diff --git a/php/views/header.html.php b/php/views/header.html.php index ac64eff..9ca2c4d 100644 --- a/php/views/header.html.php +++ b/php/views/header.html.php @@ -32,7 +32,7 @@ $user = $container->login->getUser(); echo '

Logged in as '; - echo $user->getUsername(); + echo htmlspecialchars($user->getUsername()); echo ' (logout)'; echo '

'; } diff --git a/php/views/home.html.php b/php/views/home.html.php index c236902..ad6f234 100644 --- a/php/views/home.html.php +++ b/php/views/home.html.php @@ -24,8 +24,8 @@ foreach($values['resultQuestions'] as $res) { echo ''; echo '' . $res['round_num'] . ''; - echo '' . $res['channel'] . ''; - echo '' . $res['question'] . ''; + echo '' . htmlspecialchars($res['channel']) . ''; + echo '' . htmlspecialchars($res['question']) . ''; echo '' . $res['line_num'] . ''; echo ''; } @@ -54,7 +54,7 @@ foreach($values['resultActivities'] as $res) { echo ''; echo '' . date('Y/m/d h:i:s A',$res['timestamp']) . ''; - echo '' . $res['activity'] . ''; + echo '' . htmlspecialchars($res['activity']) . ''; echo ''; } ?> diff --git a/php/views/profile.html.php b/php/views/profile.html.php index 1919c80..3b02bfb 100644 --- a/php/views/profile.html.php +++ b/php/views/profile.html.php @@ -3,7 +3,7 @@ $userProfile = $values['userProfile']; ?>
-

+

Profile and stats.

diff --git a/php/views/reports.html.php b/php/views/reports.html.php index cf5945a..9036df5 100644 --- a/php/views/reports.html.php +++ b/php/views/reports.html.php @@ -44,7 +44,7 @@ if($login->isLoggedIn()) { foreach($values['reportResult'] as $res) { echo ''; echo '' . $res['id'] . ''; - echo '' . $res['username'] . ''; + echo '' . htmlspecialchars($res['username']) . ''; echo '' . $res['question_num'] . ''; echo '' . $res['original'] . ''; echo '' . $res['report_text'] . ''; @@ -91,8 +91,8 @@ if($login->isLoggedIn()) { isLoggedIn()) { echo ''; echo '' . $res['id'] . ''; - echo '' . $res['username'] . ''; + echo '' . htmlspecialchars($res['username']) . ''; echo '' . $differenceString . ''; - echo '' . $res['original'] . ''; + echo '' . htmlspecialchars($res['original']) . ''; echo '' . $res['question_id'] . ''; if($isMod) { echo '$res['id'])) . '" class="btn btn-mini"> $res['id'])) . '" class="btn btn-mini">'; @@ -178,8 +178,8 @@ if($login->isLoggedIn()) { foreach($values['newResult'] as $res) { echo ''; echo '' . $res['id'] . ''; - echo '' . $res['username'] . ''; - echo '' . $res['question'] . ''; + echo '' . htmlspecialchars($res['username']) . ''; + echo '' . htmlspecialchars($res['question']) . ''; if($isMod) { echo '$res['id'])) . '" class="btn btn-mini"> $res['id'])) . '" class="btn btn-mini">'; } @@ -223,10 +223,10 @@ if($login->isLoggedIn()) { foreach($values['deleteResult'] as $res) { echo ''; echo '' . $res['id'] . ''; - echo '' . $res['username'] . ''; - echo '' . $res['question'] . ''; + echo '' . htmlspecialchars($res['username']) . ''; + echo '' . htmlspecialchars($res['question']) . ''; echo '' . $res['line_num'] . ''; - echo '' . $res['reason'] . ''; + echo '' . htmlspecialchars($res['reason']) . ''; if($isMod) { echo '$res['id'])) . '" class="btn btn-mini"> $res['id'])) . '" class="btn btn-mini">'; } diff --git a/php/views/stats.html.php b/php/views/stats.html.php index 82eb807..6dbd6b2 100644 --- a/php/views/stats.html.php +++ b/php/views/stats.html.php @@ -24,7 +24,7 @@ foreach($values['dayResult'] as $key=>$res) { echo ''; echo '' . ($key+1) . ''; - echo '$res['username'])) . '">' . $res['username'] . ''; + echo '$res['username'])) . '">' . htmlspecialchars($res['username']) . ''; echo '' . number_format($res['points'],0) . ''; echo ''; } @@ -54,7 +54,7 @@ foreach($values['weekResult'] as $key=>$res) { echo ''; echo '' . ($key+1) . ''; - echo '$res['username'])) . '">' . $res['username'] . ''; + echo '$res['username'])) . '">' . htmlspecialchars($res['username']) . ''; echo '' . number_format($res['points'],0) . ''; echo ''; } @@ -85,7 +85,7 @@ foreach($values['monthResult'] as $key=>$res) { echo ''; echo '' . ($key+1) . ''; - echo '$res['username'])) . '">' . $res['username'] . ''; + echo '$res['username'])) . '">' . htmlspecialchars($res['username']) . ''; echo '' . number_format($res['points'],0) . ''; echo ''; } @@ -114,7 +114,7 @@ foreach($values['yearResult'] as $key=>$res) { echo ''; echo '' . ($key+1) . ''; - echo '$res['username'])) . '">' . $res['username'] . ''; + echo '$res['username'])) . '">' . htmlspecialchars($res['username']) . ''; echo '' . number_format($res['points'],0) . ''; echo ''; } diff --git a/php/views/top.html.php b/php/views/top.html.php index d60768f..50ed1f1 100644 --- a/php/views/top.html.php +++ b/php/views/top.html.php @@ -34,7 +34,7 @@ foreach($values['result'] as $res) { echo ''; echo '' . $currentRank . ''; - echo '$res['username'])) . '">' . $res['username'] . ''; + echo '$res['username'])) . '">' . htmlspecialchars($res['username']) . ''; echo '' . number_format($res['points'],0) . ''; echo ''; $currentRank++; diff --git a/php/views/user.html.php b/php/views/user.html.php index 18101cf..6e1ac7d 100644 --- a/php/views/user.html.php +++ b/php/views/user.html.php @@ -41,7 +41,7 @@ '; - echo '$res['username'])) . '">' . $res['username'] . ''; + echo '$res['username'])) . '">' . htmlspecialchars($res['username']) . ''; echo '' . number_format($res['points'],0) . ''; echo '' . number_format($res['total'],0) . ''; echo '';