/admin/account.php |
---|
32,10 → 32,10 |
write('<tr><td class="bold">AccessID: </td><td>' . $user->accessID . '</td></tr>'); |
} |
?> |
<tr><td class="bold">Username: </td><td><?php echo $user->username; ?></td></tr> |
<tr><td class="bold">Username: </td><td><?php echo htmlentities($user->username, ENT_QUOTES); ?></td></tr> |
<tr><td class="bold">Password: </td><td><input type="password" name="password" /></td></tr> |
<tr><td class="bold">Email Address: </td><td><input type="text" name="email" value="<?php echo $user->emailAddress; ?>" /></td></tr> |
<tr><td class="bold">Name: </td><td><input type="text" name="name" value="<?php echo $user->name; ?>" /></td></tr> |
<tr><td class="bold">Email Address: </td><td><input type="text" name="email" value="<?php echo htmlentities($user->emailAddress, ENT_QUOTES); ?>" /></td></tr> |
<tr><td class="bold">Name: </td><td><input type="text" name="name" value="<?php echo htmlentities($user->name, ENT_QUOTES); ?>" /></td></tr> |
<tr><td></td><td><input type="submit" value="Update Account" /></td></tr> |
</table> |
</form> |
/admin/all-accounts.php |
---|
30,10 → 30,10 |
write('<tr>'); |
write('<td><a href="account.php?id=' . $user->ID . '">' . $user->ID . '</a></td>'); |
write('<td>' . $user->accessID . '</td>'); |
write('<td>' . $user->username . '</td>'); |
write('<td>' . htmlentities($user->username, ENT_QUOTES) . '</td>'); |
write('<td>' . $user->password . '</td>'); |
write('<td>' . $user->name . '</td>'); |
write('<td>' . $user->emailAddress . '</td>'); |
write('<td>' . htmlentities($user->name, ENT_QUOTES) . '</td>'); |
write('<td>' . htmlentities($user->emailAddress, ENT_QUOTES) . '</td>'); |
write('<td>' . $user->challengeID . '</td>'); |
write('</tr>'); |
} |
/admin/all-blog-posts.php |
---|
39,13 → 39,13 |
} |
else |
{ |
write('<td>' . $post->parent->title . '</td>'); |
write('<td>' . htmlentities($post->parent->title, ENT_QUOTES) . '</td>'); |
} |
write('<td><a href="account.php?id=' . $post->author->ID . '">' . $post->author->name . '</a></td>'); |
write('<td><a href="account.php?id=' . $post->author->ID . '">' . htmlentities($post->author->name, ENT_QUOTES) . '</a></td>'); |
write('<td>' . $post->title . '</td>'); |
write('<td>' . str_replace("\n", '<br />', $post->content) . '</td>'); |
write('<td>' . str_replace("\n", '<br />', htmlentities($post->content, ENT_QUOTES)) . '</td>'); |
write('<td>' . date('j/m/Y H:i', $post->datePosted) . ' <a href="nowify.php?id=' . $post->ID . '">Nowify</a></td>'); |
write('<td>' . $post->category . '</td>'); |
write('<td>' . htmlentities($post->category, ENT_QUOTES) . '</td>'); |
write('<td>' . $post->spam . '</td>'); |
write('</tr>'); |
} |
/admin/all-forum-categories.php |
---|
32,10 → 32,10 |
} |
else |
{ |
write('<td>' . $cat->parent->title . '</td>'); |
write('<td>' . htmlentities($cat->parent->title, ENT_QUOTES) . '</td>'); |
} |
write('<td>' . $cat->title . '</td>'); |
write('<td>' . $cat->description . '</td>'); |
write('<td>' . htmlentities($cat->title, ENT_QUOTES) . '</td>'); |
write('<td>' . htmlentities($cat->description, ENT_QUOTES) . '</td>'); |
write('</tr>'); |
} |
/admin/all-forum-posts.php |
---|
30,7 → 30,7 |
$post = $page->getForumPost($ids[$i]); |
write('<tr>'); |
write('<td><a href="../forums/post.php?id=' . $post->ID . '">' . $post->ID . '</a></td>'); |
write('<td><a href="account.php?id=' . $post->author->ID . '">' . $post->author->name . '</a></td>'); |
write('<td><a href="account.php?id=' . $post->author->ID . '">' . htmlentities($post->author->name, ENT_QUOTES) . '</a></td>'); |
if (!$post->category) |
{ |
write('<td style="color: #444444;">No Category</td>'); |
37,7 → 37,7 |
} |
else |
{ |
write('<td>' . $post->category->title . '</td>'); |
write('<td>' . htmlentities($post->category->title, ENT_QUOTES) . '</td>'); |
} |
if (!$post->parent) |
{ |
45,10 → 45,10 |
} |
else |
{ |
write('<td>' . $post->parent->title . '</td>'); |
write('<td>' . htmlentities($post->parent->title, ENT_QUOTES) . '</td>'); |
} |
write('<td>' . $post->title . '</td>'); |
write('<td>' . str_replace("\n", ' ', $post->content) . '</td>'); |
write('<td>' . htmlentities($post->title, ENT_QUOTES) . '</td>'); |
write('<td>' . str_replace("\n", ' ', htmlentities($post->content, ENT_QUOTES)) . '</td>'); |
write('<td>' . date('j/m/Y H:i', $post->datePosted) . '</td>'); |
write('<td>' . $post->spam . '</td>'); |
write('</tr>'); |
/admin/all-projects.php |
---|
31,13 → 31,13 |
$project = $page->getProject($ids[$i]); |
write('<tr>'); |
write('<td><a href="../projects/edit-project.php?id=' . $project->ID . '">' . $project->ID . '</a></td>'); |
write('<td><a href="account.php?id=' . $project->author->ID . '">' . $project->author->name . '</a></td>'); |
write('<td>' . $project->title . '</td>'); |
write('<td>' . str_replace("\n", '<br />', $project->description) . '</td>'); |
write('<td><img src="' . $project->logoURL . '" /></td>'); |
write('<td><a href="' . $project->downloadURL . '">Link</a></td>'); |
write('<td><a href="' . $project->websiteURL . '">Link</a></td>'); |
write('<td>' . $project->latestVersion . '</td>'); |
write('<td><a href="account.php?id=' . $project->author->ID . '">' . htmlentities($project->author->name, ENT_QUOTES) . '</a></td>'); |
write('<td>' . htmlentities($project->title, ENT_QUOTES) . '</td>'); |
write('<td>' . str_replace("\n", '<br />', htmlentities($project->description, ENT_QUOTES)) . '</td>'); |
write('<td><img src="' . htmlentities($project->logoURL, ENT_QUOTES) . '" /></td>'); |
write('<td><a href="' . htmlentities($project->downloadURL, ENT_QUOTES) . '">Link</a></td>'); |
write('<td><a href="' . htmlentities($project->websiteURL, ENT_QUOTES) . '">Link</a></td>'); |
write('<td>' . htmlentities($project->latestVersion, ENT_QUOTES) . '</td>'); |
write('<td>' . date('j/m/Y H:i', $project->lastUpdate) . '</td>'); |
write('</tr>'); |
} |
/admin/nowify.php |
---|
40,7 → 40,7 |
?> |
<form action="nowify.php" method="post"> |
Press Sumbit if you wish to nowify post <?php echo $post->title; ?>.<br /><br /> |
Press Sumbit if you wish to nowify post <?php echo htmlentities($post->title, ENT_QUOTES); ?>.<br /><br /> |
<?php |
write('<input type="hidden" name="id" value="' . $id . '" />'); |