diff options
Diffstat (limited to 'admin')
| -rwxr-xr-x | admin/drafts.php | 2 | ||||
| -rwxr-xr-x | admin/editLink.php | 4 | ||||
| -rwxr-xr-x | admin/editPost.php | 4 | ||||
| -rwxr-xr-x | admin/links.php | 2 | ||||
| -rwxr-xr-x | admin/modquotes.php | 2 | ||||
| -rwxr-xr-x | admin/newLink.php | 2 | ||||
| -rwxr-xr-x | admin/newPost.php | 2 | ||||
| -rwxr-xr-x | admin/pending.php | 2 | ||||
| -rwxr-xr-x | admin/posts.php | 2 | ||||
| -rwxr-xr-x | admin/welcome.php | 5 |
10 files changed, 11 insertions, 16 deletions
| diff --git a/admin/drafts.php b/admin/drafts.php index 5f7be1a..bb95b87 100755 --- a/admin/drafts.php +++ b/admin/drafts.php | |||
| @@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) | |||
| 82 | { | 82 | { |
| 83 | if (!empty($post)) | 83 | if (!empty($post)) |
| 84 | { | 84 | { |
| 85 | $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), | 85 | $template->adds_block('POST', array( 'TITLE' => htmlspecialchars($post['title']), |
| 86 | 'AUTHOR' => $post['author'], | 86 | 'AUTHOR' => $post['author'], |
| 87 | 'ID' => $post['id'], | 87 | 'ID' => $post['id'], |
| 88 | 'CODED' => $post['slug'], | 88 | 'CODED' => $post['slug'], |
| diff --git a/admin/editLink.php b/admin/editLink.php index f3ba9cc..2bc86ab 100755 --- a/admin/editLink.php +++ b/admin/editLink.php | |||
| @@ -74,10 +74,10 @@ if (isset($_GET['submit'])) | |||
| 74 | $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.')); | 74 | $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.')); |
| 75 | } | 75 | } |
| 76 | 76 | ||
| 77 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); | 77 | $template->add('TITLEVALUE', htmlspecialchars($_POST['title'])); |
| 78 | $template->add('URLVALUE', $_POST['url']); | 78 | $template->add('URLVALUE', $_POST['url']); |
| 79 | } else { | 79 | } else { |
| 80 | $template->add('TITLEVALUE', htmlentities($getlink3['title'])); | 80 | $template->add('TITLEVALUE', htmlspecialchars($getlink3['title'])); |
| 81 | $template->add('URLVALUE', $getlink3['url']); | 81 | $template->add('URLVALUE', $getlink3['url']); |
| 82 | } | 82 | } |
| 83 | 83 | ||
| diff --git a/admin/editPost.php b/admin/editPost.php index b87f895..6044431 100755 --- a/admin/editPost.php +++ b/admin/editPost.php | |||
| @@ -201,13 +201,13 @@ if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id'])) | |||
| 201 | $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit='); | 201 | $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit='); |
| 202 | } | 202 | } |
| 203 | 203 | ||
| 204 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); | 204 | $template->add('TITLEVALUE', htmlspecialchars($_POST['title'])); |
| 205 | $template->add('TEXTVALUE', $_POST['text']); | 205 | $template->add('TEXTVALUE', $_POST['text']); |
| 206 | $template->add('TAGSVALUE', $_POST['tags']); | 206 | $template->add('TAGSVALUE', $_POST['tags']); |
| 207 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); | 207 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); |
| 208 | if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); | 208 | if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); |
| 209 | } else { | 209 | } else { |
| 210 | $template->add('TITLEVALUE', htmlentities($getpost3['title'])); | 210 | $template->add('TITLEVALUE', htmlspecialchars($getpost3['title'])); |
| 211 | $template->add('TEXTVALUE', $getpost3['text']); | 211 | $template->add('TEXTVALUE', $getpost3['text']); |
| 212 | $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); | 212 | $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); |
| 213 | $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); | 213 | $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); |
| diff --git a/admin/links.php b/admin/links.php index fc1c813..da3fe5c 100755 --- a/admin/links.php +++ b/admin/links.php | |||
| @@ -97,7 +97,7 @@ foreach ($pager->getPageData() as $link) | |||
| 97 | { | 97 | { |
| 98 | if (!empty($link)) | 98 | if (!empty($link)) |
| 99 | { | 99 | { |
| 100 | $template->adds_block('LINK', array( 'TITLE' => htmlentities($link['title']), | 100 | $template->adds_block('LINK', array( 'TITLE' => htmlspecialchars($link['title']), |
| 101 | 'URL' => $link['url'], | 101 | 'URL' => $link['url'], |
| 102 | 'ID' => $link['id'], | 102 | 'ID' => $link['id'], |
| 103 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); | 103 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); |
| diff --git a/admin/modquotes.php b/admin/modquotes.php index 8340fd1..9ec6013 100755 --- a/admin/modquotes.php +++ b/admin/modquotes.php | |||
| @@ -120,7 +120,7 @@ foreach ($pager->getPageData() as $quote) | |||
| 120 | { | 120 | { |
| 121 | if (!empty($quote)) | 121 | if (!empty($quote)) |
| 122 | { | 122 | { |
| 123 | $template->adds_block('QUOTE', array( 'TEXT' => str_replace("\n","<br />",htmlentities(stripslashes($quote['quote']))), | 123 | $template->adds_block('QUOTE', array( 'TEXT' => str_replace("\n","<br />",htmlspecialchars($quote['quote'])), |
| 124 | 'ID' => $quote['id'], | 124 | 'ID' => $quote['id'], |
| 125 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); | 125 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); |
| 126 | } | 126 | } |
| diff --git a/admin/newLink.php b/admin/newLink.php index 90313bd..abedb81 100755 --- a/admin/newLink.php +++ b/admin/newLink.php | |||
| @@ -80,7 +80,7 @@ if (isset($_GET['submit'])) | |||
| 80 | $template->add('TYPEDISABLED', ' readonly="readonly"'); | 80 | $template->add('TYPEDISABLED', ' readonly="readonly"'); |
| 81 | } | 81 | } |
| 82 | 82 | ||
| 83 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); | 83 | $template->add('TITLEVALUE', htmlspecialchars($_POST['title'])); |
| 84 | $template->add('URLVALUE', $_POST['url']); | 84 | $template->add('URLVALUE', $_POST['url']); |
| 85 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); | 85 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); |
| 86 | } else { | 86 | } else { |
| diff --git a/admin/newPost.php b/admin/newPost.php index 32e7aa2..60819b9 100755 --- a/admin/newPost.php +++ b/admin/newPost.php | |||
| @@ -145,7 +145,7 @@ if (isset($_GET['submit'])) | |||
| 145 | if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); | 145 | if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); |
| 146 | } | 146 | } |
| 147 | 147 | ||
| 148 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); | 148 | $template->add('TITLEVALUE', htmlspecialchars($_POST['title'])); |
| 149 | $template->add('TEXTVALUE', $_POST['text']); | 149 | $template->add('TEXTVALUE', $_POST['text']); |
| 150 | $template->add('TAGSVALUE', $_POST['tags']); | 150 | $template->add('TAGSVALUE', $_POST['tags']); |
| 151 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); | 151 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); |
| diff --git a/admin/pending.php b/admin/pending.php index 6f1cfaf..39295d6 100755 --- a/admin/pending.php +++ b/admin/pending.php | |||
| @@ -148,7 +148,7 @@ foreach ($pager->getPageData() as $post) | |||
| 148 | { | 148 | { |
| 149 | if (!empty($post)) | 149 | if (!empty($post)) |
| 150 | { | 150 | { |
| 151 | $template->add_ref($j, 'POST', array( 'TITLE' => htmlentities($post['title']), | 151 | $template->add_ref($j, 'POST', array( 'TITLE' => htmlspecialchars($post['title']), |
| 152 | 'AUTHOR' => $post['author'], | 152 | 'AUTHOR' => $post['author'], |
| 153 | 'ID' => $post['id'], | 153 | 'ID' => $post['id'], |
| 154 | 'CODED' => $post['slug'], | 154 | 'CODED' => $post['slug'], |
| diff --git a/admin/posts.php b/admin/posts.php index d2e34c5..228a039 100755 --- a/admin/posts.php +++ b/admin/posts.php | |||
| @@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) | |||
| 82 | { | 82 | { |
| 83 | if (!empty($post)) | 83 | if (!empty($post)) |
| 84 | { | 84 | { |
| 85 | $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), | 85 | $template->adds_block('POST', array( 'TITLE' => htmlspecialchars($post['title']), |
| 86 | 'AUTHOR' => $post['author'], | 86 | 'AUTHOR' => $post['author'], |
| 87 | 'ID' => $post['id'], | 87 | 'ID' => $post['id'], |
| 88 | 'CODED' => $post['slug'], | 88 | 'CODED' => $post['slug'], |
| diff --git a/admin/welcome.php b/admin/welcome.php index 76b42b1..9ca13ce 100755 --- a/admin/welcome.php +++ b/admin/welcome.php | |||
| @@ -46,11 +46,6 @@ $cntcomments2 = mysql_query($cntcomments); | |||
| 46 | $cntcomments3 = mysql_fetch_array($cntcomments2); | 46 | $cntcomments3 = mysql_fetch_array($cntcomments2); |
| 47 | $template->add('COMMENTS', $cntcomments3['COUNT(*)']); | 47 | $template->add('COMMENTS', $cntcomments3['COUNT(*)']); |
| 48 | 48 | ||
| 49 | $cntpolls = "SELECT COUNT(*) FROM polloftheweek"; | ||
| 50 | $cntpolls2 = mysql_query($cntpolls); | ||
| 51 | $cntpolls3 = mysql_fetch_array($cntpolls2); | ||
| 52 | $template->add('POLLS', $cntpolls3['COUNT(*)']); | ||
| 53 | |||
| 54 | $cntquotes = "SELECT COUNT(*) FROM rash_quotes"; | 49 | $cntquotes = "SELECT COUNT(*) FROM rash_quotes"; |
| 55 | $cntquotes2 = mysql_query($cntquotes); | 50 | $cntquotes2 = mysql_query($cntquotes); |
| 56 | $cntquotes3 = mysql_fetch_array($cntquotes2); | 51 | $cntquotes3 = mysql_fetch_array($cntquotes2); |