diff options
Diffstat (limited to 'pages')
-rwxr-xr-x | pages/blog.php | 4 | ||||
-rwxr-xr-x | pages/poll.php | 14 | ||||
-rwxr-xr-x | pages/quotes.php | 2 | ||||
-rwxr-xr-x | pages/welcome.php | 4 |
4 files changed, 12 insertions, 12 deletions
diff --git a/pages/blog.php b/pages/blog.php index 28fa759..31978f2 100755 --- a/pages/blog.php +++ b/pages/blog.php | |||
@@ -67,10 +67,10 @@ if (isset($_GET['post'])) | |||
67 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), | 67 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), |
68 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), | 68 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), |
69 | 'CODED' => $getpost3['slug'], | 69 | 'CODED' => $getpost3['slug'], |
70 | 'TITLE' => htmlentities($getpost3['title']), | 70 | 'TITLE' => htmlentities(stripslashes($getpost3['title'])), |
71 | 'AUTHOR' => $getpost3['author'], | 71 | 'AUTHOR' => $getpost3['author'], |
72 | 'RATING' => $getpost3['rating'], | 72 | 'RATING' => $getpost3['rating'], |
73 | 'TEXT' => parseText($getpost3['text']))); | 73 | 'TEXT' => parseText(stripslashes($getpost3['text'])))); |
74 | 74 | ||
75 | $tags = getTags($getpost3['id']); | 75 | $tags = getTags($getpost3['id']); |
76 | foreach ($tags as $tag) | 76 | foreach ($tags as $tag) |
diff --git a/pages/poll.php b/pages/poll.php index a9ab19f..3099e32 100755 --- a/pages/poll.php +++ b/pages/poll.php | |||
@@ -53,7 +53,7 @@ if (!isset($_GET['id'])) | |||
53 | $question .= '....'; | 53 | $question .= '....'; |
54 | } | 54 | } |
55 | $template->adds_block('POLL', array( 'ID' => $getpolls3[$i]['id'], | 55 | $template->adds_block('POLL', array( 'ID' => $getpolls3[$i]['id'], |
56 | 'QUESTION' => htmlentities($question), | 56 | 'QUESTION' => htmlentities(stripslashes($question)), |
57 | 'WEEK' => date('F jS Y', strtotime($getpolls3[$i]['week'])), | 57 | 'WEEK' => date('F jS Y', strtotime($getpolls3[$i]['week'])), |
58 | 'EVEN' => (($i % 2 == 1) ? ' class="even"' : ''))); | 58 | 'EVEN' => (($i % 2 == 1) ? ' class="even"' : ''))); |
59 | $i++; | 59 | $i++; |
@@ -90,17 +90,17 @@ if (!isset($_GET['id'])) | |||
90 | 90 | ||
91 | if ($getpoll3['id'] == $_GET['id']) | 91 | if ($getpoll3['id'] == $_GET['id']) |
92 | { | 92 | { |
93 | $template->add('QUESTION', htmlentities($getpoll3['question'])); | 93 | $template->add('QUESTION', htmlentities(stripslashes($getpoll3['question']))); |
94 | 94 | ||
95 | if ($getpoll3['text'] != '') | 95 | if ($getpoll3['text'] != '') |
96 | { | 96 | { |
97 | $template->adds_block('COMPLETE', array( 'RSS' => parseText($getpoll3['text']), | 97 | $template->adds_block('COMPLETE', array( 'RSS' => parseText(stripslashes($getpoll3['text'])), |
98 | 'AUTHOR' => $getrss3['author'], | 98 | 'AUTHOR' => $getrss3['author'], |
99 | 'DATE' => date("F jS Y \a\\t g:i:s a",strtotime($getpoll3['week'])), | 99 | 'DATE' => date("F jS Y \a\\t g:i:s a",strtotime($getpoll3['week'])), |
100 | 'OPTION1' => $getpoll3['option1'], | 100 | 'OPTION1' => stripslashes($getpoll3['option1']), |
101 | 'OPTION2' => $getpoll3['option2'], | 101 | 'OPTION2' => stripslashes($getpoll3['option2']), |
102 | 'OPTION3' => $getpoll3['option3'], | 102 | 'OPTION3' => stripslashes($getpoll3['option3']), |
103 | 'OPTION4' => $getpoll3['option4'], | 103 | 'OPTION4' => stripslashes($getpoll3['option4']), |
104 | 'CLICKS1' => $getpoll3['clicks1'], | 104 | 'CLICKS1' => $getpoll3['clicks1'], |
105 | 'CLICKS2' => $getpoll3['clicks2'], | 105 | 'CLICKS2' => $getpoll3['clicks2'], |
106 | 'CLICKS3' => $getpoll3['clicks3'], | 106 | 'CLICKS3' => $getpoll3['clicks3'], |
diff --git a/pages/quotes.php b/pages/quotes.php index 8c6958d..17057c2 100755 --- a/pages/quotes.php +++ b/pages/quotes.php | |||
@@ -70,7 +70,7 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id']))) | |||
70 | $template = new FITemplate('quotes/add'); | 70 | $template = new FITemplate('quotes/add'); |
71 | if (isset($_GET['submit'])) | 71 | if (isset($_GET['submit'])) |
72 | { | 72 | { |
73 | $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlentities($_POST['rash_quote'])))); | 73 | $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlentities(stripslashes($_POST['rash_quote']))))); |
74 | if (!isLoggedIn()) | 74 | if (!isLoggedIn()) |
75 | { | 75 | { |
76 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; | 76 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; |
diff --git a/pages/welcome.php b/pages/welcome.php index 833af8a..819420b 100755 --- a/pages/welcome.php +++ b/pages/welcome.php | |||
@@ -77,12 +77,12 @@ while ($getpost3 = mysql_fetch_array($getpost2)) | |||
77 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), | 77 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), |
78 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), | 78 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), |
79 | 'CODED' => $getpost3['slug'], | 79 | 'CODED' => $getpost3['slug'], |
80 | 'TITLE' => htmlentities($getpost3['title']), | 80 | 'TITLE' => htmlentities(stripslashes($getpost3['title'])), |
81 | 'AUTHOR' => $getpost3['author'], | 81 | 'AUTHOR' => $getpost3['author'], |
82 | 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), | 82 | 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), |
83 | 'COMMENTS' => $comText, | 83 | 'COMMENTS' => $comText, |
84 | 'RATING' => $getpost3['rating'], | 84 | 'RATING' => $getpost3['rating'], |
85 | 'TEXT' => parseText($getpost3['text']))); | 85 | 'TEXT' => parseText(stripslashes($getpost3['text'])))); |
86 | 86 | ||
87 | $tags = getTags($getpost3['id']); | 87 | $tags = getTags($getpost3['id']); |
88 | foreach ($tags as $tag) | 88 | foreach ($tags as $tag) |