From 9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 Mon Sep 17 00:00:00 2001 From: Starla Insigna Date: Fri, 2 Oct 2009 19:04:20 -0400 Subject: Fixed HTML Entites problem When the poll escaping problem was fixed, a whole ton of other similar bugs were found which were also fixed here. Fixes #115 --- includes/footer.php | 8 ++++---- includes/functions.php | 12 ++++++------ includes/header.php | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) (limited to 'includes') diff --git a/includes/footer.php b/includes/footer.php index 19cc341..d1f9668 100755 --- a/includes/footer.php +++ b/includes/footer.php @@ -1,4 +1,4 @@ - 'blog', 'CODED' => $getpost3['slug'], 'ENDING' => '/', - 'TITLE' => stripslashes($getpost3['title']), + 'TITLE' => stripslashes(htmlentities($getpost3['title'])), 'AUTHOR' => (($website != '') ? '' . $username . '' : $username))); $i++; } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) @@ -89,7 +89,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) 'AREA' => 'poll', 'CODED' => $getpotw3['id'], 'ENDING' => '.php', - 'TITLE' => 'Poll "' . $getpotw3['question'] . '"', + 'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"', 'AUTHOR' => (($website != '') ? '' . $username . '' : $username))); $i++; } @@ -169,7 +169,7 @@ $i=0; while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) { $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], - 'TITLE' => stripslashes($getpopular3[$i]['title']))); + 'TITLE' => stripslashes(htmlentities($getpopular3[$i]['title'])))); $i++; } diff --git a/includes/functions.php b/includes/functions.php index ce7a03e..1ff5c41 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -276,7 +276,7 @@ function displayRelated($title, $avoid = 0) $template = new FITemplate('related'); } - $template->adds_block('POST', array( 'TITLE' => $getrelated3[$i]['title'], + $template->adds_block('POST', array( 'TITLE' => htmlentities($getrelated3[$i]['title']), 'CODED' => $getrelated3[$i]['slug'], 'AUTHOR' => $getrelated3[$i]['author'], 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate'])))); @@ -326,11 +326,11 @@ function getPollOfTheWeek($id = -1) $getpoll2 = mysql_query($getpoll); $getpoll3 = mysql_fetch_array($getpoll2); - $potw->add('QUESTION', $getpoll3['question']); - $potw->add('OPTION1', $getpoll3['option1']); - $potw->add('OPTION2', $getpoll3['option2']); - $potw->add('OPTION3', $getpoll3['option3']); - $potw->add('OPTION4', $getpoll3['option4']); + $potw->add('QUESTION', stripslashes(htmlentities($getpoll3['question']))); + $potw->add('OPTION1', stripslashes(htmlentities($getpoll3['option1']))); + $potw->add('OPTION2', stripslashes(htmlentities($getpoll3['option2']))); + $potw->add('OPTION3', stripslashes(htmlentities($getpoll3['option3']))); + $potw->add('OPTION4', stripslashes(htmlentities($getpoll3['option4']))); $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; $getip2 = mysql_query($getip); diff --git a/includes/header.php b/includes/header.php index 3a8edff..003e002 100755 --- a/includes/header.php +++ b/includes/header.php @@ -77,7 +77,7 @@ $i=0; while ($getaffs3 = mysql_fetch_array($getaffs2)) { $headerTemp->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), - 'TITLE' => $getaffs3['title'], + 'TITLE' => htmlentities($getaffs3['title']), 'URL' => $getaffs3['url'])); } @@ -87,7 +87,7 @@ $i=0; while ($getwebps3 = mysql_fetch_array($getwebps2)) { $headerTemp->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), - 'TITLE' => $getwebps3['title'], + 'TITLE' => htmlentities($getwebps3['title']), 'URL' => $getwebps3['url'])); } -- cgit 1.4.1