diff options
-rwxr-xr-x | pages/quotes.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pages/quotes.php b/pages/quotes.php index 1d380bb..3b00878 100755 --- a/pages/quotes.php +++ b/pages/quotes.php | |||
@@ -70,7 +70,7 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id']))) | |||
70 | $template = new FITemplate('quotes/add'); | 70 | $template = new FITemplate('quotes/add'); |
71 | if (isset($_GET['submit'])) | 71 | if (isset($_GET['submit'])) |
72 | { | 72 | { |
73 | $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlentities(stripslashes($_POST['rash_quote']))))); | 73 | $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars(stripslashes($_POST['rash_quote']))))); |
74 | if (!isLoggedIn()) | 74 | if (!isLoggedIn()) |
75 | { | 75 | { |
76 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; | 76 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; |
@@ -236,7 +236,7 @@ function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_l | |||
236 | $template->add_ref($curID,'QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'], | 236 | $template->add_ref($curID,'QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'], |
237 | 'RATING' => $getquotes3[$i]['rating'], | 237 | 'RATING' => $getquotes3[$i]['rating'], |
238 | 'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''), | 238 | 'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''), |
239 | 'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlentities(stripslashes($getquotes3[$i]['quote'])))), | 239 | 'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlspecialchars(stripslashes($getquotes3[$i]['quote'])))), |
240 | 'COMMENTS' => $comments)); | 240 | 'COMMENTS' => $comments)); |
241 | 241 | ||
242 | if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($getquotes3[$i]['id'],$trackArr) === FALSE)) | 242 | if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($getquotes3[$i]['id'],$trackArr) === FALSE)) |