aboutsummaryrefslogtreecommitdiff
path: root/src/admin
diff options
context:
space:
mode:
Diffstat (limited to 'src/admin')
-rw-r--r--src/admin/clar.php4
-rw-r--r--src/admin/claredit.php5
-rw-r--r--src/admin/export.php2
-rw-r--r--src/admin/files.php1
-rw-r--r--src/admin/problem.php6
-rw-r--r--src/admin/report/clar.php4
6 files changed, 10 insertions, 12 deletions
diff --git a/src/admin/clar.php b/src/admin/clar.php
index 66a7b0d..9d02d11 100644
--- a/src/admin/clar.php
+++ b/src/admin/clar.php
@@ -92,13 +92,13 @@ for ($i=0; $i<count($clar); $i++) {
echo " <td>";
// echo "<pre>" . $clar[$i]["question"] . "</pre>";
// echo $clar[$i]["question"];
- echo " <textarea name=\"m$i\" cols=\"60\" rows=\"8\" readonly>".$clar[$i]["question"]."</textarea>\n";
+ echo " <textarea name=\"m$i\" cols=\"60\" rows=\"8\" readonly>". unsanitizeText($clar[$i]["question"]) ."</textarea>\n";
echo "</td>\n";
if (trim($clar[$i]["answer"]) == "") $clar[$i]["answer"] = "Not answered yet";
echo " <td>";
// echo " <pre>" . $clar[$i]["answer"] . "</pre>";
// echo $clar[$i]["answer"];
- echo " <textarea name=\"a$i\" cols=\"60\" rows=\"8\" readonly>".$clar[$i]["answer"]."</textarea>\n";
+ echo " <textarea name=\"a$i\" cols=\"60\" rows=\"8\" readonly>". unsanitizeText($clar[$i]["answer"]) ."</textarea>\n";
echo "</td>\n";
echo " </tr>\n";
diff --git a/src/admin/claredit.php b/src/admin/claredit.php
index 5eb812f..cf9785c 100644
--- a/src/admin/claredit.php
+++ b/src/admin/claredit.php
@@ -125,14 +125,13 @@ if (($a = DBChiefGetClarToAnswer($clarnumber, $clarsitenumber,
<tr>
<td width="20%" align=right><b>Clarification:</b></td>
<td width="80%">
- <textarea name="message" readonly cols="60" rows="8"><?php echo $a["question"]; ?>
- </textarea>
+ <textarea name="message" readonly cols="60" rows="8"><?php echo unsanitizeText($a["question"]); ?></textarea>
</td>
</tr>
<tr>
<td width="20%" align=right><b>Answer:</b></td>
<td width="80%">
- <textarea name="answer" cols="60" rows="8"><?php echo $a["answer"]; ?></textarea>
+ <textarea name="answer" cols="60" rows="8"><?php echo unsanitizeText($a["answer"]); ?></textarea>
</td>
</tr>
<tr>
diff --git a/src/admin/export.php b/src/admin/export.php
index 2682c94..10a595d 100644
--- a/src/admin/export.php
+++ b/src/admin/export.php
@@ -51,7 +51,7 @@ if(isset($_POST["Submit"]) || isset($_POST['Submit1'])) {
if(isset($_POST['nopassword']) && $_POST['nopassword']=='true')
echo $xml;
else
- echo rawurlencode($_POST['challenge']) . " " . encryptData($xml,($_POST['password']));
+ echo myrawurlencode($_POST['challenge']) . " " . encryptData($xml,($_POST['password']));
exit;
}
}
diff --git a/src/admin/files.php b/src/admin/files.php
index 16f0f2d..30ce320 100644
--- a/src/admin/files.php
+++ b/src/admin/files.php
@@ -59,7 +59,6 @@ for ($i=0; $i<count($run); $i++) {
echo " <td nowrap>" . dateconvsimple($run[$i]["timestamp"]) . "</td>\n";
echo " <td nowrap>" . $run[$i]["usernumber"] . " (" . $run[$i]["usersitenumber"] . ")</td>\n";
- $if = rawurlencode($run[$i]["filename"]);
if($run[$i]["status"]=="active") {
echo "<td nowrap><a href=\"../filedownload.php?". filedownload($run[$i]["oid"],$run[$i]["filename"]) . "\">";
echo $run[$i]["filename"] . "</a>";
diff --git a/src/admin/problem.php b/src/admin/problem.php
index a01bd35..33e887c 100644
--- a/src/admin/problem.php
+++ b/src/admin/problem.php
@@ -26,7 +26,7 @@ if(($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null)
if (isset($_GET["delete"]) && is_numeric($_GET["delete"]) && isset($_GET["input"])) {
$param = array();
$param['number']=$_GET["delete"];
- $param['inputfilename']=$_GET["input"];
+ $param['inputfilename']=myrawurldecode($_GET["input"]);
if(!DBDeleteProblem ($_SESSION["usertable"]["contestnumber"], $param)) {
MSGError('Error deleting problem');
LogError('Error deleting problem');
@@ -262,11 +262,11 @@ for ($i=0; $i<count($prob); $i++) {
echo " <tr>\n";
if($prob[$i]["fake"]!='t') {
if(strpos($prob[$i]["fullname"],"(DEL)") !== false) {
- echo " <td nowrap><a href=\"javascript: conf3('problem.php?delete=" . $prob[$i]["number"] . "&input=" . rawurlencode($prob[$i]["inputfilename"]) .
+ echo " <td nowrap><a href=\"javascript: conf3('problem.php?delete=" . $prob[$i]["number"] . "&input=" . myrawurlencode($prob[$i]["inputfilename"]) .
"')\">" . $prob[$i]["number"];
echo "(deleted)";
} else {
- echo " <td nowrap><a href=\"javascript: conf2('problem.php?delete=" . $prob[$i]["number"] . "&input=" . rawurlencode($prob[$i]["inputfilename"]) .
+ echo " <td nowrap><a href=\"javascript: conf2('problem.php?delete=" . $prob[$i]["number"] . "&input=" . myrawurlencode($prob[$i]["inputfilename"]) .
"')\">" . $prob[$i]["number"];
}
echo "</a></td>\n";
diff --git a/src/admin/report/clar.php b/src/admin/report/clar.php
index 61816d9..27616d5 100644
--- a/src/admin/report/clar.php
+++ b/src/admin/report/clar.php
@@ -63,13 +63,13 @@ for ($i=0; $i<count($clar); $i++) {
echo " <td>";
// echo "<pre>" . $clar[$i]["question"] . "</pre>";
// echo $clar[$i]["question"];
- echo " <textarea name=\"m$i\" cols=\"60\" rows=\"8\" readonly>".$clar[$i]["question"]."</textarea>\n";
+ echo " <textarea name=\"m$i\" cols=\"60\" rows=\"8\" readonly>". unsanitizeText($clar[$i]["question"]) ."</textarea>\n";
echo "</td>\n";
if (trim($clar[$i]["answer"]) == "") $clar[$i]["answer"] = "Not answered yet";
echo " <td>";
// echo " <pre>" . $clar[$i]["answer"] . "</pre>";
// echo $clar[$i]["answer"];
- echo " <textarea name=\"a$i\" cols=\"60\" rows=\"8\" readonly>".$clar[$i]["answer"]."</textarea>\n";
+ echo " <textarea name=\"a$i\" cols=\"60\" rows=\"8\" readonly>". unsanitizeText($clar[$i]["answer"]) ."</textarea>\n";
echo "</td>\n";
echo " </tr>\n";
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-28 04:01:45 +0000