diff options
| author | Starla Insigna <hatkirby@fourisland.com> | 2009-10-02 19:04:20 -0400 |
|---|---|---|
| committer | Starla Insigna <hatkirby@fourisland.com> | 2009-10-02 19:04:20 -0400 |
| commit | 9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 (patch) | |
| tree | 81f4731ae7b2fa902226f084480e26411ac3ad71 /admin/editPost.php | |
| parent | 00586f1e8ada8f5baa6e3013525862dccac77b4a (diff) | |
| download | fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.gz fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.bz2 fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.zip | |
Fixed HTML Entites problem
When the poll escaping problem was fixed, a whole ton of other similar bugs were found which were also fixed here. Fixes #115
Diffstat (limited to 'admin/editPost.php')
| -rw-r--r-- | admin/editPost.php | 4 |
1 files changed, 2 insertions, 2 deletions
| diff --git a/admin/editPost.php b/admin/editPost.php index b01d1e2..b87f895 100644 --- a/admin/editPost.php +++ b/admin/editPost.php | |||
| @@ -201,13 +201,13 @@ if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id'])) | |||
| 201 | $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit='); | 201 | $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit='); |
| 202 | } | 202 | } |
| 203 | 203 | ||
| 204 | $template->add('TITLEVALUE', $_POST['title']); | 204 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); |
| 205 | $template->add('TEXTVALUE', $_POST['text']); | 205 | $template->add('TEXTVALUE', $_POST['text']); |
| 206 | $template->add('TAGSVALUE', $_POST['tags']); | 206 | $template->add('TAGSVALUE', $_POST['tags']); |
| 207 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); | 207 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); |
| 208 | if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); | 208 | if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); |
| 209 | } else { | 209 | } else { |
| 210 | $template->add('TITLEVALUE', $getpost3['title']); | 210 | $template->add('TITLEVALUE', htmlentities($getpost3['title'])); |
| 211 | $template->add('TEXTVALUE', $getpost3['text']); | 211 | $template->add('TEXTVALUE', $getpost3['text']); |
| 212 | $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); | 212 | $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); |
| 213 | $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); | 213 | $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); |