1 files changed, 6 insertions, 6 deletions
diff --git a/includes/functions.php b/includes/functions.php
index ce7a03e..1ff5c41 100755
--- a/includes/functions.php
+++ b/includes/functions.php

@@ -276,7 +276,7 @@ function displayRelated($title, $avoid = 0)
                        $template = new FITemplate('related');
                }
-                $template->adds_block('POST', array(    'TITLE' => $getrelated3[$i]['title'],
+                $template->adds_block('POST', array(    'TITLE' => htmlentities($getrelated3[$i]['title']),
                                                        'CODED' => $getrelated3[$i]['slug'],
                                                        'AUTHOR' => $getrelated3[$i]['author'],
                                                        'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate']))));
@@ -326,11 +326,11 @@ function getPollOfTheWeek($id = -1)
        $getpoll2 = mysql_query($getpoll);
        $getpoll3 = mysql_fetch_array($getpoll2);
-        $potw->add('QUESTION', $getpoll3['question']);
+        $potw->add('QUESTION', stripslashes(htmlentities($getpoll3['question'])));
-        $potw->add('OPTION1', $getpoll3['option1']);
+        $potw->add('OPTION1', stripslashes(htmlentities($getpoll3['option1'])));
-        $potw->add('OPTION2', $getpoll3['option2']);
+        $potw->add('OPTION2', stripslashes(htmlentities($getpoll3['option2'])));
-        $potw->add('OPTION3', $getpoll3['option3']);
+        $potw->add('OPTION3', stripslashes(htmlentities($getpoll3['option3'])));
-        $potw->add('OPTION4', $getpoll3['option4']);
+        $potw->add('OPTION4', stripslashes(htmlentities($getpoll3['option4'])));
        $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
        $getip2 = mysql_query($getip);

diff --git a/includes/functions.php b/includes/functions.php index ce7a03e..1ff5c41 100755 --- a/includes/functions.php +++ b/includes/functions.php
@@ -276,7 +276,7 @@ function displayRelated($title, $avoid = 0)
276	$template = new FITemplate('related');	276	$template = new FITemplate('related');
277	}	277	}
278		278
279	$template->adds_block('POST', array( 'TITLE' => $getrelated3[$i]['title'],	279	$template->adds_block('POST', array( 'TITLE' => htmlentities($getrelated3[$i]['title']),
280	'CODED' => $getrelated3[$i]['slug'],	280	'CODED' => $getrelated3[$i]['slug'],
281	'AUTHOR' => $getrelated3[$i]['author'],	281	'AUTHOR' => $getrelated3[$i]['author'],
282	'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate']))));	282	'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate']))));
@@ -326,11 +326,11 @@ function getPollOfTheWeek($id = -1)
326	$getpoll2 = mysql_query($getpoll);	326	$getpoll2 = mysql_query($getpoll);
327	$getpoll3 = mysql_fetch_array($getpoll2);	327	$getpoll3 = mysql_fetch_array($getpoll2);
328		328
329	$potw->add('QUESTION', $getpoll3['question']);	329	$potw->add('QUESTION', stripslashes(htmlentities($getpoll3['question'])));
330	$potw->add('OPTION1', $getpoll3['option1']);	330	$potw->add('OPTION1', stripslashes(htmlentities($getpoll3['option1'])));
331	$potw->add('OPTION2', $getpoll3['option2']);	331	$potw->add('OPTION2', stripslashes(htmlentities($getpoll3['option2'])));
332	$potw->add('OPTION3', $getpoll3['option3']);	332	$potw->add('OPTION3', stripslashes(htmlentities($getpoll3['option3'])));
333	$potw->add('OPTION4', $getpoll3['option4']);	333	$potw->add('OPTION4', stripslashes(htmlentities($getpoll3['option4'])));
334		334
335	$getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";	335	$getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
336	$getip2 = mysql_query($getip);	336	$getip2 = mysql_query($getip);