From 9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 Mon Sep 17 00:00:00 2001
From: Starla Insigna <hatkirby@fourisland.com>
Date: Fri, 2 Oct 2009 19:04:20 -0400
Subject: Fixed HTML Entites problem

When the poll escaping problem was fixed, a whole ton of other similar bugs were found which were also fixed here.

Fixes #115
---
 admin/editPost.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'admin/editPost.php')

diff --git a/admin/editPost.php b/admin/editPost.php
index b01d1e2..b87f895 100644
--- a/admin/editPost.php
+++ b/admin/editPost.php
@@ -201,13 +201,13 @@ if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id']))
 				$template->add('ACTION', '/admin/editPost.php?type=' . $type . '&amp;id=' . $id . '&amp;submit=');
 			}
 
-			$template->add('TITLEVALUE', $_POST['title']);
+			$template->add('TITLEVALUE', htmlentities($_POST['title']));
 			$template->add('TEXTVALUE', $_POST['text']);
 			$template->add('TAGSVALUE', $_POST['tags']);
 			$template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
 			if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"');
 		} else {
-			$template->add('TITLEVALUE', $getpost3['title']);
+			$template->add('TITLEVALUE', htmlentities($getpost3['title']));
 			$template->add('TEXTVALUE', $getpost3['text']);
 			$template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']])));
 			$template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"');
-- 
cgit 1.4.1