diff options
-rw-r--r-- | motion.php | 16 | ||||
-rw-r--r-- | motions.php | 4 |
2 files changed, 7 insertions, 13 deletions
@@ -16,12 +16,6 @@ } $db->getStatement("stats")->execute(); $stats = $db->getStatement("stats")->fetch(); - function htmlesc($string) { - $string = preg_replace('/&/',"&",$string); - $string = preg_replace('/</',"<",$string); - $string = preg_replace('/>/',">",$string); - echo $string; - } ?> <html> <head> @@ -179,11 +173,11 @@ BODY; } ?> <table> - <tr><td>ID:</td><td><?php htmlesc($motion['tag']); ?></td></tr> - <tr><td>Proponent:</td><td><?php htmlesc($motion['proposer']); ?><input type="hidden" name="proponent" value="<?php htmlesc($user['id']); ?>"></td></tr> - <tr><td>Proposed:</td><td><?php htmlesc($motion['proposed']); ?> UTC</td></tr> - <tr><td>Title:</td><td><input name="title" value="<?php htmlesc($motion['title'])?>"></td></tr> - <tr><td>Text:</td><td><textarea name="content"><?php htmlesc($motion['content'])?></textarea></td></tr> + <tr><td>ID:</td><td><?php echo htmlentities($motion['tag']); ?></td></tr> + <tr><td>Proponent:</td><td><?php echo htmlentities($motion['proposer']); ?><input type="hidden" name="proponent" value="<?php echo htmlentities($user['id']); ?>"></td></tr> + <tr><td>Proposed:</td><td><?php echo htmlentities($motion['proposed']); ?> UTC</td></tr> + <tr><td>Title:</td><td><input name="title" value="<?php echo htmlentities($motion['title'])?>"></td></tr> + <tr><td>Text:</td><td><textarea name="content"><?php echo htmlspecialchars($motion['content'])?></textarea></td></tr> <tr><td>Quorum:</td><td><select name="quorum"> <option value="<?php echo(ceil($stats["voters"])); ?>" <?php if($motion['quorum'] == $stats["voters"]) { echo(" selected=\"selected\""); } ?>>100% Votes (<?php echo($stats["voters"]); ?>)</option> <option value="<?php echo(ceil($stats["voters"] / 2)); ?>" <?php if($motion['quorum'] == ceil($stats["voters"] / 2)) { echo(" selected=\"selected\""); } ?>>50% Votes (<?php echo(ceil($stats["voters"] / 2)); ?>)</option> diff --git a/motions.php b/motions.php index a4df212..fe91f39 100644 --- a/motions.php +++ b/motions.php @@ -40,8 +40,8 @@ </td> <td> <i><a href="motions.php?id=<?php echo $row['tag'].'">'.$row['tag']; ?></a></i><br/> - <b><?php echo $row['title']; ?></b><br/> - <pre><?php echo $row['content']; ?></pre> + <b><?php echo htmlentities($row['title']); ?></b><br/> + <pre><?php echo htmlspecialchars($row['content']); ?></pre> <br/> <i>Due: <?php echo($row['due']); ?> UTC</i><br/> <i>Proposed: <?php echo($row['proposer']); ?> (<?php echo($row['proposed']); ?> UTC)</i><br/> |