fix CVE-2015-7348

demo/cn/asyncData/getNodes.php

@@ -21,11 +21,9 @@ if ($pLevel==null || $pLevel=="") $pLevel = "0";
 if ($pName==null) $pName = "";
 else $pName = $pName.".";
 
-$pId = str_replace("%<%", "&lt;", $pId);
-$pId = str_replace("%>%", "&gt;", $pId);
+$pId = htmlspecialchars($pId);
 
-$pName = str_replace("%<%", "&lt;", $pName);
-$pName = str_replace("%>%", "&gt;", $pName);
+$pName = htmlspecialchars($pName);
 
 //for ($i=1; $i<9999; $i++) {
 //	for ($j=1; $j<999; $j++) {

demo/cn/asyncData/getNodesForBigData.php

@@ -11,8 +11,7 @@ if(array_key_exists( 'count',$_REQUEST)) {
 if ($pId==null || $pId=="") $pId = "0";
 if ($pCount==null || $pCount=="") $pCount = "10";
 
-$pId = str_replace("%<%", "&lt;", $pId);
-$pId = str_replace("%>%", "&gt;", $pId);
+$pId = htmlspecialchars($pId);
 
 $max = (int)$pCount;
 for ($i=1; $i<=$max; $i++) {
@@ -24,4 +23,4 @@ for ($i=1; $i<=$max; $i++) {
 	}
 	
 }
-?>]
\ No newline at end of file
+?>]

demo/en/asyncData/getNodes.php

@@ -21,11 +21,9 @@ if ($pLevel==null || $pLevel=="") $pLevel = "0";
 if ($pName==null) $pName = "";
 else $pName = $pName.".";
 
-$pId = str_replace("%<%", "&lt;", $pId);
-$pId = str_replace("%>%", "&gt;", $pId);
+$pId = htmlspecialchars($pId);
 
-$pName = str_replace("%<%", "&lt;", $pName);
-$pName = str_replace("%>%", "&gt;", $pName);
+$pName = htmlspecialchars($pName);
 
 //for ($i=1; $i<9999; $i++) {
 //	for ($j=1; $j<999; $j++) {

demo/en/asyncData/getNodesForBigData.php

@@ -11,8 +11,7 @@ if(array_key_exists( 'count',$_REQUEST)) {
 if ($pId==null || $pId=="") $pId = "0";
 if ($pCount==null || $pCount=="") $pCount = "10";
 
-$pId = str_replace("%<%", "&lt;", $pId);
-$pId = str_replace("%>%", "&gt;", $pId);
+$pId = htmlspecialchars($pId);
 
 $max = (int)$pCount;
 for ($i=1; $i<=$max; $i++) {
@@ -24,4 +23,4 @@ for ($i=1; $i<=$max; $i++) {
 	}
 	
 }
-?>]
\ No newline at end of file
+?>]