Fixed HTML Entites problem

When the poll escaping problem was fixed, a whole ton of other similar bugs were found which were also fixed here. Fixes #115
author: Starla Insigna <hatkirby@fourisland.com> 2009-10-02 19:04:20 -0400
committer: Starla Insigna <hatkirby@fourisland.com> 2009-10-02 19:04:20 -0400
commit: 9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 (patch)
tree: 81f4731ae7b2fa902226f084480e26411ac3ad71 /pages/blog.php
parent: 00586f1e8ada8f5baa6e3013525862dccac77b4a (diff)
download: fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.gz
fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.bz2
fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/pages/blog.php b/pages/blog.php
index c9781ee..550b027 100755
--- a/pages/blog.php
+++ b/pages/blog.php

@@ -43,7 +43,7 @@ if (isset($_GET['post']))
        {
                updatePop($getpost3['id'],'views');
-                $title = stripslashes($getpost3['title']) . ' - Blog Archive';
+                $title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive';
                $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1";
                $getback2 = mysql_query($getback);
@@ -51,7 +51,7 @@ if (isset($_GET['post']))
                if (isset($getback3['title']))
                {
                        $template->adds_block('BACK', array(    'CODED' => $getback3['slug'],
-                                                                'TITLE' => $getback3['title']));
+                                                                'TITLE' => htmlentities($getback3['title'])));
                }
                $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1";
@@ -60,7 +60,7 @@ if (isset($_GET['post']))
                if (isset($getnext3['title']))
                {
                        $template->adds_block('NEXT', array(    'CODED' => $getnext3['slug'],
-                                                                'TITLE' => $getnext3['title']));
+                                                                'TITLE' => htmlentities($getnext3['title'])));
                }
                $template->add_ref(0, 'POST', array(    'ID' => $getpost3['id'],
@@ -69,7 +69,7 @@ if (isset($_GET['post']))
                                                        'MONTH' => date('M',strtotime($getpost3['pubDate'])),
                                                        'DAY' => date('d',strtotime($getpost3['pubDate'])),
                                                        'CODED' => $getpost3['slug'],
-                                                        'TITLE' => $getpost3['title'],
+                                                        'TITLE' => htmlentities($getpost3['title']),
                                                        'AUTHOR' => $getpost3['author'],
                                                        'RATING' => $getpost3['rating'],
                                                        'TEXT' => parseText($getpost3['text'])));
@@ -189,7 +189,7 @@ if (isset($_GET['post']))
                $template->adds_ref_sub($curID, 'SMALL',array(  'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])),
                                                                'CODED' => $getposts3[$i]['slug'],
-                                                                'TITLE' => $getposts3[$i]['title']));
+                                                                'TITLE' => htmlentities($getposts3[$i]['title'])));
                $i++;
        }
        if ($i==0)
author	Starla Insigna <hatkirby@fourisland.com>	2009-10-02 19:04:20 -0400
committer	Starla Insigna <hatkirby@fourisland.com>	2009-10-02 19:04:20 -0400
commit	9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 (patch)
tree	81f4731ae7b2fa902226f084480e26411ac3ad71 /pages/blog.php
parent	00586f1e8ada8f5baa6e3013525862dccac77b4a (diff)
download	fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.gz fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.bz2 fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.zip

diff --git a/pages/blog.php b/pages/blog.php index c9781ee..550b027 100755 --- a/pages/blog.php +++ b/pages/blog.php
@@ -43,7 +43,7 @@ if (isset($_GET['post']))
43	{	43	{
44	updatePop($getpost3['id'],'views');	44	updatePop($getpost3['id'],'views');
45		45
46	$title = stripslashes($getpost3['title']) . ' - Blog Archive';	46	$title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive';
47		47
48	$getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1";	48	$getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1";
49	$getback2 = mysql_query($getback);	49	$getback2 = mysql_query($getback);
@@ -51,7 +51,7 @@ if (isset($_GET['post']))
51	if (isset($getback3['title']))	51	if (isset($getback3['title']))
52	{	52	{
53	$template->adds_block('BACK', array( 'CODED' => $getback3['slug'],	53	$template->adds_block('BACK', array( 'CODED' => $getback3['slug'],
54	'TITLE' => $getback3['title']));	54	'TITLE' => htmlentities($getback3['title'])));
55	}	55	}
56		56
57	$getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1";	57	$getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1";
@@ -60,7 +60,7 @@ if (isset($_GET['post']))
60	if (isset($getnext3['title']))	60	if (isset($getnext3['title']))
61	{	61	{
62	$template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'],	62	$template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'],
63	'TITLE' => $getnext3['title']));	63	'TITLE' => htmlentities($getnext3['title'])));
64	}	64	}
65		65
66	$template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'],	66	$template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'],
@@ -69,7 +69,7 @@ if (isset($_GET['post']))
69	'MONTH' => date('M',strtotime($getpost3['pubDate'])),	69	'MONTH' => date('M',strtotime($getpost3['pubDate'])),
70	'DAY' => date('d',strtotime($getpost3['pubDate'])),	70	'DAY' => date('d',strtotime($getpost3['pubDate'])),
71	'CODED' => $getpost3['slug'],	71	'CODED' => $getpost3['slug'],
72	'TITLE' => $getpost3['title'],	72	'TITLE' => htmlentities($getpost3['title']),
73	'AUTHOR' => $getpost3['author'],	73	'AUTHOR' => $getpost3['author'],
74	'RATING' => $getpost3['rating'],	74	'RATING' => $getpost3['rating'],
75	'TEXT' => parseText($getpost3['text'])));	75	'TEXT' => parseText($getpost3['text'])));
@@ -189,7 +189,7 @@ if (isset($_GET['post']))
189		189
190	$template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])),	190	$template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])),
191	'CODED' => $getposts3[$i]['slug'],	191	'CODED' => $getposts3[$i]['slug'],
192	'TITLE' => $getposts3[$i]['title']));	192	'TITLE' => htmlentities($getposts3[$i]['title'])));
193	$i++;	193	$i++;
194	}	194	}
195	if ($i==0)	195	if ($i==0)