From 9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 Mon Sep 17 00:00:00 2001 From: Starla Insigna Date: Fri, 2 Oct 2009 19:04:20 -0400 Subject: Fixed HTML Entites problem When the poll escaping problem was fixed, a whole ton of other similar bugs were found which were also fixed here. Fixes #115 --- includes/functions.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'includes/functions.php') diff --git a/includes/functions.php b/includes/functions.php index ce7a03e..1ff5c41 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -276,7 +276,7 @@ function displayRelated($title, $avoid = 0) $template = new FITemplate('related'); } - $template->adds_block('POST', array( 'TITLE' => $getrelated3[$i]['title'], + $template->adds_block('POST', array( 'TITLE' => htmlentities($getrelated3[$i]['title']), 'CODED' => $getrelated3[$i]['slug'], 'AUTHOR' => $getrelated3[$i]['author'], 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate'])))); @@ -326,11 +326,11 @@ function getPollOfTheWeek($id = -1) $getpoll2 = mysql_query($getpoll); $getpoll3 = mysql_fetch_array($getpoll2); - $potw->add('QUESTION', $getpoll3['question']); - $potw->add('OPTION1', $getpoll3['option1']); - $potw->add('OPTION2', $getpoll3['option2']); - $potw->add('OPTION3', $getpoll3['option3']); - $potw->add('OPTION4', $getpoll3['option4']); + $potw->add('QUESTION', stripslashes(htmlentities($getpoll3['question']))); + $potw->add('OPTION1', stripslashes(htmlentities($getpoll3['option1']))); + $potw->add('OPTION2', stripslashes(htmlentities($getpoll3['option2']))); + $potw->add('OPTION3', stripslashes(htmlentities($getpoll3['option3']))); + $potw->add('OPTION4', stripslashes(htmlentities($getpoll3['option4']))); $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; $getip2 = mysql_query($getip); -- cgit 1.4.1