diff options
Diffstat (limited to 'pages/blog.php')
| -rwxr-xr-x | pages/blog.php | 10 |
1 files changed, 5 insertions, 5 deletions
| diff --git a/pages/blog.php b/pages/blog.php index c9781ee..550b027 100755 --- a/pages/blog.php +++ b/pages/blog.php | |||
| @@ -43,7 +43,7 @@ if (isset($_GET['post'])) | |||
| 43 | { | 43 | { |
| 44 | updatePop($getpost3['id'],'views'); | 44 | updatePop($getpost3['id'],'views'); |
| 45 | 45 | ||
| 46 | $title = stripslashes($getpost3['title']) . ' - Blog Archive'; | 46 | $title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive'; |
| 47 | 47 | ||
| 48 | $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; | 48 | $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; |
| 49 | $getback2 = mysql_query($getback); | 49 | $getback2 = mysql_query($getback); |
| @@ -51,7 +51,7 @@ if (isset($_GET['post'])) | |||
| 51 | if (isset($getback3['title'])) | 51 | if (isset($getback3['title'])) |
| 52 | { | 52 | { |
| 53 | $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], | 53 | $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], |
| 54 | 'TITLE' => $getback3['title'])); | 54 | 'TITLE' => htmlentities($getback3['title']))); |
| 55 | } | 55 | } |
| 56 | 56 | ||
| 57 | $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; | 57 | $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; |
| @@ -60,7 +60,7 @@ if (isset($_GET['post'])) | |||
| 60 | if (isset($getnext3['title'])) | 60 | if (isset($getnext3['title'])) |
| 61 | { | 61 | { |
| 62 | $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], | 62 | $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], |
| 63 | 'TITLE' => $getnext3['title'])); | 63 | 'TITLE' => htmlentities($getnext3['title']))); |
| 64 | } | 64 | } |
| 65 | 65 | ||
| 66 | $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], | 66 | $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], |
| @@ -69,7 +69,7 @@ if (isset($_GET['post'])) | |||
| 69 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), | 69 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), |
| 70 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), | 70 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), |
| 71 | 'CODED' => $getpost3['slug'], | 71 | 'CODED' => $getpost3['slug'], |
| 72 | 'TITLE' => $getpost3['title'], | 72 | 'TITLE' => htmlentities($getpost3['title']), |
| 73 | 'AUTHOR' => $getpost3['author'], | 73 | 'AUTHOR' => $getpost3['author'], |
| 74 | 'RATING' => $getpost3['rating'], | 74 | 'RATING' => $getpost3['rating'], |
| 75 | 'TEXT' => parseText($getpost3['text']))); | 75 | 'TEXT' => parseText($getpost3['text']))); |
| @@ -189,7 +189,7 @@ if (isset($_GET['post'])) | |||
| 189 | 189 | ||
| 190 | $template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])), | 190 | $template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])), |
| 191 | 'CODED' => $getposts3[$i]['slug'], | 191 | 'CODED' => $getposts3[$i]['slug'], |
| 192 | 'TITLE' => $getposts3[$i]['title'])); | 192 | 'TITLE' => htmlentities($getposts3[$i]['title']))); |
| 193 | $i++; | 193 | $i++; |
| 194 | } | 194 | } |
| 195 | if ($i==0) | 195 | if ($i==0) |