summary refs log tree commit diff stats
path: root/pages
diff options
context:
space:
mode:
Diffstat (limited to 'pages')
-rwxr-xr-xpages/archive.php2
-rwxr-xr-xpages/blog.php16
-rwxr-xr-xpages/post.php4
-rwxr-xr-xpages/quotes.php4
-rwxr-xr-xpages/viewPost.php2
5 files changed, 13 insertions, 15 deletions
diff --git a/pages/archive.php b/pages/archive.php index 024d3b5..73d0162 100755 --- a/pages/archive.php +++ b/pages/archive.php
@@ -87,7 +87,7 @@ while ($getposts3[$i] = mysql_fetch_array($getposts2))
87 87
88 $template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])), 88 $template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])),
89 'CODED' => $getposts3[$i]['slug'], 89 'CODED' => $getposts3[$i]['slug'],
90 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getposts3[$i]['title']))))); 90 'TITLE' => doAprilFoolsDay(htmlspecialchars($getposts3[$i]['title']))));
91 $i++; 91 $i++;
92} 92}
93if ($i==0) 93if ($i==0)
diff --git a/pages/blog.php b/pages/blog.php index e7163ce..72e96bf 100755 --- a/pages/blog.php +++ b/pages/blog.php
@@ -46,7 +46,7 @@ if (isset($_GET['post']))
46 { 46 {
47 updatePop($getpost3['id'],'views'); 47 updatePop($getpost3['id'],'views');
48 48
49 $title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive'; 49 $title = htmlspecialchars($getpost3['title']) . ' - Blog Archive';
50 50
51 $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; 51 $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1";
52 $getback2 = mysql_query($getback); 52 $getback2 = mysql_query($getback);
@@ -54,7 +54,7 @@ if (isset($_GET['post']))
54 if (isset($getback3['title'])) 54 if (isset($getback3['title']))
55 { 55 {
56 $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], 56 $template->adds_block('BACK', array( 'CODED' => $getback3['slug'],
57 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getback3['title']))))); 57 'TITLE' => doAprilFoolsDay(htmlspecialchars($getback3['title']))));
58 } 58 }
59 59
60 $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; 60 $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1";
@@ -63,7 +63,7 @@ if (isset($_GET['post']))
63 if (isset($getnext3['title'])) 63 if (isset($getnext3['title']))
64 { 64 {
65 $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], 65 $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'],
66 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getnext3['title']))))); 66 'TITLE' => doAprilFoolsDay(htmlspecialchars($getnext3['title']))));
67 } 67 }
68 68
69 $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], 69 $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'],
@@ -72,10 +72,10 @@ if (isset($_GET['post']))
72 'MONTH' => date('M',strtotime($getpost3['pubDate'])), 72 'MONTH' => date('M',strtotime($getpost3['pubDate'])),
73 'DAY' => date('d',strtotime($getpost3['pubDate'])), 73 'DAY' => date('d',strtotime($getpost3['pubDate'])),
74 'CODED' => $getpost3['slug'], 74 'CODED' => $getpost3['slug'],
75 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))), 75 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])),
76 'AUTHOR' => $getpost3['author'], 76 'AUTHOR' => $getpost3['author'],
77 'RATING' => $getpost3['rating'], 77 'RATING' => $getpost3['rating'],
78 'TEXT' => parseText(stripslashes($getpost3['text'])))); 78 'TEXT' => parseText($getpost3['text'])));
79 79
80 $tags = getTags($getpost3['id']); 80 $tags = getTags($getpost3['id']);
81 foreach ($tags as $tag) 81 foreach ($tags as $tag)
@@ -121,8 +121,6 @@ if (isset($_GET['post']))
121 121
122 $page_id = 'updates-' . $getpost3['id']; 122 $page_id = 'updates-' . $getpost3['id'];
123 include('includes/comments.php'); 123 include('includes/comments.php');
124
125 displayRelated($getpost3['title'], $getpost3['id']);
126 } else { 124 } else {
127 generateError('404'); 125 generateError('404');
128 } 126 }
@@ -171,12 +169,12 @@ if (isset($_GET['post']))
171 'MONTH' => date('M',strtotime($getpost3['pubDate'])), 169 'MONTH' => date('M',strtotime($getpost3['pubDate'])),
172 'DAY' => date('d',strtotime($getpost3['pubDate'])), 170 'DAY' => date('d',strtotime($getpost3['pubDate'])),
173 'CODED' => $getpost3['slug'], 171 'CODED' => $getpost3['slug'],
174 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))), 172 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])),
175 'AUTHOR' => $getpost3['author'], 173 'AUTHOR' => $getpost3['author'],
176 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), 174 'PLURALCOMMENT' => (isset($plural) ? $plural : ''),
177 'COMMENTS' => $comText, 175 'COMMENTS' => $comText,
178 'RATING' => $getpost3['rating'], 176 'RATING' => $getpost3['rating'],
179 'TEXT' => parseText(stripslashes($getpost3['text'])))); 177 'TEXT' => parseText($getpost3['text'])));
180 178
181 $tags = getTags($getpost3['id']); 179 $tags = getTags($getpost3['id']);
182 foreach ($tags as $tag) 180 foreach ($tags as $tag)
diff --git a/pages/post.php b/pages/post.php index 3f728c8..a5435c9 100755 --- a/pages/post.php +++ b/pages/post.php
@@ -68,7 +68,7 @@ if (!isset($_POST['id']))
68 $template = new FITemplate('new-comment'); 68 $template = new FITemplate('new-comment');
69 $template->add('ID', $cid); 69 $template->add('ID', $cid);
70 $template->add('CODEDEMAIL', md5(strtolower($getanon3['email']))); 70 $template->add('CODEDEMAIL', md5(strtolower($getanon3['email'])));
71 $template->add('TEXT', stripslashes($_POST['comment'])); 71 $template->add('TEXT', $_POST['comment']);
72 $template->add('USERNAME', $getanon3['username']); 72 $template->add('USERNAME', $getanon3['username']);
73 $template->add('DATE', date("F jS Y \a\\t g:i:s a")); 73 $template->add('DATE', date("F jS Y \a\\t g:i:s a"));
74 $template->display(); 74 $template->display();
@@ -108,7 +108,7 @@ if (!isset($_POST['id']))
108 $template = new FITemplate('new-comment'); 108 $template = new FITemplate('new-comment');
109 $template->add('ID', $cid); 109 $template->add('ID', $cid);
110 $template->add('CODEDEMAIL', md5(strtolower($getuser3['user_email']))); 110 $template->add('CODEDEMAIL', md5(strtolower($getuser3['user_email'])));
111 $template->add('TEXT', stripslashes($_POST['comment'])); 111 $template->add('TEXT', $_POST['comment']);
112 $template->add('USERNAME', getSessionUsername()); 112 $template->add('USERNAME', getSessionUsername());
113 $template->add('DATE', date("F jS Y \a\\t g:i:s a")); 113 $template->add('DATE', date("F jS Y \a\\t g:i:s a"));
114 $template->display(); 114 $template->display();
diff --git a/pages/quotes.php b/pages/quotes.php index 3b00878..f47dbd3 100755 --- a/pages/quotes.php +++ b/pages/quotes.php
@@ -70,7 +70,7 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id'])))
70 $template = new FITemplate('quotes/add'); 70 $template = new FITemplate('quotes/add');
71 if (isset($_GET['submit'])) 71 if (isset($_GET['submit']))
72 { 72 {
73 $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars(stripslashes($_POST['rash_quote']))))); 73 $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote']))));
74 if (!isLoggedIn()) 74 if (!isLoggedIn())
75 { 75 {
76 $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; 76 $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")";
@@ -236,7 +236,7 @@ function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_l
236 $template->add_ref($curID,'QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'], 236 $template->add_ref($curID,'QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'],
237 'RATING' => $getquotes3[$i]['rating'], 237 'RATING' => $getquotes3[$i]['rating'],
238 'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''), 238 'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''),
239 'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlspecialchars(stripslashes($getquotes3[$i]['quote'])))), 239 'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlspecialchars($getquotes3[$i]['quote']))),
240 'COMMENTS' => $comments)); 240 'COMMENTS' => $comments));
241 241
242 if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($getquotes3[$i]['id'],$trackArr) === FALSE)) 242 if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($getquotes3[$i]['id'],$trackArr) === FALSE))
diff --git a/pages/viewPost.php b/pages/viewPost.php index 0d84df7..fa371cf 100755 --- a/pages/viewPost.php +++ b/pages/viewPost.php
@@ -44,7 +44,7 @@ if (!isAdmin())
44 'TITLE' => $getpost3['title'], 44 'TITLE' => $getpost3['title'],
45 'AUTHOR' => $getpost3['author'], 45 'AUTHOR' => $getpost3['author'],
46 'RATING' => $getpost3['rating'], 46 'RATING' => $getpost3['rating'],
47 'TEXT' => parseText(stripslashes($getpost3['text'])))); 47 'TEXT' => parseText($getpost3['text'])));
48 48
49 $tags = getTags($getpost3['id']); 49 $tags = getTags($getpost3['id']);
50 foreach ($tags as $tag) 50 foreach ($tags as $tag)