X-Git-Url: https://disinclined.org/git/?a=blobdiff_plain;f=index.php;h=485b0636a59ee2653844391c2ebac0df3e0f87da;hb=f4311d6999688a97e69368017d511cd13e4b7c1f;hp=e58f7372827636c539df32504df2a1c2b96925a0;hpb=2cf7880d4afdde09707d4fc62e82597d6bfea7a0;p=dylansserver.git

diff --git a/index.php b/index.php
index e58f737..485b063 100644
--- a/index.php
+++ b/index.php
@@ -13,10 +13,10 @@ abstract class cms {
   public function __construct() {
     $config = parse_ini_file($this->config_file, true);
     $this->db = new mysqli(
-      $config[database]['domain'],
-      $config[database]['user'],
-      $config[database]['password'],
-      $config[database]['database']);
+      $config['database']['domain'],
+      $config['database']['user'],
+      $config['database']['password'],
+      $config['database']['database']);
     if (mysqli_connect_errno()) {
       echo "Problem connecting to database: ";
       echo mysqli_connect_error();
@@ -435,8 +435,8 @@ class note extends cms {
       // and a default author needs to be set
       // for no-javascript users.
       $stmt->bind_param('sss',
-                          htmlspecialchars($_POST['name']),
-                          htmlspecialchars($_POST['text']),
+                          $_POST['name'],
+                          $_POST['text'],
                         $this->id);
       $stmt->execute();
     }
@@ -491,7 +491,7 @@ END_OF_NAVIGATION;
       $date_posted = $entry['date_posted'];
       $author = $entry['author'];
       $text = htmlspecialchars($entry['text']);
-      $head = "<h3>$author</h3>";
+      $head = "<h3>" . htmlspecialchars($author) . "</h3>";
       echo <<<END_OF_COMMENT
       <div class='comment'>
       $head