function html_escape_value($data) { if (!is_array($data)) { return htmlspecialchars($data, ENT_QUOTES, 'UTF-8', false); } $escapedData = array(); foreach ($data as $key => $value) { $escapedData[html_escape_value($key)] = html_escape_value($value); } return $escapedData; }
<!DOCTYPE html> <html> <body> <?php require_once 'utils.php'; if ('1' === $_GET['p']) { echo '<a href="issue130.php?p=2">Go to 2</a>'; } else { echo '<strong>' . html_escape_value($_SERVER['HTTP_REFERER']) . '</strong>'; } ?> </body>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru"> <head> <title>Basic Form Saving</title> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/> </head> <body> <h1>Anket for <?php echo html_escape_value($app['request']->request->get('first_name')); ?> </h1> <span id="first">Firstname: <?php echo html_escape_value($app['request']->request->get('first_name')); ?> </span> <span id="last">Lastname: <?php echo html_escape_value($app['request']->request->get('last_name')); ?> </span> </body> </html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru"> <head> <title>Basic Form</title> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/> <script> </script> </head> <body> Previous cookie: <?php echo $app['request']->cookies->has('srvr_cookie') ? html_escape_value($app['request']->cookies->get('srvr_cookie')) : 'NO'; ?> </body> </html>
<!DOCTYPE html> <html> <head> <title>Advanced form save</title> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"> </head> <body> <?php error_reporting(0); require_once 'utils.php'; if (isset($_POST['select_multiple_numbers']) && false !== strpos($_POST['select_multiple_numbers'][0], ',')) { $_POST['select_multiple_numbers'] = explode(',', $_POST['select_multiple_numbers'][0]); } $_POST['agreement'] = isset($_POST['agreement']) ? 'on' : 'off'; ksort($_POST); echo str_replace('>', '', var_export(html_escape_value($_POST), true)) . "\n"; if (isset($_FILES['about']) && file_exists($_FILES['about']['tmp_name'])) { echo html_escape_value($_FILES['about']['name']) . "\n"; echo html_escape_value(file_get_contents($_FILES['about']['tmp_name'])); } else { echo "no file"; } ?> </body> </html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <html> <body> <?php if ($app['request']->isMethod('POST')) { $resp = new Symfony\Component\HttpFoundation\Response(); $cook = new Symfony\Component\HttpFoundation\Cookie('tc', $app['request']->request->get('cookie_value')); $resp->headers->setCookie($cook); } elseif ($app['request']->query->has('show_value')) { echo html_escape_value($app['request']->cookies->get('tc')); return; } ?> <form method="post"> <input name="cookie_value"> <input type="submit" value="Set cookie"> </form> </body>
<!DOCTYPE html> <html> <head> <title>Cookies page</title> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/> </head> <body> <?php require_once 'utils.php'; echo str_replace('>', '', var_export(html_escape_value($_COOKIE), true)); ?> </body> </html>
<!DOCTYPE html> <html> <head> <title>Basic Form Saving</title> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/> </head> <body> <?php require_once 'utils.php'; ?> <h1>Anket for <?php echo html_escape_value($_POST['first_name']); ?> </h1> <span id="first">Firstname: <?php echo html_escape_value($_POST['first_name']); ?> </span> <span id="last">Lastname: <?php echo html_escape_value($_POST['last_name']); ?> </span> </body> </html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru"> <head> <title>Basic Get Form</title> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/> </head> <body> <h1>Basic Get Form Page</h1> <div id="serach"> <?php $GET = $app['request']->query->all(); echo isset($GET['q']) && $GET['q'] ? html_escape_value($GET['q']) : 'No search query'; ?> </div> <form> <input name="q" value="" type="text" /> <input type="submit" value="Find" /> </form> </body> </html>
<!DOCTYPE html> <html> <head> <title>Basic Form</title> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/> </head> <body> Previous cookie: <?php require_once 'utils.php'; echo isset($_COOKIE['srvr_cookie']) ? html_escape_value($_COOKIE['srvr_cookie']) : 'NO'; ?> </body> </html>
<?php require_once 'utils.php'; if (!empty($_POST)) { setcookie("tc", $_POST['cookie_value'], null, '/'); } elseif (isset($_GET["show_value"])) { echo html_escape_value($_COOKIE["tc"]); die; } ?> <!DOCTYPE html> <html> <body> <form method="post"> <input name="cookie_value"> <input type="submit" value="Set cookie"> </form> </body>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru"> <head> <title>Advanced form save</title> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"> </head> <body> <?php error_reporting(0); $request = $app['request']; $POST = $request->request->all(); $FILES = $request->files->all(); if (isset($POST['select_multiple_numbers']) && false !== strpos($POST['select_multiple_numbers'][0], ',')) { $POST['select_multiple_numbers'] = explode(',', $POST['select_multiple_numbers'][0]); } // checkbox can have any value and will be successful in case "on" // http://www.w3.org/TR/html401/interact/forms.html#checkbox $POST['agreement'] = isset($POST['agreement']) ? 'on' : 'off'; ksort($POST); echo str_replace('>', '', var_export(html_escape_value($POST), true)) . "\n"; if (isset($FILES['about']) && file_exists($FILES['about']->getPathname())) { echo html_escape_value($FILES['about']->getClientOriginalName()) . "\n"; echo html_escape_value(file_get_contents($FILES['about']->getPathname())); } else { echo "no file"; } ?> </body> </html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru"> <head> <title>Cookies page</title> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/> </head> <body> <?php $cookies = $app['request']->cookies->all(); unset($cookies['MOCKSESSID']); if (isset($cookies['srvr_cookie'])) { $srvrCookie = $cookies['srvr_cookie']; unset($cookies['srvr_cookie']); $cookies['_SESS'] = ''; $cookies['srvr_cookie'] = $srvrCookie; } foreach ($cookies as $name => $val) { $cookies[$name] = (string) $val; } echo str_replace(array('>'), '', var_export(html_escape_value($cookies), true)); ?> </body> </html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <html> <body> <?php if ('1' === $app['request']->query->get('p')) { echo '<a href="/issue130.php?p=2">Go to 2</a>'; } else { echo '<strong>' . html_escape_value($app['request']->headers->get('referer')) . '</strong>'; } ?> </body>