From 9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 Mon Sep 17 00:00:00 2001 From: Starla Insigna Date: Fri, 2 Oct 2009 19:04:20 -0400 Subject: Fixed HTML Entites problem When the poll escaping problem was fixed, a whole ton of other similar bugs were found which were also fixed here. Fixes #115 --- admin/drafts.php | 2 +- admin/editLink.php | 4 ++-- admin/editPoll.php | 30 +++++++++++++++--------------- admin/editPost.php | 4 ++-- admin/links.php | 2 +- admin/newLink.php | 2 +- admin/newPoll.php | 19 +++++++++++++------ admin/newPost.php | 2 +- admin/pending.php | 2 +- admin/polls.php | 2 +- admin/posts.php | 2 +- includes/footer.php | 8 ++++---- includes/functions.php | 12 ++++++------ includes/header.php | 4 ++-- pages/blog.php | 10 +++++----- pages/poll.php | 4 ++-- pages/welcome.php | 2 +- 17 files changed, 59 insertions(+), 52 deletions(-) diff --git a/admin/drafts.php b/admin/drafts.php index 22d8a09..5f7be1a 100644 --- a/admin/drafts.php +++ b/admin/drafts.php @@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) { if (!empty($post)) { - $template->adds_block('POST', array( 'TITLE' => $post['title'], + $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), 'AUTHOR' => $post['author'], 'ID' => $post['id'], 'CODED' => $post['slug'], diff --git a/admin/editLink.php b/admin/editLink.php index fe4fb66..f3ba9cc 100644 --- a/admin/editLink.php +++ b/admin/editLink.php @@ -74,10 +74,10 @@ if (isset($_GET['submit'])) $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.')); } - $template->add('TITLEVALUE', $_POST['title']); + $template->add('TITLEVALUE', htmlentities($_POST['title'])); $template->add('URLVALUE', $_POST['url']); } else { - $template->add('TITLEVALUE', $getlink3['title']); + $template->add('TITLEVALUE', htmlentities($getlink3['title'])); $template->add('URLVALUE', $getlink3['url']); } diff --git a/admin/editPoll.php b/admin/editPoll.php index 3a154a3..425f33c 100644 --- a/admin/editPoll.php +++ b/admin/editPoll.php @@ -81,21 +81,21 @@ if (isset($_GET['submit'])) $getpoll2 = mysql_query($getpoll); $getpoll3 = mysql_fetch_array($getpoll2); - $template->add('QUESTIONVALUE', $_POST['question']); - $template->add('OPTION1VALUE', $_POST['option1']); - $template->add('OPTION2VALUE', $_POST['option2']); - $template->add('OPTION3VALUE', $_POST['option3']); - $template->add('OPTION4VALUE', $_POST['option4']); + $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); + $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); + $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); + $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); + $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); $template->add('TEXTVALUE', $_POST['text']); } else { $inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; $inspoll2 = mysql_query($inspoll); - $template->add('QUESTIONVALUE', $_POST['question']); - $template->add('OPTION1VALUE', $_POST['option1']); - $template->add('OPTION2VALUE', $_POST['option2']); - $template->add('OPTION3VALUE', $_POST['option3']); - $template->add('OPTION4VALUE', $_POST['option4']); + $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); + $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); + $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); + $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); + $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); $template->add('TEXTVALUE', $_POST['text']); $template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. View poll.')); @@ -105,11 +105,11 @@ if (isset($_GET['submit'])) $getpoll2 = mysql_query($getpoll); $getpoll3 = mysql_fetch_array($getpoll2); - $template->add('QUESTIONVALUE', $getpoll3['question']); - $template->add('OPTION1VALUE', $getpoll3['option1']); - $template->add('OPTION2VALUE', $getpoll3['option2']); - $template->add('OPTION3VALUE', $getpoll3['option3']); - $template->add('OPTION4VALUE', $getpoll3['option4']); + $template->add('QUESTIONVALUE', htmlentities($getpoll3['question'])); + $template->add('OPTION1VALUE', htmlentities($getpoll3['option1'])); + $template->add('OPTION2VALUE', htmlentities($getpoll3['option2'])); + $template->add('OPTION3VALUE', htmlentities($getpoll3['option3'])); + $template->add('OPTION4VALUE', htmlentities($getpoll3['option4'])); $template->add('TEXTVALUE', $getpoll3['text']); } diff --git a/admin/editPost.php b/admin/editPost.php index b01d1e2..b87f895 100644 --- a/admin/editPost.php +++ b/admin/editPost.php @@ -201,13 +201,13 @@ if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id'])) $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit='); } - $template->add('TITLEVALUE', $_POST['title']); + $template->add('TITLEVALUE', htmlentities($_POST['title'])); $template->add('TEXTVALUE', $_POST['text']); $template->add('TAGSVALUE', $_POST['tags']); $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); } else { - $template->add('TITLEVALUE', $getpost3['title']); + $template->add('TITLEVALUE', htmlentities($getpost3['title'])); $template->add('TEXTVALUE', $getpost3['text']); $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); diff --git a/admin/links.php b/admin/links.php index d1ab878..fc1c813 100644 --- a/admin/links.php +++ b/admin/links.php @@ -97,7 +97,7 @@ foreach ($pager->getPageData() as $link) { if (!empty($link)) { - $template->adds_block('LINK', array( 'TITLE' => $link['title'], + $template->adds_block('LINK', array( 'TITLE' => htmlentities($link['title']), 'URL' => $link['url'], 'ID' => $link['id'], 'ODD' => ($j % 2 ? '' : ' class="odd"'))); diff --git a/admin/newLink.php b/admin/newLink.php index 3f6b42c..90313bd 100644 --- a/admin/newLink.php +++ b/admin/newLink.php @@ -80,7 +80,7 @@ if (isset($_GET['submit'])) $template->add('TYPEDISABLED', ' readonly="readonly"'); } - $template->add('TITLEVALUE', $_POST['title']); + $template->add('TITLEVALUE', htmlentities($_POST['title'])); $template->add('URLVALUE', $_POST['url']); $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); } else { diff --git a/admin/newPoll.php b/admin/newPoll.php index c924cd9..d105f45 100644 --- a/admin/newPoll.php +++ b/admin/newPoll.php @@ -77,6 +77,13 @@ if (isset($_GET['submit'])) $template->add('TITLE', 'New Poll'); $template->add('ACTION', '/admin/newPoll.php?submit='); + + $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); + $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); + $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); + $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); + $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); + $template->add('TEXTVALUE', htmlentities($_POST['text'])); } else { $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4,text) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . mysql_real_escape_string($_POST['option1']) . "\",\"" . mysql_real_escape_string($_POST['option2']) . "\",\"" . mysql_real_escape_string($_POST['option3']) . "\",\"" . mysql_real_escape_string($_POST['option4']) . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; $inspoll2 = mysql_query($inspoll); @@ -86,12 +93,12 @@ if (isset($_GET['submit'])) $cleardid = "TRUNCATE TABLE didpollalready"; $cleardid2 = mysql_query($cleardid); - $template->add('QUESTIONVALUE', $_POST['question']); - $template->add('OPTION1VALUE', $_POST['option1']); - $template->add('OPTION2VALUE', $_POST['option2']); - $template->add('OPTION3VALUE', $_POST['option3']); - $template->add('OPTION4VALUE', $_POST['option4']); - $template->add('TEXTVALUE', $_POST['text']); + $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); + $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); + $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); + $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); + $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); + $template->add('TEXTVALUE', htmlentities($_POST['text'])); $template->add('TITLE', 'Edit Poll'); $template->add('ACTION', '/admin/editPoll.php?id=' . $id . '&submit='); diff --git a/admin/newPost.php b/admin/newPost.php index eb6b4e0..32e7aa2 100644 --- a/admin/newPost.php +++ b/admin/newPost.php @@ -145,7 +145,7 @@ if (isset($_GET['submit'])) if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); } - $template->add('TITLEVALUE', $_POST['title']); + $template->add('TITLEVALUE', htmlentities($_POST['title'])); $template->add('TEXTVALUE', $_POST['text']); $template->add('TAGSVALUE', $_POST['tags']); $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); diff --git a/admin/pending.php b/admin/pending.php index 407cd35..6f1cfaf 100644 --- a/admin/pending.php +++ b/admin/pending.php @@ -148,7 +148,7 @@ foreach ($pager->getPageData() as $post) { if (!empty($post)) { - $template->add_ref($j, 'POST', array( 'TITLE' => $post['title'], + $template->add_ref($j, 'POST', array( 'TITLE' => htmlentities($post['title']), 'AUTHOR' => $post['author'], 'ID' => $post['id'], 'CODED' => $post['slug'], diff --git a/admin/polls.php b/admin/polls.php index 8e1465c..e4239fa 100644 --- a/admin/polls.php +++ b/admin/polls.php @@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) { if (!empty($post)) { - $template->adds_block('POST', array( 'TITLE' => $post['question'], + $template->adds_block('POST', array( 'TITLE' => htmlentities($post['question']), 'ID' => $post['id'], 'ODD' => ($j % 2 ? '' : ' class="odd"'))); } diff --git a/admin/posts.php b/admin/posts.php index 605db30..d2e34c5 100644 --- a/admin/posts.php +++ b/admin/posts.php @@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) { if (!empty($post)) { - $template->adds_block('POST', array( 'TITLE' => $post['title'], + $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), 'AUTHOR' => $post['author'], 'ID' => $post['id'], 'CODED' => $post['slug'], diff --git a/includes/footer.php b/includes/footer.php index 19cc341..d1f9668 100755 --- a/includes/footer.php +++ b/includes/footer.php @@ -1,4 +1,4 @@ - 'blog', 'CODED' => $getpost3['slug'], 'ENDING' => '/', - 'TITLE' => stripslashes($getpost3['title']), + 'TITLE' => stripslashes(htmlentities($getpost3['title'])), 'AUTHOR' => (($website != '') ? '' . $username . '' : $username))); $i++; } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) @@ -89,7 +89,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) 'AREA' => 'poll', 'CODED' => $getpotw3['id'], 'ENDING' => '.php', - 'TITLE' => 'Poll "' . $getpotw3['question'] . '"', + 'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"', 'AUTHOR' => (($website != '') ? '' . $username . '' : $username))); $i++; } @@ -169,7 +169,7 @@ $i=0; while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) { $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], - 'TITLE' => stripslashes($getpopular3[$i]['title']))); + 'TITLE' => stripslashes(htmlentities($getpopular3[$i]['title'])))); $i++; } diff --git a/includes/functions.php b/includes/functions.php index ce7a03e..1ff5c41 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -276,7 +276,7 @@ function displayRelated($title, $avoid = 0) $template = new FITemplate('related'); } - $template->adds_block('POST', array( 'TITLE' => $getrelated3[$i]['title'], + $template->adds_block('POST', array( 'TITLE' => htmlentities($getrelated3[$i]['title']), 'CODED' => $getrelated3[$i]['slug'], 'AUTHOR' => $getrelated3[$i]['author'], 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate'])))); @@ -326,11 +326,11 @@ function getPollOfTheWeek($id = -1) $getpoll2 = mysql_query($getpoll); $getpoll3 = mysql_fetch_array($getpoll2); - $potw->add('QUESTION', $getpoll3['question']); - $potw->add('OPTION1', $getpoll3['option1']); - $potw->add('OPTION2', $getpoll3['option2']); - $potw->add('OPTION3', $getpoll3['option3']); - $potw->add('OPTION4', $getpoll3['option4']); + $potw->add('QUESTION', stripslashes(htmlentities($getpoll3['question']))); + $potw->add('OPTION1', stripslashes(htmlentities($getpoll3['option1']))); + $potw->add('OPTION2', stripslashes(htmlentities($getpoll3['option2']))); + $potw->add('OPTION3', stripslashes(htmlentities($getpoll3['option3']))); + $potw->add('OPTION4', stripslashes(htmlentities($getpoll3['option4']))); $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; $getip2 = mysql_query($getip); diff --git a/includes/header.php b/includes/header.php index 3a8edff..003e002 100755 --- a/includes/header.php +++ b/includes/header.php @@ -77,7 +77,7 @@ $i=0; while ($getaffs3 = mysql_fetch_array($getaffs2)) { $headerTemp->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), - 'TITLE' => $getaffs3['title'], + 'TITLE' => htmlentities($getaffs3['title']), 'URL' => $getaffs3['url'])); } @@ -87,7 +87,7 @@ $i=0; while ($getwebps3 = mysql_fetch_array($getwebps2)) { $headerTemp->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), - 'TITLE' => $getwebps3['title'], + 'TITLE' => htmlentities($getwebps3['title']), 'URL' => $getwebps3['url'])); } diff --git a/pages/blog.php b/pages/blog.php index c9781ee..550b027 100755 --- a/pages/blog.php +++ b/pages/blog.php @@ -43,7 +43,7 @@ if (isset($_GET['post'])) { updatePop($getpost3['id'],'views'); - $title = stripslashes($getpost3['title']) . ' - Blog Archive'; + $title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive'; $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; $getback2 = mysql_query($getback); @@ -51,7 +51,7 @@ if (isset($_GET['post'])) if (isset($getback3['title'])) { $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], - 'TITLE' => $getback3['title'])); + 'TITLE' => htmlentities($getback3['title']))); } $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; @@ -60,7 +60,7 @@ if (isset($_GET['post'])) if (isset($getnext3['title'])) { $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], - 'TITLE' => $getnext3['title'])); + 'TITLE' => htmlentities($getnext3['title']))); } $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], @@ -69,7 +69,7 @@ if (isset($_GET['post'])) 'MONTH' => date('M',strtotime($getpost3['pubDate'])), 'DAY' => date('d',strtotime($getpost3['pubDate'])), 'CODED' => $getpost3['slug'], - 'TITLE' => $getpost3['title'], + 'TITLE' => htmlentities($getpost3['title']), 'AUTHOR' => $getpost3['author'], 'RATING' => $getpost3['rating'], 'TEXT' => parseText($getpost3['text']))); @@ -189,7 +189,7 @@ if (isset($_GET['post'])) $template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])), 'CODED' => $getposts3[$i]['slug'], - 'TITLE' => $getposts3[$i]['title'])); + 'TITLE' => htmlentities($getposts3[$i]['title']))); $i++; } if ($i==0) diff --git a/pages/poll.php b/pages/poll.php index 6a87207..a9ab19f 100755 --- a/pages/poll.php +++ b/pages/poll.php @@ -53,7 +53,7 @@ if (!isset($_GET['id'])) $question .= '....'; } $template->adds_block('POLL', array( 'ID' => $getpolls3[$i]['id'], - 'QUESTION' => $question, + 'QUESTION' => htmlentities($question), 'WEEK' => date('F jS Y', strtotime($getpolls3[$i]['week'])), 'EVEN' => (($i % 2 == 1) ? ' class="even"' : ''))); $i++; @@ -90,7 +90,7 @@ if (!isset($_GET['id'])) if ($getpoll3['id'] == $_GET['id']) { - $template->add('QUESTION', $getpoll3['question']); + $template->add('QUESTION', htmlentities($getpoll3['question'])); if ($getpoll3['text'] != '') { diff --git a/pages/welcome.php b/pages/welcome.php index 26f9938..5bd710c 100755 --- a/pages/welcome.php +++ b/pages/welcome.php @@ -74,7 +74,7 @@ while ($getpost3 = mysql_fetch_array($getpost2)) 'MONTH' => date('M',strtotime($getpost3['pubDate'])), 'DAY' => date('d',strtotime($getpost3['pubDate'])), 'CODED' => $getpost3['slug'], - 'TITLE' => $getpost3['title'], + 'TITLE' => htmlentities($getpost3['title']), 'AUTHOR' => $getpost3['author'], 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), 'COMMENTS' => $comText, -- cgit 1.4.1