From 9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 Mon Sep 17 00:00:00 2001
From: Starla Insigna <hatkirby@fourisland.com>
Date: Fri, 2 Oct 2009 19:04:20 -0400
Subject: Fixed HTML Entites problem

When the poll escaping problem was fixed, a whole ton of other similar bugs were found which were also fixed here.

Fixes #115
---
 pages/blog.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'pages/blog.php')

diff --git a/pages/blog.php b/pages/blog.php
index c9781ee..550b027 100755
--- a/pages/blog.php
+++ b/pages/blog.php
@@ -43,7 +43,7 @@ if (isset($_GET['post']))
 	{
 		updatePop($getpost3['id'],'views');
 
-		$title = stripslashes($getpost3['title']) . ' - Blog Archive';
+		$title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive';
 
 		$getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1";
 		$getback2 = mysql_query($getback);
@@ -51,7 +51,7 @@ if (isset($_GET['post']))
 		if (isset($getback3['title']))
 		{
 			$template->adds_block('BACK', array(	'CODED' => $getback3['slug'],
-								'TITLE' => $getback3['title']));
+								'TITLE' => htmlentities($getback3['title'])));
 		}
 
 		$getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1";
@@ -60,7 +60,7 @@ if (isset($_GET['post']))
 		if (isset($getnext3['title']))
 		{
 			$template->adds_block('NEXT', array(	'CODED' => $getnext3['slug'],
-								'TITLE' => $getnext3['title']));
+								'TITLE' => htmlentities($getnext3['title'])));
 		}
 
 		$template->add_ref(0, 'POST', array(	'ID' => $getpost3['id'],
@@ -69,7 +69,7 @@ if (isset($_GET['post']))
 							'MONTH' => date('M',strtotime($getpost3['pubDate'])),
 							'DAY' => date('d',strtotime($getpost3['pubDate'])),
 							'CODED' => $getpost3['slug'],
-							'TITLE' => $getpost3['title'],
+							'TITLE' => htmlentities($getpost3['title']),
 							'AUTHOR' => $getpost3['author'],
 							'RATING' => $getpost3['rating'],
 							'TEXT' => parseText($getpost3['text'])));
@@ -189,7 +189,7 @@ if (isset($_GET['post']))
 
 		$template->adds_ref_sub($curID, 'SMALL',array(	'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])),
 								'CODED' => $getposts3[$i]['slug'],
-								'TITLE' => $getposts3[$i]['title']));
+								'TITLE' => htmlentities($getposts3[$i]['title'])));
 		$i++;
 	}
 	if ($i==0)
-- 
cgit 1.4.1