1 files changed, 2 insertions, 2 deletions
diff --git a/pages/quotes.php b/pages/quotes.php
index 1d380bb..3b00878 100755
--- a/pages/quotes.php
+++ b/pages/quotes.php

@@ -70,7 +70,7 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id'])))
        $template = new FITemplate('quotes/add');
        if (isset($_GET['submit']))
        {
-                $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlentities(stripslashes($_POST['rash_quote'])))));
+                $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars(stripslashes($_POST['rash_quote'])))));
                if (!isLoggedIn())
                {
                        $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")";
@@ -236,7 +236,7 @@ function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_l
                $template->add_ref($curID,'QUOTES',array(       'NUMBER' => $getquotes3[$i]['id'],
                                                                'RATING' => $getquotes3[$i]['rating'],
                                                                'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''),
-                                                                'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlentities(stripslashes($getquotes3[$i]['quote'])))),
+                                                                'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlspecialchars(stripslashes($getquotes3[$i]['quote'])))),
                                                                'COMMENTS' => $comments));
                if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($getquotes3[$i]['id'],$trackArr) === FALSE))

diff --git a/pages/quotes.php b/pages/quotes.php index 1d380bb..3b00878 100755 --- a/pages/quotes.php +++ b/pages/quotes.php
@@ -70,7 +70,7 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id'])))
70	$template = new FITemplate('quotes/add');	70	$template = new FITemplate('quotes/add');
71	if (isset($_GET['submit']))	71	if (isset($_GET['submit']))
72	{	72	{
73	$template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlentities(stripslashes($_POST['rash_quote'])))));	73	$template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars(stripslashes($_POST['rash_quote'])))));
74	if (!isLoggedIn())	74	if (!isLoggedIn())
75	{	75	{
76	$insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")";	76	$insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")";
@@ -236,7 +236,7 @@ function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_l
236	$template->add_ref($curID,'QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'],	236	$template->add_ref($curID,'QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'],
237	'RATING' => $getquotes3[$i]['rating'],	237	'RATING' => $getquotes3[$i]['rating'],
238	'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''),	238	'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''),
239	'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlentities(stripslashes($getquotes3[$i]['quote'])))),	239	'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlspecialchars(stripslashes($getquotes3[$i]['quote'])))),
240	'COMMENTS' => $comments));	240	'COMMENTS' => $comments));
241		241
242	if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) \|\| (array_search($getquotes3[$i]['id'],$trackArr) === FALSE))	242	if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) \|\| (array_search($getquotes3[$i]['id'],$trackArr) === FALSE))