summary refs log tree commit diff stats
path: root/includes
diff options
context:
space:
mode:
authorStarla Insigna <hatkirby@fourisland.com>2009-10-02 19:04:20 -0400
committerStarla Insigna <hatkirby@fourisland.com>2009-10-02 19:04:20 -0400
commit9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 (patch)
tree81f4731ae7b2fa902226f084480e26411ac3ad71 /includes
parent00586f1e8ada8f5baa6e3013525862dccac77b4a (diff)
downloadfourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.gz
fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.bz2
fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.zip
Fixed HTML Entites problem
When the poll escaping problem was fixed, a whole ton of other similar bugs were found which were also fixed here.

Fixes #115
Diffstat (limited to 'includes')
-rwxr-xr-xincludes/footer.php8
-rwxr-xr-xincludes/functions.php12
-rwxr-xr-xincludes/header.php4
3 files changed, 12 insertions, 12 deletions
diff --git a/includes/footer.php b/includes/footer.php index 19cc341..d1f9668 100755 --- a/includes/footer.php +++ b/includes/footer.php
@@ -1,4 +1,4 @@
1<?php 1 <?php
2/* 2/*
3 444444444 3 444444444
4 4::::::::4 4 4::::::::4
@@ -65,7 +65,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
65 'AREA' => 'blog', 65 'AREA' => 'blog',
66 'CODED' => $getpost3['slug'], 66 'CODED' => $getpost3['slug'],
67 'ENDING' => '/', 67 'ENDING' => '/',
68 'TITLE' => stripslashes($getpost3['title']), 68 'TITLE' => stripslashes(htmlentities($getpost3['title'])),
69 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); 69 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
70 $i++; 70 $i++;
71 } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) 71 } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)
@@ -89,7 +89,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
89 'AREA' => 'poll', 89 'AREA' => 'poll',
90 'CODED' => $getpotw3['id'], 90 'CODED' => $getpotw3['id'],
91 'ENDING' => '.php', 91 'ENDING' => '.php',
92 'TITLE' => 'Poll "' . $getpotw3['question'] . '"', 92 'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"',
93 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); 93 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
94 $i++; 94 $i++;
95 } 95 }
@@ -169,7 +169,7 @@ $i=0;
169while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) 169while ($getpopular3[$i] = mysql_fetch_array($getpopular2))
170{ 170{
171 $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], 171 $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'],
172 'TITLE' => stripslashes($getpopular3[$i]['title']))); 172 'TITLE' => stripslashes(htmlentities($getpopular3[$i]['title']))));
173 $i++; 173 $i++;
174} 174}
175 175
diff --git a/includes/functions.php b/includes/functions.php index ce7a03e..1ff5c41 100755 --- a/includes/functions.php +++ b/includes/functions.php
@@ -276,7 +276,7 @@ function displayRelated($title, $avoid = 0)
276 $template = new FITemplate('related'); 276 $template = new FITemplate('related');
277 } 277 }
278 278
279 $template->adds_block('POST', array( 'TITLE' => $getrelated3[$i]['title'], 279 $template->adds_block('POST', array( 'TITLE' => htmlentities($getrelated3[$i]['title']),
280 'CODED' => $getrelated3[$i]['slug'], 280 'CODED' => $getrelated3[$i]['slug'],
281 'AUTHOR' => $getrelated3[$i]['author'], 281 'AUTHOR' => $getrelated3[$i]['author'],
282 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate'])))); 282 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate']))));
@@ -326,11 +326,11 @@ function getPollOfTheWeek($id = -1)
326 $getpoll2 = mysql_query($getpoll); 326 $getpoll2 = mysql_query($getpoll);
327 $getpoll3 = mysql_fetch_array($getpoll2); 327 $getpoll3 = mysql_fetch_array($getpoll2);
328 328
329 $potw->add('QUESTION', $getpoll3['question']); 329 $potw->add('QUESTION', stripslashes(htmlentities($getpoll3['question'])));
330 $potw->add('OPTION1', $getpoll3['option1']); 330 $potw->add('OPTION1', stripslashes(htmlentities($getpoll3['option1'])));
331 $potw->add('OPTION2', $getpoll3['option2']); 331 $potw->add('OPTION2', stripslashes(htmlentities($getpoll3['option2'])));
332 $potw->add('OPTION3', $getpoll3['option3']); 332 $potw->add('OPTION3', stripslashes(htmlentities($getpoll3['option3'])));
333 $potw->add('OPTION4', $getpoll3['option4']); 333 $potw->add('OPTION4', stripslashes(htmlentities($getpoll3['option4'])));
334 334
335 $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; 335 $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
336 $getip2 = mysql_query($getip); 336 $getip2 = mysql_query($getip);
diff --git a/includes/header.php b/includes/header.php index 3a8edff..003e002 100755 --- a/includes/header.php +++ b/includes/header.php
@@ -77,7 +77,7 @@ $i=0;
77while ($getaffs3 = mysql_fetch_array($getaffs2)) 77while ($getaffs3 = mysql_fetch_array($getaffs2))
78{ 78{
79 $headerTemp->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), 79 $headerTemp->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++),
80 'TITLE' => $getaffs3['title'], 80 'TITLE' => htmlentities($getaffs3['title']),
81 'URL' => $getaffs3['url'])); 81 'URL' => $getaffs3['url']));
82} 82}
83 83
@@ -87,7 +87,7 @@ $i=0;
87while ($getwebps3 = mysql_fetch_array($getwebps2)) 87while ($getwebps3 = mysql_fetch_array($getwebps2))
88{ 88{
89 $headerTemp->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), 89 $headerTemp->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++),
90 'TITLE' => $getwebps3['title'], 90 'TITLE' => htmlentities($getwebps3['title']),
91 'URL' => $getwebps3['url'])); 91 'URL' => $getwebps3['url']));
92} 92}
93 93