1. d0ne1s

    No comment

    d0ne1s
Changes in body
Source | HTML | Preview
@@ -151,10 +151,13 @@
$q_body = urlencode("body:{$_GET['body']} ");
}
if($_GET['tag']) {
$q_tag = urlencode("tag:{$_GET['tag']} ");
}
+function esc($s){
+ return htmlspecialchars($s, ENT_QUOTES, 'utf-8');
+}
$base_url = "https://qiita.com/api/v2/items";
$url = "{$base_url}?per_page=100&query={$q_user}{$q_title}{$q_body}{$q_tag}";
$curl = curl_init();
$option = [
CURLOPT_URL => $url,
@@ -206,21 +209,21 @@
</a>
</div>
<div>
<p>
<span class='mr-1'>検索結果</span>
- <span class='text-gray-800 text-xs'>(ユーザー名: <?= $_GET['user'] ?>, タイトル: <?= $_GET['title'] ?>, 本文: <?= $_GET['body'] ?>, タグ: <?= $_GET['tag'] ?>)
+ <span class='text-gray-800 text-xs'>(ユーザー名: <?= esc($_GET['user']); ?>, タイトル: <?= esc($_GET['title']); ?>, 本文: <?= esc($_GET['body']); ?>, タグ: <?= esc($_GET['tag']); ?>)
</span>
</p>
</div>
<div>
<?php foreach($articles as $a){ ?>
<div class='py-4'>
- <a href='https://qiita.com/<?= $a['user']['id']; ?>' class='block text-xs' target='_blank'><?= $a['user']['name']; ?> (@<?= $a['user']['id']; ?>)</a>
- <a href='<?= $a['url']; ?>' class='block hover:underline' target='_blank'>
+ <a href='https://qiita.com/<?= esc($a['user']['id']); ?>' class='block text-xs' target='_blank'><?= esc($a['user']['name']); ?> (@<?= esc($a['user']['id']); ?>)</a>
+ <a href='<?= esc($a['url']); ?>' class='block hover:underline' target='_blank'>
<h3 class='text-lg' style='color: #1a0dab;'><?= $a['title']; ?></h3>
- <p class='break-all text-xs text-gray-800'><?= substr($a['body'], 0, 200); ?></p>
+ <p class='break-all text-xs text-gray-800'><?= substr(esc($a['body']), 0, 200); ?></p>
</a>
</div>
<?php } ?>
</div>
</div>