Index: trunk/wb/admin/pages/settings.php
===================================================================
--- trunk/wb/admin/pages/settings.php (revision 395)
+++ trunk/wb/admin/pages/settings.php (revision 396)
@@ -74,8 +74,8 @@
$template->set_block('page', 'main_block', 'main');
$template->set_var(array(
'PAGE_ID' => $results_array['page_id'],
- 'PAGE_TITLE' => ($results_array['page_title']),
- 'MENU_TITLE' => ($results_array['menu_title']),
+ 'PAGE_TITLE' => (htmlentities($results_array['page_title'])),
+ 'MENU_TITLE' => (htmlentities($results_array['menu_title'])),
'DESCRIPTION' => ($results_array['description']),
'KEYWORDS' => ($results_array['keywords']),
'MODIFIED_BY' => $user['display_name'],
@@ -247,7 +247,7 @@
for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; }
$template->set_var(array(
'ID' => $page['page_id'],
- 'TITLE' => ($title_prefix.$page['page_title'])
+ 'TITLE' => ($title_prefix.htmlentities($page['page_title']))
)
);
if($results_array['parent'] == $page['page_id']) {
Index: trunk/wb/admin/pages/index.php
===================================================================
--- trunk/wb/admin/pages/index.php (revision 395)
+++ trunk/wb/admin/pages/index.php (revision 396)
@@ -164,15 +164,15 @@
get_permission('pages_modify') == true AND $can_modify == true) { ?>
|
-
+
|
-
+
|
-
+
|
@@ -460,7 +460,7 @@
for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; }
$template->set_var(array(
'ID' => $page['page_id'],
- 'TITLE' => ($title_prefix.$page['page_title'])
+ 'TITLE' => ($title_prefix.htmlentities($page['page_title']))
)
);
if($can_modify == true) {
Index: trunk/wb/admin/pages/trash.php
===================================================================
--- trunk/wb/admin/pages/trash.php (revision 395)
+++ trunk/wb/admin/pages/trash.php (revision 396)
@@ -141,21 +141,21 @@
|
get_permission('pages_modify') == true AND $can_modify == true AND $page['visibility'] != 'heading') { ?>
-
+
|
'.($page['page_title']).'';
+ echo ''.(htmlentities($page['page_title'])).'';
}
?>
|
-
+
|
Index: trunk/wb/admin/pages/settings2.php
===================================================================
--- trunk/wb/admin/pages/settings2.php (revision 395)
+++ trunk/wb/admin/pages/settings2.php (revision 396)
@@ -40,8 +40,8 @@
require_once(WB_PATH.'/framework/functions.php');
// Get values
-$page_title = $admin->add_slashes($admin->get_post('page_title'));
-$menu_title = $admin->add_slashes($admin->get_post('menu_title'));
+$page_title = $admin->add_slashes($admin->get_post_escaped('page_title'));
+$menu_title = $admin->add_slashes($admin->get_post_escaped('menu_title'));
$description = $admin->add_slashes($admin->get_post('description'));
$keywords = $admin->add_slashes($admin->get_post('keywords'));
$parent = $admin->get_post('parent');
Index: trunk/wb/admin/pages/sections.php
===================================================================
--- trunk/wb/admin/pages/sections.php (revision 395)
+++ trunk/wb/admin/pages/sections.php (revision 396)
@@ -136,7 +136,7 @@
|
:
-
+
-
-
Index: trunk/wb/admin/pages/modify.php
===================================================================
--- trunk/wb/admin/pages/modify.php (revision 395)
+++ trunk/wb/admin/pages/modify.php (revision 396)
@@ -60,7 +60,7 @@
$template->set_block('page', 'main_block', 'main');
$template->set_var(array(
'PAGE_ID' => $results_array['page_id'],
- 'PAGE_TITLE' => ($results_array['page_title']),
+ 'PAGE_TITLE' => (htmlentities($results_array['page_title'])),
'MODIFIED_BY' => $user['display_name'],
'MODIFIED_BY_USERNAME' => $user['username'],
'MODIFIED_WHEN' => $modified_ts,
Index: trunk/wb/admin/pages/add.php
===================================================================
--- trunk/wb/admin/pages/add.php (revision 395)
+++ trunk/wb/admin/pages/add.php (revision 396)
@@ -32,7 +32,7 @@
require_once(WB_PATH.'/framework/functions.php');
// Get values
-$title = $admin->add_slashes($admin->get_post('title'));
+$title = $admin->add_slashes($admin->get_post_escaped('title'));
$module = $admin->get_post('type');
$parent = $admin->get_post('parent');
$visibility = $admin->get_post('visibility');
Index: trunk/wb/framework/class.frontend.php
===================================================================
--- trunk/wb/framework/class.frontend.php (revision 395)
+++ trunk/wb/framework/class.frontend.php (revision 396)
@@ -139,10 +139,10 @@
// Page ID
define('PAGE_ID', $this->page['page_id']);
// Page Title
- define('PAGE_TITLE', ($this->page['page_title']));
+ define('PAGE_TITLE', htmlentities(($this->page['page_title'])));
$this->page_title=PAGE_TITLE;
// Menu Title
- $menu_title = ($this->page['menu_title']);
+ $menu_title = htmlentities($this->page['menu_title']);
if($menu_title != '') {
define('MENU_TITLE', $menu_title);
} else {
@@ -353,7 +353,7 @@
$link = $this->page_link($page['link']);
}
// Create values
- $values = array($class,'', '', ($page['menu_title']), ($page['page_title']));
+ $values = array($class,'', '', htmlentities($page['menu_title']), htmlentities($page['page_title']));
// Replace vars with value and print
echo "\n".str_replace($vars, $values, $this->menu_item_template);
// Generate sub-menu
Index: trunk/wb/framework/frontend.functions.php
===================================================================
--- trunk/wb/framework/frontend.functions.php (revision 395)
+++ trunk/wb/framework/frontend.functions.php (revision 396)
@@ -197,9 +197,9 @@
$query_menu=$database->query("SELECT menu_title,link FROM ".TABLE_PREFIX."pages WHERE page_id=$temp");
$page=$query_menu->fetchRow();
if ($links==true AND $temp!=$page_id)
- echo ''.$page['menu_title'].'';
+ echo ''.htmlentities($page['menu_title']).'';
else
- echo $page['menu_title'];
+ echo htmlentities($page['menu_title']);
}
$counter++;
}
|