Fixed HTML Entites problem

When the poll escaping problem was fixed, a whole ton of other similar bugs were found which were also fixed here. Fixes #115
author: Starla Insigna <hatkirby@fourisland.com> 2009-10-02 19:04:20 -0400
committer: Starla Insigna <hatkirby@fourisland.com> 2009-10-02 19:04:20 -0400
commit: 9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 (patch)
tree: 81f4731ae7b2fa902226f084480e26411ac3ad71 /pages/poll.php
parent: 00586f1e8ada8f5baa6e3013525862dccac77b4a (diff)
download: fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.gz
fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.bz2
fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/pages/poll.php b/pages/poll.php
index 6a87207..a9ab19f 100755
--- a/pages/poll.php
+++ b/pages/poll.php

@@ -53,7 +53,7 @@ if (!isset($_GET['id']))
                        $question .= '....';
                }
                $template->adds_block('POLL', array(    'ID' => $getpolls3[$i]['id'],
-                                                        'QUESTION' => $question,
+                                                        'QUESTION' => htmlentities($question),
                                                        'WEEK' => date('F jS Y', strtotime($getpolls3[$i]['week'])),
                                                        'EVEN' => (($i % 2 == 1) ? ' class="even"' : '')));
                $i++;
@@ -90,7 +90,7 @@ if (!isset($_GET['id']))
        if ($getpoll3['id'] == $_GET['id'])
        {
-                $template->add('QUESTION', $getpoll3['question']);
+                $template->add('QUESTION', htmlentities($getpoll3['question']));
                if ($getpoll3['text'] != '')
                {
author	Starla Insigna <hatkirby@fourisland.com>	2009-10-02 19:04:20 -0400
committer	Starla Insigna <hatkirby@fourisland.com>	2009-10-02 19:04:20 -0400
commit	9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 (patch)
tree	81f4731ae7b2fa902226f084480e26411ac3ad71 /pages/poll.php
parent	00586f1e8ada8f5baa6e3013525862dccac77b4a (diff)
download	fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.gz fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.bz2 fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.zip

diff --git a/pages/poll.php b/pages/poll.php index 6a87207..a9ab19f 100755 --- a/pages/poll.php +++ b/pages/poll.php
@@ -53,7 +53,7 @@ if (!isset($_GET['id']))
53	$question .= '....';	53	$question .= '....';
54	}	54	}
55	$template->adds_block('POLL', array( 'ID' => $getpolls3[$i]['id'],	55	$template->adds_block('POLL', array( 'ID' => $getpolls3[$i]['id'],
56	'QUESTION' => $question,	56	'QUESTION' => htmlentities($question),
57	'WEEK' => date('F jS Y', strtotime($getpolls3[$i]['week'])),	57	'WEEK' => date('F jS Y', strtotime($getpolls3[$i]['week'])),
58	'EVEN' => (($i % 2 == 1) ? ' class="even"' : '')));	58	'EVEN' => (($i % 2 == 1) ? ' class="even"' : '')));
59	$i++;	59	$i++;
@@ -90,7 +90,7 @@ if (!isset($_GET['id']))
90		90
91	if ($getpoll3['id'] == $_GET['id'])	91	if ($getpoll3['id'] == $_GET['id'])
92	{	92	{
93	$template->add('QUESTION', $getpoll3['question']);	93	$template->add('QUESTION', htmlentities($getpoll3['question']));
94		94
95	if ($getpoll3['text'] != '')	95	if ($getpoll3['text'] != '')
96	{	96	{