diff options
author | Starla Insigna <hatkirby@fourisland.com> | 2009-10-02 19:04:20 -0400 |
---|---|---|
committer | Starla Insigna <hatkirby@fourisland.com> | 2009-10-02 19:04:20 -0400 |
commit | 9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 (patch) | |
tree | 81f4731ae7b2fa902226f084480e26411ac3ad71 /includes | |
parent | 00586f1e8ada8f5baa6e3013525862dccac77b4a (diff) | |
download | fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.gz fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.bz2 fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.zip |
Fixed HTML Entites problem
When the poll escaping problem was fixed, a whole ton of other similar bugs were found which were also fixed here. Fixes #115
Diffstat (limited to 'includes')
-rwxr-xr-x | includes/footer.php | 8 | ||||
-rwxr-xr-x | includes/functions.php | 12 | ||||
-rwxr-xr-x | includes/header.php | 4 |
3 files changed, 12 insertions, 12 deletions
diff --git a/includes/footer.php b/includes/footer.php index 19cc341..d1f9668 100755 --- a/includes/footer.php +++ b/includes/footer.php | |||
@@ -1,4 +1,4 @@ | |||
1 | <?php | 1 | <?php |
2 | /* | 2 | /* |
3 | 444444444 | 3 | 444444444 |
4 | 4::::::::4 | 4 | 4::::::::4 |
@@ -65,7 +65,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) | |||
65 | 'AREA' => 'blog', | 65 | 'AREA' => 'blog', |
66 | 'CODED' => $getpost3['slug'], | 66 | 'CODED' => $getpost3['slug'], |
67 | 'ENDING' => '/', | 67 | 'ENDING' => '/', |
68 | 'TITLE' => stripslashes($getpost3['title']), | 68 | 'TITLE' => stripslashes(htmlentities($getpost3['title'])), |
69 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); | 69 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); |
70 | $i++; | 70 | $i++; |
71 | } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) | 71 | } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) |
@@ -89,7 +89,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) | |||
89 | 'AREA' => 'poll', | 89 | 'AREA' => 'poll', |
90 | 'CODED' => $getpotw3['id'], | 90 | 'CODED' => $getpotw3['id'], |
91 | 'ENDING' => '.php', | 91 | 'ENDING' => '.php', |
92 | 'TITLE' => 'Poll "' . $getpotw3['question'] . '"', | 92 | 'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"', |
93 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); | 93 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); |
94 | $i++; | 94 | $i++; |
95 | } | 95 | } |
@@ -169,7 +169,7 @@ $i=0; | |||
169 | while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) | 169 | while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) |
170 | { | 170 | { |
171 | $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], | 171 | $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], |
172 | 'TITLE' => stripslashes($getpopular3[$i]['title']))); | 172 | 'TITLE' => stripslashes(htmlentities($getpopular3[$i]['title'])))); |
173 | $i++; | 173 | $i++; |
174 | } | 174 | } |
175 | 175 | ||
diff --git a/includes/functions.php b/includes/functions.php index ce7a03e..1ff5c41 100755 --- a/includes/functions.php +++ b/includes/functions.php | |||
@@ -276,7 +276,7 @@ function displayRelated($title, $avoid = 0) | |||
276 | $template = new FITemplate('related'); | 276 | $template = new FITemplate('related'); |
277 | } | 277 | } |
278 | 278 | ||
279 | $template->adds_block('POST', array( 'TITLE' => $getrelated3[$i]['title'], | 279 | $template->adds_block('POST', array( 'TITLE' => htmlentities($getrelated3[$i]['title']), |
280 | 'CODED' => $getrelated3[$i]['slug'], | 280 | 'CODED' => $getrelated3[$i]['slug'], |
281 | 'AUTHOR' => $getrelated3[$i]['author'], | 281 | 'AUTHOR' => $getrelated3[$i]['author'], |
282 | 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate'])))); | 282 | 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate'])))); |
@@ -326,11 +326,11 @@ function getPollOfTheWeek($id = -1) | |||
326 | $getpoll2 = mysql_query($getpoll); | 326 | $getpoll2 = mysql_query($getpoll); |
327 | $getpoll3 = mysql_fetch_array($getpoll2); | 327 | $getpoll3 = mysql_fetch_array($getpoll2); |
328 | 328 | ||
329 | $potw->add('QUESTION', $getpoll3['question']); | 329 | $potw->add('QUESTION', stripslashes(htmlentities($getpoll3['question']))); |
330 | $potw->add('OPTION1', $getpoll3['option1']); | 330 | $potw->add('OPTION1', stripslashes(htmlentities($getpoll3['option1']))); |
331 | $potw->add('OPTION2', $getpoll3['option2']); | 331 | $potw->add('OPTION2', stripslashes(htmlentities($getpoll3['option2']))); |
332 | $potw->add('OPTION3', $getpoll3['option3']); | 332 | $potw->add('OPTION3', stripslashes(htmlentities($getpoll3['option3']))); |
333 | $potw->add('OPTION4', $getpoll3['option4']); | 333 | $potw->add('OPTION4', stripslashes(htmlentities($getpoll3['option4']))); |
334 | 334 | ||
335 | $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; | 335 | $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; |
336 | $getip2 = mysql_query($getip); | 336 | $getip2 = mysql_query($getip); |
diff --git a/includes/header.php b/includes/header.php index 3a8edff..003e002 100755 --- a/includes/header.php +++ b/includes/header.php | |||
@@ -77,7 +77,7 @@ $i=0; | |||
77 | while ($getaffs3 = mysql_fetch_array($getaffs2)) | 77 | while ($getaffs3 = mysql_fetch_array($getaffs2)) |
78 | { | 78 | { |
79 | $headerTemp->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), | 79 | $headerTemp->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), |
80 | 'TITLE' => $getaffs3['title'], | 80 | 'TITLE' => htmlentities($getaffs3['title']), |
81 | 'URL' => $getaffs3['url'])); | 81 | 'URL' => $getaffs3['url'])); |
82 | } | 82 | } |
83 | 83 | ||
@@ -87,7 +87,7 @@ $i=0; | |||
87 | while ($getwebps3 = mysql_fetch_array($getwebps2)) | 87 | while ($getwebps3 = mysql_fetch_array($getwebps2)) |
88 | { | 88 | { |
89 | $headerTemp->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), | 89 | $headerTemp->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), |
90 | 'TITLE' => $getwebps3['title'], | 90 | 'TITLE' => htmlentities($getwebps3['title']), |
91 | 'URL' => $getwebps3['url'])); | 91 | 'URL' => $getwebps3['url'])); |
92 | } | 92 | } |
93 | 93 | ||