39,7 @@ function processMarkdownAndWrapEmptyLines($markdownText){
|
|||||||
}
|
}
|
||||||
//Profile
|
//Profile
|
||||||
function replaceProfileEmojiImages($postText) {
|
function replaceProfileEmojiImages($postText) {
|
||||||
|
$postText = str_replace(''', '\'', $postText);
|
||||||
// プロフィール名で絵文字名(:emoji:)を検出して画像に置き換える
|
// プロフィール名で絵文字名(:emoji:)を検出して画像に置き換える
|
||||||
$emojiPattern = '/:(\w+):/';
|
$emojiPattern = '/:(\w+):/';
|
||||||
$postTextWithImages = preg_replace_callback($emojiPattern, function($matches) {
|
$postTextWithImages = preg_replace_callback($emojiPattern, function($matches) {
|
||||||
@@ -63,6 +64,7 @@ function replaceProfileEmojiImages($postText) {
|
|||||||
return $postTextWithImages;
|
return $postTextWithImages;
|
||||||
}
|
}
|
||||||
function replaceEmojisWithImages($postText) {
|
function replaceEmojisWithImages($postText) {
|
||||||
|
$postText = str_replace(''', '\'', $postText);
|
||||||
// ユーズ内で絵文字名(:emoji:)を検出して画像に置き換える
|
// ユーズ内で絵文字名(:emoji:)を検出して画像に置き換える
|
||||||
$emojiPattern = '/:(\w+):/';
|
$emojiPattern = '/:(\w+):/';
|
||||||
$postTextWithImages = preg_replace_callback($emojiPattern, function($matches) {
|
$postTextWithImages = preg_replace_callback($emojiPattern, function($matches) {
|
||||||
@@ -104,14 +106,14 @@ function replaceEmojisWithImages($postText) {
|
|||||||
if(empty($mentionsuserData)){
|
if(empty($mentionsuserData)){
|
||||||
return "@$username";
|
return "@$username";
|
||||||
}else{
|
}else{
|
||||||
return "<a class = 'mta' href='/@".htmlentities($mentionsuserData["userid"])."'>@".replaceProfileEmojiImages(htmlentities($mentionsuserData["username"]))."</a>";
|
return "<a class = 'mta' href='/@".htmlspecialchars($mentionsuserData["userid"], ENT_QUOTES, 'UTF-8', false)."'>@".replaceProfileEmojiImages(htmlspecialchars($mentionsuserData["username"], ENT_QUOTES, 'UTF-8', false))."</a>";
|
||||||
}
|
}
|
||||||
}, $postTextWithImages);
|
}, $postTextWithImages);
|
||||||
|
|
||||||
$hashtagsPattern = '/#([\p{Han}\p{Hiragana}\p{Katakana}A-Za-z0-9ー_]+)/u';
|
$hashtagsPattern = '/#([\p{Han}\p{Hiragana}\p{Katakana}A-Za-z0-9ー_]+)/u';
|
||||||
$postTextWithHashtags = preg_replace_callback($hashtagsPattern, function($matches) {
|
$postTextWithHashtags = preg_replace_callback($hashtagsPattern, function($matches) {
|
||||||
$hashtags = $matches[1];
|
$hashtags = $matches[1];
|
||||||
return "<a class='hashtags' href='/search?q=" . urlencode('#') . $hashtags . "'>" . '#' . $hashtags . "</a>";
|
return "<a class='hashtags' href='/search?q=" . urlencode('#') . htmlspecialchars($hashtags, ENT_QUOTES, 'UTF-8', false) . "'>" . '#' . htmlspecialchars($hashtags, ENT_QUOTES, 'UTF-8', false) . "</a>";
|
||||||
}, $postTextWithImagesAndUsernames);
|
}, $postTextWithImagesAndUsernames);
|
||||||
|
|
||||||
return $postTextWithHashtags;
|
return $postTextWithHashtags;
|
||||||
@@ -133,11 +135,11 @@ class MessageDisplay {
|
|||||||
echo ' <div class="flebox">';
|
echo ' <div class="flebox">';
|
||||||
|
|
||||||
echo ' <div class="time">';
|
echo ' <div class="time">';
|
||||||
$day = date("Ymd", strtotime(htmlentities($this->value['datetime'])));
|
$day = date("Ymd", strtotime(htmlspecialchars($this->value['datetime'], ENT_QUOTES, 'UTF-8', false)));
|
||||||
if ($day == date("Ymd")) {
|
if ($day == date("Ymd")) {
|
||||||
echo date("今日 H:i", strtotime(htmlentities($this->value['datetime'])));
|
echo date("今日 H:i", strtotime(htmlspecialchars($this->value['datetime'], ENT_QUOTES, 'UTF-8', false)));
|
||||||
} else {
|
} else {
|
||||||
echo date("Y年m月d日 H:i", strtotime(htmlentities($this->value['datetime'])));
|
echo date("Y年m月d日 H:i", strtotime(htmlspecialchars($this->value['datetime'], ENT_QUOTES, 'UTF-8', false)));
|
||||||
}
|
}
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
|
|
||||||
@@ -149,24 +151,24 @@ class MessageDisplay {
|
|||||||
echo ' <div class="icon">';
|
echo ' <div class="icon">';
|
||||||
if(($this->value['fromuserid'] == "uwuzu-fromsys")){
|
if(($this->value['fromuserid'] == "uwuzu-fromsys")){
|
||||||
if(!(empty($this->value["servericon"]))){
|
if(!(empty($this->value["servericon"]))){
|
||||||
echo ' <a href="/rule/serverabout"><img src="'.$this->value["servericon"].'"></a>';
|
echo ' <a href="/rule/serverabout"><img src="'.htmlspecialchars($this->value["servericon"], ENT_QUOTES, 'UTF-8', false).'"></a>';
|
||||||
}else{
|
}else{
|
||||||
echo ' <a href="/rule/serverabout"><img src="../img/uwuzuicon.png"></a>';
|
echo ' <a href="/rule/serverabout"><img src="../img/uwuzuicon.png"></a>';
|
||||||
}
|
}
|
||||||
}else{
|
}else{
|
||||||
echo ' <a href="/@'.$this->value['fromuserid'].'"><img src="' . $this->value['fromusericon'] . '"></a>';
|
echo ' <a href="/@'.htmlspecialchars($this->value['fromuserid'], ENT_QUOTES, 'UTF-8', false).'"><img src="' . htmlspecialchars($this->value['fromusericon'], ENT_QUOTES, 'UTF-8', false) . '"></a>';
|
||||||
}
|
}
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
if(($this->value['fromuserid'] == "uwuzu-fromsys")){
|
if(($this->value['fromuserid'] == "uwuzu-fromsys")){
|
||||||
echo ' <div class="username"><a href="/rule/serverabout">uwuzu</a></div>';
|
echo ' <div class="username"><a href="/rule/serverabout">uwuzu</a></div>';
|
||||||
}else{
|
}else{
|
||||||
echo ' <div class="username"><a href="/@'.$this->value['fromuserid'].'">'.$this->value['fromusername'].'</a></div>';
|
echo ' <div class="username"><a href="/@'.htmlspecialchars($this->value['fromuserid'], ENT_QUOTES, 'UTF-8', false).'">'.htmlspecialchars($this->value['fromusername'], ENT_QUOTES, 'UTF-8', false).'</a></div>';
|
||||||
}
|
}
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
}
|
}
|
||||||
echo ' <h3>' . replaceEmojisWithImages($this->value['title']) . '</h3>';
|
echo ' <h3>' . replaceEmojisWithImages(htmlspecialchars($this->value['title'], ENT_QUOTES, 'UTF-8', false)) . '</h3>';
|
||||||
echo ' <p>' . processMarkdownAndWrapEmptyLines(replaceEmojisWithImages(nl2br($this->value['msg']))) . '</p>';
|
echo ' <p>' . processMarkdownAndWrapEmptyLines(replaceEmojisWithImages(nl2br(htmlspecialchars($this->value['msg'], ENT_QUOTES, 'UTF-8', false)))) . '</p>';
|
||||||
echo ' <a href="' . htmlentities($this->value['url']) . '">詳細をみる</a>';
|
echo ' <a href="' . htmlspecialchars($this->value['url'], ENT_QUOTES, 'UTF-8', false) . '">詳細をみる</a>';
|
||||||
|
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,16 +17,16 @@ class UserdataDisplay {
|
|||||||
echo '<div class="ueuse">';
|
echo '<div class="ueuse">';
|
||||||
|
|
||||||
echo '<div class="headbox">';
|
echo '<div class="headbox">';
|
||||||
echo ' <a href="/@' . htmlentities($this->value['userid']) . '"><img src="'. htmlentities('../'.$this->value['headname']) . '"></a>';
|
echo ' <a href="/@' . htmlspecialchars($this->value['userid'], ENT_QUOTES, 'UTF-8', false) . '"><img src="'. htmlspecialchars('../'.$this->value['headname'], ENT_QUOTES, 'UTF-8', false) . '"></a>';
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
|
|
||||||
echo '<div class="flebox">';
|
echo '<div class="flebox">';
|
||||||
echo ' <div class="user">';
|
echo ' <div class="user">';
|
||||||
|
|
||||||
echo ' <a href="/@' . htmlentities($this->value['userid']) . '"><img src="'. htmlentities('../'.$this->value['iconname']) . '"></a>';
|
echo ' <a href="/@' . htmlspecialchars($this->value['userid'], ENT_QUOTES, 'UTF-8', false) . '"><img src="'. htmlspecialchars('../'.$this->value['iconname'], ENT_QUOTES, 'UTF-8', false) . '"></a>';
|
||||||
echo ' <a href="/@' . htmlentities($this->value['userid']) . '">' . htmlentities($this->value['username']) . '</a>';
|
echo ' <a href="/@' . htmlspecialchars($this->value['userid'], ENT_QUOTES, 'UTF-8', false) . '">' . htmlspecialchars($this->value['username'], ENT_QUOTES, 'UTF-8', false) . '</a>';
|
||||||
echo ' <div class="idbox">';
|
echo ' <div class="idbox">';
|
||||||
echo ' <a href="/@' . htmlentities($this->value['userid']) . '">@' . htmlentities($this->value['userid']) . '</a>';
|
echo ' <a href="/@' . htmlspecialchars($this->value['userid'], ENT_QUOTES, 'UTF-8', false) . '">@' . htmlspecialchars($this->value['userid'], ENT_QUOTES, 'UTF-8', false) . '</a>';
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
if(!empty($this->value['sacinfo'])){
|
if(!empty($this->value['sacinfo'])){
|
||||||
if($this->value['sacinfo'] === "bot"){
|
if($this->value['sacinfo'] === "bot"){
|
||||||
@@ -43,7 +43,7 @@ class UserdataDisplay {
|
|||||||
echo '</div>';
|
echo '</div>';
|
||||||
|
|
||||||
echo '<div class="profilebox">';
|
echo '<div class="profilebox">';
|
||||||
echo ' <p>' .replaceEmojisWithImages(replaceURLsWithLinks(nl2br($this->value['profile']))) . '</h1></h2></h3></font></center></p>';
|
echo ' <p>' .replaceEmojisWithImages(replaceURLsWithLinks(nl2br(htmlspecialchars($this->value['profile'], ENT_QUOTES, 'UTF-8', false)))) . '</h1></h2></h3></font></center></p>';
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
|
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
|
|||||||
+36
-37
@@ -45,6 +45,7 @@ function processMarkdownAndWrapEmptyLines($markdownText){
|
|||||||
}
|
}
|
||||||
//Profile
|
//Profile
|
||||||
function replaceProfileEmojiImages($postText) {
|
function replaceProfileEmojiImages($postText) {
|
||||||
|
$postText = str_replace(''', '\'', $postText);
|
||||||
// プロフィール名で絵文字名(:emoji:)を検出して画像に置き換える
|
// プロフィール名で絵文字名(:emoji:)を検出して画像に置き換える
|
||||||
$emojiPattern = '/:(\w+):/';
|
$emojiPattern = '/:(\w+):/';
|
||||||
$postTextWithImages = preg_replace_callback($emojiPattern, function($matches) {
|
$postTextWithImages = preg_replace_callback($emojiPattern, function($matches) {
|
||||||
@@ -70,6 +71,7 @@ function replaceProfileEmojiImages($postText) {
|
|||||||
}
|
}
|
||||||
// ユーズ内の絵文字やhashtagを画像に置き換える
|
// ユーズ内の絵文字やhashtagを画像に置き換える
|
||||||
function replaceEmojisWithImages($postText) {
|
function replaceEmojisWithImages($postText) {
|
||||||
|
$postText = str_replace(''', '\'', $postText);
|
||||||
// ユーズ内で絵文字名(:emoji:)を検出して画像に置き換える
|
// ユーズ内で絵文字名(:emoji:)を検出して画像に置き換える
|
||||||
$emojiPattern = '/:(\w+):/';
|
$emojiPattern = '/:(\w+):/';
|
||||||
$postTextWithImages = preg_replace_callback($emojiPattern, function($matches) {
|
$postTextWithImages = preg_replace_callback($emojiPattern, function($matches) {
|
||||||
@@ -111,7 +113,7 @@ function replaceEmojisWithImages($postText) {
|
|||||||
if(empty($mentionsuserData)){
|
if(empty($mentionsuserData)){
|
||||||
return "@$username";
|
return "@$username";
|
||||||
}else{
|
}else{
|
||||||
return "<a class = 'mta' href='/@".htmlentities($mentionsuserData["userid"])."'>@".replaceProfileEmojiImages(htmlentities($mentionsuserData["username"]))."</a>";
|
return "<a class = 'mta' href='/@".htmlspecialchars($mentionsuserData["userid"], ENT_QUOTES, 'UTF-8', false)."'>@".replaceProfileEmojiImages(htmlspecialchars($mentionsuserData["username"], ENT_QUOTES, 'UTF-8', false))."</a>";
|
||||||
}
|
}
|
||||||
}, $postTextWithImages);
|
}, $postTextWithImages);
|
||||||
|
|
||||||
@@ -124,9 +126,6 @@ function replaceEmojisWithImages($postText) {
|
|||||||
return $postTextWithHashtags;
|
return $postTextWithHashtags;
|
||||||
}
|
}
|
||||||
function replaceURLsWithLinks($postText) {
|
function replaceURLsWithLinks($postText) {
|
||||||
|
|
||||||
$postText = str_replace(''', '\'', $postText);
|
|
||||||
|
|
||||||
// URLを正規表現を使って検出
|
// URLを正規表現を使って検出
|
||||||
$pattern = '/(https:\/\/[^\s<>\[\]\'"]+)/'; // 改良された正規表現
|
$pattern = '/(https:\/\/[^\s<>\[\]\'"]+)/'; // 改良された正規表現
|
||||||
preg_match_all($pattern, $postText, $matches);
|
preg_match_all($pattern, $postText, $matches);
|
||||||
@@ -177,14 +176,14 @@ function YouTube_and_nicovideo_Links($postText) {
|
|||||||
|
|
||||||
if (isset($parsedUrl['query'])) {
|
if (isset($parsedUrl['query'])) {
|
||||||
if(false !== strpos($parsedUrl['query'], 'v=')) {
|
if(false !== strpos($parsedUrl['query'], 'v=')) {
|
||||||
$video_id = str_replace('v=', '', htmlentities($parsedUrl['query']));
|
$video_id = str_replace('v=', '', htmlspecialchars($parsedUrl['query'], ENT_QUOTES, 'UTF-8', false));
|
||||||
$iframe = true;
|
$iframe = true;
|
||||||
}else{
|
}else{
|
||||||
$video_id = str_replace('/', '', htmlentities($parsedUrl['path']));
|
$video_id = str_replace('/', '', htmlspecialchars($parsedUrl['path'], ENT_QUOTES, 'UTF-8', false));
|
||||||
$iframe = true;
|
$iframe = true;
|
||||||
}
|
}
|
||||||
}elseif(isset($parsedUrl['path'])){
|
}elseif(isset($parsedUrl['path'])){
|
||||||
$video_id = str_replace('/', '', htmlentities($parsedUrl['path']));
|
$video_id = str_replace('/', '', htmlspecialchars($parsedUrl['path'], ENT_QUOTES, 'UTF-8', false));
|
||||||
$iframe = true;
|
$iframe = true;
|
||||||
}else{
|
}else{
|
||||||
$video_id = "";
|
$video_id = "";
|
||||||
@@ -201,7 +200,7 @@ function YouTube_and_nicovideo_Links($postText) {
|
|||||||
}elseif($parsedUrl['host'] == "nicovideo.jp" || $parsedUrl['host'] == "www.nicovideo.jp"){
|
}elseif($parsedUrl['host'] == "nicovideo.jp" || $parsedUrl['host'] == "www.nicovideo.jp"){
|
||||||
|
|
||||||
if(isset($parsedUrl['path'])){
|
if(isset($parsedUrl['path'])){
|
||||||
$video_id = str_replace('/watch/', '', htmlentities($parsedUrl['path']));
|
$video_id = str_replace('/watch/', '', htmlspecialchars($parsedUrl['path'], ENT_QUOTES, 'UTF-8', false));
|
||||||
$iframe = true;
|
$iframe = true;
|
||||||
}else{
|
}else{
|
||||||
$video_id = "";
|
$video_id = "";
|
||||||
@@ -243,10 +242,10 @@ class MessageDisplay {
|
|||||||
}
|
}
|
||||||
echo ' <div class="flebox">';
|
echo ' <div class="flebox">';
|
||||||
|
|
||||||
echo ' <a href="/@' . htmlentities($this->value['account']) . '"><img src="'. htmlentities('../'.$this->value['iconname']) . '"></a>';
|
echo ' <a href="/@' . htmlspecialchars($this->value['account'], ENT_QUOTES, 'UTF-8', false) . '"><img src="'. htmlspecialchars('../'.$this->value['iconname'], ENT_QUOTES, 'UTF-8', false) . '"></a>';
|
||||||
echo ' <a href="/@' . htmlentities($this->value['account']) . '"><div class="u_name">' . replaceProfileEmojiImages(htmlentities($this->value['username'])) . '</div></a>';
|
echo ' <a href="/@' . htmlspecialchars($this->value['account'], ENT_QUOTES, 'UTF-8', false) . '"><div class="u_name">' . replaceProfileEmojiImages(htmlspecialchars($this->value['username'], ENT_QUOTES, 'UTF-8', false)) . '</div></a>';
|
||||||
echo ' <div class="idbox">';
|
echo ' <div class="idbox">';
|
||||||
echo ' <a href="/@' . htmlentities($this->value['account']) . '">@' . htmlentities($this->value['account']) . '</a>';
|
echo ' <a href="/@' . htmlspecialchars($this->value['account'], ENT_QUOTES, 'UTF-8', false) . '">@' . htmlspecialchars($this->value['account'], ENT_QUOTES, 'UTF-8', false) . '</a>';
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
if(!empty($this->value['sacinfo'])){
|
if(!empty($this->value['sacinfo'])){
|
||||||
if($this->value['sacinfo'] === "bot"){
|
if($this->value['sacinfo'] === "bot"){
|
||||||
@@ -261,7 +260,7 @@ class MessageDisplay {
|
|||||||
}
|
}
|
||||||
|
|
||||||
echo ' <div class="time">';
|
echo ' <div class="time">';
|
||||||
$datetime = strtotime(htmlentities($this->value['datetime']));
|
$datetime = strtotime(htmlspecialchars($this->value['datetime'], ENT_QUOTES, 'UTF-8', false));
|
||||||
$today = strtotime(date("Y-m-d"));
|
$today = strtotime(date("Y-m-d"));
|
||||||
$tomorrow = date('Y-m-d', strtotime('+1 day'));
|
$tomorrow = date('Y-m-d', strtotime('+1 day'));
|
||||||
if (date("md", $datetime) == "0101") {
|
if (date("md", $datetime) == "0101") {
|
||||||
@@ -284,45 +283,45 @@ class MessageDisplay {
|
|||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
|
|
||||||
if($this->value['nsfw'] === "true"){
|
if($this->value['nsfw'] === "true"){
|
||||||
echo ' <div class="nsfw" data-uniqid="' . htmlentities($this->value['uniqid']) . '">';
|
echo ' <div class="nsfw" data-uniqid="' . htmlspecialchars($this->value['uniqid'], ENT_QUOTES, 'UTF-8', false) . '">';
|
||||||
echo ' <p>NSFW指定がされている投稿です!<br>職場や公共の場での表示には適さない場合があります。<br>表示ボタンを押すと表示されます。</p>';
|
echo ' <p>NSFW指定がされている投稿です!<br>職場や公共の場での表示には適さない場合があります。<br>表示ボタンを押すと表示されます。</p>';
|
||||||
echo ' <div class="btnzone">';
|
echo ' <div class="btnzone">';
|
||||||
echo ' <input type="button" id="nsfw_view" class="mini_irobtn" value="表示">';
|
echo ' <input type="button" id="nsfw_view" class="mini_irobtn" value="表示">';
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
echo ' <div class="nsfw_main" data-uniqid="' . htmlentities($this->value['uniqid']) . '">';
|
echo ' <div class="nsfw_main" data-uniqid="' . htmlspecialchars($this->value['uniqid'], ENT_QUOTES, 'UTF-8', false) . '">';
|
||||||
echo ' <div class="block">';
|
echo ' <div class="block">';
|
||||||
}
|
}
|
||||||
echo ' <p>' . replaceEmojisWithImages(processMarkdownAndWrapEmptyLines(replaceURLsWithLinks(nl2br($this->value['ueuse'])))) . '</h1></h2></h3></font></center></p>';
|
echo ' <p>' . replaceEmojisWithImages(processMarkdownAndWrapEmptyLines(replaceURLsWithLinks(nl2br(htmlspecialchars($this->value['ueuse'], ENT_QUOTES, 'UTF-8', false))))) . '</h1></h2></h3></font></center></p>';
|
||||||
|
|
||||||
if (!empty($this->value['photo4']) && $this->value['photo4'] !== 'none') {
|
if (!empty($this->value['photo4']) && $this->value['photo4'] !== 'none') {
|
||||||
echo ' <div class="photo4">';
|
echo ' <div class="photo4">';
|
||||||
echo ' <a href="'.htmlentities($this->value['photo1']).'" target=”_blank”><img src="'.htmlentities($this->value['photo1']).'" alt="画像1" title="画像1" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
echo ' <a href="'.htmlspecialchars($this->value['photo1'], ENT_QUOTES, 'UTF-8', false).'" target=”_blank”><img src="'.htmlspecialchars($this->value['photo1'], ENT_QUOTES, 'UTF-8', false).'" alt="画像1" title="画像1" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
||||||
echo ' <a href="'.htmlentities($this->value['photo2']).'" target=”_blank”><img src="'.htmlentities($this->value['photo2']).'" alt="画像2" title="画像2" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
echo ' <a href="'.htmlspecialchars($this->value['photo2'], ENT_QUOTES, 'UTF-8', false).'" target=”_blank”><img src="'.htmlspecialchars($this->value['photo2'], ENT_QUOTES, 'UTF-8', false).'" alt="画像2" title="画像2" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
||||||
echo ' <a href="'.htmlentities($this->value['photo3']).'" target=”_blank”><img src="'.htmlentities($this->value['photo3']).'" alt="画像3" title="画像3" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
echo ' <a href="'.htmlspecialchars($this->value['photo3'], ENT_QUOTES, 'UTF-8', false).'" target=”_blank”><img src="'.htmlspecialchars($this->value['photo3'], ENT_QUOTES, 'UTF-8', false).'" alt="画像3" title="画像3" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
||||||
echo ' <a href="'.htmlentities($this->value['photo4']).'" target=”_blank”><img src="'.htmlentities($this->value['photo4']).'" alt="画像4" title="画像4" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
echo ' <a href="'.htmlspecialchars($this->value['photo4'], ENT_QUOTES, 'UTF-8', false).'" target=”_blank”><img src="'.htmlspecialchars($this->value['photo4'], ENT_QUOTES, 'UTF-8', false).'" alt="画像4" title="画像4" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
} elseif (!empty($this->value['photo3']) && $this->value['photo3'] !== 'none') {
|
} elseif (!empty($this->value['photo3']) && $this->value['photo3'] !== 'none') {
|
||||||
echo ' <div class="photo3">';
|
echo ' <div class="photo3">';
|
||||||
echo ' <a href="'.htmlentities($this->value['photo1']).'" target=”_blank”><img src="'.htmlentities($this->value['photo1']).'" alt="画像1" title="画像1" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
echo ' <a href="'.htmlspecialchars($this->value['photo1'], ENT_QUOTES, 'UTF-8', false).'" target=”_blank”><img src="'.htmlspecialchars($this->value['photo1'], ENT_QUOTES, 'UTF-8', false).'" alt="画像1" title="画像1" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
||||||
echo ' <a href="'.htmlentities($this->value['photo2']).'" target=”_blank”><img src="'.htmlentities($this->value['photo2']).'" alt="画像2" title="画像2" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
echo ' <a href="'.htmlspecialchars($this->value['photo2'], ENT_QUOTES, 'UTF-8', false).'" target=”_blank”><img src="'.htmlspecialchars($this->value['photo2'], ENT_QUOTES, 'UTF-8', false).'" alt="画像2" title="画像2" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
||||||
echo ' <div class="photo3_btm">';
|
echo ' <div class="photo3_btm">';
|
||||||
echo ' <a href="'.htmlentities($this->value['photo3']).'" target=”_blank”><img src="'.htmlentities($this->value['photo3']).'" alt="画像3" title="画像3" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
echo ' <a href="'.htmlspecialchars($this->value['photo3'], ENT_QUOTES, 'UTF-8', false).'" target=”_blank”><img src="'.htmlspecialchars($this->value['photo3'], ENT_QUOTES, 'UTF-8', false).'" alt="画像3" title="画像3" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
} elseif (!empty($this->value['photo2']) && $this->value['photo2'] !== 'none') {
|
} elseif (!empty($this->value['photo2']) && $this->value['photo2'] !== 'none') {
|
||||||
echo ' <div class="photo2">';
|
echo ' <div class="photo2">';
|
||||||
echo ' <a href="'.htmlentities($this->value['photo1']).'" target=”_blank”><img src="'.htmlentities($this->value['photo1']).'" alt="画像1" title="画像1" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
echo ' <a href="'.htmlspecialchars($this->value['photo1'], ENT_QUOTES, 'UTF-8', false).'" target=”_blank”><img src="'.htmlspecialchars($this->value['photo1'], ENT_QUOTES, 'UTF-8', false).'" alt="画像1" title="画像1" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
||||||
echo ' <a href="'.htmlentities($this->value['photo2']).'" target=”_blank”><img src="'.htmlentities($this->value['photo2']).'" alt="画像2" title="画像2" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
echo ' <a href="'.htmlspecialchars($this->value['photo2'], ENT_QUOTES, 'UTF-8', false).'" target=”_blank”><img src="'.htmlspecialchars($this->value['photo2'], ENT_QUOTES, 'UTF-8', false).'" alt="画像2" title="画像2" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
} elseif (!empty($this->value['photo1']) && $this->value['photo1'] !== 'none') {
|
} elseif (!empty($this->value['photo1']) && $this->value['photo1'] !== 'none') {
|
||||||
echo ' <div class="photo1">';
|
echo ' <div class="photo1">';
|
||||||
echo ' <a href="'.htmlentities($this->value['photo1']).'" target=”_blank”><img src="'.htmlentities($this->value['photo1']).'" alt="画像1" title="画像1" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
echo ' <a href="'.htmlspecialchars($this->value['photo1'], ENT_QUOTES, 'UTF-8', false).'" target=”_blank”><img src="'.htmlspecialchars($this->value['photo1'], ENT_QUOTES, 'UTF-8', false).'" alt="画像1" title="画像1" onerror="this.onerror=null;this.src=\'../img/sysimage/errorimage/image_404.png\'"></a>';
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
}
|
}
|
||||||
if (!empty($this->value['video1']) && $this->value['video1'] !== 'none') {
|
if (!empty($this->value['video1']) && $this->value['video1'] !== 'none') {
|
||||||
echo ' <div class="video1">';
|
echo ' <div class="video1">';
|
||||||
echo ' <video controls src="' . htmlentities($this->value['video1']) . '"></video>';
|
echo ' <video controls src="' . htmlspecialchars($this->value['video1'], ENT_QUOTES, 'UTF-8', false) . '"></video>';
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
}elseif (!empty(YouTube_and_nicovideo_Links($this->value['ueuse']))) {
|
}elseif (!empty(YouTube_and_nicovideo_Links($this->value['ueuse']))) {
|
||||||
echo ' <div class="youtube_and_nicovideo_player">';
|
echo ' <div class="youtube_and_nicovideo_player">';
|
||||||
@@ -333,10 +332,10 @@ class MessageDisplay {
|
|||||||
if(!($this->value['abi'] == "none")){
|
if(!($this->value['abi'] == "none")){
|
||||||
echo '<div class="abi">';
|
echo '<div class="abi">';
|
||||||
echo ' <div class="back">';
|
echo ' <div class="back">';
|
||||||
echo '<h1>' . replaceProfileEmojiImages(htmlentities($this->value['username'])) . 'さんが追記しました</h1>';
|
echo '<h1>' . replaceProfileEmojiImages(htmlspecialchars($this->value['username'], ENT_QUOTES, 'UTF-8', false)) . 'さんが追記しました</h1>';
|
||||||
echo ' </div>';
|
echo ' </div>';
|
||||||
echo '<p>'.processMarkdownAndWrapEmptyLines(replaceEmojisWithImages(replaceURLsWithLinks(nl2br($this->value['abi'])))) . '</p>';
|
echo '<p>'.processMarkdownAndWrapEmptyLines(replaceEmojisWithImages(replaceURLsWithLinks(nl2br(htmlspecialchars($this->value['abi'], ENT_QUOTES, 'UTF-8', false))))) . '</p>';
|
||||||
echo '<div class="h3s">追記日時 : '. date("Y年m月d日 H:i", strtotime(htmlentities($this->value['abidate']))) . '</div>';
|
echo '<div class="h3s">追記日時 : '. date("Y年m月d日 H:i", strtotime(htmlspecialchars($this->value['abidate'], ENT_QUOTES, 'UTF-8', false))) . '</div>';
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
}
|
}
|
||||||
if($this->value['nsfw'] === "true"){
|
if($this->value['nsfw'] === "true"){
|
||||||
@@ -348,27 +347,27 @@ class MessageDisplay {
|
|||||||
echo '<div class="favbox">';
|
echo '<div class="favbox">';
|
||||||
$favoriteList = explode(',', $this->value['favorite']);
|
$favoriteList = explode(',', $this->value['favorite']);
|
||||||
if (in_array($this->userid, $favoriteList)) {
|
if (in_array($this->userid, $favoriteList)) {
|
||||||
echo '<button class="favbtn favbtn_after" id="favbtn" data-uniqid="' . htmlentities($this->value['uniqid']) . '" data-userid2="' . htmlentities($this->value['account']) . '"><svg><use xlink:href="../img/sysimage/favorite_2.svg#favorite" alt="いいね"></use></svg> <span class="like-count">' . htmlentities($this->value['favcnt']) . '</span></button>';
|
echo '<button class="favbtn favbtn_after" id="favbtn" data-uniqid="' . htmlspecialchars($this->value['uniqid'], ENT_QUOTES, 'UTF-8', false) . '" data-userid2="' . htmlspecialchars($this->value['account'], ENT_QUOTES, 'UTF-8', false) . '"><svg><use xlink:href="../img/sysimage/favorite_2.svg#favorite" alt="いいね"></use></svg> <span class="like-count">' . htmlentities($this->value['favcnt']) . '</span></button>';
|
||||||
}else{
|
}else{
|
||||||
echo '<button class="favbtn" id="favbtn" data-uniqid="' . htmlentities($this->value['uniqid']) . '" data-userid2="' . htmlentities($this->value['account']) . '"><svg><use xlink:href="../img/sysimage/favorite_1.svg#favorite" alt="いいね"></use></svg> <span class="like-count">' . htmlentities($this->value['favcnt']) . '</span></button>';
|
echo '<button class="favbtn" id="favbtn" data-uniqid="' . htmlspecialchars($this->value['uniqid'], ENT_QUOTES, 'UTF-8', false) . '" data-userid2="' . htmlspecialchars($this->value['account'], ENT_QUOTES, 'UTF-8', false) . '"><svg><use xlink:href="../img/sysimage/favorite_1.svg#favorite" alt="いいね"></use></svg> <span class="like-count">' . htmlentities($this->value['favcnt']) . '</span></button>';
|
||||||
}
|
}
|
||||||
echo '<a href="/!'.htmlentities($this->value['uniqid']). '~' . htmlentities($this->value['account']) . '" class="tuduki"><svg><use xlink:href="../img/sysimage/reply_1.svg#reply_1"></use></svg>'.htmlentities($this->value['reply_count']).'</a>';
|
echo '<a href="/!'.htmlspecialchars($this->value['uniqid'], ENT_QUOTES, 'UTF-8', false). '~' . htmlspecialchars($this->value['account'], ENT_QUOTES, 'UTF-8', false) . '" class="tuduki"><svg><use xlink:href="../img/sysimage/reply_1.svg#reply_1"></use></svg>'.htmlspecialchars($this->value['reply_count'], ENT_QUOTES, 'UTF-8', false).'</a>';
|
||||||
echo '<button name="share" id="share" class="share" data-uniqid="' . htmlentities($this->value['uniqid']) . '" data-userid="' . htmlentities($this->value['account']) . '"><svg><use xlink:href="../img/sysimage/share_1.svg#share_1"></use></svg></button>';
|
echo '<button name="share" id="share" class="share" data-uniqid="' . htmlspecialchars($this->value['uniqid'], ENT_QUOTES, 'UTF-8', false) . '" data-userid="' . htmlspecialchars($this->value['account'], ENT_QUOTES, 'UTF-8', false) . '"><svg><use xlink:href="../img/sysimage/share_1.svg#share_1"></use></svg></button>';
|
||||||
|
|
||||||
$bookmarkList = explode(',', $this->value['bookmark']);
|
$bookmarkList = explode(',', $this->value['bookmark']);
|
||||||
if (in_array($this->value['uniqid'], $bookmarkList)) {
|
if (in_array($this->value['uniqid'], $bookmarkList)) {
|
||||||
echo '<button name="bookmark" id="bookmark" class="bookmark bookmark_after" data-uniqid="' . htmlentities($this->value['uniqid']) . '" data-userid="' . htmlentities($this->value['account']) . '"><svg><use xlink:href="../img/sysimage/bookmark_1.svg#bookmark_1"></use></svg></button>';
|
echo '<button name="bookmark" id="bookmark" class="bookmark bookmark_after" data-uniqid="' . htmlspecialchars($this->value['uniqid'], ENT_QUOTES, 'UTF-8', false) . '" data-userid="' . htmlspecialchars($this->value['account'], ENT_QUOTES, 'UTF-8', false) . '"><svg><use xlink:href="../img/sysimage/bookmark_1.svg#bookmark_1"></use></svg></button>';
|
||||||
}else{
|
}else{
|
||||||
echo '<button name="bookmark" id="bookmark" class="bookmark" data-uniqid="' . htmlentities($this->value['uniqid']) . '" data-userid="' . htmlentities($this->value['account']) . '"><svg><use xlink:href="../img/sysimage/bookmark_1.svg#bookmark_1"></use></svg></button>';
|
echo '<button name="bookmark" id="bookmark" class="bookmark" data-uniqid="' . htmlspecialchars($this->value['uniqid'], ENT_QUOTES, 'UTF-8', false) . '" data-userid="' . htmlspecialchars($this->value['account'], ENT_QUOTES, 'UTF-8', false) . '"><svg><use xlink:href="../img/sysimage/bookmark_1.svg#bookmark_1"></use></svg></button>';
|
||||||
}
|
}
|
||||||
|
|
||||||
if($this->value['account'] === $this->userid){
|
if($this->value['account'] === $this->userid){
|
||||||
if(!($this->value['role'] === "ice")){
|
if(!($this->value['role'] === "ice")){
|
||||||
if($this->value['abi'] === "none"){
|
if($this->value['abi'] === "none"){
|
||||||
echo '<button name="addabi" id="addabi" data-uniqid2="' . htmlentities($this->value['uniqid']) . '" class="addabi"><svg><use xlink:href="../img/sysimage/addabi_1.svg#addabi_1"></use></svg></button>';
|
echo '<button name="addabi" id="addabi" data-uniqid2="' . htmlspecialchars($this->value['uniqid'], ENT_QUOTES, 'UTF-8', false) . '" class="addabi"><svg><use xlink:href="../img/sysimage/addabi_1.svg#addabi_1"></use></svg></button>';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
echo '<input type="submit" name="delueuse" id="uniqid2" data-uniqid2="' . htmlentities($this->value['uniqid']) . '" class="delbtn" value="削除">';
|
echo '<input type="submit" name="delueuse" id="uniqid2" data-uniqid2="' . htmlspecialchars($this->value['uniqid'], ENT_QUOTES, 'UTF-8', false) . '" class="delbtn" value="削除">';
|
||||||
}
|
}
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
uwuzu
|
uwuzu
|
||||||
1.3.2
|
1.3.3
|
||||||
2024/03/05
|
2024/03/06
|
||||||
daichimarukana,putonfps
|
daichimarukana,putonfps
|
||||||
@@ -1,6 +1,14 @@
|
|||||||
## リリースノートだぜぇぇぇぇぇぇい!!!!!!!
|
## リリースノートだぜぇぇぇぇぇぇい!!!!!!!
|
||||||
ここにはuwuzuの更新情報を載せてくぜぇ~!(いやまてテンションおかしいだろ...)
|
ここにはuwuzuの更新情報を載せてくぜぇ~!(いやまてテンションおかしいだろ...)
|
||||||
|
|
||||||
|
## Version 1.3.3 (new_Planet)
|
||||||
|
リリース日:2024/03/06
|
||||||
|
fix: 重大な脆弱性を修正しました。
|
||||||
|
fix: 一部表示がおかしくなる部分を修正しました。
|
||||||
|
fix: バグを減らしました。
|
||||||
|
chg: 投稿を削除する際の動作を一部変更しました。
|
||||||
|
chg: 一部UIを変更しました。
|
||||||
|
|
||||||
## Version 1.3.2 (new_Planet)
|
## Version 1.3.2 (new_Planet)
|
||||||
リリース日:2024/03/05
|
リリース日:2024/03/05
|
||||||
fix: 広告を追加できない問題を修正しました。
|
fix: 広告を追加できない問題を修正しました。
|
||||||
|
|||||||
+27
-27
@@ -500,22 +500,22 @@ if( !empty($_POST['btn_submit']) ) {
|
|||||||
// SQL作成
|
// SQL作成
|
||||||
$stmt = $pdo->prepare("INSERT INTO ueuse (username, account, uniqid, rpuniqid, ueuse, photo1, photo2, photo3, photo4, video1, datetime, abi, nsfw) VALUES (:username, :account, :uniqid, :rpuniqid, :ueuse, :photo1, :photo2, :photo3, :photo4, :video1, :datetime, :abi, :nsfw)");
|
$stmt = $pdo->prepare("INSERT INTO ueuse (username, account, uniqid, rpuniqid, ueuse, photo1, photo2, photo3, photo4, video1, datetime, abi, nsfw) VALUES (:username, :account, :uniqid, :rpuniqid, :ueuse, :photo1, :photo2, :photo3, :photo4, :video1, :datetime, :abi, :nsfw)");
|
||||||
|
|
||||||
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
|
$stmt->bindParam(':username', htmlspecialchars($username, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':account', $userid, PDO::PARAM_STR);
|
$stmt->bindParam(':account', htmlspecialchars($userid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':uniqid', $uniqid, PDO::PARAM_STR);
|
$stmt->bindParam(':uniqid', htmlspecialchars($uniqid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':rpuniqid', $ueuseid, PDO::PARAM_STR);
|
$stmt->bindParam(':rpuniqid', htmlspecialchars($ueuseid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':ueuse', $ueuse, PDO::PARAM_STR);
|
$stmt->bindParam(':ueuse', htmlspecialchars($ueuse, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':photo1', $photo1, PDO::PARAM_STR);
|
$stmt->bindParam(':photo1', htmlspecialchars($photo1, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':photo2', $photo2, PDO::PARAM_STR);
|
$stmt->bindParam(':photo2', htmlspecialchars($photo2, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':photo3', $photo3, PDO::PARAM_STR);
|
$stmt->bindParam(':photo3', htmlspecialchars($photo3, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':photo4', $photo4, PDO::PARAM_STR);
|
$stmt->bindParam(':photo4', htmlspecialchars($photo4, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':video1', $video1, PDO::PARAM_STR);
|
$stmt->bindParam(':video1', htmlspecialchars($video1, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':datetime', $datetime, PDO::PARAM_STR);
|
$stmt->bindParam(':datetime', htmlspecialchars($datetime, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':abi', $abi, PDO::PARAM_STR);
|
$stmt->bindParam(':nsfw', htmlspecialchars($save_nsfw, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':nsfw', $save_nsfw, PDO::PARAM_STR);
|
$stmt->bindParam(':abi', htmlspecialchars($abi, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
// SQLクエリの実行
|
// SQLクエリの実行
|
||||||
$res = $stmt->execute();
|
$res = $stmt->execute();
|
||||||
@@ -533,14 +533,14 @@ if( !empty($_POST['btn_submit']) ) {
|
|||||||
// 通知用SQL作成
|
// 通知用SQL作成
|
||||||
$stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)");
|
$stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)");
|
||||||
|
|
||||||
$stmt->bindParam(':fromuserid', htmlentities($fromuserid), PDO::PARAM_STR);
|
$stmt->bindParam(':fromuserid', htmlspecialchars($fromuserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':touserid', htmlentities($touserid), PDO::PARAM_STR);
|
$stmt->bindParam(':touserid', htmlspecialchars($touserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':msg', htmlentities($msg), PDO::PARAM_STR);
|
$stmt->bindParam(':msg', htmlspecialchars($msg, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':url', htmlentities($url), PDO::PARAM_STR);
|
$stmt->bindParam(':url', htmlspecialchars($url, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':userchk', htmlentities($userchk), PDO::PARAM_STR);
|
$stmt->bindParam(':userchk', htmlspecialchars($userchk, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':title', htmlentities($title), PDO::PARAM_STR);
|
$stmt->bindParam(':title', htmlspecialchars($title, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':datetime', htmlentities($datetime), PDO::PARAM_STR);
|
$stmt->bindParam(':datetime', htmlspecialchars($datetime, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
// SQLクエリの実行
|
// SQLクエリの実行
|
||||||
$res = $stmt->execute();
|
$res = $stmt->execute();
|
||||||
@@ -568,14 +568,14 @@ if( !empty($_POST['btn_submit']) ) {
|
|||||||
// 通知用SQL作成
|
// 通知用SQL作成
|
||||||
$stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)");
|
$stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)");
|
||||||
|
|
||||||
$stmt->bindParam(':fromuserid', htmlentities($fromuserid), PDO::PARAM_STR);
|
$stmt->bindParam(':fromuserid', htmlspecialchars($fromuserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':touserid', htmlentities($touserid), PDO::PARAM_STR);
|
$stmt->bindParam(':touserid', htmlspecialchars($touserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':msg', $msg, PDO::PARAM_STR);
|
$stmt->bindParam(':msg', htmlspecialchars($msg, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':url', htmlentities($url), PDO::PARAM_STR);
|
$stmt->bindParam(':url', htmlspecialchars($url, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':userchk', htmlentities($userchk), PDO::PARAM_STR);
|
$stmt->bindParam(':userchk', htmlspecialchars($userchk, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':title', htmlentities($title), PDO::PARAM_STR);
|
$stmt->bindParam(':title', htmlspecialchars($title, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':datetime', htmlentities($datetime), PDO::PARAM_STR);
|
$stmt->bindParam(':datetime', htmlspecialchars($datetime, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
// SQLクエリの実行
|
// SQLクエリの実行
|
||||||
$res = $stmt->execute();
|
$res = $stmt->execute();
|
||||||
|
|||||||
+43
-43
@@ -201,6 +201,7 @@ if( !empty($pdo) ) {
|
|||||||
|
|
||||||
// プロフィールの絵文字対応
|
// プロフィールの絵文字対応
|
||||||
function replaceProfileEmojiImages($postText) {
|
function replaceProfileEmojiImages($postText) {
|
||||||
|
$postText = str_replace(''', '\'', $postText);
|
||||||
// プロフィール名で絵文字名(:emoji:)を検出して画像に置き換える
|
// プロフィール名で絵文字名(:emoji:)を検出して画像に置き換える
|
||||||
$emojiPattern = '/:(\w+):/';
|
$emojiPattern = '/:(\w+):/';
|
||||||
$postTextWithImages = preg_replace_callback($emojiPattern, function($matches) {
|
$postTextWithImages = preg_replace_callback($emojiPattern, function($matches) {
|
||||||
@@ -226,6 +227,7 @@ if( !empty($pdo) ) {
|
|||||||
}
|
}
|
||||||
// ユーズ内の絵文字を画像に置き換える
|
// ユーズ内の絵文字を画像に置き換える
|
||||||
function replaceEmojisWithImages($postText) {
|
function replaceEmojisWithImages($postText) {
|
||||||
|
$postText = str_replace(''', '\'', $postText);
|
||||||
// ユーズ内で絵文字名(:emoji:)を検出して画像に置き換える
|
// ユーズ内で絵文字名(:emoji:)を検出して画像に置き換える
|
||||||
$emojiPattern = '/:(\w+):/';
|
$emojiPattern = '/:(\w+):/';
|
||||||
$postTextWithImages = preg_replace_callback($emojiPattern, function($matches) {
|
$postTextWithImages = preg_replace_callback($emojiPattern, function($matches) {
|
||||||
@@ -281,8 +283,6 @@ if( !empty($pdo) ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function replaceURLsWithLinks($postText) {
|
function replaceURLsWithLinks($postText) {
|
||||||
$postText = str_replace(''', '\'', $postText);
|
|
||||||
|
|
||||||
// URLを正規表現を使って検出
|
// URLを正規表現を使って検出
|
||||||
$pattern = '/(https:\/\/[^\s<>\[\]\'"]+)/'; // 改良された正規表現
|
$pattern = '/(https:\/\/[^\s<>\[\]\'"]+)/'; // 改良された正規表現
|
||||||
preg_match_all($pattern, $postText, $matches);
|
preg_match_all($pattern, $postText, $matches);
|
||||||
@@ -466,14 +466,14 @@ if (!empty($_POST['follow'])) {
|
|||||||
// 通知用SQL作成
|
// 通知用SQL作成
|
||||||
$stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)");
|
$stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)");
|
||||||
|
|
||||||
$stmt->bindParam(':fromuserid', htmlentities($fromuserid), PDO::PARAM_STR);
|
$stmt->bindParam(':fromuserid', htmlspecialchars($fromuserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':touserid', htmlentities($touserid), PDO::PARAM_STR);
|
$stmt->bindParam(':touserid', htmlspecialchars($touserid, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':msg', htmlentities($msg), PDO::PARAM_STR);
|
$stmt->bindParam(':msg', htmlspecialchars($msg, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':url', htmlentities($url), PDO::PARAM_STR);
|
$stmt->bindParam(':url', htmlspecialchars($url, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':userchk', htmlentities($userchk), PDO::PARAM_STR);
|
$stmt->bindParam(':userchk', htmlspecialchars($userchk, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
$stmt->bindParam(':title', htmlentities($title), PDO::PARAM_STR);
|
$stmt->bindParam(':title', htmlspecialchars($title, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
$stmt->bindParam(':datetime', htmlentities($datetime), PDO::PARAM_STR);
|
$stmt->bindParam(':datetime', htmlspecialchars($datetime, ENT_QUOTES, 'UTF-8', false), PDO::PARAM_STR);
|
||||||
|
|
||||||
// SQLクエリの実行
|
// SQLクエリの実行
|
||||||
$res = $stmt->execute();
|
$res = $stmt->execute();
|
||||||
@@ -625,7 +625,7 @@ $pdo = null;
|
|||||||
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
|
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
|
||||||
<link rel="apple-touch-icon" type="image/png" href="../favicon/apple-touch-icon-180x180.png">
|
<link rel="apple-touch-icon" type="image/png" href="../favicon/apple-touch-icon-180x180.png">
|
||||||
<link rel="icon" type="image/png" href="../favicon/icon-192x192.png">
|
<link rel="icon" type="image/png" href="../favicon/icon-192x192.png">
|
||||||
<title><?php echo htmlentities($userData['username'], ENT_QUOTES, 'UTF-8'); ?> さんのプロフィール - <?php echo htmlspecialchars($serversettings["serverinfo"]["server_name"], ENT_QUOTES, 'UTF-8');?></title>
|
<title><?php echo htmlspecialchars($userData['username'], ENT_QUOTES, 'UTF-8', false); ?> さんのプロフィール - <?php echo htmlspecialchars($serversettings["serverinfo"]["server_name"], ENT_QUOTES, 'UTF-8');?></title>
|
||||||
|
|
||||||
</head>
|
</head>
|
||||||
|
|
||||||
@@ -685,12 +685,12 @@ $pdo = null;
|
|||||||
<!--ここまで!--->
|
<!--ここまで!--->
|
||||||
<?php }else{?>
|
<?php }else{?>
|
||||||
<div class="hed">
|
<div class="hed">
|
||||||
<img src="<?php echo htmlentities('../'.$userdata['headname']); ?>">
|
<img src="<?php echo htmlspecialchars('../'.$userdata['headname'], ENT_QUOTES, 'UTF-8', false); ?>">
|
||||||
</div>
|
</div>
|
||||||
<div class="icon">
|
<div class="icon">
|
||||||
<img src="<?php echo htmlentities('../'.$userdata['iconname']); ?>">
|
<img src="<?php echo htmlspecialchars('../'.$userdata['iconname'], ENT_QUOTES, 'UTF-8', false); ?>">
|
||||||
<h2><?php echo replaceProfileEmojiImages(htmlentities($userData['username'], ENT_QUOTES, 'UTF-8')); ?></h2>
|
<h2><?php echo replaceProfileEmojiImages(htmlspecialchars($userData['username'], ENT_QUOTES, 'UTF-8', false)); ?></h2>
|
||||||
<p>@<?php echo htmlentities($userData['userid'], ENT_QUOTES, 'UTF-8'); ?><!--<span>@<?php /*echo htmlentities($domain, ENT_QUOTES, 'UTF-8'); */?></span>--></p>
|
<p>@<?php echo htmlspecialchars($userData['userid'], ENT_QUOTES, 'UTF-8', false); ?><!--<span>@<?php /*echo htmlentities($domain, ENT_QUOTES, 'UTF-8'); */?></span>--></p>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="roleboxes">
|
<div class="roleboxes">
|
||||||
@@ -698,15 +698,15 @@ $pdo = null;
|
|||||||
<?php $roleData = $roleDataArray[$roleId]; ?>
|
<?php $roleData = $roleDataArray[$roleId]; ?>
|
||||||
<div class="rolebox" style="border: 1px solid <?php echo '#' . $roleData["rolecolor"]; ?>;">
|
<div class="rolebox" style="border: 1px solid <?php echo '#' . $roleData["rolecolor"]; ?>;">
|
||||||
<p style="color: <?php echo '#' . $roleData["rolecolor"]; ?>;">
|
<p style="color: <?php echo '#' . $roleData["rolecolor"]; ?>;">
|
||||||
<?php if (!empty($roleData["rolename"])) { echo htmlentities($roleData["rolename"], ENT_QUOTES, 'UTF-8'); }else{ echo("ロールが正常に設定されていません。");} ?>
|
<?php if (!empty($roleData["rolename"])) { echo htmlspecialchars($roleData["rolename"], ENT_QUOTES, 'UTF-8', false); }else{ echo("ロールが正常に設定されていません。");} ?>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
<?php endforeach; ?>
|
<?php endforeach; ?>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<?php if (false === strpos($myblocklist, ','.htmlentities($userData['userid'], ENT_QUOTES, 'UTF-8'))) {?>
|
<?php if (false === strpos($myblocklist, ','.htmlspecialchars($userData['userid'], ENT_QUOTES, 'UTF-8', false))) {?>
|
||||||
<div class="profile">
|
<div class="profile">
|
||||||
<p><?php echo replaceEmojisWithImages(replaceURLsWithLinks(nl2br($profileText))); ?></p>
|
<p><?php echo replaceEmojisWithImages(replaceURLsWithLinks(nl2br(htmlspecialchars($profileText, ENT_QUOTES, 'UTF-8', false)))); ?></p>
|
||||||
</div>
|
</div>
|
||||||
<?php }else{?>
|
<?php }else{?>
|
||||||
<div class="profile">
|
<div class="profile">
|
||||||
@@ -718,7 +718,7 @@ $pdo = null;
|
|||||||
<div class="fzone">
|
<div class="fzone">
|
||||||
<div class="time">
|
<div class="time">
|
||||||
<p><?php echo date('Y年m月d日 H:i:s', strtotime($userdata['datetime'])); ?>からuwuzuを利用しています。</p>
|
<p><?php echo date('Y年m月d日 H:i:s', strtotime($userdata['datetime'])); ?>からuwuzuを利用しています。</p>
|
||||||
<p><?php if(htmlentities($userdata['role']) === "ice"){echo"このアカウントは凍結されています。";}; ?></p>
|
<p><?php if(htmlspecialchars($userdata['role'], ENT_QUOTES, 'UTF-8', false) === "ice"){echo"このアカウントは凍結されています。";}; ?></p>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<?php if(!empty($follow_yes)){?>
|
<?php if(!empty($follow_yes)){?>
|
||||||
@@ -727,8 +727,8 @@ $pdo = null;
|
|||||||
</div>
|
</div>
|
||||||
<?php }?>
|
<?php }?>
|
||||||
|
|
||||||
<?php if ($userid !== htmlentities($userData['userid'], ENT_QUOTES, 'UTF-8')) {?>
|
<?php if ($userid !== htmlspecialchars($userData['userid'], ENT_QUOTES, 'UTF-8', false)) {?>
|
||||||
<?php if (false !== strpos($myblocklist, ','.htmlentities($userData['userid'], ENT_QUOTES, 'UTF-8'))) {?>
|
<?php if (false !== strpos($myblocklist, ','.htmlspecialchars($userData['userid'], ENT_QUOTES, 'UTF-8', false))) {?>
|
||||||
<div class="follow">
|
<div class="follow">
|
||||||
<a id="un_block" href="javascript:void(0);" class="report" title="ブロック解除"><svg><use xlink:href="../img/sysimage/unblock_1.svg#block"></use></svg></a>
|
<a id="un_block" href="javascript:void(0);" class="report" title="ブロック解除"><svg><use xlink:href="../img/sysimage/unblock_1.svg#block"></use></svg></a>
|
||||||
</div>
|
</div>
|
||||||
@@ -740,7 +740,7 @@ $pdo = null;
|
|||||||
<?php }?>
|
<?php }?>
|
||||||
|
|
||||||
<div class="follow">
|
<div class="follow">
|
||||||
<a href="/user/report?q=<?php echo htmlentities($userData['userid'], ENT_QUOTES, 'UTF-8'); ?>" class="report" title="通報"><svg><use xlink:href="../img/sysimage/report_1.svg#report"></use></svg></a>
|
<a href="/user/report?q=<?php echo htmlspecialchars($userData['userid'], ENT_QUOTES, 'UTF-8', false); ?>" class="report" title="通報"><svg><use xlink:href="../img/sysimage/report_1.svg#report"></use></svg></a>
|
||||||
</div>
|
</div>
|
||||||
<?php if ($userData['userid'] == $userid) { ?>
|
<?php if ($userData['userid'] == $userid) { ?>
|
||||||
<div class="follow">
|
<div class="follow">
|
||||||
@@ -748,7 +748,7 @@ $pdo = null;
|
|||||||
</div>
|
</div>
|
||||||
<?php } else { ?>
|
<?php } else { ?>
|
||||||
|
|
||||||
<?php if (false === strpos($myblocklist, ','.htmlentities($userData['userid'], ENT_QUOTES, 'UTF-8'))) {?>
|
<?php if (false === strpos($myblocklist, ','.htmlspecialchars($userData['userid'], ENT_QUOTES, 'UTF-8', false))) {?>
|
||||||
<form method="post">
|
<form method="post">
|
||||||
<div class="follow">
|
<div class="follow">
|
||||||
<?php
|
<?php
|
||||||
@@ -773,14 +773,14 @@ $pdo = null;
|
|||||||
<div class="sp_time_area">
|
<div class="sp_time_area">
|
||||||
<div class="time">
|
<div class="time">
|
||||||
<p><?php echo date('Y年m月d日 H:i:s', strtotime($userdata['datetime'])); ?>からuwuzuを利用しています。</p>
|
<p><?php echo date('Y年m月d日 H:i:s', strtotime($userdata['datetime'])); ?>からuwuzuを利用しています。</p>
|
||||||
<p><?php if(htmlentities($userdata['role']) === "ice"){echo"このアカウントは凍結されています。";}; ?></p>
|
<p><?php if(htmlspecialchars($userdata['role'], ENT_QUOTES, 'UTF-8', false) === "ice"){echo"このアカウントは凍結されています。";}; ?></p>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<?php if(!($role === "ice")){?>
|
<?php if(!($role === "ice")){?>
|
||||||
<div id="myModal" class="modal">
|
<div id="myModal" class="modal">
|
||||||
<div class="modal-content">
|
<div class="modal-content">
|
||||||
<p><?php echo replaceProfileEmojiImages(htmlentities($userData['username'], ENT_QUOTES, 'UTF-8')); ?>さんをフォロー解除しますか?</p>
|
<p><?php echo replaceProfileEmojiImages(htmlspecialchars($userData['username'], ENT_QUOTES, 'UTF-8', false)); ?>さんをフォロー解除しますか?</p>
|
||||||
<form class="btn_area" method="post">
|
<form class="btn_area" method="post">
|
||||||
<input type="submit" id="openModalButton" class="fbtn_no" name="unfollow" value="フォロー解除">
|
<input type="submit" id="openModalButton" class="fbtn_no" name="unfollow" value="フォロー解除">
|
||||||
<input type="button" id="closeModal" class="fbtn" value="キャンセル">
|
<input type="button" id="closeModal" class="fbtn" value="キャンセル">
|
||||||
@@ -811,7 +811,7 @@ $pdo = null;
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<hr>
|
<hr>
|
||||||
<?php if (false === strpos($myblocklist, ','.htmlentities($userData['userid'], ENT_QUOTES, 'UTF-8'))) {?>
|
<?php if (false === strpos($myblocklist, ','.htmlspecialchars($userData['userid'], ENT_QUOTES, 'UTF-8', false))) {?>
|
||||||
<section class="inner">
|
<section class="inner">
|
||||||
<div id="postContainer">
|
<div id="postContainer">
|
||||||
|
|
||||||
@@ -822,7 +822,7 @@ $pdo = null;
|
|||||||
🤔
|
🤔
|
||||||
</div>
|
</div>
|
||||||
<?php }else{?>
|
<?php }else{?>
|
||||||
<div class="tokonone" id="noueuse"><p><?php echo htmlentities($userData['username'], ENT_QUOTES, 'UTF-8'); ?>さんをブロックしているため投稿の閲覧は出来ません。</p></div>
|
<div class="tokonone" id="noueuse"><p><?php echo htmlspecialchars($userData['username'], ENT_QUOTES, 'UTF-8', false); ?>さんをブロックしているため投稿の閲覧は出来ません。</p></div>
|
||||||
<?php }?>
|
<?php }?>
|
||||||
|
|
||||||
<div id="error" class="error" style="display: none;">
|
<div id="error" class="error" style="display: none;">
|
||||||
@@ -845,7 +845,7 @@ $pdo = null;
|
|||||||
<p>ユーズに追記しますか?</p>
|
<p>ユーズに追記しますか?</p>
|
||||||
<p>※追記は削除出来ません。</p>
|
<p>※追記は削除出来ません。</p>
|
||||||
<form method="post" id="AbiForm">
|
<form method="post" id="AbiForm">
|
||||||
<textarea id="abitexts" placeholder="なに追記する~?" name="abi"><?php if( !empty($_SESSION['abi']) ){ echo htmlentities( $_SESSION['abi'], ENT_QUOTES, 'UTF-8'); } ?></textarea>
|
<textarea id="abitexts" placeholder="なに追記する~?" name="abi"><?php if( !empty($_SESSION['abi']) ){ echo htmlspecialchars( $_SESSION['abi'], ENT_QUOTES, 'UTF-8', false); } ?></textarea>
|
||||||
<div class="btn_area">
|
<div class="btn_area">
|
||||||
<input type="submit" id="AbiAddButton" class="fbtn_no" name="abi" value="追記">
|
<input type="submit" id="AbiAddButton" class="fbtn_no" name="abi" value="追記">
|
||||||
<input type="button" id="AbiCancelButton" class="fbtn" value="キャンセル">
|
<input type="button" id="AbiCancelButton" class="fbtn" value="キャンセル">
|
||||||
@@ -856,8 +856,8 @@ $pdo = null;
|
|||||||
|
|
||||||
<div id="account_BlockModal" class="modal">
|
<div id="account_BlockModal" class="modal">
|
||||||
<div class="modal-content">
|
<div class="modal-content">
|
||||||
<h1><?php echo replaceProfileEmojiImages(htmlentities($userdata['username'], ENT_QUOTES, 'UTF-8')); ?>さんをブロックしますか?</h1>
|
<h1><?php echo replaceProfileEmojiImages(htmlspecialchars($userdata['username'], ENT_QUOTES, 'UTF-8', false)); ?>さんをブロックしますか?</h1>
|
||||||
<p><?php echo replaceProfileEmojiImages(htmlentities($userdata['username'], ENT_QUOTES, 'UTF-8')); ?>さんのアカウントをブロックしますか?<br>ブロックするとフォローが解除され、検索以外のLTL、FTL等で<?php echo htmlentities($userdata['username'], ENT_QUOTES, 'UTF-8'); ?>さんの投稿が表示されなくなります。<br>また、相手からこのアカウントを閲覧することもできなくなります。<br>※ブロックしたことは相手には通知されません。<br><br>ブロックを解除するときはこのアカウントのユーザーページ(このページ)から解除を行ってください。</p>
|
<p><?php echo replaceProfileEmojiImages(htmlspecialchars($userdata['username'], ENT_QUOTES, 'UTF-8', false)); ?>さんのアカウントをブロックしますか?<br>ブロックするとフォローが解除され、検索以外のLTL、FTL等で<?php echo htmlspecialchars($userdata['username'], ENT_QUOTES, 'UTF-8', false); ?>さんの投稿が表示されなくなります。<br>また、相手からこのアカウントを閲覧することもできなくなります。<br>※ブロックしたことは相手には通知されません。<br><br>ブロックを解除するときはこのアカウントのユーザーページ(このページ)から解除を行ってください。</p>
|
||||||
<form class="btn_area" method="post">
|
<form class="btn_area" method="post">
|
||||||
<input type="submit" id="deleteButton2" class="fbtn_no" name="send_block_submit" value="ブロック">
|
<input type="submit" id="deleteButton2" class="fbtn_no" name="send_block_submit" value="ブロック">
|
||||||
<input type="button" id="cancelButton2" class="fbtn" value="キャンセル">
|
<input type="button" id="cancelButton2" class="fbtn" value="キャンセル">
|
||||||
@@ -867,8 +867,8 @@ $pdo = null;
|
|||||||
|
|
||||||
<div id="account_un_BlockModal" class="modal">
|
<div id="account_un_BlockModal" class="modal">
|
||||||
<div class="modal-content">
|
<div class="modal-content">
|
||||||
<h1><?php echo replaceProfileEmojiImages(htmlentities($userdata['username'], ENT_QUOTES, 'UTF-8')); ?>さんのブロックを解除しますか?</h1>
|
<h1><?php echo replaceProfileEmojiImages(htmlspecialchars($userdata['username'], ENT_QUOTES, 'UTF-8', false)); ?>さんのブロックを解除しますか?</h1>
|
||||||
<p><?php echo replaceProfileEmojiImages(htmlentities($userdata['username'], ENT_QUOTES, 'UTF-8')); ?>さんのアカウントをブロック解除しますか?<br>ブロック解除すると<?php echo htmlentities($userdata['username'], ENT_QUOTES, 'UTF-8'); ?>さんの投稿の閲覧が可能になりフォローすることもできるようになります。</p>
|
<p><?php echo replaceProfileEmojiImages(htmlspecialchars($userdata['username'], ENT_QUOTES, 'UTF-8', false)); ?>さんのアカウントをブロック解除しますか?<br>ブロック解除すると<?php echo htmlspecialchars($userdata['username'], ENT_QUOTES, 'UTF-8', false); ?>さんの投稿の閲覧が可能になりフォローすることもできるようになります。</p>
|
||||||
<form class="btn_area" method="post">
|
<form class="btn_area" method="post">
|
||||||
<input type="submit" id="deleteButton3" class="fbtn_no" name="send_un_block_submit" value="ブロック解除">
|
<input type="submit" id="deleteButton3" class="fbtn_no" name="send_un_block_submit" value="ブロック解除">
|
||||||
<input type="button" id="cancelButton3" class="fbtn" value="キャンセル">
|
<input type="button" id="cancelButton3" class="fbtn" value="キャンセル">
|
||||||
@@ -879,22 +879,22 @@ $pdo = null;
|
|||||||
|
|
||||||
<div id="FollowerUserModal" class="modal">
|
<div id="FollowerUserModal" class="modal">
|
||||||
<div class="modal-content">
|
<div class="modal-content">
|
||||||
<p><?php echo replaceProfileEmojiImages(htmlentities($userData["username"], ENT_QUOTES, 'UTF-8'));?>さんをフォローしているユーザー</p>
|
<p><?php echo replaceProfileEmojiImages(htmlspecialchars($userData["username"], ENT_QUOTES, 'UTF-8', false));?>さんをフォローしているユーザー</p>
|
||||||
<?php
|
<?php
|
||||||
if(!empty($follower_userdata)){
|
if(!empty($follower_userdata)){
|
||||||
foreach ($follower_userdata as $value) {
|
foreach ($follower_userdata as $value) {
|
||||||
if (false === strpos($myblocklist, ',' . htmlentities($value['userid'], ENT_QUOTES, 'UTF-8'))) {
|
if (false === strpos($myblocklist, ',' . htmlspecialchars($value['userid'], ENT_QUOTES, 'UTF-8', false))) {
|
||||||
echo "<div class='action_userlist'>";
|
echo "<div class='action_userlist'>";
|
||||||
echo "<a href='/@".htmlentities($value['userid'], ENT_QUOTES, 'UTF-8')."'><img src=".htmlentities($value['iconname'], ENT_QUOTES, 'UTF-8')."></a>";
|
echo "<a href='/@".htmlspecialchars($value['userid'], ENT_QUOTES, 'UTF-8', false)."'><img src=".htmlspecialchars($value['iconname'], ENT_QUOTES, 'UTF-8', false)."></a>";
|
||||||
echo "<div class='userabout'>";
|
echo "<div class='userabout'>";
|
||||||
echo "<div class='username'><a href='/@".htmlentities($value['userid'], ENT_QUOTES, 'UTF-8')."'>".replaceEmojisWithImages(htmlentities($value['username'], ENT_QUOTES, 'UTF-8'))."</a></div>";
|
echo "<div class='username'><a href='/@".htmlspecialchars($value['userid'], ENT_QUOTES, 'UTF-8', false)."'>".replaceEmojisWithImages(htmlspecialchars($value['username'], ENT_QUOTES, 'UTF-8', false))."</a></div>";
|
||||||
echo "<div class='userid'><a href='/@".htmlentities($value['userid'], ENT_QUOTES, 'UTF-8')."'>@".htmlentities($value['userid'], ENT_QUOTES, 'UTF-8')."</a></div>";
|
echo "<div class='userid'><a href='/@".htmlspecialchars($value['userid'], ENT_QUOTES, 'UTF-8', false)."'>@".htmlspecialchars($value['userid'], ENT_QUOTES, 'UTF-8', false)."</a></div>";
|
||||||
echo "</div>";
|
echo "</div>";
|
||||||
echo "</div>";
|
echo "</div>";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}else{
|
}else{
|
||||||
echo "<p>".replaceProfileEmojiImages(htmlentities($userData["username"], ENT_QUOTES, 'UTF-8'))."さんは誰にもフォローされていません。</p>";
|
echo "<p>".replaceProfileEmojiImages(htmlspecialchars($userData["username"], ENT_QUOTES, 'UTF-8', false))."さんは誰にもフォローされていません。</p>";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<div class="btn_area">
|
<div class="btn_area">
|
||||||
@@ -905,22 +905,22 @@ $pdo = null;
|
|||||||
|
|
||||||
<div id="FollowUserModal" class="modal">
|
<div id="FollowUserModal" class="modal">
|
||||||
<div class="modal-content">
|
<div class="modal-content">
|
||||||
<p><?php echo replaceProfileEmojiImages(htmlentities($userData["username"], ENT_QUOTES, 'UTF-8'));?>さんがフォローしているユーザー</p>
|
<p><?php echo replaceProfileEmojiImages(htmlspecialchars($userData["username"], ENT_QUOTES, 'UTF-8', false));?>さんがフォローしているユーザー</p>
|
||||||
<?php
|
<?php
|
||||||
if(!empty($follow_userdata)){
|
if(!empty($follow_userdata)){
|
||||||
foreach ($follow_userdata as $value) {
|
foreach ($follow_userdata as $value) {
|
||||||
if (false === strpos($myblocklist, ',' . htmlentities($value['userid'], ENT_QUOTES, 'UTF-8'))) {
|
if (false === strpos($myblocklist, ',' . htmlspecialchars($value['userid'], ENT_QUOTES, 'UTF-8', false))) {
|
||||||
echo "<div class='action_userlist'>";
|
echo "<div class='action_userlist'>";
|
||||||
echo "<a href='/@".htmlentities($value['userid'], ENT_QUOTES, 'UTF-8')."'><img src=".htmlentities($value['iconname'], ENT_QUOTES, 'UTF-8')."></a>";
|
echo "<a href='/@".htmlspecialchars($value['userid'], ENT_QUOTES, 'UTF-8', false)."'><img src=".htmlspecialchars($value['iconname'], ENT_QUOTES, 'UTF-8', false)."></a>";
|
||||||
echo "<div class='userabout'>";
|
echo "<div class='userabout'>";
|
||||||
echo "<div class='username'><a href='/@".htmlentities($value['userid'], ENT_QUOTES, 'UTF-8')."'>".replaceEmojisWithImages(htmlentities($value['username'], ENT_QUOTES, 'UTF-8'))."</a></div>";
|
echo "<div class='username'><a href='/@".htmlspecialchars($value['userid'], ENT_QUOTES, 'UTF-8', false)."'>".replaceEmojisWithImages(htmlspecialchars($value['username'], ENT_QUOTES, 'UTF-8', false))."</a></div>";
|
||||||
echo "<div class='userid'><a href='/@".htmlentities($value['userid'], ENT_QUOTES, 'UTF-8')."'>@".htmlentities($value['userid'], ENT_QUOTES, 'UTF-8')."</a></div>";
|
echo "<div class='userid'><a href='/@".htmlspecialchars($value['userid'], ENT_QUOTES, 'UTF-8', false)."'>@".htmlspecialchars($value['userid'], ENT_QUOTES, 'UTF-8', false)."</a></div>";
|
||||||
echo "</div>";
|
echo "</div>";
|
||||||
echo "</div>";
|
echo "</div>";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}else{
|
}else{
|
||||||
echo "<p>".replaceProfileEmojiImages(htmlentities($userData["username"], ENT_QUOTES, 'UTF-8'))."さんは誰もフォローしていません。</p>";
|
echo "<p>".replaceProfileEmojiImages(htmlspecialchars($userData["username"], ENT_QUOTES, 'UTF-8', false))."さんは誰もフォローしていません。</p>";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<div class="btn_area">
|
<div class="btn_area">
|
||||||
|
|||||||
Reference in New Issue
Block a user