diff options
Diffstat (limited to 'admin')
-rw-r--r-- | admin/drafts.php | 2 | ||||
-rw-r--r-- | admin/editLink.php | 4 | ||||
-rw-r--r-- | admin/editPoll.php | 30 | ||||
-rw-r--r-- | admin/editPost.php | 4 | ||||
-rw-r--r-- | admin/links.php | 2 | ||||
-rw-r--r-- | admin/newLink.php | 2 | ||||
-rw-r--r-- | admin/newPoll.php | 19 | ||||
-rw-r--r-- | admin/newPost.php | 2 | ||||
-rw-r--r-- | admin/pending.php | 2 | ||||
-rw-r--r-- | admin/polls.php | 2 | ||||
-rw-r--r-- | admin/posts.php | 2 |
11 files changed, 39 insertions, 32 deletions
diff --git a/admin/drafts.php b/admin/drafts.php index 22d8a09..5f7be1a 100644 --- a/admin/drafts.php +++ b/admin/drafts.php | |||
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) | |||
82 | { | 82 | { |
83 | if (!empty($post)) | 83 | if (!empty($post)) |
84 | { | 84 | { |
85 | $template->adds_block('POST', array( 'TITLE' => $post['title'], | 85 | $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), |
86 | 'AUTHOR' => $post['author'], | 86 | 'AUTHOR' => $post['author'], |
87 | 'ID' => $post['id'], | 87 | 'ID' => $post['id'], |
88 | 'CODED' => $post['slug'], | 88 | 'CODED' => $post['slug'], |
diff --git a/admin/editLink.php b/admin/editLink.php index fe4fb66..f3ba9cc 100644 --- a/admin/editLink.php +++ b/admin/editLink.php | |||
@@ -74,10 +74,10 @@ if (isset($_GET['submit'])) | |||
74 | $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.')); | 74 | $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.')); |
75 | } | 75 | } |
76 | 76 | ||
77 | $template->add('TITLEVALUE', $_POST['title']); | 77 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); |
78 | $template->add('URLVALUE', $_POST['url']); | 78 | $template->add('URLVALUE', $_POST['url']); |
79 | } else { | 79 | } else { |
80 | $template->add('TITLEVALUE', $getlink3['title']); | 80 | $template->add('TITLEVALUE', htmlentities($getlink3['title'])); |
81 | $template->add('URLVALUE', $getlink3['url']); | 81 | $template->add('URLVALUE', $getlink3['url']); |
82 | } | 82 | } |
83 | 83 | ||
diff --git a/admin/editPoll.php b/admin/editPoll.php index 3a154a3..425f33c 100644 --- a/admin/editPoll.php +++ b/admin/editPoll.php | |||
@@ -81,21 +81,21 @@ if (isset($_GET['submit'])) | |||
81 | $getpoll2 = mysql_query($getpoll); | 81 | $getpoll2 = mysql_query($getpoll); |
82 | $getpoll3 = mysql_fetch_array($getpoll2); | 82 | $getpoll3 = mysql_fetch_array($getpoll2); |
83 | 83 | ||
84 | $template->add('QUESTIONVALUE', $_POST['question']); | 84 | $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); |
85 | $template->add('OPTION1VALUE', $_POST['option1']); | 85 | $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); |
86 | $template->add('OPTION2VALUE', $_POST['option2']); | 86 | $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); |
87 | $template->add('OPTION3VALUE', $_POST['option3']); | 87 | $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); |
88 | $template->add('OPTION4VALUE', $_POST['option4']); | 88 | $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); |
89 | $template->add('TEXTVALUE', $_POST['text']); | 89 | $template->add('TEXTVALUE', $_POST['text']); |
90 | } else { | 90 | } else { |
91 | $inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; | 91 | $inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; |
92 | $inspoll2 = mysql_query($inspoll); | 92 | $inspoll2 = mysql_query($inspoll); |
93 | 93 | ||
94 | $template->add('QUESTIONVALUE', $_POST['question']); | 94 | $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); |
95 | $template->add('OPTION1VALUE', $_POST['option1']); | 95 | $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); |
96 | $template->add('OPTION2VALUE', $_POST['option2']); | 96 | $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); |
97 | $template->add('OPTION3VALUE', $_POST['option3']); | 97 | $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); |
98 | $template->add('OPTION4VALUE', $_POST['option4']); | 98 | $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); |
99 | $template->add('TEXTVALUE', $_POST['text']); | 99 | $template->add('TEXTVALUE', $_POST['text']); |
100 | 100 | ||
101 | $template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. <a href="/poll/' . $_GET['id'] . '.php">View poll</a>.')); | 101 | $template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. <a href="/poll/' . $_GET['id'] . '.php">View poll</a>.')); |
@@ -105,11 +105,11 @@ if (isset($_GET['submit'])) | |||
105 | $getpoll2 = mysql_query($getpoll); | 105 | $getpoll2 = mysql_query($getpoll); |
106 | $getpoll3 = mysql_fetch_array($getpoll2); | 106 | $getpoll3 = mysql_fetch_array($getpoll2); |
107 | 107 | ||
108 | $template->add('QUESTIONVALUE', $getpoll3['question']); | 108 | $template->add('QUESTIONVALUE', htmlentities($getpoll3['question'])); |
109 | $template->add('OPTION1VALUE', $getpoll3['option1']); | 109 | $template->add('OPTION1VALUE', htmlentities($getpoll3['option1'])); |
110 | $template->add('OPTION2VALUE', $getpoll3['option2']); | 110 | $template->add('OPTION2VALUE', htmlentities($getpoll3['option2'])); |
111 | $template->add('OPTION3VALUE', $getpoll3['option3']); | 111 | $template->add('OPTION3VALUE', htmlentities($getpoll3['option3'])); |
112 | $template->add('OPTION4VALUE', $getpoll3['option4']); | 112 | $template->add('OPTION4VALUE', htmlentities($getpoll3['option4'])); |
113 | $template->add('TEXTVALUE', $getpoll3['text']); | 113 | $template->add('TEXTVALUE', $getpoll3['text']); |
114 | } | 114 | } |
115 | 115 | ||
diff --git a/admin/editPost.php b/admin/editPost.php index b01d1e2..b87f895 100644 --- a/admin/editPost.php +++ b/admin/editPost.php | |||
@@ -201,13 +201,13 @@ if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id'])) | |||
201 | $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit='); | 201 | $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit='); |
202 | } | 202 | } |
203 | 203 | ||
204 | $template->add('TITLEVALUE', $_POST['title']); | 204 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); |
205 | $template->add('TEXTVALUE', $_POST['text']); | 205 | $template->add('TEXTVALUE', $_POST['text']); |
206 | $template->add('TAGSVALUE', $_POST['tags']); | 206 | $template->add('TAGSVALUE', $_POST['tags']); |
207 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); | 207 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); |
208 | if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); | 208 | if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); |
209 | } else { | 209 | } else { |
210 | $template->add('TITLEVALUE', $getpost3['title']); | 210 | $template->add('TITLEVALUE', htmlentities($getpost3['title'])); |
211 | $template->add('TEXTVALUE', $getpost3['text']); | 211 | $template->add('TEXTVALUE', $getpost3['text']); |
212 | $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); | 212 | $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); |
213 | $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); | 213 | $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); |
diff --git a/admin/links.php b/admin/links.php index d1ab878..fc1c813 100644 --- a/admin/links.php +++ b/admin/links.php | |||
@@ -97,7 +97,7 @@ foreach ($pager->getPageData() as $link) | |||
97 | { | 97 | { |
98 | if (!empty($link)) | 98 | if (!empty($link)) |
99 | { | 99 | { |
100 | $template->adds_block('LINK', array( 'TITLE' => $link['title'], | 100 | $template->adds_block('LINK', array( 'TITLE' => htmlentities($link['title']), |
101 | 'URL' => $link['url'], | 101 | 'URL' => $link['url'], |
102 | 'ID' => $link['id'], | 102 | 'ID' => $link['id'], |
103 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); | 103 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); |
diff --git a/admin/newLink.php b/admin/newLink.php index 3f6b42c..90313bd 100644 --- a/admin/newLink.php +++ b/admin/newLink.php | |||
@@ -80,7 +80,7 @@ if (isset($_GET['submit'])) | |||
80 | $template->add('TYPEDISABLED', ' readonly="readonly"'); | 80 | $template->add('TYPEDISABLED', ' readonly="readonly"'); |
81 | } | 81 | } |
82 | 82 | ||
83 | $template->add('TITLEVALUE', $_POST['title']); | 83 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); |
84 | $template->add('URLVALUE', $_POST['url']); | 84 | $template->add('URLVALUE', $_POST['url']); |
85 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); | 85 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); |
86 | } else { | 86 | } else { |
diff --git a/admin/newPoll.php b/admin/newPoll.php index c924cd9..d105f45 100644 --- a/admin/newPoll.php +++ b/admin/newPoll.php | |||
@@ -77,6 +77,13 @@ if (isset($_GET['submit'])) | |||
77 | 77 | ||
78 | $template->add('TITLE', 'New Poll'); | 78 | $template->add('TITLE', 'New Poll'); |
79 | $template->add('ACTION', '/admin/newPoll.php?submit='); | 79 | $template->add('ACTION', '/admin/newPoll.php?submit='); |
80 | |||
81 | $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); | ||
82 | $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); | ||
83 | $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); | ||
84 | $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); | ||
85 | $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); | ||
86 | $template->add('TEXTVALUE', htmlentities($_POST['text'])); | ||
80 | } else { | 87 | } else { |
81 | $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4,text) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . mysql_real_escape_string($_POST['option1']) . "\",\"" . mysql_real_escape_string($_POST['option2']) . "\",\"" . mysql_real_escape_string($_POST['option3']) . "\",\"" . mysql_real_escape_string($_POST['option4']) . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; | 88 | $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4,text) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . mysql_real_escape_string($_POST['option1']) . "\",\"" . mysql_real_escape_string($_POST['option2']) . "\",\"" . mysql_real_escape_string($_POST['option3']) . "\",\"" . mysql_real_escape_string($_POST['option4']) . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; |
82 | $inspoll2 = mysql_query($inspoll); | 89 | $inspoll2 = mysql_query($inspoll); |
@@ -86,12 +93,12 @@ if (isset($_GET['submit'])) | |||
86 | $cleardid = "TRUNCATE TABLE didpollalready"; | 93 | $cleardid = "TRUNCATE TABLE didpollalready"; |
87 | $cleardid2 = mysql_query($cleardid); | 94 | $cleardid2 = mysql_query($cleardid); |
88 | 95 | ||
89 | $template->add('QUESTIONVALUE', $_POST['question']); | 96 | $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); |
90 | $template->add('OPTION1VALUE', $_POST['option1']); | 97 | $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); |
91 | $template->add('OPTION2VALUE', $_POST['option2']); | 98 | $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); |
92 | $template->add('OPTION3VALUE', $_POST['option3']); | 99 | $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); |
93 | $template->add('OPTION4VALUE', $_POST['option4']); | 100 | $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); |
94 | $template->add('TEXTVALUE', $_POST['text']); | 101 | $template->add('TEXTVALUE', htmlentities($_POST['text'])); |
95 | 102 | ||
96 | $template->add('TITLE', 'Edit Poll'); | 103 | $template->add('TITLE', 'Edit Poll'); |
97 | $template->add('ACTION', '/admin/editPoll.php?id=' . $id . '&submit='); | 104 | $template->add('ACTION', '/admin/editPoll.php?id=' . $id . '&submit='); |
diff --git a/admin/newPost.php b/admin/newPost.php index eb6b4e0..32e7aa2 100644 --- a/admin/newPost.php +++ b/admin/newPost.php | |||
@@ -145,7 +145,7 @@ if (isset($_GET['submit'])) | |||
145 | if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); | 145 | if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); |
146 | } | 146 | } |
147 | 147 | ||
148 | $template->add('TITLEVALUE', $_POST['title']); | 148 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); |
149 | $template->add('TEXTVALUE', $_POST['text']); | 149 | $template->add('TEXTVALUE', $_POST['text']); |
150 | $template->add('TAGSVALUE', $_POST['tags']); | 150 | $template->add('TAGSVALUE', $_POST['tags']); |
151 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); | 151 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); |
diff --git a/admin/pending.php b/admin/pending.php index 407cd35..6f1cfaf 100644 --- a/admin/pending.php +++ b/admin/pending.php | |||
@@ -148,7 +148,7 @@ foreach ($pager->getPageData() as $post) | |||
148 | { | 148 | { |
149 | if (!empty($post)) | 149 | if (!empty($post)) |
150 | { | 150 | { |
151 | $template->add_ref($j, 'POST', array( 'TITLE' => $post['title'], | 151 | $template->add_ref($j, 'POST', array( 'TITLE' => htmlentities($post['title']), |
152 | 'AUTHOR' => $post['author'], | 152 | 'AUTHOR' => $post['author'], |
153 | 'ID' => $post['id'], | 153 | 'ID' => $post['id'], |
154 | 'CODED' => $post['slug'], | 154 | 'CODED' => $post['slug'], |
diff --git a/admin/polls.php b/admin/polls.php index 8e1465c..e4239fa 100644 --- a/admin/polls.php +++ b/admin/polls.php | |||
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) | |||
82 | { | 82 | { |
83 | if (!empty($post)) | 83 | if (!empty($post)) |
84 | { | 84 | { |
85 | $template->adds_block('POST', array( 'TITLE' => $post['question'], | 85 | $template->adds_block('POST', array( 'TITLE' => htmlentities($post['question']), |
86 | 'ID' => $post['id'], | 86 | 'ID' => $post['id'], |
87 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); | 87 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); |
88 | } | 88 | } |
diff --git a/admin/posts.php b/admin/posts.php index 605db30..d2e34c5 100644 --- a/admin/posts.php +++ b/admin/posts.php | |||
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) | |||
82 | { | 82 | { |
83 | if (!empty($post)) | 83 | if (!empty($post)) |
84 | { | 84 | { |
85 | $template->adds_block('POST', array( 'TITLE' => $post['title'], | 85 | $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), |
86 | 'AUTHOR' => $post['author'], | 86 | 'AUTHOR' => $post['author'], |
87 | 'ID' => $post['id'], | 87 | 'ID' => $post['id'], |
88 | 'CODED' => $post['slug'], | 88 | 'CODED' => $post['slug'], |