1 files changed, 4 insertions, 4 deletions
diff --git a/includes/footer.php b/includes/footer.php
index 19cc341..d1f9668 100755
--- a/includes/footer.php
+++ b/includes/footer.php

@@ -1,4 +1,4 @@
-<?php
+ <?php
 /*
       444444444  
      4::::::::4  
@@ -65,7 +65,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
                                                                'AREA' => 'blog',
                                                                'CODED' => $getpost3['slug'],
                                                                'ENDING' => '/',
-                                                                'TITLE' => stripslashes($getpost3['title']),
+                                                                'TITLE' => stripslashes(htmlentities($getpost3['title'])),
                                                                'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
                $i++;
        } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)
@@ -89,7 +89,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
                                                                'AREA' => 'poll',
                                                                'CODED' => $getpotw3['id'],
                                                                'ENDING' => '.php',
-                                                                'TITLE' => 'Poll "' . $getpotw3['question'] . '"',
+                                                                'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"',
                                                                'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
                $i++;                   
        }
@@ -169,7 +169,7 @@ $i=0;
 while ($getpopular3[$i] = mysql_fetch_array($getpopular2))
 {
        $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'],
-                                                'TITLE' => stripslashes($getpopular3[$i]['title'])));
+                                                'TITLE' => stripslashes(htmlentities($getpopular3[$i]['title']))));
        $i++;
 }

diff --git a/includes/footer.php b/includes/footer.php index 19cc341..d1f9668 100755 --- a/includes/footer.php +++ b/includes/footer.php
@@ -1,4 +1,4 @@
1	<?php	1	<?php
2	/*	2	/*
3	444444444	3	444444444
4	4::::::::4	4	4::::::::4
@@ -65,7 +65,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
65	'AREA' => 'blog',	65	'AREA' => 'blog',
66	'CODED' => $getpost3['slug'],	66	'CODED' => $getpost3['slug'],
67	'ENDING' => '/',	67	'ENDING' => '/',
68	'TITLE' => stripslashes($getpost3['title']),	68	'TITLE' => stripslashes(htmlentities($getpost3['title'])),
69	'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));	69	'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
70	$i++;	70	$i++;
71	} else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)	71	} else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)
@@ -89,7 +89,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
89	'AREA' => 'poll',	89	'AREA' => 'poll',
90	'CODED' => $getpotw3['id'],	90	'CODED' => $getpotw3['id'],
91	'ENDING' => '.php',	91	'ENDING' => '.php',
92	'TITLE' => 'Poll "' . $getpotw3['question'] . '"',	92	'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"',
93	'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));	93	'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
94	$i++;	94	$i++;
95	}	95	}
@@ -169,7 +169,7 @@ $i=0;
169	while ($getpopular3[$i] = mysql_fetch_array($getpopular2))	169	while ($getpopular3[$i] = mysql_fetch_array($getpopular2))
170	{	170	{
171	$template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'],	171	$template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'],
172	'TITLE' => stripslashes($getpopular3[$i]['title'])));	172	'TITLE' => stripslashes(htmlentities($getpopular3[$i]['title']))));
173	$i++;	173	$i++;
174	}	174	}
175		175