about summary refs log tree commit diff stats
path: root/pages
diff options
context:
space:
mode:
authorStarla Insigna <hatkirby@fourisland.com>2009-10-02 19:04:20 -0400
committerStarla Insigna <hatkirby@fourisland.com>2009-10-02 19:04:20 -0400
commit9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 (patch)
tree81f4731ae7b2fa902226f084480e26411ac3ad71 /pages
parent00586f1e8ada8f5baa6e3013525862dccac77b4a (diff)
downloadfourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.gz
fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.tar.bz2
fourisland-9dfba1e70866fb2bb551678f6e04b8ddfd5467e1.zip
Fixed HTML Entites problem
When the poll escaping problem was fixed, a whole ton of other similar bugs were found which were also fixed here.

Fixes #115
Diffstat (limited to 'pages')
-rwxr-xr-xpages/blog.php10
-rwxr-xr-xpages/poll.php4
-rwxr-xr-xpages/welcome.php2
3 files changed, 8 insertions, 8 deletions
diff --git a/pages/blog.php b/pages/blog.php index c9781ee..550b027 100755 --- a/pages/blog.php +++ b/pages/blog.php
@@ -43,7 +43,7 @@ if (isset($_GET['post']))
43 { 43 {
44 updatePop($getpost3['id'],'views'); 44 updatePop($getpost3['id'],'views');
45 45
46 $title = stripslashes($getpost3['title']) . ' - Blog Archive'; 46 $title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive';
47 47
48 $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; 48 $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1";
49 $getback2 = mysql_query($getback); 49 $getback2 = mysql_query($getback);
@@ -51,7 +51,7 @@ if (isset($_GET['post']))
51 if (isset($getback3['title'])) 51 if (isset($getback3['title']))
52 { 52 {
53 $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], 53 $template->adds_block('BACK', array( 'CODED' => $getback3['slug'],
54 'TITLE' => $getback3['title'])); 54 'TITLE' => htmlentities($getback3['title'])));
55 } 55 }
56 56
57 $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; 57 $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1";
@@ -60,7 +60,7 @@ if (isset($_GET['post']))
60 if (isset($getnext3['title'])) 60 if (isset($getnext3['title']))
61 { 61 {
62 $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], 62 $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'],
63 'TITLE' => $getnext3['title'])); 63 'TITLE' => htmlentities($getnext3['title'])));
64 } 64 }
65 65
66 $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], 66 $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'],
@@ -69,7 +69,7 @@ if (isset($_GET['post']))
69 'MONTH' => date('M',strtotime($getpost3['pubDate'])), 69 'MONTH' => date('M',strtotime($getpost3['pubDate'])),
70 'DAY' => date('d',strtotime($getpost3['pubDate'])), 70 'DAY' => date('d',strtotime($getpost3['pubDate'])),
71 'CODED' => $getpost3['slug'], 71 'CODED' => $getpost3['slug'],
72 'TITLE' => $getpost3['title'], 72 'TITLE' => htmlentities($getpost3['title']),
73 'AUTHOR' => $getpost3['author'], 73 'AUTHOR' => $getpost3['author'],
74 'RATING' => $getpost3['rating'], 74 'RATING' => $getpost3['rating'],
75 'TEXT' => parseText($getpost3['text']))); 75 'TEXT' => parseText($getpost3['text'])));
@@ -189,7 +189,7 @@ if (isset($_GET['post']))
189 189
190 $template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])), 190 $template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])),
191 'CODED' => $getposts3[$i]['slug'], 191 'CODED' => $getposts3[$i]['slug'],
192 'TITLE' => $getposts3[$i]['title'])); 192 'TITLE' => htmlentities($getposts3[$i]['title'])));
193 $i++; 193 $i++;
194 } 194 }
195 if ($i==0) 195 if ($i==0)
diff --git a/pages/poll.php b/pages/poll.php index 6a87207..a9ab19f 100755 --- a/pages/poll.php +++ b/pages/poll.php
@@ -53,7 +53,7 @@ if (!isset($_GET['id']))
53 $question .= '....'; 53 $question .= '....';
54 } 54 }
55 $template->adds_block('POLL', array( 'ID' => $getpolls3[$i]['id'], 55 $template->adds_block('POLL', array( 'ID' => $getpolls3[$i]['id'],
56 'QUESTION' => $question, 56 'QUESTION' => htmlentities($question),
57 'WEEK' => date('F jS Y', strtotime($getpolls3[$i]['week'])), 57 'WEEK' => date('F jS Y', strtotime($getpolls3[$i]['week'])),
58 'EVEN' => (($i % 2 == 1) ? ' class="even"' : ''))); 58 'EVEN' => (($i % 2 == 1) ? ' class="even"' : '')));
59 $i++; 59 $i++;
@@ -90,7 +90,7 @@ if (!isset($_GET['id']))
90 90
91 if ($getpoll3['id'] == $_GET['id']) 91 if ($getpoll3['id'] == $_GET['id'])
92 { 92 {
93 $template->add('QUESTION', $getpoll3['question']); 93 $template->add('QUESTION', htmlentities($getpoll3['question']));
94 94
95 if ($getpoll3['text'] != '') 95 if ($getpoll3['text'] != '')
96 { 96 {
diff --git a/pages/welcome.php b/pages/welcome.php index 26f9938..5bd710c 100755 --- a/pages/welcome.php +++ b/pages/welcome.php
@@ -74,7 +74,7 @@ while ($getpost3 = mysql_fetch_array($getpost2))
74 'MONTH' => date('M',strtotime($getpost3['pubDate'])), 74 'MONTH' => date('M',strtotime($getpost3['pubDate'])),
75 'DAY' => date('d',strtotime($getpost3['pubDate'])), 75 'DAY' => date('d',strtotime($getpost3['pubDate'])),
76 'CODED' => $getpost3['slug'], 76 'CODED' => $getpost3['slug'],
77 'TITLE' => $getpost3['title'], 77 'TITLE' => htmlentities($getpost3['title']),
78 'AUTHOR' => $getpost3['author'], 78 'AUTHOR' => $getpost3['author'],
79 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), 79 'PLURALCOMMENT' => (isset($plural) ? $plural : ''),
80 'COMMENTS' => $comText, 80 'COMMENTS' => $comText,
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-11-04 03:41:11 +0000