summary refs log tree commit diff stats
path: root/admin
diff options
context:
space:
mode:
authorStarla Insigna <starla4444@gmail.com>2010-12-11 14:05:05 -0500
committerStarla Insigna <starla4444@gmail.com>2010-12-11 14:05:05 -0500
commit74db7a24d9c2230b104979f4e4981c57ff73de71 (patch)
tree3059bb0a955a662cd9e04208eb6276071cea4c8a /admin
parent9efe4feaf5e19e51a18a229a6db36c5508e9faea (diff)
downloadfourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.gz
fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.bz2
fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.zip
Made Four Island 2 a little more sane
I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were:
- "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables
- Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on!
- Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode.
- Completely eradicated polls.
Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
Diffstat (limited to 'admin')
-rwxr-xr-xadmin/drafts.php2
-rwxr-xr-xadmin/editLink.php4
-rwxr-xr-xadmin/editPost.php4
-rwxr-xr-xadmin/links.php2
-rwxr-xr-xadmin/modquotes.php2
-rwxr-xr-xadmin/newLink.php2
-rwxr-xr-xadmin/newPost.php2
-rwxr-xr-xadmin/pending.php2
-rwxr-xr-xadmin/posts.php2
-rwxr-xr-xadmin/welcome.php5
10 files changed, 11 insertions, 16 deletions
diff --git a/admin/drafts.php b/admin/drafts.php index 5f7be1a..bb95b87 100755 --- a/admin/drafts.php +++ b/admin/drafts.php
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post)
82{ 82{
83 if (!empty($post)) 83 if (!empty($post))
84 { 84 {
85 $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), 85 $template->adds_block('POST', array( 'TITLE' => htmlspecialchars($post['title']),
86 'AUTHOR' => $post['author'], 86 'AUTHOR' => $post['author'],
87 'ID' => $post['id'], 87 'ID' => $post['id'],
88 'CODED' => $post['slug'], 88 'CODED' => $post['slug'],
diff --git a/admin/editLink.php b/admin/editLink.php index f3ba9cc..2bc86ab 100755 --- a/admin/editLink.php +++ b/admin/editLink.php
@@ -74,10 +74,10 @@ if (isset($_GET['submit']))
74 $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.')); 74 $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.'));
75 } 75 }
76 76
77 $template->add('TITLEVALUE', htmlentities($_POST['title'])); 77 $template->add('TITLEVALUE', htmlspecialchars($_POST['title']));
78 $template->add('URLVALUE', $_POST['url']); 78 $template->add('URLVALUE', $_POST['url']);
79} else { 79} else {
80 $template->add('TITLEVALUE', htmlentities($getlink3['title'])); 80 $template->add('TITLEVALUE', htmlspecialchars($getlink3['title']));
81 $template->add('URLVALUE', $getlink3['url']); 81 $template->add('URLVALUE', $getlink3['url']);
82} 82}
83 83
diff --git a/admin/editPost.php b/admin/editPost.php index b87f895..6044431 100755 --- a/admin/editPost.php +++ b/admin/editPost.php
@@ -201,13 +201,13 @@ if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id']))
201 $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&amp;id=' . $id . '&amp;submit='); 201 $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&amp;id=' . $id . '&amp;submit=');
202 } 202 }
203 203
204 $template->add('TITLEVALUE', htmlentities($_POST['title'])); 204 $template->add('TITLEVALUE', htmlspecialchars($_POST['title']));
205 $template->add('TEXTVALUE', $_POST['text']); 205 $template->add('TEXTVALUE', $_POST['text']);
206 $template->add('TAGSVALUE', $_POST['tags']); 206 $template->add('TAGSVALUE', $_POST['tags']);
207 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); 207 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
208 if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); 208 if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"');
209 } else { 209 } else {
210 $template->add('TITLEVALUE', htmlentities($getpost3['title'])); 210 $template->add('TITLEVALUE', htmlspecialchars($getpost3['title']));
211 $template->add('TEXTVALUE', $getpost3['text']); 211 $template->add('TEXTVALUE', $getpost3['text']);
212 $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); 212 $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']])));
213 $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); 213 $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"');
diff --git a/admin/links.php b/admin/links.php index fc1c813..da3fe5c 100755 --- a/admin/links.php +++ b/admin/links.php
@@ -97,7 +97,7 @@ foreach ($pager->getPageData() as $link)
97{ 97{
98 if (!empty($link)) 98 if (!empty($link))
99 { 99 {
100 $template->adds_block('LINK', array( 'TITLE' => htmlentities($link['title']), 100 $template->adds_block('LINK', array( 'TITLE' => htmlspecialchars($link['title']),
101 'URL' => $link['url'], 101 'URL' => $link['url'],
102 'ID' => $link['id'], 102 'ID' => $link['id'],
103 'ODD' => ($j % 2 ? '' : ' class="odd"'))); 103 'ODD' => ($j % 2 ? '' : ' class="odd"')));
diff --git a/admin/modquotes.php b/admin/modquotes.php index 8340fd1..9ec6013 100755 --- a/admin/modquotes.php +++ b/admin/modquotes.php
@@ -120,7 +120,7 @@ foreach ($pager->getPageData() as $quote)
120{ 120{
121 if (!empty($quote)) 121 if (!empty($quote))
122 { 122 {
123 $template->adds_block('QUOTE', array( 'TEXT' => str_replace("\n","<br />",htmlentities(stripslashes($quote['quote']))), 123 $template->adds_block('QUOTE', array( 'TEXT' => str_replace("\n","<br />",htmlspecialchars($quote['quote'])),
124 'ID' => $quote['id'], 124 'ID' => $quote['id'],
125 'ODD' => ($j % 2 ? '' : ' class="odd"'))); 125 'ODD' => ($j % 2 ? '' : ' class="odd"')));
126 } 126 }
diff --git a/admin/newLink.php b/admin/newLink.php index 90313bd..abedb81 100755 --- a/admin/newLink.php +++ b/admin/newLink.php
@@ -80,7 +80,7 @@ if (isset($_GET['submit']))
80 $template->add('TYPEDISABLED', ' readonly="readonly"'); 80 $template->add('TYPEDISABLED', ' readonly="readonly"');
81 } 81 }
82 82
83 $template->add('TITLEVALUE', htmlentities($_POST['title'])); 83 $template->add('TITLEVALUE', htmlspecialchars($_POST['title']));
84 $template->add('URLVALUE', $_POST['url']); 84 $template->add('URLVALUE', $_POST['url']);
85 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); 85 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
86} else { 86} else {
diff --git a/admin/newPost.php b/admin/newPost.php index 32e7aa2..60819b9 100755 --- a/admin/newPost.php +++ b/admin/newPost.php
@@ -145,7 +145,7 @@ if (isset($_GET['submit']))
145 if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); 145 if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"');
146 } 146 }
147 147
148 $template->add('TITLEVALUE', htmlentities($_POST['title'])); 148 $template->add('TITLEVALUE', htmlspecialchars($_POST['title']));
149 $template->add('TEXTVALUE', $_POST['text']); 149 $template->add('TEXTVALUE', $_POST['text']);
150 $template->add('TAGSVALUE', $_POST['tags']); 150 $template->add('TAGSVALUE', $_POST['tags']);
151 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); 151 $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
diff --git a/admin/pending.php b/admin/pending.php index 6f1cfaf..39295d6 100755 --- a/admin/pending.php +++ b/admin/pending.php
@@ -148,7 +148,7 @@ foreach ($pager->getPageData() as $post)
148{ 148{
149 if (!empty($post)) 149 if (!empty($post))
150 { 150 {
151 $template->add_ref($j, 'POST', array( 'TITLE' => htmlentities($post['title']), 151 $template->add_ref($j, 'POST', array( 'TITLE' => htmlspecialchars($post['title']),
152 'AUTHOR' => $post['author'], 152 'AUTHOR' => $post['author'],
153 'ID' => $post['id'], 153 'ID' => $post['id'],
154 'CODED' => $post['slug'], 154 'CODED' => $post['slug'],
diff --git a/admin/posts.php b/admin/posts.php index d2e34c5..228a039 100755 --- a/admin/posts.php +++ b/admin/posts.php
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post)
82{ 82{
83 if (!empty($post)) 83 if (!empty($post))
84 { 84 {
85 $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), 85 $template->adds_block('POST', array( 'TITLE' => htmlspecialchars($post['title']),
86 'AUTHOR' => $post['author'], 86 'AUTHOR' => $post['author'],
87 'ID' => $post['id'], 87 'ID' => $post['id'],
88 'CODED' => $post['slug'], 88 'CODED' => $post['slug'],
diff --git a/admin/welcome.php b/admin/welcome.php index 76b42b1..9ca13ce 100755 --- a/admin/welcome.php +++ b/admin/welcome.php
@@ -46,11 +46,6 @@ $cntcomments2 = mysql_query($cntcomments);
46$cntcomments3 = mysql_fetch_array($cntcomments2); 46$cntcomments3 = mysql_fetch_array($cntcomments2);
47$template->add('COMMENTS', $cntcomments3['COUNT(*)']); 47$template->add('COMMENTS', $cntcomments3['COUNT(*)']);
48 48
49$cntpolls = "SELECT COUNT(*) FROM polloftheweek";
50$cntpolls2 = mysql_query($cntpolls);
51$cntpolls3 = mysql_fetch_array($cntpolls2);
52$template->add('POLLS', $cntpolls3['COUNT(*)']);
53
54$cntquotes = "SELECT COUNT(*) FROM rash_quotes"; 49$cntquotes = "SELECT COUNT(*) FROM rash_quotes";
55$cntquotes2 = mysql_query($cntquotes); 50$cntquotes2 = mysql_query($cntquotes);
56$cntquotes3 = mysql_fetch_array($cntquotes2); 51$cntquotes3 = mysql_fetch_array($cntquotes2);