diff options
-rw-r--r-- | admin/drafts.php | 2 | ||||
-rw-r--r-- | admin/editLink.php | 4 | ||||
-rw-r--r-- | admin/editPoll.php | 30 | ||||
-rw-r--r-- | admin/editPost.php | 4 | ||||
-rw-r--r-- | admin/links.php | 2 | ||||
-rw-r--r-- | admin/newLink.php | 2 | ||||
-rw-r--r-- | admin/newPoll.php | 19 | ||||
-rw-r--r-- | admin/newPost.php | 2 | ||||
-rw-r--r-- | admin/pending.php | 2 | ||||
-rw-r--r-- | admin/polls.php | 2 | ||||
-rw-r--r-- | admin/posts.php | 2 | ||||
-rwxr-xr-x | includes/footer.php | 8 | ||||
-rwxr-xr-x | includes/functions.php | 12 | ||||
-rwxr-xr-x | includes/header.php | 4 | ||||
-rwxr-xr-x | pages/blog.php | 10 | ||||
-rwxr-xr-x | pages/poll.php | 4 | ||||
-rwxr-xr-x | pages/welcome.php | 2 |
17 files changed, 59 insertions, 52 deletions
diff --git a/admin/drafts.php b/admin/drafts.php index 22d8a09..5f7be1a 100644 --- a/admin/drafts.php +++ b/admin/drafts.php | |||
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) | |||
82 | { | 82 | { |
83 | if (!empty($post)) | 83 | if (!empty($post)) |
84 | { | 84 | { |
85 | $template->adds_block('POST', array( 'TITLE' => $post['title'], | 85 | $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), |
86 | 'AUTHOR' => $post['author'], | 86 | 'AUTHOR' => $post['author'], |
87 | 'ID' => $post['id'], | 87 | 'ID' => $post['id'], |
88 | 'CODED' => $post['slug'], | 88 | 'CODED' => $post['slug'], |
diff --git a/admin/editLink.php b/admin/editLink.php index fe4fb66..f3ba9cc 100644 --- a/admin/editLink.php +++ b/admin/editLink.php | |||
@@ -74,10 +74,10 @@ if (isset($_GET['submit'])) | |||
74 | $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.')); | 74 | $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.')); |
75 | } | 75 | } |
76 | 76 | ||
77 | $template->add('TITLEVALUE', $_POST['title']); | 77 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); |
78 | $template->add('URLVALUE', $_POST['url']); | 78 | $template->add('URLVALUE', $_POST['url']); |
79 | } else { | 79 | } else { |
80 | $template->add('TITLEVALUE', $getlink3['title']); | 80 | $template->add('TITLEVALUE', htmlentities($getlink3['title'])); |
81 | $template->add('URLVALUE', $getlink3['url']); | 81 | $template->add('URLVALUE', $getlink3['url']); |
82 | } | 82 | } |
83 | 83 | ||
diff --git a/admin/editPoll.php b/admin/editPoll.php index 3a154a3..425f33c 100644 --- a/admin/editPoll.php +++ b/admin/editPoll.php | |||
@@ -81,21 +81,21 @@ if (isset($_GET['submit'])) | |||
81 | $getpoll2 = mysql_query($getpoll); | 81 | $getpoll2 = mysql_query($getpoll); |
82 | $getpoll3 = mysql_fetch_array($getpoll2); | 82 | $getpoll3 = mysql_fetch_array($getpoll2); |
83 | 83 | ||
84 | $template->add('QUESTIONVALUE', $_POST['question']); | 84 | $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); |
85 | $template->add('OPTION1VALUE', $_POST['option1']); | 85 | $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); |
86 | $template->add('OPTION2VALUE', $_POST['option2']); | 86 | $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); |
87 | $template->add('OPTION3VALUE', $_POST['option3']); | 87 | $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); |
88 | $template->add('OPTION4VALUE', $_POST['option4']); | 88 | $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); |
89 | $template->add('TEXTVALUE', $_POST['text']); | 89 | $template->add('TEXTVALUE', $_POST['text']); |
90 | } else { | 90 | } else { |
91 | $inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; | 91 | $inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; |
92 | $inspoll2 = mysql_query($inspoll); | 92 | $inspoll2 = mysql_query($inspoll); |
93 | 93 | ||
94 | $template->add('QUESTIONVALUE', $_POST['question']); | 94 | $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); |
95 | $template->add('OPTION1VALUE', $_POST['option1']); | 95 | $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); |
96 | $template->add('OPTION2VALUE', $_POST['option2']); | 96 | $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); |
97 | $template->add('OPTION3VALUE', $_POST['option3']); | 97 | $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); |
98 | $template->add('OPTION4VALUE', $_POST['option4']); | 98 | $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); |
99 | $template->add('TEXTVALUE', $_POST['text']); | 99 | $template->add('TEXTVALUE', $_POST['text']); |
100 | 100 | ||
101 | $template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. <a href="/poll/' . $_GET['id'] . '.php">View poll</a>.')); | 101 | $template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. <a href="/poll/' . $_GET['id'] . '.php">View poll</a>.')); |
@@ -105,11 +105,11 @@ if (isset($_GET['submit'])) | |||
105 | $getpoll2 = mysql_query($getpoll); | 105 | $getpoll2 = mysql_query($getpoll); |
106 | $getpoll3 = mysql_fetch_array($getpoll2); | 106 | $getpoll3 = mysql_fetch_array($getpoll2); |
107 | 107 | ||
108 | $template->add('QUESTIONVALUE', $getpoll3['question']); | 108 | $template->add('QUESTIONVALUE', htmlentities($getpoll3['question'])); |
109 | $template->add('OPTION1VALUE', $getpoll3['option1']); | 109 | $template->add('OPTION1VALUE', htmlentities($getpoll3['option1'])); |
110 | $template->add('OPTION2VALUE', $getpoll3['option2']); | 110 | $template->add('OPTION2VALUE', htmlentities($getpoll3['option2'])); |
111 | $template->add('OPTION3VALUE', $getpoll3['option3']); | 111 | $template->add('OPTION3VALUE', htmlentities($getpoll3['option3'])); |
112 | $template->add('OPTION4VALUE', $getpoll3['option4']); | 112 | $template->add('OPTION4VALUE', htmlentities($getpoll3['option4'])); |
113 | $template->add('TEXTVALUE', $getpoll3['text']); | 113 | $template->add('TEXTVALUE', $getpoll3['text']); |
114 | } | 114 | } |
115 | 115 | ||
diff --git a/admin/editPost.php b/admin/editPost.php index b01d1e2..b87f895 100644 --- a/admin/editPost.php +++ b/admin/editPost.php | |||
@@ -201,13 +201,13 @@ if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id'])) | |||
201 | $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit='); | 201 | $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit='); |
202 | } | 202 | } |
203 | 203 | ||
204 | $template->add('TITLEVALUE', $_POST['title']); | 204 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); |
205 | $template->add('TEXTVALUE', $_POST['text']); | 205 | $template->add('TEXTVALUE', $_POST['text']); |
206 | $template->add('TAGSVALUE', $_POST['tags']); | 206 | $template->add('TAGSVALUE', $_POST['tags']); |
207 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); | 207 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); |
208 | if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); | 208 | if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); |
209 | } else { | 209 | } else { |
210 | $template->add('TITLEVALUE', $getpost3['title']); | 210 | $template->add('TITLEVALUE', htmlentities($getpost3['title'])); |
211 | $template->add('TEXTVALUE', $getpost3['text']); | 211 | $template->add('TEXTVALUE', $getpost3['text']); |
212 | $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); | 212 | $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); |
213 | $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); | 213 | $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); |
diff --git a/admin/links.php b/admin/links.php index d1ab878..fc1c813 100644 --- a/admin/links.php +++ b/admin/links.php | |||
@@ -97,7 +97,7 @@ foreach ($pager->getPageData() as $link) | |||
97 | { | 97 | { |
98 | if (!empty($link)) | 98 | if (!empty($link)) |
99 | { | 99 | { |
100 | $template->adds_block('LINK', array( 'TITLE' => $link['title'], | 100 | $template->adds_block('LINK', array( 'TITLE' => htmlentities($link['title']), |
101 | 'URL' => $link['url'], | 101 | 'URL' => $link['url'], |
102 | 'ID' => $link['id'], | 102 | 'ID' => $link['id'], |
103 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); | 103 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); |
diff --git a/admin/newLink.php b/admin/newLink.php index 3f6b42c..90313bd 100644 --- a/admin/newLink.php +++ b/admin/newLink.php | |||
@@ -80,7 +80,7 @@ if (isset($_GET['submit'])) | |||
80 | $template->add('TYPEDISABLED', ' readonly="readonly"'); | 80 | $template->add('TYPEDISABLED', ' readonly="readonly"'); |
81 | } | 81 | } |
82 | 82 | ||
83 | $template->add('TITLEVALUE', $_POST['title']); | 83 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); |
84 | $template->add('URLVALUE', $_POST['url']); | 84 | $template->add('URLVALUE', $_POST['url']); |
85 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); | 85 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); |
86 | } else { | 86 | } else { |
diff --git a/admin/newPoll.php b/admin/newPoll.php index c924cd9..d105f45 100644 --- a/admin/newPoll.php +++ b/admin/newPoll.php | |||
@@ -77,6 +77,13 @@ if (isset($_GET['submit'])) | |||
77 | 77 | ||
78 | $template->add('TITLE', 'New Poll'); | 78 | $template->add('TITLE', 'New Poll'); |
79 | $template->add('ACTION', '/admin/newPoll.php?submit='); | 79 | $template->add('ACTION', '/admin/newPoll.php?submit='); |
80 | |||
81 | $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); | ||
82 | $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); | ||
83 | $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); | ||
84 | $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); | ||
85 | $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); | ||
86 | $template->add('TEXTVALUE', htmlentities($_POST['text'])); | ||
80 | } else { | 87 | } else { |
81 | $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4,text) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . mysql_real_escape_string($_POST['option1']) . "\",\"" . mysql_real_escape_string($_POST['option2']) . "\",\"" . mysql_real_escape_string($_POST['option3']) . "\",\"" . mysql_real_escape_string($_POST['option4']) . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; | 88 | $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4,text) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . mysql_real_escape_string($_POST['option1']) . "\",\"" . mysql_real_escape_string($_POST['option2']) . "\",\"" . mysql_real_escape_string($_POST['option3']) . "\",\"" . mysql_real_escape_string($_POST['option4']) . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; |
82 | $inspoll2 = mysql_query($inspoll); | 89 | $inspoll2 = mysql_query($inspoll); |
@@ -86,12 +93,12 @@ if (isset($_GET['submit'])) | |||
86 | $cleardid = "TRUNCATE TABLE didpollalready"; | 93 | $cleardid = "TRUNCATE TABLE didpollalready"; |
87 | $cleardid2 = mysql_query($cleardid); | 94 | $cleardid2 = mysql_query($cleardid); |
88 | 95 | ||
89 | $template->add('QUESTIONVALUE', $_POST['question']); | 96 | $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); |
90 | $template->add('OPTION1VALUE', $_POST['option1']); | 97 | $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); |
91 | $template->add('OPTION2VALUE', $_POST['option2']); | 98 | $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); |
92 | $template->add('OPTION3VALUE', $_POST['option3']); | 99 | $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); |
93 | $template->add('OPTION4VALUE', $_POST['option4']); | 100 | $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); |
94 | $template->add('TEXTVALUE', $_POST['text']); | 101 | $template->add('TEXTVALUE', htmlentities($_POST['text'])); |
95 | 102 | ||
96 | $template->add('TITLE', 'Edit Poll'); | 103 | $template->add('TITLE', 'Edit Poll'); |
97 | $template->add('ACTION', '/admin/editPoll.php?id=' . $id . '&submit='); | 104 | $template->add('ACTION', '/admin/editPoll.php?id=' . $id . '&submit='); |
diff --git a/admin/newPost.php b/admin/newPost.php index eb6b4e0..32e7aa2 100644 --- a/admin/newPost.php +++ b/admin/newPost.php | |||
@@ -145,7 +145,7 @@ if (isset($_GET['submit'])) | |||
145 | if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); | 145 | if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); |
146 | } | 146 | } |
147 | 147 | ||
148 | $template->add('TITLEVALUE', $_POST['title']); | 148 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); |
149 | $template->add('TEXTVALUE', $_POST['text']); | 149 | $template->add('TEXTVALUE', $_POST['text']); |
150 | $template->add('TAGSVALUE', $_POST['tags']); | 150 | $template->add('TAGSVALUE', $_POST['tags']); |
151 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); | 151 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); |
diff --git a/admin/pending.php b/admin/pending.php index 407cd35..6f1cfaf 100644 --- a/admin/pending.php +++ b/admin/pending.php | |||
@@ -148,7 +148,7 @@ foreach ($pager->getPageData() as $post) | |||
148 | { | 148 | { |
149 | if (!empty($post)) | 149 | if (!empty($post)) |
150 | { | 150 | { |
151 | $template->add_ref($j, 'POST', array( 'TITLE' => $post['title'], | 151 | $template->add_ref($j, 'POST', array( 'TITLE' => htmlentities($post['title']), |
152 | 'AUTHOR' => $post['author'], | 152 | 'AUTHOR' => $post['author'], |
153 | 'ID' => $post['id'], | 153 | 'ID' => $post['id'], |
154 | 'CODED' => $post['slug'], | 154 | 'CODED' => $post['slug'], |
diff --git a/admin/polls.php b/admin/polls.php index 8e1465c..e4239fa 100644 --- a/admin/polls.php +++ b/admin/polls.php | |||
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) | |||
82 | { | 82 | { |
83 | if (!empty($post)) | 83 | if (!empty($post)) |
84 | { | 84 | { |
85 | $template->adds_block('POST', array( 'TITLE' => $post['question'], | 85 | $template->adds_block('POST', array( 'TITLE' => htmlentities($post['question']), |
86 | 'ID' => $post['id'], | 86 | 'ID' => $post['id'], |
87 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); | 87 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); |
88 | } | 88 | } |
diff --git a/admin/posts.php b/admin/posts.php index 605db30..d2e34c5 100644 --- a/admin/posts.php +++ b/admin/posts.php | |||
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) | |||
82 | { | 82 | { |
83 | if (!empty($post)) | 83 | if (!empty($post)) |
84 | { | 84 | { |
85 | $template->adds_block('POST', array( 'TITLE' => $post['title'], | 85 | $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), |
86 | 'AUTHOR' => $post['author'], | 86 | 'AUTHOR' => $post['author'], |
87 | 'ID' => $post['id'], | 87 | 'ID' => $post['id'], |
88 | 'CODED' => $post['slug'], | 88 | 'CODED' => $post['slug'], |
diff --git a/includes/footer.php b/includes/footer.php index 19cc341..d1f9668 100755 --- a/includes/footer.php +++ b/includes/footer.php | |||
@@ -1,4 +1,4 @@ | |||
1 | <?php | 1 | <?php |
2 | /* | 2 | /* |
3 | 444444444 | 3 | 444444444 |
4 | 4::::::::4 | 4 | 4::::::::4 |
@@ -65,7 +65,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) | |||
65 | 'AREA' => 'blog', | 65 | 'AREA' => 'blog', |
66 | 'CODED' => $getpost3['slug'], | 66 | 'CODED' => $getpost3['slug'], |
67 | 'ENDING' => '/', | 67 | 'ENDING' => '/', |
68 | 'TITLE' => stripslashes($getpost3['title']), | 68 | 'TITLE' => stripslashes(htmlentities($getpost3['title'])), |
69 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); | 69 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); |
70 | $i++; | 70 | $i++; |
71 | } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) | 71 | } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) |
@@ -89,7 +89,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) | |||
89 | 'AREA' => 'poll', | 89 | 'AREA' => 'poll', |
90 | 'CODED' => $getpotw3['id'], | 90 | 'CODED' => $getpotw3['id'], |
91 | 'ENDING' => '.php', | 91 | 'ENDING' => '.php', |
92 | 'TITLE' => 'Poll "' . $getpotw3['question'] . '"', | 92 | 'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"', |
93 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); | 93 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); |
94 | $i++; | 94 | $i++; |
95 | } | 95 | } |
@@ -169,7 +169,7 @@ $i=0; | |||
169 | while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) | 169 | while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) |
170 | { | 170 | { |
171 | $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], | 171 | $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], |
172 | 'TITLE' => stripslashes($getpopular3[$i]['title']))); | 172 | 'TITLE' => stripslashes(htmlentities($getpopular3[$i]['title'])))); |
173 | $i++; | 173 | $i++; |
174 | } | 174 | } |
175 | 175 | ||
diff --git a/includes/functions.php b/includes/functions.php index ce7a03e..1ff5c41 100755 --- a/includes/functions.php +++ b/includes/functions.php | |||
@@ -276,7 +276,7 @@ function displayRelated($title, $avoid = 0) | |||
276 | $template = new FITemplate('related'); | 276 | $template = new FITemplate('related'); |
277 | } | 277 | } |
278 | 278 | ||
279 | $template->adds_block('POST', array( 'TITLE' => $getrelated3[$i]['title'], | 279 | $template->adds_block('POST', array( 'TITLE' => htmlentities($getrelated3[$i]['title']), |
280 | 'CODED' => $getrelated3[$i]['slug'], | 280 | 'CODED' => $getrelated3[$i]['slug'], |
281 | 'AUTHOR' => $getrelated3[$i]['author'], | 281 | 'AUTHOR' => $getrelated3[$i]['author'], |
282 | 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate'])))); | 282 | 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate'])))); |
@@ -326,11 +326,11 @@ function getPollOfTheWeek($id = -1) | |||
326 | $getpoll2 = mysql_query($getpoll); | 326 | $getpoll2 = mysql_query($getpoll); |
327 | $getpoll3 = mysql_fetch_array($getpoll2); | 327 | $getpoll3 = mysql_fetch_array($getpoll2); |
328 | 328 | ||
329 | $potw->add('QUESTION', $getpoll3['question']); | 329 | $potw->add('QUESTION', stripslashes(htmlentities($getpoll3['question']))); |
330 | $potw->add('OPTION1', $getpoll3['option1']); | 330 | $potw->add('OPTION1', stripslashes(htmlentities($getpoll3['option1']))); |
331 | $potw->add('OPTION2', $getpoll3['option2']); | 331 | $potw->add('OPTION2', stripslashes(htmlentities($getpoll3['option2']))); |
332 | $potw->add('OPTION3', $getpoll3['option3']); | 332 | $potw->add('OPTION3', stripslashes(htmlentities($getpoll3['option3']))); |
333 | $potw->add('OPTION4', $getpoll3['option4']); | 333 | $potw->add('OPTION4', stripslashes(htmlentities($getpoll3['option4']))); |
334 | 334 | ||
335 | $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; | 335 | $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; |
336 | $getip2 = mysql_query($getip); | 336 | $getip2 = mysql_query($getip); |
diff --git a/includes/header.php b/includes/header.php index 3a8edff..003e002 100755 --- a/includes/header.php +++ b/includes/header.php | |||
@@ -77,7 +77,7 @@ $i=0; | |||
77 | while ($getaffs3 = mysql_fetch_array($getaffs2)) | 77 | while ($getaffs3 = mysql_fetch_array($getaffs2)) |
78 | { | 78 | { |
79 | $headerTemp->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), | 79 | $headerTemp->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), |
80 | 'TITLE' => $getaffs3['title'], | 80 | 'TITLE' => htmlentities($getaffs3['title']), |
81 | 'URL' => $getaffs3['url'])); | 81 | 'URL' => $getaffs3['url'])); |
82 | } | 82 | } |
83 | 83 | ||
@@ -87,7 +87,7 @@ $i=0; | |||
87 | while ($getwebps3 = mysql_fetch_array($getwebps2)) | 87 | while ($getwebps3 = mysql_fetch_array($getwebps2)) |
88 | { | 88 | { |
89 | $headerTemp->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), | 89 | $headerTemp->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), |
90 | 'TITLE' => $getwebps3['title'], | 90 | 'TITLE' => htmlentities($getwebps3['title']), |
91 | 'URL' => $getwebps3['url'])); | 91 | 'URL' => $getwebps3['url'])); |
92 | } | 92 | } |
93 | 93 | ||
diff --git a/pages/blog.php b/pages/blog.php index c9781ee..550b027 100755 --- a/pages/blog.php +++ b/pages/blog.php | |||
@@ -43,7 +43,7 @@ if (isset($_GET['post'])) | |||
43 | { | 43 | { |
44 | updatePop($getpost3['id'],'views'); | 44 | updatePop($getpost3['id'],'views'); |
45 | 45 | ||
46 | $title = stripslashes($getpost3['title']) . ' - Blog Archive'; | 46 | $title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive'; |
47 | 47 | ||
48 | $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; | 48 | $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; |
49 | $getback2 = mysql_query($getback); | 49 | $getback2 = mysql_query($getback); |
@@ -51,7 +51,7 @@ if (isset($_GET['post'])) | |||
51 | if (isset($getback3['title'])) | 51 | if (isset($getback3['title'])) |
52 | { | 52 | { |
53 | $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], | 53 | $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], |
54 | 'TITLE' => $getback3['title'])); | 54 | 'TITLE' => htmlentities($getback3['title']))); |
55 | } | 55 | } |
56 | 56 | ||
57 | $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; | 57 | $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; |
@@ -60,7 +60,7 @@ if (isset($_GET['post'])) | |||
60 | if (isset($getnext3['title'])) | 60 | if (isset($getnext3['title'])) |
61 | { | 61 | { |
62 | $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], | 62 | $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], |
63 | 'TITLE' => $getnext3['title'])); | 63 | 'TITLE' => htmlentities($getnext3['title']))); |
64 | } | 64 | } |
65 | 65 | ||
66 | $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], | 66 | $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], |
@@ -69,7 +69,7 @@ if (isset($_GET['post'])) | |||
69 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), | 69 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), |
70 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), | 70 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), |
71 | 'CODED' => $getpost3['slug'], | 71 | 'CODED' => $getpost3['slug'], |
72 | 'TITLE' => $getpost3['title'], | 72 | 'TITLE' => htmlentities($getpost3['title']), |
73 | 'AUTHOR' => $getpost3['author'], | 73 | 'AUTHOR' => $getpost3['author'], |
74 | 'RATING' => $getpost3['rating'], | 74 | 'RATING' => $getpost3['rating'], |
75 | 'TEXT' => parseText($getpost3['text']))); | 75 | 'TEXT' => parseText($getpost3['text']))); |
@@ -189,7 +189,7 @@ if (isset($_GET['post'])) | |||
189 | 189 | ||
190 | $template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])), | 190 | $template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])), |
191 | 'CODED' => $getposts3[$i]['slug'], | 191 | 'CODED' => $getposts3[$i]['slug'], |
192 | 'TITLE' => $getposts3[$i]['title'])); | 192 | 'TITLE' => htmlentities($getposts3[$i]['title']))); |
193 | $i++; | 193 | $i++; |
194 | } | 194 | } |
195 | if ($i==0) | 195 | if ($i==0) |
diff --git a/pages/poll.php b/pages/poll.php index 6a87207..a9ab19f 100755 --- a/pages/poll.php +++ b/pages/poll.php | |||
@@ -53,7 +53,7 @@ if (!isset($_GET['id'])) | |||
53 | $question .= '....'; | 53 | $question .= '....'; |
54 | } | 54 | } |
55 | $template->adds_block('POLL', array( 'ID' => $getpolls3[$i]['id'], | 55 | $template->adds_block('POLL', array( 'ID' => $getpolls3[$i]['id'], |
56 | 'QUESTION' => $question, | 56 | 'QUESTION' => htmlentities($question), |
57 | 'WEEK' => date('F jS Y', strtotime($getpolls3[$i]['week'])), | 57 | 'WEEK' => date('F jS Y', strtotime($getpolls3[$i]['week'])), |
58 | 'EVEN' => (($i % 2 == 1) ? ' class="even"' : ''))); | 58 | 'EVEN' => (($i % 2 == 1) ? ' class="even"' : ''))); |
59 | $i++; | 59 | $i++; |
@@ -90,7 +90,7 @@ if (!isset($_GET['id'])) | |||
90 | 90 | ||
91 | if ($getpoll3['id'] == $_GET['id']) | 91 | if ($getpoll3['id'] == $_GET['id']) |
92 | { | 92 | { |
93 | $template->add('QUESTION', $getpoll3['question']); | 93 | $template->add('QUESTION', htmlentities($getpoll3['question'])); |
94 | 94 | ||
95 | if ($getpoll3['text'] != '') | 95 | if ($getpoll3['text'] != '') |
96 | { | 96 | { |
diff --git a/pages/welcome.php b/pages/welcome.php index 26f9938..5bd710c 100755 --- a/pages/welcome.php +++ b/pages/welcome.php | |||
@@ -74,7 +74,7 @@ while ($getpost3 = mysql_fetch_array($getpost2)) | |||
74 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), | 74 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), |
75 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), | 75 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), |
76 | 'CODED' => $getpost3['slug'], | 76 | 'CODED' => $getpost3['slug'], |
77 | 'TITLE' => $getpost3['title'], | 77 | 'TITLE' => htmlentities($getpost3['title']), |
78 | 'AUTHOR' => $getpost3['author'], | 78 | 'AUTHOR' => $getpost3['author'], |
79 | 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), | 79 | 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), |
80 | 'COMMENTS' => $comText, | 80 | 'COMMENTS' => $comText, |