From: gggeek <giunta.gaetano@gmail.com>
Date: Sat, 18 Apr 2015 23:26:52 +0000 (+0100)
Subject: Fix: make debugger work correctly when any field value is LATIN-1
X-Git-Tag: 3.0.1~6
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=cf1da74fa947682719b9038f734603e201793cf5;p=plcapi.git
Fix: make debugger work correctly when any field value is LATIN-1
---
diff --git a/debugger/action.php b/debugger/action.php
index f79aba05..717dbeeb 100644
--- a/debugger/action.php
+++ b/debugger/action.php
@@ -208,7 +208,7 @@ td form {margin: 0;}
// Before calling execute, echo out brief description of action taken + date and time ???
// this gives good user feedback for long-running methods...
- echo '<h2>'.htmlspecialchars($actionname).' on server '.htmlspecialchars($server)." ...</h2>\n";
+ echo '<h2>'.htmlspecialchars($actionname, ENT_COMPAT, $inputcharset).' on server '.htmlspecialchars($server, ENT_COMPAT, $inputcharset)." ...</h2>\n";
flush();
$response = null;
@@ -237,16 +237,16 @@ td form {margin: 0;}
if ($response->faultCode())
{
// call failed! echo out error msg!
- //echo '<h2>'.htmlspecialchars($actionname).' on server '.htmlspecialchars($server).'</h2>';
+ //echo '<h2>'.htmlspecialchars($actionname, ENT_COMPAT, $inputcharset).' on server '.htmlspecialchars($server, ENT_COMPAT, $inputcharset).'</h2>';
echo "<h3>$protoname call FAILED!</h3>\n";
- echo "<p>Fault code: [" . htmlspecialchars($response->faultCode()) .
- "] Reason: '" . htmlspecialchars($response->faultString()) . "'</p>\n";
+ echo "<p>Fault code: [" . htmlspecialchars($response->faultCode(), ENT_COMPAT, $GLOBALS['xmlrpc_internalencoding']) .
+ "] Reason: '" . htmlspecialchars($response->faultString(), ENT_COMPAT, $GLOBALS['xmlrpc_internalencoding']) . "'</p>\n";
echo (strftime("%d/%b/%Y:%H:%M:%S\n"));
}
else
{
// call succeeded: parse results
- //echo '<h2>'.htmlspecialchars($actionname).' on server '.htmlspecialchars($server).'</h2>';
+ //echo '<h2>'.htmlspecialchars($actionname, ENT_COMPAT, $inputcharset).' on server '.htmlspecialchars($server, ENT_COMPAT, $inputcharset).'</h2>';
printf ("<h3>%s call(s) OK (%.2f secs.)</h3>\n", $protoname, $time);
echo (strftime("%d/%b/%Y:%H:%M:%S\n"));
@@ -264,26 +264,26 @@ td form {margin: 0;}
{
$rec = $v->arraymem($i);
if ($i%2) $class=' class="oddrow"'; else $class = ' class="evenrow"';
- echo ("<tr><td$class>".htmlspecialchars($rec->scalarval())."</td><td$class><form action=\"controller.php\" method=\"get\" target=\"frmcontroller\">".
- "<input type=\"hidden\" name=\"host\" value=\"".htmlspecialchars($host)."\" />".
- "<input type=\"hidden\" name=\"port\" value=\"".htmlspecialchars($port)."\" />".
- "<input type=\"hidden\" name=\"path\" value=\"".htmlspecialchars($path)."\" />".
- "<input type=\"hidden\" name=\"id\" value=\"".htmlspecialchars($id)."\" />".
+ echo ("<tr><td$class>".htmlspecialchars($rec->scalarval(), ENT_COMPAT, $GLOBALS['xmlrpc_internalencoding'])."</td><td$class><form action=\"controller.php\" method=\"get\" target=\"frmcontroller\">".
+ "<input type=\"hidden\" name=\"host\" value=\"".htmlspecialchars($host, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"port\" value=\"".htmlspecialchars($port, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"path\" value=\"".htmlspecialchars($path, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"id\" value=\"".htmlspecialchars($id, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"debug\" value=\"$debug\" />".
- "<input type=\"hidden\" name=\"username\" value=\"".htmlspecialchars($username)."\" />".
- "<input type=\"hidden\" name=\"password\" value=\"".htmlspecialchars($password)."\" />".
+ "<input type=\"hidden\" name=\"username\" value=\"".htmlspecialchars($username, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"password\" value=\"".htmlspecialchars($password, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"authtype\" value=\"$authtype\" />".
"<input type=\"hidden\" name=\"verifyhost\" value=\"$verifyhost\" />".
"<input type=\"hidden\" name=\"verifypeer\" value=\"$verifypeer\" />".
- "<input type=\"hidden\" name=\"cainfo\" value=\"".htmlspecialchars($cainfo)."\" />".
- "<input type=\"hidden\" name=\"proxy\" value=\"".htmlspecialchars($proxy)."\" />".
- "<input type=\"hidden\" name=\"proxyuser\" value=\"".htmlspecialchars($proxyuser)."\" />".
- "<input type=\"hidden\" name=\"proxypwd\" value=\"".htmlspecialchars($proxypwd)."\" />".
+ "<input type=\"hidden\" name=\"cainfo\" value=\"".htmlspecialchars($cainfo, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"proxy\" value=\"".htmlspecialchars($proxy, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"proxyuser\" value=\"".htmlspecialchars($proxyuser, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"proxypwd\" value=\"".htmlspecialchars($proxypwd, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"responsecompression\" value=\"$responsecompression\" />".
"<input type=\"hidden\" name=\"requestcompression\" value=\"$requestcompression\" />".
- "<input type=\"hidden\" name=\"clientcookies\" value=\"".htmlspecialchars($clientcookies)."\" />".
+ "<input type=\"hidden\" name=\"clientcookies\" value=\"".htmlspecialchars($clientcookies, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"protocol\" value=\"$protocol\" />".
- "<input type=\"hidden\" name=\"timeout\" value=\"".htmlspecialchars($timeout)."\" />".
+ "<input type=\"hidden\" name=\"timeout\" value=\"".htmlspecialchars($timeout, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"method\" value=\"".$rec->scalarval()."\" />".
"<input type=\"hidden\" name=\"wstype\" value=\"$wstype\" />".
"<input type=\"hidden\" name=\"action\" value=\"describe\" />".
@@ -314,8 +314,8 @@ td form {margin: 0;}
$r2 = $resp[1]->value();
echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
- echo "<thead>\n<tr><th>Method</th><th>".htmlspecialchars($method)."</th><th> </th><th> </th></tr>\n</thead>\n<tbody>\n";
- $desc = htmlspecialchars($r1->scalarval());
+ echo "<thead>\n<tr><th>Method</th><th>".htmlspecialchars($method, ENT_COMPAT, $inputcharset)."</th><th> </th><th> </th></tr>\n</thead>\n<tbody>\n";
+ $desc = htmlspecialchars($r1->scalarval(), ENT_COMPAT, $GLOBALS['xmlrpc_internalencoding']);
if ($desc == "")
$desc = "-";
echo "<tr><td class=\"evenrow\">Description</td><td colspan=\"3\" class=\"evenrow\">$desc</td></tr>\n";
@@ -333,7 +333,7 @@ td form {margin: 0;}
if ($x->kindOf()=="array")
{
$ret = $x->arraymem(0);
- echo "<code>OUT: " . htmlspecialchars($ret->scalarval()) . "<br />IN: (";
+ echo "<code>OUT: " . htmlspecialchars($ret->scalarval(), ENT_COMPAT, $GLOBALS['xmlrpc_internalencoding']) . "<br />IN: (";
if ($x->arraysize() > 1)
{
for($k = 1; $k < $x->arraysize(); $k++)
@@ -342,7 +342,7 @@ td form {margin: 0;}
echo $y->scalarval();
if ($wstype != 1)
{
- $payload = $payload . '<param><value><'.htmlspecialchars($y->scalarval()).'></'.htmlspecialchars($y->scalarval())."></value></param>\n";
+ $payload = $payload . '<param><value><'.htmlspecialchars($y->scalarval(), ENT_COMPAT, $GLOBALS['xmlrpc_internalencoding']).'></'.htmlspecialchars($y->scalarval(), ENT_COMPAT, $GLOBALS['xmlrpc_internalencoding'])."></value></param>\n";
}
$alt_payload .= $y->scalarval();
if ($k < $x->arraysize()-1)
@@ -362,28 +362,28 @@ td form {margin: 0;}
//bottone per testare questo metodo
//$payload="<methodCall>\n<methodName>$method</methodName>\n<params>\n$payload</params>\n</methodCall>";
echo "<td$class><form action=\"controller.php\" target=\"frmcontroller\" method=\"get\">".
- "<input type=\"hidden\" name=\"host\" value=\"".htmlspecialchars($host)."\" />".
- "<input type=\"hidden\" name=\"port\" value=\"".htmlspecialchars($port)."\" />".
- "<input type=\"hidden\" name=\"path\" value=\"".htmlspecialchars($path)."\" />".
- "<input type=\"hidden\" name=\"id\" value=\"".htmlspecialchars($id)."\" />".
+ "<input type=\"hidden\" name=\"host\" value=\"".htmlspecialchars($host, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"port\" value=\"".htmlspecialchars($port, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"path\" value=\"".htmlspecialchars($path, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"id\" value=\"".htmlspecialchars($id, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"debug\" value=\"$debug\" />".
- "<input type=\"hidden\" name=\"username\" value=\"".htmlspecialchars($username)."\" />".
- "<input type=\"hidden\" name=\"password\" value=\"".htmlspecialchars($password)."\" />".
+ "<input type=\"hidden\" name=\"username\" value=\"".htmlspecialchars($username, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"password\" value=\"".htmlspecialchars($password, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"authtype\" value=\"$authtype\" />".
"<input type=\"hidden\" name=\"verifyhost\" value=\"$verifyhost\" />".
"<input type=\"hidden\" name=\"verifypeer\" value=\"$verifypeer\" />".
- "<input type=\"hidden\" name=\"cainfo\" value=\"".htmlspecialchars($cainfo)."\" />".
- "<input type=\"hidden\" name=\"proxy\" value=\"".htmlspecialchars($proxy)."\" />".
- "<input type=\"hidden\" name=\"proxyuser\" value=\"".htmlspecialchars($proxyuser)."\" />".
- "<input type=\"hidden\" name=\"proxypwd\" value=\"".htmlspecialchars($proxypwd)."\" />".
+ "<input type=\"hidden\" name=\"cainfo\" value=\"".htmlspecialchars($cainfo, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"proxy\" value=\"".htmlspecialchars($proxy, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"proxyuser\" value=\"".htmlspecialchars($proxyuser, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"proxypwd\" value=\"".htmlspecialchars($proxypwd, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"responsecompression\" value=\"$responsecompression\" />".
"<input type=\"hidden\" name=\"requestcompression\" value=\"$requestcompression\" />".
- "<input type=\"hidden\" name=\"clientcookies\" value=\"".htmlspecialchars($clientcookies)."\" />".
+ "<input type=\"hidden\" name=\"clientcookies\" value=\"".htmlspecialchars($clientcookies, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"protocol\" value=\"$protocol\" />".
- "<input type=\"hidden\" name=\"timeout\" value=\"".htmlspecialchars($timeout)."\" />".
- "<input type=\"hidden\" name=\"method\" value=\"".htmlspecialchars($method)."\" />".
- "<input type=\"hidden\" name=\"methodpayload\" value=\"".htmlspecialchars($payload)."\" />".
- "<input type=\"hidden\" name=\"altmethodpayload\" value=\"".htmlspecialchars($alt_payload)."\" />".
+ "<input type=\"hidden\" name=\"timeout\" value=\"".htmlspecialchars($timeout, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"method\" value=\"".htmlspecialchars($method, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"methodpayload\" value=\"".htmlspecialchars($payload, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"altmethodpayload\" value=\"".htmlspecialchars($alt_payload, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"wstype\" value=\"$wstype\" />".
"<input type=\"hidden\" name=\"action\" value=\"execute\" />";
if ($wstype != 1)
@@ -391,29 +391,29 @@ td form {margin: 0;}
echo "</form></td>\n";
echo "<td$class><form action=\"controller.php\" target=\"frmcontroller\" method=\"get\">".
- "<input type=\"hidden\" name=\"host\" value=\"".htmlspecialchars($host)."\" />".
- "<input type=\"hidden\" name=\"port\" value=\"".htmlspecialchars($port)."\" />".
- "<input type=\"hidden\" name=\"path\" value=\"".htmlspecialchars($path)."\" />".
- "<input type=\"hidden\" name=\"id\" value=\"".htmlspecialchars($id)."\" />".
+ "<input type=\"hidden\" name=\"host\" value=\"".htmlspecialchars($host, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"port\" value=\"".htmlspecialchars($port, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"path\" value=\"".htmlspecialchars($path, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"id\" value=\"".htmlspecialchars($id, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"debug\" value=\"$debug\" />".
- "<input type=\"hidden\" name=\"username\" value=\"".htmlspecialchars($username)."\" />".
- "<input type=\"hidden\" name=\"password\" value=\"".htmlspecialchars($password)."\" />".
+ "<input type=\"hidden\" name=\"username\" value=\"".htmlspecialchars($username, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"password\" value=\"".htmlspecialchars($password, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"authtype\" value=\"$authtype\" />".
"<input type=\"hidden\" name=\"verifyhost\" value=\"$verifyhost\" />".
"<input type=\"hidden\" name=\"verifypeer\" value=\"$verifypeer\" />".
- "<input type=\"hidden\" name=\"cainfo\" value=\"".htmlspecialchars($cainfo)."\" />".
- "<input type=\"hidden\" name=\"proxy\" value=\"".htmlspecialchars($proxy)."\" />".
- "<input type=\"hidden\" name=\"proxyuser\" value=\"".htmlspecialchars($proxyuser)."\" />".
- "<input type=\"hidden\" name=\"proxypwd\" value=\"".htmlspecialchars($proxypwd)."\" />".
+ "<input type=\"hidden\" name=\"cainfo\" value=\"".htmlspecialchars($cainfo, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"proxy\" value=\"".htmlspecialchars($proxy, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"proxyuser\" value=\"".htmlspecialchars($proxyuser, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"proxypwd\" value=\"".htmlspecialchars($proxypwd, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"responsecompression\" value=\"$responsecompression\" />".
"<input type=\"hidden\" name=\"requestcompression\" value=\"$requestcompression\" />".
- "<input type=\"hidden\" name=\"clientcookies\" value=\"".htmlspecialchars($clientcookies)."\" />".
+ "<input type=\"hidden\" name=\"clientcookies\" value=\"".htmlspecialchars($clientcookies, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"protocol\" value=\"$protocol\" />".
- "<input type=\"hidden\" name=\"timeout\" value=\"".htmlspecialchars($timeout)."\" />".
- "<input type=\"hidden\" name=\"method\" value=\"".htmlspecialchars($method)."\" />".
+ "<input type=\"hidden\" name=\"timeout\" value=\"".htmlspecialchars($timeout, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"method\" value=\"".htmlspecialchars($method, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"methodsig\" value=\"".$i."\" />".
- "<input type=\"hidden\" name=\"methodpayload\" value=\"".htmlspecialchars($payload)."\" />".
- "<input type=\"hidden\" name=\"altmethodpayload\" value=\"".htmlspecialchars($alt_payload)."\" />".
+ "<input type=\"hidden\" name=\"methodpayload\" value=\"".htmlspecialchars($payload, ENT_COMPAT, $inputcharset)."\" />".
+ "<input type=\"hidden\" name=\"altmethodpayload\" value=\"".htmlspecialchars($alt_payload, ENT_COMPAT, $inputcharset)."\" />".
"<input type=\"hidden\" name=\"wstype\" value=\"$wstype\" />".
"<input type=\"hidden\" name=\"run\" value=\"now\" />".
"<input type=\"hidden\" name=\"action\" value=\"wrap\" />".
@@ -470,7 +470,7 @@ td form {margin: 0;}
break;
case 'execute':
- echo '<div id="response"><h2>Response:</h2>'.htmlspecialchars($response->serialize()).'</div>';
+ echo '<div id="response"><h2>Response:</h2>'.htmlspecialchars($response->serialize(), ENT_COMPAT, $GLOBALS['xmlrpc_internalencoding']).'</div>';
break;
default: // give a warning
@@ -507,6 +507,7 @@ Path: /server.php
<h3>Changelog</h3>
<ul>
+<li>2015-04-19: fixed errors with LATIN-1 payloads and method names</li>
<li>2007-02-20: add visual editor for method payload; allow strings, bools as jsonrpc msg id</li>
<li>2006-06-26: support building php code stub for calling remote methods</li>
<li>2006-05-25: better support for long running queries; check for no-curl installs</li>
diff --git a/debugger/common.php b/debugger/common.php
index adaf3667..89a995b8 100644
--- a/debugger/common.php
+++ b/debugger/common.php
@@ -22,10 +22,13 @@
$_GET = array_map('stripslashes_deep', $_GET);
}
+ $preferredEncodings = 'UTF-8, ASCII, ISO-8859-1, UTF-7, EUC-JP, SJIS, eucJP-win, SJIS-win, JIS, ISO-2022-JP';
+ $inputcharset = mb_detect_encoding(urldecode($_SERVER['REQUEST_URI']), $preferredEncodings);
if ( isset( $_GET['usepost'] ) && $_GET['usepost'] === 'true' )
{
$_GET = $_POST;
+ $inputcharset = mb_detect_encoding(implode('', $_GET), $preferredEncodings);
}
// recover input parameters
diff --git a/debugger/controller.php b/debugger/controller.php
index afb34ad5..6d2e62ce 100644
--- a/debugger/controller.php
+++ b/debugger/controller.php
@@ -223,9 +223,9 @@ td {vertical-align: top; font-family: Verdana, Arial, Helvetica; font-size: 8pt;
<table id="serverblock">
<tr>
<td><h2>Target server</h2></td>
-<td class="labelcell">Address:</td><td><input type="text" name="host" value="<?php echo htmlspecialchars($host); ?>" /></td>
-<td class="labelcell">Port:</td><td><input type="text" name="port" value="<?php echo htmlspecialchars($port); ?>" size="5" maxlength="5" /></td>
-<td class="labelcell">Path:</td><td><input type="text" name="path" value="<?php echo htmlspecialchars($path); ?>" /></td>
+<td class="labelcell">Address:</td><td><input type="text" name="host" value="<?php echo htmlspecialchars($host, ENT_COMPAT, $inputcharset); ?>" /></td>
+<td class="labelcell">Port:</td><td><input type="text" name="port" value="<?php echo htmlspecialchars($port, ENT_COMPAT, $inputcharset); ?>" size="5" maxlength="5" /></td>
+<td class="labelcell">Path:</td><td><input type="text" name="path" value="<?php echo htmlspecialchars($path, ENT_COMPAT, $inputcharset); ?>" /></td>
</tr>
</table>
@@ -238,14 +238,14 @@ td {vertical-align: top; font-family: Verdana, Arial, Helvetica; font-size: 8pt;
<td>Generate stub for method call<input type="radio" name="action" value="wrap"<?php if ($action=='wrap') echo ' checked="checked"'; ?> onclick="switchaction();" /></td>
</tr>
</table>
-<input type="hidden" name="methodsig" value="<?php echo htmlspecialchars($methodsig); ?>" />
+<input type="hidden" name="methodsig" value="<?php echo htmlspecialchars($methodsig, ENT_COMPAT, $inputcharset); ?>" />
<table id="methodblock">
<tr>
<td><h2>Method</h2></td>
-<td class="labelcell">Name:</td><td><input type="text" name="method" value="<?php echo htmlspecialchars($method); ?>" /></td>
-<td class="labelcell">Payload:<br/><div id="methodpayloadbtn"></div></td><td><textarea id="methodpayload" name="methodpayload" rows="1" cols="40"><?php echo htmlspecialchars($payload); ?></textarea></td>
-<td class="labelcell" id="idcell">Msg id: <input type="text" name="id" size="3" value="<?php echo htmlspecialchars($id); ?>"/></td>
+<td class="labelcell">Name:</td><td><input type="text" name="method" value="<?php echo htmlspecialchars($method, ENT_COMPAT, $inputcharset); ?>" /></td>
+<td class="labelcell">Payload:<br/><div id="methodpayloadbtn"></div></td><td><textarea id="methodpayload" name="methodpayload" rows="1" cols="40"><?php echo htmlspecialchars($payload, ENT_COMPAT, $inputcharset); ?></textarea></td>
+<td class="labelcell" id="idcell">Msg id: <input type="text" name="id" size="3" value="<?php echo htmlspecialchars($id, ENT_COMPAT, $inputcharset); ?>"/></td>
<td><input type="hidden" name="wstype" value="<?php echo $wstype;?>" />
<input type="submit" value="Execute" onclick="return verifyserver();"/></td>
</tr>
@@ -269,8 +269,8 @@ td {vertical-align: top; font-family: Verdana, Arial, Helvetica; font-size: 8pt;
</tr>
<tr>
<td class="labelcell">AUTH:</td>
-<td class="labelcell">Username:</td><td><input type="text" name="username" value="<?php echo htmlspecialchars($username); ?>" /></td>
-<td class="labelcell">Pwd:</td><td><input type="password" name="password" value="<?php echo htmlspecialchars($password); ?>" /></td>
+<td class="labelcell">Username:</td><td><input type="text" name="username" value="<?php echo htmlspecialchars($username, ENT_COMPAT, $inputcharset); ?>" /></td>
+<td class="labelcell">Pwd:</td><td><input type="password" name="password" value="<?php echo htmlspecialchars($password, ENT_COMPAT, $inputcharset); ?>" /></td>
<td class="labelcell">Type</td><td><select name="authtype">
<option value="1"<?php if ($authtype == 1) echo ' selected="selected"'; ?>>Basic</option>
<option value="2"<?php if ($authtype == 2) echo ' selected="selected"'; ?>>Digest</option>
@@ -286,13 +286,13 @@ td {vertical-align: top; font-family: Verdana, Arial, Helvetica; font-size: 8pt;
<option value="2"<?php if ($verifyhost == 2) echo ' selected="selected"'; ?>>Check CN match</option>
</select></td>
<td class="labelcell">Verify Cert:</td><td><input type="checkbox" value="1" name="verifypeer" onclick="swicthcainfo();"<?php if ($verifypeer) echo ' checked="checked"'; ?> /></td>
-<td class="labelcell">CA Cert file:</td><td><input type="text" name="cainfo" value="<?php echo htmlspecialchars($cainfo); ?>" /></td>
+<td class="labelcell">CA Cert file:</td><td><input type="text" name="cainfo" value="<?php echo htmlspecialchars($cainfo, ENT_COMPAT, $inputcharset); ?>" /></td>
</tr>
<tr>
<td class="labelcell">PROXY:</td>
-<td class="labelcell">Server:</td><td><input type="text" name="proxy" value="<?php echo htmlspecialchars($proxy); ?>" /></td>
-<td class="labelcell">Proxy user:</td><td><input type="text" name="proxyuser" value="<?php echo htmlspecialchars($proxyuser); ?>" /></td>
-<td class="labelcell">Proxy pwd:</td><td><input type="password" name="proxypwd" value="<?php echo htmlspecialchars($proxypwd); ?>" /></td>
+<td class="labelcell">Server:</td><td><input type="text" name="proxy" value="<?php echo htmlspecialchars($proxy, ENT_COMPAT, $inputcharset); ?>" /></td>
+<td class="labelcell">Proxy user:</td><td><input type="text" name="proxyuser" value="<?php echo htmlspecialchars($proxyuser, ENT_COMPAT, $inputcharset); ?>" /></td>
+<td class="labelcell">Proxy pwd:</td><td><input type="password" name="proxypwd" value="<?php echo htmlspecialchars($proxypwd, ENT_COMPAT, $inputcharset); ?>" /></td>
</tr>
<tr>
<td class="labelcell">COMPRESSION:</td>
@@ -311,7 +311,7 @@ td {vertical-align: top; font-family: Verdana, Arial, Helvetica; font-size: 8pt;
</tr>
<tr>
<td class="labelcell">COOKIES:</td>
-<td colspan="4" class="labelcell"><input type="text" name="clientcookies" size="80" value="<?php echo htmlspecialchars($clientcookies); ?>" /></td>
+<td colspan="4" class="labelcell"><input type="text" name="clientcookies" size="80" value="<?php echo htmlspecialchars($clientcookies, ENT_COMPAT, $inputcharset); ?>" /></td>
<td colspan="2">Format: 'cookie1=value1, cookie2=value2'</td>
</tr>
</table>