From 9dfba1e70866fb2bb551678f6e04b8ddfd5467e1 Mon Sep 17 00:00:00 2001
From: Starla Insigna <hatkirby@fourisland.com>
Date: Fri, 2 Oct 2009 19:04:20 -0400
Subject: Fixed HTML Entites problem

When the poll escaping problem was fixed, a whole ton of other similar bugs were found which were also fixed here.

Fixes #115
---
 pages/poll.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'pages/poll.php')

diff --git a/pages/poll.php b/pages/poll.php
index 6a87207..a9ab19f 100755
--- a/pages/poll.php
+++ b/pages/poll.php
@@ -53,7 +53,7 @@ if (!isset($_GET['id']))
 			$question .= '....';
 		}
 		$template->adds_block('POLL', array(	'ID' => $getpolls3[$i]['id'],
-							'QUESTION' => $question,
+							'QUESTION' => htmlentities($question),
 							'WEEK' => date('F jS Y', strtotime($getpolls3[$i]['week'])),
 							'EVEN' => (($i % 2 == 1) ? ' class="even"' : '')));
 		$i++;
@@ -90,7 +90,7 @@ if (!isset($_GET['id']))
 
 	if ($getpoll3['id'] == $_GET['id'])
 	{
-		$template->add('QUESTION', $getpoll3['question']);
+		$template->add('QUESTION', htmlentities($getpoll3['question']));
 
 		if ($getpoll3['text'] != '')
 		{
-- 
cgit 1.4.1