summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--admin/drafts.php2
-rw-r--r--admin/editLink.php4
-rw-r--r--admin/editPoll.php30
-rw-r--r--admin/editPost.php4
-rw-r--r--admin/links.php2
-rw-r--r--admin/newLink.php2
-rw-r--r--admin/newPoll.php19
-rw-r--r--admin/newPost.php2
-rw-r--r--admin/pending.php2
-rw-r--r--admin/polls.php2
-rw-r--r--admin/posts.php2
-rwxr-xr-xincludes/footer.php8
-rwxr-xr-xincludes/functions.php12
-rwxr-xr-xincludes/header.php4
-rwxr-xr-xpages/blog.php10
-rwxr-xr-xpages/poll.php4
-rwxr-xr-xpages/welcome.php2
17 files changed, 59 insertions, 52 deletions
diff --git a/admin/drafts.php b/admin/drafts.php index 22d8a09..5f7be1a 100644 --- a/admin/drafts.php +++ b/admin/drafts.php
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post)
82{ 82{
83 if (!empty($post)) 83 if (!empty($post))
84 { 84 {
85 $template->adds_block('POST', array( 'TITLE' => $post['title'], 85 $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']),
86 'AUTHOR' => $post['author'], 86 'AUTHOR' => $post['author'],
87 'ID' => $post['id'], 87 'ID' => $post['id'],
88 'CODED' => $post['slug'], 88 'CODED' => $post['slug'],
diff --git a/admin/editLink.php b/admin/editLink.php index fe4fb66..f3ba9cc 100644 --- a/admin/editLink.php +++ b/admin/editLink.php
@@ -74,10 +74,10 @@ if (isset($_GET['submit']))
74 $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.')); 74 $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.'));
75 } 75 }
76 76
77 $template->add('TITLEVALUE', $_POST['title']); 77 $template->add('TITLEVALUE', htmlentities($_POST['title']));
78 $template->add('URLVALUE', $_POST['url']); 78 $template->add('URLVALUE', $_POST['url']);
79} else { 79} else {
80 $template->add('TITLEVALUE', $getlink3['title']); 80 $template->add('TITLEVALUE', htmlentities($getlink3['title']));
81 $template->add('URLVALUE', $getlink3['url']); 81 $template->add('URLVALUE', $getlink3['url']);
82} 82}
83 83
diff --git a/admin/editPoll.php b/admin/editPoll.php index 3a154a3..425f33c 100644 --- a/admin/editPoll.php +++ b/admin/editPoll.php
@@ -81,21 +81,21 @@ if (isset($_GET['submit']))
81 $getpoll2 = mysql_query($getpoll); 81 $getpoll2 = mysql_query($getpoll);
82 $getpoll3 = mysql_fetch_array($getpoll2); 82 $getpoll3 = mysql_fetch_array($getpoll2);
83 83
84 $template->add('QUESTIONVALUE', $_POST['question']); 84 $template->add('QUESTIONVALUE', htmlentities($_POST['question']));
85 $template->add('OPTION1VALUE', $_POST['option1']); 85 $template->add('OPTION1VALUE', htmlentities($_POST['option1']));
86 $template->add('OPTION2VALUE', $_POST['option2']); 86 $template->add('OPTION2VALUE', htmlentities($_POST['option2']));
87 $template->add('OPTION3VALUE', $_POST['option3']); 87 $template->add('OPTION3VALUE', htmlentities($_POST['option3']));
88 $template->add('OPTION4VALUE', $_POST['option4']); 88 $template->add('OPTION4VALUE', htmlentities($_POST['option4']));
89 $template->add('TEXTVALUE', $_POST['text']); 89 $template->add('TEXTVALUE', $_POST['text']);
90 } else { 90 } else {
91 $inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; 91 $inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id'];
92 $inspoll2 = mysql_query($inspoll); 92 $inspoll2 = mysql_query($inspoll);
93 93
94 $template->add('QUESTIONVALUE', $_POST['question']); 94 $template->add('QUESTIONVALUE', htmlentities($_POST['question']));
95 $template->add('OPTION1VALUE', $_POST['option1']); 95 $template->add('OPTION1VALUE', htmlentities($_POST['option1']));
96 $template->add('OPTION2VALUE', $_POST['option2']); 96 $template->add('OPTION2VALUE', htmlentities($_POST['option2']));
97 $template->add('OPTION3VALUE', $_POST['option3']); 97 $template->add('OPTION3VALUE', htmlentities($_POST['option3']));
98 $template->add('OPTION4VALUE', $_POST['option4']); 98 $template->add('OPTION4VALUE', htmlentities($_POST['option4']));
99 $template->add('TEXTVALUE', $_POST['text']); 99 $template->add('TEXTVALUE', $_POST['text']);
100 100
101 $template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. <a href="/poll/' . $_GET['id'] . '.php">View poll</a>.')); 101 $template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. <a href="/poll/' . $_GET['id'] . '.php">View poll</a>.'));
@@ -105,11 +105,11 @@ if (isset($_GET['submit']))
105 $getpoll2 = mysql_query($getpoll); 105 $getpoll2 = mysql_query($getpoll);
106 $getpoll3 = mysql_fetch_array($getpoll2); 106 $getpoll3 = mysql_fetch_array($getpoll2);
107 107
108 $template->add('QUESTIONVALUE', $getpoll3['question']); 108 $template->add('QUESTIONVALUE', htmlentities($getpoll3['question']));
109 $template->add('OPTION1VALUE', $getpoll3['option1']); 109 $template->add('OPTION1VALUE', htmlentities($getpoll3['option1']));
110 $template->add('OPTION2VALUE', $getpoll3['option2']); 110 $template->add('OPTION2VALUE', htmlentities($getpoll3['option2']));
111 $template->add('OPTION3VALUE', $getpoll3['option3']); 111 $template->add('OPTION3VALUE', htmlentities($getpoll3['option3']));
112 $template->add('OPTION4VALUE', $getpoll3['option4']); 112 $template->add('OPTION4VALUE', htmlentities($getpoll3['option4']));
113 $template->add('TEXTVALUE', $getpoll3['text']); 113 $template->add('TEXTVALUE', $getpoll3['text']);
114} 114}
115 115
diff --git a/admin/editPost.php b/admin/editPost.php index b01d1e2..b87f895 100644 --- a/admin/editPost.php +++ b/admin/editPost.php
@@ -201,13 +201,13 @@ if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id']))
201 $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&amp;id=' . $id . '&amp;submit='); 201 $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&amp;id=' . $id . '&amp;submit=');
202 } 202 }
203 203
204 $template->add('TITLEVALUE', $_POST['title']); 204 $template->add('TITLEVALUE', htmlentities($_POST['title']));
205 $template->add('TEXTVALUE', $_POST['text']); 205 $template->add('TEXTVALUE', $_POST['text']);
206 $template->add('TAGSVALUE', $_POST['tags']); 206 $template->add('TAGSVALUE', $_POST['tags']);
207 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); 207 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
208 if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); 208 if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"');
209 } else { 209 } else {
210 $template->add('TITLEVALUE', $getpost3['title']); 210 $template->add('TITLEVALUE', htmlentities($getpost3['title']));
211 $template->add('TEXTVALUE', $getpost3['text']); 211 $template->add('TEXTVALUE', $getpost3['text']);
212 $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); 212 $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']])));
213 $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); 213 $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"');
diff --git a/admin/links.php b/admin/links.php index d1ab878..fc1c813 100644 --- a/admin/links.php +++ b/admin/links.php
@@ -97,7 +97,7 @@ foreach ($pager->getPageData() as $link)
97{ 97{
98 if (!empty($link)) 98 if (!empty($link))
99 { 99 {
100 $template->adds_block('LINK', array( 'TITLE' => $link['title'], 100 $template->adds_block('LINK', array( 'TITLE' => htmlentities($link['title']),
101 'URL' => $link['url'], 101 'URL' => $link['url'],
102 'ID' => $link['id'], 102 'ID' => $link['id'],
103 'ODD' => ($j % 2 ? '' : ' class="odd"'))); 103 'ODD' => ($j % 2 ? '' : ' class="odd"')));
diff --git a/admin/newLink.php b/admin/newLink.php index 3f6b42c..90313bd 100644 --- a/admin/newLink.php +++ b/admin/newLink.php
@@ -80,7 +80,7 @@ if (isset($_GET['submit']))
80 $template->add('TYPEDISABLED', ' readonly="readonly"'); 80 $template->add('TYPEDISABLED', ' readonly="readonly"');
81 } 81 }
82 82
83 $template->add('TITLEVALUE', $_POST['title']); 83 $template->add('TITLEVALUE', htmlentities($_POST['title']));
84 $template->add('URLVALUE', $_POST['url']); 84 $template->add('URLVALUE', $_POST['url']);
85 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); 85 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
86} else { 86} else {
diff --git a/admin/newPoll.php b/admin/newPoll.php index c924cd9..d105f45 100644 --- a/admin/newPoll.php +++ b/admin/newPoll.php
@@ -77,6 +77,13 @@ if (isset($_GET['submit']))
77 77
78 $template->add('TITLE', 'New Poll'); 78 $template->add('TITLE', 'New Poll');
79 $template->add('ACTION', '/admin/newPoll.php?submit='); 79 $template->add('ACTION', '/admin/newPoll.php?submit=');
80
81 $template->add('QUESTIONVALUE', htmlentities($_POST['question']));
82 $template->add('OPTION1VALUE', htmlentities($_POST['option1']));
83 $template->add('OPTION2VALUE', htmlentities($_POST['option2']));
84 $template->add('OPTION3VALUE', htmlentities($_POST['option3']));
85 $template->add('OPTION4VALUE', htmlentities($_POST['option4']));
86 $template->add('TEXTVALUE', htmlentities($_POST['text']));
80 } else { 87 } else {
81 $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4,text) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . mysql_real_escape_string($_POST['option1']) . "\",\"" . mysql_real_escape_string($_POST['option2']) . "\",\"" . mysql_real_escape_string($_POST['option3']) . "\",\"" . mysql_real_escape_string($_POST['option4']) . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; 88 $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4,text) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . mysql_real_escape_string($_POST['option1']) . "\",\"" . mysql_real_escape_string($_POST['option2']) . "\",\"" . mysql_real_escape_string($_POST['option3']) . "\",\"" . mysql_real_escape_string($_POST['option4']) . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")";
82 $inspoll2 = mysql_query($inspoll); 89 $inspoll2 = mysql_query($inspoll);
@@ -86,12 +93,12 @@ if (isset($_GET['submit']))
86 $cleardid = "TRUNCATE TABLE didpollalready"; 93 $cleardid = "TRUNCATE TABLE didpollalready";
87 $cleardid2 = mysql_query($cleardid); 94 $cleardid2 = mysql_query($cleardid);
88 95
89 $template->add('QUESTIONVALUE', $_POST['question']); 96 $template->add('QUESTIONVALUE', htmlentities($_POST['question']));
90 $template->add('OPTION1VALUE', $_POST['option1']); 97 $template->add('OPTION1VALUE', htmlentities($_POST['option1']));
91 $template->add('OPTION2VALUE', $_POST['option2']); 98 $template->add('OPTION2VALUE', htmlentities($_POST['option2']));
92 $template->add('OPTION3VALUE', $_POST['option3']); 99 $template->add('OPTION3VALUE', htmlentities($_POST['option3']));
93 $template->add('OPTION4VALUE', $_POST['option4']); 100 $template->add('OPTION4VALUE', htmlentities($_POST['option4']));
94 $template->add('TEXTVALUE', $_POST['text']); 101 $template->add('TEXTVALUE', htmlentities($_POST['text']));
95 102
96 $template->add('TITLE', 'Edit Poll'); 103 $template->add('TITLE', 'Edit Poll');
97 $template->add('ACTION', '/admin/editPoll.php?id=' . $id . '&amp;submit='); 104 $template->add('ACTION', '/admin/editPoll.php?id=' . $id . '&amp;submit=');
diff --git a/admin/newPost.php b/admin/newPost.php index eb6b4e0..32e7aa2 100644 --- a/admin/newPost.php +++ b/admin/newPost.php
@@ -145,7 +145,7 @@ if (isset($_GET['submit']))
145 if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); 145 if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"');
146 } 146 }
147 147
148 $template->add('TITLEVALUE', $_POST['title']); 148 $template->add('TITLEVALUE', htmlentities($_POST['title']));
149 $template->add('TEXTVALUE', $_POST['text']); 149 $template->add('TEXTVALUE', $_POST['text']);
150 $template->add('TAGSVALUE', $_POST['tags']); 150 $template->add('TAGSVALUE', $_POST['tags']);
151 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); 151 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
diff --git a/admin/pending.php b/admin/pending.php index 407cd35..6f1cfaf 100644 --- a/admin/pending.php +++ b/admin/pending.php
@@ -148,7 +148,7 @@ foreach ($pager->getPageData() as $post)
148{ 148{
149 if (!empty($post)) 149 if (!empty($post))
150 { 150 {
151 $template->add_ref($j, 'POST', array( 'TITLE' => $post['title'], 151 $template->add_ref($j, 'POST', array( 'TITLE' => htmlentities($post['title']),
152 'AUTHOR' => $post['author'], 152 'AUTHOR' => $post['author'],
153 'ID' => $post['id'], 153 'ID' => $post['id'],
154 'CODED' => $post['slug'], 154 'CODED' => $post['slug'],
diff --git a/admin/polls.php b/admin/polls.php index 8e1465c..e4239fa 100644 --- a/admin/polls.php +++ b/admin/polls.php
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post)
82{ 82{
83 if (!empty($post)) 83 if (!empty($post))
84 { 84 {
85 $template->adds_block('POST', array( 'TITLE' => $post['question'], 85 $template->adds_block('POST', array( 'TITLE' => htmlentities($post['question']),
86 'ID' => $post['id'], 86 'ID' => $post['id'],
87 'ODD' => ($j % 2 ? '' : ' class="odd"'))); 87 'ODD' => ($j % 2 ? '' : ' class="odd"')));
88 } 88 }
diff --git a/admin/posts.php b/admin/posts.php index 605db30..d2e34c5 100644 --- a/admin/posts.php +++ b/admin/posts.php
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post)
82{ 82{
83 if (!empty($post)) 83 if (!empty($post))
84 { 84 {
85 $template->adds_block('POST', array( 'TITLE' => $post['title'], 85 $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']),
86 'AUTHOR' => $post['author'], 86 'AUTHOR' => $post['author'],
87 'ID' => $post['id'], 87 'ID' => $post['id'],
88 'CODED' => $post['slug'], 88 'CODED' => $post['slug'],
diff --git a/includes/footer.php b/includes/footer.php index 19cc341..d1f9668 100755 --- a/includes/footer.php +++ b/includes/footer.php
@@ -1,4 +1,4 @@
1<?php 1 <?php
2/* 2/*
3 444444444 3 444444444
4 4::::::::4 4 4::::::::4
@@ -65,7 +65,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
65 'AREA' => 'blog', 65 'AREA' => 'blog',
66 'CODED' => $getpost3['slug'], 66 'CODED' => $getpost3['slug'],
67 'ENDING' => '/', 67 'ENDING' => '/',
68 'TITLE' => stripslashes($getpost3['title']), 68 'TITLE' => stripslashes(htmlentities($getpost3['title'])),
69 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); 69 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
70 $i++; 70 $i++;
71 } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) 71 } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)
@@ -89,7 +89,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
89 'AREA' => 'poll', 89 'AREA' => 'poll',
90 'CODED' => $getpotw3['id'], 90 'CODED' => $getpotw3['id'],
91 'ENDING' => '.php', 91 'ENDING' => '.php',
92 'TITLE' => 'Poll "' . $getpotw3['question'] . '"', 92 'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"',
93 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); 93 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
94 $i++; 94 $i++;
95 } 95 }
@@ -169,7 +169,7 @@ $i=0;
169while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) 169while ($getpopular3[$i] = mysql_fetch_array($getpopular2))
170{ 170{
171 $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], 171 $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'],
172 'TITLE' => stripslashes($getpopular3[$i]['title']))); 172 'TITLE' => stripslashes(htmlentities($getpopular3[$i]['title']))));
173 $i++; 173 $i++;
174} 174}
175 175
diff --git a/includes/functions.php b/includes/functions.php index ce7a03e..1ff5c41 100755 --- a/includes/functions.php +++ b/includes/functions.php
@@ -276,7 +276,7 @@ function displayRelated($title, $avoid = 0)
276 $template = new FITemplate('related'); 276 $template = new FITemplate('related');
277 } 277 }
278 278
279 $template->adds_block('POST', array( 'TITLE' => $getrelated3[$i]['title'], 279 $template->adds_block('POST', array( 'TITLE' => htmlentities($getrelated3[$i]['title']),
280 'CODED' => $getrelated3[$i]['slug'], 280 'CODED' => $getrelated3[$i]['slug'],
281 'AUTHOR' => $getrelated3[$i]['author'], 281 'AUTHOR' => $getrelated3[$i]['author'],
282 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate'])))); 282 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate']))));
@@ -326,11 +326,11 @@ function getPollOfTheWeek($id = -1)
326 $getpoll2 = mysql_query($getpoll); 326 $getpoll2 = mysql_query($getpoll);
327 $getpoll3 = mysql_fetch_array($getpoll2); 327 $getpoll3 = mysql_fetch_array($getpoll2);
328 328
329 $potw->add('QUESTION', $getpoll3['question']); 329 $potw->add('QUESTION', stripslashes(htmlentities($getpoll3['question'])));
330 $potw->add('OPTION1', $getpoll3['option1']); 330 $potw->add('OPTION1', stripslashes(htmlentities($getpoll3['option1'])));
331 $potw->add('OPTION2', $getpoll3['option2']); 331 $potw->add('OPTION2', stripslashes(htmlentities($getpoll3['option2'])));
332 $potw->add('OPTION3', $getpoll3['option3']); 332 $potw->add('OPTION3', stripslashes(htmlentities($getpoll3['option3'])));
333 $potw->add('OPTION4', $getpoll3['option4']); 333 $potw->add('OPTION4', stripslashes(htmlentities($getpoll3['option4'])));
334 334
335 $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; 335 $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
336 $getip2 = mysql_query($getip); 336 $getip2 = mysql_query($getip);
diff --git a/includes/header.php b/includes/header.php index 3a8edff..003e002 100755 --- a/includes/header.php +++ b/includes/header.php
@@ -77,7 +77,7 @@ $i=0;
77while ($getaffs3 = mysql_fetch_array($getaffs2)) 77while ($getaffs3 = mysql_fetch_array($getaffs2))
78{ 78{
79 $headerTemp->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), 79 $headerTemp->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++),
80 'TITLE' => $getaffs3['title'], 80 'TITLE' => htmlentities($getaffs3['title']),
81 'URL' => $getaffs3['url'])); 81 'URL' => $getaffs3['url']));
82} 82}
83 83
@@ -87,7 +87,7 @@ $i=0;
87while ($getwebps3 = mysql_fetch_array($getwebps2)) 87while ($getwebps3 = mysql_fetch_array($getwebps2))
88{ 88{
89 $headerTemp->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), 89 $headerTemp->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++),
90 'TITLE' => $getwebps3['title'], 90 'TITLE' => htmlentities($getwebps3['title']),
91 'URL' => $getwebps3['url'])); 91 'URL' => $getwebps3['url']));
92} 92}
93 93
diff --git a/pages/blog.php b/pages/blog.php index c9781ee..550b027 100755 --- a/pages/blog.php +++ b/pages/blog.php
@@ -43,7 +43,7 @@ if (isset($_GET['post']))
43 { 43 {
44 updatePop($getpost3['id'],'views'); 44 updatePop($getpost3['id'],'views');
45 45
46 $title = stripslashes($getpost3['title']) . ' - Blog Archive'; 46 $title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive';
47 47
48 $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; 48 $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1";
49 $getback2 = mysql_query($getback); 49 $getback2 = mysql_query($getback);
@@ -51,7 +51,7 @@ if (isset($_GET['post']))
51 if (isset($getback3['title'])) 51 if (isset($getback3['title']))
52 { 52 {
53 $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], 53 $template->adds_block('BACK', array( 'CODED' => $getback3['slug'],
54 'TITLE' => $getback3['title'])); 54 'TITLE' => htmlentities($getback3['title'])));
55 } 55 }
56 56
57 $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; 57 $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1";
@@ -60,7 +60,7 @@ if (isset($_GET['post']))
60 if (isset($getnext3['title'])) 60 if (isset($getnext3['title']))
61 { 61 {
62 $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], 62 $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'],
63 'TITLE' => $getnext3['title'])); 63 'TITLE' => htmlentities($getnext3['title'])));
64 } 64 }
65 65
66 $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], 66 $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'],
@@ -69,7 +69,7 @@ if (isset($_GET['post']))
69 'MONTH' => date('M',strtotime($getpost3['pubDate'])), 69 'MONTH' => date('M',strtotime($getpost3['pubDate'])),
70 'DAY' => date('d',strtotime($getpost3['pubDate'])), 70 'DAY' => date('d',strtotime($getpost3['pubDate'])),
71 'CODED' => $getpost3['slug'], 71 'CODED' => $getpost3['slug'],
72 'TITLE' => $getpost3['title'], 72 'TITLE' => htmlentities($getpost3['title']),
73 'AUTHOR' => $getpost3['author'], 73 'AUTHOR' => $getpost3['author'],
74 'RATING' => $getpost3['rating'], 74 'RATING' => $getpost3['rating'],
75 'TEXT' => parseText($getpost3['text']))); 75 'TEXT' => parseText($getpost3['text'])));
@@ -189,7 +189,7 @@ if (isset($_GET['post']))
189 189
190 $template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])), 190 $template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])),
191 'CODED' => $getposts3[$i]['slug'], 191 'CODED' => $getposts3[$i]['slug'],
192 'TITLE' => $getposts3[$i]['title'])); 192 'TITLE' => htmlentities($getposts3[$i]['title'])));
193 $i++; 193 $i++;
194 } 194 }
195 if ($i==0) 195 if ($i==0)
diff --git a/pages/poll.php b/pages/poll.php index 6a87207..a9ab19f 100755 --- a/pages/poll.php +++ b/pages/poll.php
@@ -53,7 +53,7 @@ if (!isset($_GET['id']))
53 $question .= '....'; 53 $question .= '....';
54 } 54 }
55 $template->adds_block('POLL', array( 'ID' => $getpolls3[$i]['id'], 55 $template->adds_block('POLL', array( 'ID' => $getpolls3[$i]['id'],
56 'QUESTION' => $question, 56 'QUESTION' => htmlentities($question),
57 'WEEK' => date('F jS Y', strtotime($getpolls3[$i]['week'])), 57 'WEEK' => date('F jS Y', strtotime($getpolls3[$i]['week'])),
58 'EVEN' => (($i % 2 == 1) ? ' class="even"' : ''))); 58 'EVEN' => (($i % 2 == 1) ? ' class="even"' : '')));
59 $i++; 59 $i++;
@@ -90,7 +90,7 @@ if (!isset($_GET['id']))
90 90
91 if ($getpoll3['id'] == $_GET['id']) 91 if ($getpoll3['id'] == $_GET['id'])
92 { 92 {
93 $template->add('QUESTION', $getpoll3['question']); 93 $template->add('QUESTION', htmlentities($getpoll3['question']));
94 94
95 if ($getpoll3['text'] != '') 95 if ($getpoll3['text'] != '')
96 { 96 {
diff --git a/pages/welcome.php b/pages/welcome.php index 26f9938..5bd710c 100755 --- a/pages/welcome.php +++ b/pages/welcome.php
@@ -74,7 +74,7 @@ while ($getpost3 = mysql_fetch_array($getpost2))
74 'MONTH' => date('M',strtotime($getpost3['pubDate'])), 74 'MONTH' => date('M',strtotime($getpost3['pubDate'])),
75 'DAY' => date('d',strtotime($getpost3['pubDate'])), 75 'DAY' => date('d',strtotime($getpost3['pubDate'])),
76 'CODED' => $getpost3['slug'], 76 'CODED' => $getpost3['slug'],
77 'TITLE' => $getpost3['title'], 77 'TITLE' => htmlentities($getpost3['title']),
78 'AUTHOR' => $getpost3['author'], 78 'AUTHOR' => $getpost3['author'],
79 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), 79 'PLURALCOMMENT' => (isset($plural) ? $plural : ''),
80 'COMMENTS' => $comText, 80 'COMMENTS' => $comText,