From 9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 Mon Sep 17 00:00:00 2001
From: Starla Insigna <hatkirby@fourisland.com>
Date: Fri, 2 Oct 2009 19:04:20 -0400
Subject: Fixed HTML Entites problem

When the poll escaping problem was fixed, a whole ton of other similar bugs were found which were also fixed here.

Fixes #115
---
 admin/drafts.php   |  2 +-
 admin/editLink.php |  4 ++--
 admin/editPoll.php | 30 +++++++++++++++---------------
 admin/editPost.php |  4 ++--
 admin/links.php    |  2 +-
 admin/newLink.php  |  2 +-
 admin/newPoll.php  | 19 +++++++++++++------
 admin/newPost.php  |  2 +-
 admin/pending.php  |  2 +-
 admin/polls.php    |  2 +-
 admin/posts.php    |  2 +-
 11 files changed, 39 insertions(+), 32 deletions(-)

(limited to 'admin')

diff --git a/admin/drafts.php b/admin/drafts.php
index 22d8a09..5f7be1a 100644
--- a/admin/drafts.php
+++ b/admin/drafts.php
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post)
 {
 	if (!empty($post))
 	{
-		$template->adds_block('POST', array(	'TITLE' => $post['title'],
+		$template->adds_block('POST', array(	'TITLE' => htmlentities($post['title']),
 							'AUTHOR' => $post['author'],
 							'ID' => $post['id'],
 							'CODED' => $post['slug'],
diff --git a/admin/editLink.php b/admin/editLink.php
index fe4fb66..f3ba9cc 100644
--- a/admin/editLink.php
+++ b/admin/editLink.php
@@ -74,10 +74,10 @@ if (isset($_GET['submit']))
 		$template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.'));
 	}
 
-	$template->add('TITLEVALUE', $_POST['title']);
+	$template->add('TITLEVALUE', htmlentities($_POST['title']));
 	$template->add('URLVALUE', $_POST['url']);
 } else {
-	$template->add('TITLEVALUE', $getlink3['title']);
+	$template->add('TITLEVALUE', htmlentities($getlink3['title']));
 	$template->add('URLVALUE', $getlink3['url']);
 }
 
diff --git a/admin/editPoll.php b/admin/editPoll.php
index 3a154a3..425f33c 100644
--- a/admin/editPoll.php
+++ b/admin/editPoll.php
@@ -81,21 +81,21 @@ if (isset($_GET['submit']))
 		$getpoll2 = mysql_query($getpoll);
 		$getpoll3 = mysql_fetch_array($getpoll2);
 
-		$template->add('QUESTIONVALUE', $_POST['question']);
-		$template->add('OPTION1VALUE', $_POST['option1']);
-		$template->add('OPTION2VALUE', $_POST['option2']);
-		$template->add('OPTION3VALUE', $_POST['option3']);
-		$template->add('OPTION4VALUE', $_POST['option4']);
+		$template->add('QUESTIONVALUE', htmlentities($_POST['question']));
+		$template->add('OPTION1VALUE', htmlentities($_POST['option1']));
+		$template->add('OPTION2VALUE', htmlentities($_POST['option2']));
+		$template->add('OPTION3VALUE', htmlentities($_POST['option3']));
+		$template->add('OPTION4VALUE', htmlentities($_POST['option4']));
 		$template->add('TEXTVALUE', $_POST['text']);
         } else {
 		$inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id'];
 		$inspoll2 = mysql_query($inspoll);
 
-		$template->add('QUESTIONVALUE', $_POST['question']);
-		$template->add('OPTION1VALUE', $_POST['option1']);
-		$template->add('OPTION2VALUE', $_POST['option2']);
-		$template->add('OPTION3VALUE', $_POST['option3']);
-		$template->add('OPTION4VALUE', $_POST['option4']);
+		$template->add('QUESTIONVALUE', htmlentities($_POST['question']));
+		$template->add('OPTION1VALUE', htmlentities($_POST['option1']));
+		$template->add('OPTION2VALUE', htmlentities($_POST['option2']));
+		$template->add('OPTION3VALUE', htmlentities($_POST['option3']));
+		$template->add('OPTION4VALUE', htmlentities($_POST['option4']));
 		$template->add('TEXTVALUE', $_POST['text']);
 
 		$template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. <a href="/poll/' . $_GET['id'] . '.php">View poll</a>.'));
@@ -105,11 +105,11 @@ if (isset($_GET['submit']))
 	$getpoll2 = mysql_query($getpoll);
 	$getpoll3 = mysql_fetch_array($getpoll2);
 
-	$template->add('QUESTIONVALUE', $getpoll3['question']);
-	$template->add('OPTION1VALUE', $getpoll3['option1']);
-	$template->add('OPTION2VALUE', $getpoll3['option2']);
-	$template->add('OPTION3VALUE', $getpoll3['option3']);
-	$template->add('OPTION4VALUE', $getpoll3['option4']);
+	$template->add('QUESTIONVALUE', htmlentities($getpoll3['question']));
+	$template->add('OPTION1VALUE', htmlentities($getpoll3['option1']));
+	$template->add('OPTION2VALUE', htmlentities($getpoll3['option2']));
+	$template->add('OPTION3VALUE', htmlentities($getpoll3['option3']));
+	$template->add('OPTION4VALUE', htmlentities($getpoll3['option4']));
 	$template->add('TEXTVALUE', $getpoll3['text']);
 }
 
diff --git a/admin/editPost.php b/admin/editPost.php
index b01d1e2..b87f895 100644
--- a/admin/editPost.php
+++ b/admin/editPost.php
@@ -201,13 +201,13 @@ if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id']))
 				$template->add('ACTION', '/admin/editPost.php?type=' . $type . '&amp;id=' . $id . '&amp;submit=');
 			}
 
-			$template->add('TITLEVALUE', $_POST['title']);
+			$template->add('TITLEVALUE', htmlentities($_POST['title']));
 			$template->add('TEXTVALUE', $_POST['text']);
 			$template->add('TAGSVALUE', $_POST['tags']);
 			$template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
 			if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"');
 		} else {
-			$template->add('TITLEVALUE', $getpost3['title']);
+			$template->add('TITLEVALUE', htmlentities($getpost3['title']));
 			$template->add('TEXTVALUE', $getpost3['text']);
 			$template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']])));
 			$template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"');
diff --git a/admin/links.php b/admin/links.php
index d1ab878..fc1c813 100644
--- a/admin/links.php
+++ b/admin/links.php
@@ -97,7 +97,7 @@ foreach ($pager->getPageData() as $link)
 {
 	if (!empty($link))
 	{
-		$template->adds_block('LINK', array(	'TITLE' => $link['title'],
+		$template->adds_block('LINK', array(	'TITLE' => htmlentities($link['title']),
 							'URL' => $link['url'],
 							'ID' => $link['id'],
 							'ODD' => ($j % 2 ? '' : ' class="odd"')));
diff --git a/admin/newLink.php b/admin/newLink.php
index 3f6b42c..90313bd 100644
--- a/admin/newLink.php
+++ b/admin/newLink.php
@@ -80,7 +80,7 @@ if (isset($_GET['submit']))
 		$template->add('TYPEDISABLED', ' readonly="readonly"');
 	}
 
-	$template->add('TITLEVALUE', $_POST['title']);
+	$template->add('TITLEVALUE', htmlentities($_POST['title']));
 	$template->add('URLVALUE', $_POST['url']);
 	$template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
 } else {
diff --git a/admin/newPoll.php b/admin/newPoll.php
index c924cd9..d105f45 100644
--- a/admin/newPoll.php
+++ b/admin/newPoll.php
@@ -77,6 +77,13 @@ if (isset($_GET['submit']))
 
 		$template->add('TITLE', 'New Poll');
 		$template->add('ACTION', '/admin/newPoll.php?submit=');
+
+		$template->add('QUESTIONVALUE', htmlentities($_POST['question']));
+		$template->add('OPTION1VALUE', htmlentities($_POST['option1']));
+		$template->add('OPTION2VALUE', htmlentities($_POST['option2']));
+		$template->add('OPTION3VALUE', htmlentities($_POST['option3']));
+		$template->add('OPTION4VALUE', htmlentities($_POST['option4']));
+		$template->add('TEXTVALUE', htmlentities($_POST['text']));
         } else {
 		$inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4,text) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . mysql_real_escape_string($_POST['option1']) . "\",\"" . mysql_real_escape_string($_POST['option2']) . "\",\"" . mysql_real_escape_string($_POST['option3']) . "\",\"" . mysql_real_escape_string($_POST['option4']) . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")";
 		$inspoll2 = mysql_query($inspoll);
@@ -86,12 +93,12 @@ if (isset($_GET['submit']))
 		$cleardid = "TRUNCATE TABLE didpollalready";
 		$cleardid2 = mysql_query($cleardid);
 
-		$template->add('QUESTIONVALUE', $_POST['question']);
-		$template->add('OPTION1VALUE', $_POST['option1']);
-		$template->add('OPTION2VALUE', $_POST['option2']);
-		$template->add('OPTION3VALUE', $_POST['option3']);
-		$template->add('OPTION4VALUE', $_POST['option4']);
-		$template->add('TEXTVALUE', $_POST['text']);
+		$template->add('QUESTIONVALUE', htmlentities($_POST['question']));
+		$template->add('OPTION1VALUE', htmlentities($_POST['option1']));
+		$template->add('OPTION2VALUE', htmlentities($_POST['option2']));
+		$template->add('OPTION3VALUE', htmlentities($_POST['option3']));
+		$template->add('OPTION4VALUE', htmlentities($_POST['option4']));
+		$template->add('TEXTVALUE', htmlentities($_POST['text']));
 
 		$template->add('TITLE', 'Edit Poll');
 		$template->add('ACTION', '/admin/editPoll.php?id=' . $id . '&amp;submit=');
diff --git a/admin/newPost.php b/admin/newPost.php
index eb6b4e0..32e7aa2 100644
--- a/admin/newPost.php
+++ b/admin/newPost.php
@@ -145,7 +145,7 @@ if (isset($_GET['submit']))
 		if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"');
 	}
 
-	$template->add('TITLEVALUE', $_POST['title']);
+	$template->add('TITLEVALUE', htmlentities($_POST['title']));
 	$template->add('TEXTVALUE', $_POST['text']);
 	$template->add('TAGSVALUE', $_POST['tags']);
 	$template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
diff --git a/admin/pending.php b/admin/pending.php
index 407cd35..6f1cfaf 100644
--- a/admin/pending.php
+++ b/admin/pending.php
@@ -148,7 +148,7 @@ foreach ($pager->getPageData() as $post)
 {
 	if (!empty($post))
 	{
-		$template->add_ref($j, 'POST', array(	'TITLE' => $post['title'],
+		$template->add_ref($j, 'POST', array(	'TITLE' => htmlentities($post['title']),
 							'AUTHOR' => $post['author'],
 							'ID' => $post['id'],
 							'CODED' => $post['slug'],
diff --git a/admin/polls.php b/admin/polls.php
index 8e1465c..e4239fa 100644
--- a/admin/polls.php
+++ b/admin/polls.php
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post)
 {
 	if (!empty($post))
 	{
-		$template->adds_block('POST', array(	'TITLE' => $post['question'],
+		$template->adds_block('POST', array(	'TITLE' => htmlentities($post['question']),
 							'ID' => $post['id'],
 							'ODD' => ($j % 2 ? '' : ' class="odd"')));
 	}
diff --git a/admin/posts.php b/admin/posts.php
index 605db30..d2e34c5 100644
--- a/admin/posts.php
+++ b/admin/posts.php
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post)
 {
 	if (!empty($post))
 	{
-		$template->adds_block('POST', array(	'TITLE' => $post['title'],
+		$template->adds_block('POST', array(	'TITLE' => htmlentities($post['title']),
 							'AUTHOR' => $post['author'],
 							'ID' => $post['id'],
 							'CODED' => $post['slug'],
-- 
cgit 1.4.1