diff options
Diffstat (limited to 'pages/blog.php')
| -rwxr-xr-x | pages/blog.php | 16 |
1 files changed, 7 insertions, 9 deletions
| diff --git a/pages/blog.php b/pages/blog.php index e7163ce..72e96bf 100755 --- a/pages/blog.php +++ b/pages/blog.php | |||
| @@ -46,7 +46,7 @@ if (isset($_GET['post'])) | |||
| 46 | { | 46 | { |
| 47 | updatePop($getpost3['id'],'views'); | 47 | updatePop($getpost3['id'],'views'); |
| 48 | 48 | ||
| 49 | $title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive'; | 49 | $title = htmlspecialchars($getpost3['title']) . ' - Blog Archive'; |
| 50 | 50 | ||
| 51 | $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; | 51 | $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; |
| 52 | $getback2 = mysql_query($getback); | 52 | $getback2 = mysql_query($getback); |
| @@ -54,7 +54,7 @@ if (isset($_GET['post'])) | |||
| 54 | if (isset($getback3['title'])) | 54 | if (isset($getback3['title'])) |
| 55 | { | 55 | { |
| 56 | $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], | 56 | $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], |
| 57 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getback3['title']))))); | 57 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getback3['title'])))); |
| 58 | } | 58 | } |
| 59 | 59 | ||
| 60 | $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; | 60 | $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; |
| @@ -63,7 +63,7 @@ if (isset($_GET['post'])) | |||
| 63 | if (isset($getnext3['title'])) | 63 | if (isset($getnext3['title'])) |
| 64 | { | 64 | { |
| 65 | $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], | 65 | $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], |
| 66 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getnext3['title']))))); | 66 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getnext3['title'])))); |
| 67 | } | 67 | } |
| 68 | 68 | ||
| 69 | $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], | 69 | $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], |
| @@ -72,10 +72,10 @@ if (isset($_GET['post'])) | |||
| 72 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), | 72 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), |
| 73 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), | 73 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), |
| 74 | 'CODED' => $getpost3['slug'], | 74 | 'CODED' => $getpost3['slug'], |
| 75 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))), | 75 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])), |
| 76 | 'AUTHOR' => $getpost3['author'], | 76 | 'AUTHOR' => $getpost3['author'], |
| 77 | 'RATING' => $getpost3['rating'], | 77 | 'RATING' => $getpost3['rating'], |
| 78 | 'TEXT' => parseText(stripslashes($getpost3['text'])))); | 78 | 'TEXT' => parseText($getpost3['text']))); |
| 79 | 79 | ||
| 80 | $tags = getTags($getpost3['id']); | 80 | $tags = getTags($getpost3['id']); |
| 81 | foreach ($tags as $tag) | 81 | foreach ($tags as $tag) |
| @@ -121,8 +121,6 @@ if (isset($_GET['post'])) | |||
| 121 | 121 | ||
| 122 | $page_id = 'updates-' . $getpost3['id']; | 122 | $page_id = 'updates-' . $getpost3['id']; |
| 123 | include('includes/comments.php'); | 123 | include('includes/comments.php'); |
| 124 | |||
| 125 | displayRelated($getpost3['title'], $getpost3['id']); | ||
| 126 | } else { | 124 | } else { |
| 127 | generateError('404'); | 125 | generateError('404'); |
| 128 | } | 126 | } |
| @@ -171,12 +169,12 @@ if (isset($_GET['post'])) | |||
| 171 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), | 169 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), |
| 172 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), | 170 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), |
| 173 | 'CODED' => $getpost3['slug'], | 171 | 'CODED' => $getpost3['slug'], |
| 174 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))), | 172 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])), |
| 175 | 'AUTHOR' => $getpost3['author'], | 173 | 'AUTHOR' => $getpost3['author'], |
| 176 | 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), | 174 | 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), |
| 177 | 'COMMENTS' => $comText, | 175 | 'COMMENTS' => $comText, |
| 178 | 'RATING' => $getpost3['rating'], | 176 | 'RATING' => $getpost3['rating'], |
| 179 | 'TEXT' => parseText(stripslashes($getpost3['text'])))); | 177 | 'TEXT' => parseText($getpost3['text']))); |
| 180 | 178 | ||
| 181 | $tags = getTags($getpost3['id']); | 179 | $tags = getTags($getpost3['id']); |
| 182 | foreach ($tags as $tag) | 180 | foreach ($tags as $tag) |