summary refs log tree commit diff stats
path: root/admin
diff options
context:
space:
mode:
Diffstat (limited to 'admin')
-rw-r--r--admin/drafts.php2
-rw-r--r--admin/editLink.php4
-rw-r--r--admin/editPoll.php30
-rw-r--r--admin/editPost.php4
-rw-r--r--admin/links.php2
-rw-r--r--admin/newLink.php2
-rw-r--r--admin/newPoll.php19
-rw-r--r--admin/newPost.php2
-rw-r--r--admin/pending.php2
-rw-r--r--admin/polls.php2
-rw-r--r--admin/posts.php2
11 files changed, 39 insertions, 32 deletions
diff --git a/admin/drafts.php b/admin/drafts.php index 22d8a09..5f7be1a 100644 --- a/admin/drafts.php +++ b/admin/drafts.php
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post)
82{ 82{
83 if (!empty($post)) 83 if (!empty($post))
84 { 84 {
85 $template->adds_block('POST', array( 'TITLE' => $post['title'], 85 $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']),
86 'AUTHOR' => $post['author'], 86 'AUTHOR' => $post['author'],
87 'ID' => $post['id'], 87 'ID' => $post['id'],
88 'CODED' => $post['slug'], 88 'CODED' => $post['slug'],
diff --git a/admin/editLink.php b/admin/editLink.php index fe4fb66..f3ba9cc 100644 --- a/admin/editLink.php +++ b/admin/editLink.php
@@ -74,10 +74,10 @@ if (isset($_GET['submit']))
74 $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.')); 74 $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.'));
75 } 75 }
76 76
77 $template->add('TITLEVALUE', $_POST['title']); 77 $template->add('TITLEVALUE', htmlentities($_POST['title']));
78 $template->add('URLVALUE', $_POST['url']); 78 $template->add('URLVALUE', $_POST['url']);
79} else { 79} else {
80 $template->add('TITLEVALUE', $getlink3['title']); 80 $template->add('TITLEVALUE', htmlentities($getlink3['title']));
81 $template->add('URLVALUE', $getlink3['url']); 81 $template->add('URLVALUE', $getlink3['url']);
82} 82}
83 83
diff --git a/admin/editPoll.php b/admin/editPoll.php index 3a154a3..425f33c 100644 --- a/admin/editPoll.php +++ b/admin/editPoll.php
@@ -81,21 +81,21 @@ if (isset($_GET['submit']))
81 $getpoll2 = mysql_query($getpoll); 81 $getpoll2 = mysql_query($getpoll);
82 $getpoll3 = mysql_fetch_array($getpoll2); 82 $getpoll3 = mysql_fetch_array($getpoll2);
83 83
84 $template->add('QUESTIONVALUE', $_POST['question']); 84 $template->add('QUESTIONVALUE', htmlentities($_POST['question']));
85 $template->add('OPTION1VALUE', $_POST['option1']); 85 $template->add('OPTION1VALUE', htmlentities($_POST['option1']));
86 $template->add('OPTION2VALUE', $_POST['option2']); 86 $template->add('OPTION2VALUE', htmlentities($_POST['option2']));
87 $template->add('OPTION3VALUE', $_POST['option3']); 87 $template->add('OPTION3VALUE', htmlentities($_POST['option3']));
88 $template->add('OPTION4VALUE', $_POST['option4']); 88 $template->add('OPTION4VALUE', htmlentities($_POST['option4']));
89 $template->add('TEXTVALUE', $_POST['text']); 89 $template->add('TEXTVALUE', $_POST['text']);
90 } else { 90 } else {
91 $inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; 91 $inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id'];
92 $inspoll2 = mysql_query($inspoll); 92 $inspoll2 = mysql_query($inspoll);
93 93
94 $template->add('QUESTIONVALUE', $_POST['question']); 94 $template->add('QUESTIONVALUE', htmlentities($_POST['question']));
95 $template->add('OPTION1VALUE', $_POST['option1']); 95 $template->add('OPTION1VALUE', htmlentities($_POST['option1']));
96 $template->add('OPTION2VALUE', $_POST['option2']); 96 $template->add('OPTION2VALUE', htmlentities($_POST['option2']));
97 $template->add('OPTION3VALUE', $_POST['option3']); 97 $template->add('OPTION3VALUE', htmlentities($_POST['option3']));
98 $template->add('OPTION4VALUE', $_POST['option4']); 98 $template->add('OPTION4VALUE', htmlentities($_POST['option4']));
99 $template->add('TEXTVALUE', $_POST['text']); 99 $template->add('TEXTVALUE', $_POST['text']);
100 100
101 $template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. <a href="/poll/' . $_GET['id'] . '.php">View poll</a>.')); 101 $template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. <a href="/poll/' . $_GET['id'] . '.php">View poll</a>.'));
@@ -105,11 +105,11 @@ if (isset($_GET['submit']))
105 $getpoll2 = mysql_query($getpoll); 105 $getpoll2 = mysql_query($getpoll);
106 $getpoll3 = mysql_fetch_array($getpoll2); 106 $getpoll3 = mysql_fetch_array($getpoll2);
107 107
108 $template->add('QUESTIONVALUE', $getpoll3['question']); 108 $template->add('QUESTIONVALUE', htmlentities($getpoll3['question']));
109 $template->add('OPTION1VALUE', $getpoll3['option1']); 109 $template->add('OPTION1VALUE', htmlentities($getpoll3['option1']));
110 $template->add('OPTION2VALUE', $getpoll3['option2']); 110 $template->add('OPTION2VALUE', htmlentities($getpoll3['option2']));
111 $template->add('OPTION3VALUE', $getpoll3['option3']); 111 $template->add('OPTION3VALUE', htmlentities($getpoll3['option3']));
112 $template->add('OPTION4VALUE', $getpoll3['option4']); 112 $template->add('OPTION4VALUE', htmlentities($getpoll3['option4']));
113 $template->add('TEXTVALUE', $getpoll3['text']); 113 $template->add('TEXTVALUE', $getpoll3['text']);
114} 114}
115 115
diff --git a/admin/editPost.php b/admin/editPost.php index b01d1e2..b87f895 100644 --- a/admin/editPost.php +++ b/admin/editPost.php
@@ -201,13 +201,13 @@ if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id']))
201 $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&amp;id=' . $id . '&amp;submit='); 201 $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&amp;id=' . $id . '&amp;submit=');
202 } 202 }
203 203
204 $template->add('TITLEVALUE', $_POST['title']); 204 $template->add('TITLEVALUE', htmlentities($_POST['title']));
205 $template->add('TEXTVALUE', $_POST['text']); 205 $template->add('TEXTVALUE', $_POST['text']);
206 $template->add('TAGSVALUE', $_POST['tags']); 206 $template->add('TAGSVALUE', $_POST['tags']);
207 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); 207 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
208 if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); 208 if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"');
209 } else { 209 } else {
210 $template->add('TITLEVALUE', $getpost3['title']); 210 $template->add('TITLEVALUE', htmlentities($getpost3['title']));
211 $template->add('TEXTVALUE', $getpost3['text']); 211 $template->add('TEXTVALUE', $getpost3['text']);
212 $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); 212 $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']])));
213 $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); 213 $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"');
diff --git a/admin/links.php b/admin/links.php index d1ab878..fc1c813 100644 --- a/admin/links.php +++ b/admin/links.php
@@ -97,7 +97,7 @@ foreach ($pager->getPageData() as $link)
97{ 97{
98 if (!empty($link)) 98 if (!empty($link))
99 { 99 {
100 $template->adds_block('LINK', array( 'TITLE' => $link['title'], 100 $template->adds_block('LINK', array( 'TITLE' => htmlentities($link['title']),
101 'URL' => $link['url'], 101 'URL' => $link['url'],
102 'ID' => $link['id'], 102 'ID' => $link['id'],
103 'ODD' => ($j % 2 ? '' : ' class="odd"'))); 103 'ODD' => ($j % 2 ? '' : ' class="odd"')));
diff --git a/admin/newLink.php b/admin/newLink.php index 3f6b42c..90313bd 100644 --- a/admin/newLink.php +++ b/admin/newLink.php
@@ -80,7 +80,7 @@ if (isset($_GET['submit']))
80 $template->add('TYPEDISABLED', ' readonly="readonly"'); 80 $template->add('TYPEDISABLED', ' readonly="readonly"');
81 } 81 }
82 82
83 $template->add('TITLEVALUE', $_POST['title']); 83 $template->add('TITLEVALUE', htmlentities($_POST['title']));
84 $template->add('URLVALUE', $_POST['url']); 84 $template->add('URLVALUE', $_POST['url']);
85 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); 85 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
86} else { 86} else {
diff --git a/admin/newPoll.php b/admin/newPoll.php index c924cd9..d105f45 100644 --- a/admin/newPoll.php +++ b/admin/newPoll.php
@@ -77,6 +77,13 @@ if (isset($_GET['submit']))
77 77
78 $template->add('TITLE', 'New Poll'); 78 $template->add('TITLE', 'New Poll');
79 $template->add('ACTION', '/admin/newPoll.php?submit='); 79 $template->add('ACTION', '/admin/newPoll.php?submit=');
80
81 $template->add('QUESTIONVALUE', htmlentities($_POST['question']));
82 $template->add('OPTION1VALUE', htmlentities($_POST['option1']));
83 $template->add('OPTION2VALUE', htmlentities($_POST['option2']));
84 $template->add('OPTION3VALUE', htmlentities($_POST['option3']));
85 $template->add('OPTION4VALUE', htmlentities($_POST['option4']));
86 $template->add('TEXTVALUE', htmlentities($_POST['text']));
80 } else { 87 } else {
81 $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4,text) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . mysql_real_escape_string($_POST['option1']) . "\",\"" . mysql_real_escape_string($_POST['option2']) . "\",\"" . mysql_real_escape_string($_POST['option3']) . "\",\"" . mysql_real_escape_string($_POST['option4']) . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; 88 $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4,text) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . mysql_real_escape_string($_POST['option1']) . "\",\"" . mysql_real_escape_string($_POST['option2']) . "\",\"" . mysql_real_escape_string($_POST['option3']) . "\",\"" . mysql_real_escape_string($_POST['option4']) . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")";
82 $inspoll2 = mysql_query($inspoll); 89 $inspoll2 = mysql_query($inspoll);
@@ -86,12 +93,12 @@ if (isset($_GET['submit']))
86 $cleardid = "TRUNCATE TABLE didpollalready"; 93 $cleardid = "TRUNCATE TABLE didpollalready";
87 $cleardid2 = mysql_query($cleardid); 94 $cleardid2 = mysql_query($cleardid);
88 95
89 $template->add('QUESTIONVALUE', $_POST['question']); 96 $template->add('QUESTIONVALUE', htmlentities($_POST['question']));
90 $template->add('OPTION1VALUE', $_POST['option1']); 97 $template->add('OPTION1VALUE', htmlentities($_POST['option1']));
91 $template->add('OPTION2VALUE', $_POST['option2']); 98 $template->add('OPTION2VALUE', htmlentities($_POST['option2']));
92 $template->add('OPTION3VALUE', $_POST['option3']); 99 $template->add('OPTION3VALUE', htmlentities($_POST['option3']));
93 $template->add('OPTION4VALUE', $_POST['option4']); 100 $template->add('OPTION4VALUE', htmlentities($_POST['option4']));
94 $template->add('TEXTVALUE', $_POST['text']); 101 $template->add('TEXTVALUE', htmlentities($_POST['text']));
95 102
96 $template->add('TITLE', 'Edit Poll'); 103 $template->add('TITLE', 'Edit Poll');
97 $template->add('ACTION', '/admin/editPoll.php?id=' . $id . '&amp;submit='); 104 $template->add('ACTION', '/admin/editPoll.php?id=' . $id . '&amp;submit=');
diff --git a/admin/newPost.php b/admin/newPost.php index eb6b4e0..32e7aa2 100644 --- a/admin/newPost.php +++ b/admin/newPost.php
@@ -145,7 +145,7 @@ if (isset($_GET['submit']))
145 if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); 145 if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"');
146 } 146 }
147 147
148 $template->add('TITLEVALUE', $_POST['title']); 148 $template->add('TITLEVALUE', htmlentities($_POST['title']));
149 $template->add('TEXTVALUE', $_POST['text']); 149 $template->add('TEXTVALUE', $_POST['text']);
150 $template->add('TAGSVALUE', $_POST['tags']); 150 $template->add('TAGSVALUE', $_POST['tags']);
151 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); 151 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
diff --git a/admin/pending.php b/admin/pending.php index 407cd35..6f1cfaf 100644 --- a/admin/pending.php +++ b/admin/pending.php
@@ -148,7 +148,7 @@ foreach ($pager->getPageData() as $post)
148{ 148{
149 if (!empty($post)) 149 if (!empty($post))
150 { 150 {
151 $template->add_ref($j, 'POST', array( 'TITLE' => $post['title'], 151 $template->add_ref($j, 'POST', array( 'TITLE' => htmlentities($post['title']),
152 'AUTHOR' => $post['author'], 152 'AUTHOR' => $post['author'],
153 'ID' => $post['id'], 153 'ID' => $post['id'],
154 'CODED' => $post['slug'], 154 'CODED' => $post['slug'],
diff --git a/admin/polls.php b/admin/polls.php index 8e1465c..e4239fa 100644 --- a/admin/polls.php +++ b/admin/polls.php
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post)
82{ 82{
83 if (!empty($post)) 83 if (!empty($post))
84 { 84 {
85 $template->adds_block('POST', array( 'TITLE' => $post['question'], 85 $template->adds_block('POST', array( 'TITLE' => htmlentities($post['question']),
86 'ID' => $post['id'], 86 'ID' => $post['id'],
87 'ODD' => ($j % 2 ? '' : ' class="odd"'))); 87 'ODD' => ($j % 2 ? '' : ' class="odd"')));
88 } 88 }
diff --git a/admin/posts.php b/admin/posts.php index 605db30..d2e34c5 100644 --- a/admin/posts.php +++ b/admin/posts.php
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post)
82{ 82{
83 if (!empty($post)) 83 if (!empty($post))
84 { 84 {
85 $template->adds_block('POST', array( 'TITLE' => $post['title'], 85 $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']),
86 'AUTHOR' => $post['author'], 86 'AUTHOR' => $post['author'],
87 'ID' => $post['id'], 87 'ID' => $post['id'],
88 'CODED' => $post['slug'], 88 'CODED' => $post['slug'],