disinclined.org / git / dylansserver.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed double comment sanitation.
[dylansserver.git] / index.php
diff --git a/index.php b/index.php
index 656585c..485b063 100644 (file)
--- a/index.php
+++ b/index.php
@@ -13,10 +13,10 @@ abstract class cms {
   public function __construct() {
     $config = parse_ini_file($this->config_file, true);
     $this->db = new mysqli(
-      $config[database]['domain'],
-      $config[database]['user'],
-      $config[database]['password'],
-      $config[database]['database']);
+      $config['database']['domain'],
+      $config['database']['user'],
+      $config['database']['password'],
+      $config['database']['database']);
     if (mysqli_connect_errno()) {
       echo "Problem connecting to database: ";
       echo mysqli_connect_error();
@@ -243,8 +243,8 @@ class page extends cms {
     $this->scripts = "
         <script type='text/javascript' src='/includes/syntax/scripts/shCore.js'></script>
         <script type='text/javascript' src='/includes/syntax/scripts/shAutoloader.js'></script>
-        <link type='text/css' rel='stylesheet' href='/includes/syntax/styles/shCore.css' />
-        <link type='text/css' rel='stylesheet' href='/includes/syntax/styles/shThemeDefault.css' />
+        <link type='text/css' rel='stylesheet' href='/includes/syntax/styles/shCore.css'>
+        <link type='text/css' rel='stylesheet' href='/includes/syntax/styles/shThemeDefault.css'>
         <script type='text/javascript'>
           function highlight() {
             SyntaxHighlighter.autoloader(
@@ -346,8 +346,8 @@ class note extends cms {
       $this->scripts = "
         <script type='text/javascript' src='/includes/syntax/scripts/shCore.js'></script>
         <script type='text/javascript' src='/includes/syntax/scripts/shAutoloader.js'></script>
-        <link type='text/css' rel='stylesheet' href='/includes/syntax/styles/shCore.css' />
-        <link type='text/css' rel='stylesheet' href='/includes/syntax/styles/shThemeDefault.css' />
+        <link type='text/css' rel='stylesheet' href='/includes/syntax/styles/shCore.css'>
+        <link type='text/css' rel='stylesheet' href='/includes/syntax/styles/shThemeDefault.css'>
         <script type='text/javascript'>
           function highlight() {
             SyntaxHighlighter.autoloader(
@@ -435,8 +435,8 @@ class note extends cms {
       // and a default author needs to be set
       // for no-javascript users.
       $stmt->bind_param('sss',
-                          htmlspecialchars($_POST['name']),
-                          htmlspecialchars($_POST['text']),
+                          $_POST['name'],
+                          $_POST['text'],
                         $this->id);
       $stmt->execute();
     }
@@ -491,7 +491,7 @@ END_OF_NAVIGATION;
       $date_posted = $entry['date_posted'];
       $author = $entry['author'];
       $text = htmlspecialchars($entry['text']);
-      $head = "<h3>$author</h3>";
+      $head = "<h3>" . htmlspecialchars($author) . "</h3>";
       echo <<<END_OF_COMMENT
       <div class='comment'>
       $head
my (old) website