fix: title escape

web/app/controllers/add_contest.php

@@ -5,9 +5,7 @@ Auth::check() || redirectToLogin();
 UOJContest::userCanCreateContest(Auth::user()) || UOJResponse::page403();
 
 $time_form = new UOJForm('time');
-$time_form->addInput(
-	'name',
-	[
+$time_form->addInput('name', [
 	'label' => UOJLocale::get('contests::contest name'),
 	'default_value' => 'New Contest',
 	'validator_php' => function ($name, &$vdata) {
@@ -20,7 +18,6 @@ $time_form->addInput(
 		}
 
 		$name = HTML::escape($name);
-
 		if ($name === '') {
 			return '无效编码';
 		}
@@ -29,11 +26,8 @@ $time_form->addInput(
 
 		return '';
 	},
-	]
-);
-$time_form->addInput(
-	'start_time',
-	[
+]);
+$time_form->addInput('start_time', [
 	'div_class' => 'mt-2',
 	'label' => UOJLocale::get('contests::start time'),
 	'default_value' => UOJTime::$time_now_str,
@@ -46,11 +40,8 @@ $time_form->addInput(
 
 		return '';
 	},
-	]
-);
-$time_form->addInput(
-	'last_min',
-	[
+]);
+$time_form->addInput('last_min', [
 	'div_class' => 'mt-2',
 	'label' => UOJLocale::get('contests::duration'),
 	'default_value' => '180',
@@ -64,8 +55,7 @@ $time_form->addInput(
 
 		return '';
 	},
-	]
-);
+]);
 $time_form->handle = function (&$vdata) {
 	$start_time_str = $vdata['start_time']->format('Y-m-d H:i:s');
 

web/app/controllers/contest_manage.php

@@ -37,11 +37,9 @@ if (!isset($tabs_info[$cur_tab])) {
 
 if ($cur_tab == 'profile') {
 	$profile_form = new UOJForm('time');
-	$profile_form->addInput(
-		'name',
-		[
+	$profile_form->addInput('name',	[
 		'label' => '比赛标题',
-			'default_value' => UOJContest::info('name'),
+		'default_value' => HTML::unescape(UOJContest::info('name')),
 		'validator_php' => function ($name, &$vdata) {
 			if ($name == '') {
 				return '标题不能为空';
@@ -61,11 +59,8 @@ if ($cur_tab == 'profile') {
 
 			return '';
 		},
-		],
-	);
-	$profile_form->addInput(
-		'start_time',
-		[
+	]);
+	$profile_form->addInput('start_time', [
 		'div_class' => 'mt-3',
 		'label' => '开始时间',
 		'default_value' => UOJContest::info('start_time_str'),
@@ -77,11 +72,8 @@ if ($cur_tab == 'profile') {
 			}
 			return '';
 		},
-		]
-	);
-	$profile_form->addInput(
-		'last_min',
-		[
+	]);
+	$profile_form->addInput('last_min', [
 		'div_class' => 'mt-3',
 		'label' => '时长',
 		'help' => '单位为分钟。',
@@ -93,8 +85,7 @@ if ($cur_tab == 'profile') {
 			$vdata['last_min'] = $last_min;
 			return '';
 		},
-		]
-	);
+	]);
 	$profile_form->handle = function (&$vdata) {
 		DB::update([
 			"update contests",
@@ -163,9 +154,7 @@ EOD);
 	}
 
 	$add_problem_form = new UOJForm('add_problem');
-	$add_problem_form->addInput(
-		'problem_id',
-		[
+	$add_problem_form->addInput('problem_id', [
 		'label' => '题目 ID',
 		'validator_php' => function ($problem_id, &$vdata) {
 			$problem = UOJProblem::query($problem_id);
@@ -185,8 +174,7 @@ EOD);
 
 			return '';
 		},
-		]
-	);
+	]);
 	$add_problem_form->addSelect('judge_config', [
 		'div_class' => 'mt-3',
 		'label' => '评测设置',

web/app/controllers/group_manage.php

@@ -32,7 +32,7 @@ if ($cur_tab == 'profile') {
 	$update_profile_form = new UOJForm('update_profile');
 	$update_profile_form->addInput('name', [
 		'label' => '名称',
-		'default_value' => UOJGroup::info('title'),
+		'default_value' => HTML::unescape(UOJGroup::info('title')),
 		'validator_php' => function ($title, &$vdata) {
 			if ($title == '') {
 				return '名称不能为空';

web/app/controllers/list_manage.php

@@ -26,7 +26,7 @@ if ($cur_tab == 'profile') {
 	$update_profile_form = new UOJForm('update_profile');
 	$update_profile_form->addInput('name', [
 		'label' => '标题',
-		'default_value' => UOJList::info('title'),
+		'default_value' => HTML::unescape(UOJList::info('title')),
 		'validator_php' => function ($title, &$vdata) {
 			if ($title == '') {
 				return '标题不能为空';

web/app/models/HTML.php

@@ -11,6 +11,15 @@ class HTML {
 			return htmlspecialchars($str);
 		}
 	}
+
+	public static function unescape(?string $str) {
+		if ($str === null) {
+			return '';
+		} else {
+			return htmlspecialchars_decode($str);
+		}
+	}
+
 	public static function stripTags($str) {
 		return strip_tags($str);
 	}