/blog/edit-post.php |
---|
59,15 → 59,15 |
<table> |
<tr> |
<td class="bold">Title: </td> |
<td><input type="text" name="title" value="<?php echo $post->title; ?>"/></td> |
<td><input type="text" name="title" value="<?php echo htmlentities($post->title, ENT_QUOTES); ?>"/></td> |
</tr> |
<tr> |
<td class="bold">Content: </td> |
<td><textarea name="content"><?php echo $post->content; ?></textarea></td> |
<td><textarea name="content"><?php echo htmlentities($post->content, ENT_QUOTES); ?></textarea></td> |
</tr> |
<tr> |
<td class="bold">Catagory: </td> |
<td><input type="text" name="category" value="<?php echo $post->category; ?>" /></td> |
<td><input type="text" name="category" value="<?php echo htmlentities($post->category, ENT_QUOTES); ?>" /></td> |
</tr> |
<?php |
/blog/index.php |
---|
21,7 → 21,7 |
if (isset($_GET['cat'])) { |
$query = $query . " AND Category = ?"; |
array_push($args, $_GET['cat']); |
write('<p>Only showing blog posts from the ' . $_GET['cat'] . ' category. <a href="index.php">Reset Filtering</a></p><br />'); |
write('<p>Only showing blog posts from the ' . htmlentities($_GET['cat'], ENT_QUOTES) . ' category. <a href="index.php">Reset Filtering</a></p><br />'); |
} |
if (!$page->isUserGM($page->getLoggedInUser())) { |
35,8 → 35,8 |
$ids2 = $page->findIDs('BlogPosts', 'WHERE ParentID="' . $id . '"'); |
write('<a href="post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>'); |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>'); |
write('<a href="post.php?id=' . $id . '"><h3>' . htmlentities($post->title, ENT_QUOTES). '</h3></a>'); |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . htmlentities($post->user->name, ENT_QUOTES) . ' (' . htmlentities($post->user->username, ENT_QUOTES) . ')</h5>'); |
write('<p>' . $page->replaceBBCode($post->content) . '</p>'); |
write('<h5 style="color: #666666;"><a href="post.php?id=' . $id . '">' . count($ids2) . ' Comments</a></h5>'); |
write('<br />'); |
/blog/post.php |
---|
9,7 → 9,7 |
$page->redirect('index.php'); |
} |
$page->title = 'Blog Post · ' . $page->getBlogPost($page->getGetID())->title; |
$page->title = 'Blog Post · ' . htmlentities($page->getBlogPost($page->getGetID())->title, ENT_QUOTES); |
$page->drawHeader(); |
$page->drawBlogCategoriesMenu(); |
/blog/rss.php |
---|
20,7 → 20,7 |
$post = $page->getBlogPost($id); |
write('<item>'); |
write('<title>' . $post->title . '</title>'); |
write('<title>' . htmlentities($post->title, ENT_QUOTES) . '</title>'); |
write('<link>http://tim32.org/blog/post.php?id=' . $id . '</link>'); |
write('<guid>' . $id . '</guid>'); |
write('<pubDate>' . date('D, d M Y H:i:s O', $post->datePosted). '</pubDate>'); |