diff options
author | Starla Insigna <starla4444@gmail.com> | 2010-12-11 14:05:05 -0500 |
---|---|---|
committer | Starla Insigna <starla4444@gmail.com> | 2010-12-11 14:05:05 -0500 |
commit | 74db7a24d9c2230b104979f4e4981c57ff73de71 (patch) | |
tree | 3059bb0a955a662cd9e04208eb6276071cea4c8a /admin | |
parent | 9efe4feaf5e19e51a18a229a6db36c5508e9faea (diff) | |
download | fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.gz fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.bz2 fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.zip |
Made Four Island 2 a little more sane
I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were: - "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables - Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on! - Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode. - Completely eradicated polls. Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
Diffstat (limited to 'admin')
-rwxr-xr-x | admin/drafts.php | 2 | ||||
-rwxr-xr-x | admin/editLink.php | 4 | ||||
-rwxr-xr-x | admin/editPost.php | 4 | ||||
-rwxr-xr-x | admin/links.php | 2 | ||||
-rwxr-xr-x | admin/modquotes.php | 2 | ||||
-rwxr-xr-x | admin/newLink.php | 2 | ||||
-rwxr-xr-x | admin/newPost.php | 2 | ||||
-rwxr-xr-x | admin/pending.php | 2 | ||||
-rwxr-xr-x | admin/posts.php | 2 | ||||
-rwxr-xr-x | admin/welcome.php | 5 |
10 files changed, 11 insertions, 16 deletions
diff --git a/admin/drafts.php b/admin/drafts.php index 5f7be1a..bb95b87 100755 --- a/admin/drafts.php +++ b/admin/drafts.php | |||
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) | |||
82 | { | 82 | { |
83 | if (!empty($post)) | 83 | if (!empty($post)) |
84 | { | 84 | { |
85 | $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), | 85 | $template->adds_block('POST', array( 'TITLE' => htmlspecialchars($post['title']), |
86 | 'AUTHOR' => $post['author'], | 86 | 'AUTHOR' => $post['author'], |
87 | 'ID' => $post['id'], | 87 | 'ID' => $post['id'], |
88 | 'CODED' => $post['slug'], | 88 | 'CODED' => $post['slug'], |
diff --git a/admin/editLink.php b/admin/editLink.php index f3ba9cc..2bc86ab 100755 --- a/admin/editLink.php +++ b/admin/editLink.php | |||
@@ -74,10 +74,10 @@ if (isset($_GET['submit'])) | |||
74 | $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.')); | 74 | $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.')); |
75 | } | 75 | } |
76 | 76 | ||
77 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); | 77 | $template->add('TITLEVALUE', htmlspecialchars($_POST['title'])); |
78 | $template->add('URLVALUE', $_POST['url']); | 78 | $template->add('URLVALUE', $_POST['url']); |
79 | } else { | 79 | } else { |
80 | $template->add('TITLEVALUE', htmlentities($getlink3['title'])); | 80 | $template->add('TITLEVALUE', htmlspecialchars($getlink3['title'])); |
81 | $template->add('URLVALUE', $getlink3['url']); | 81 | $template->add('URLVALUE', $getlink3['url']); |
82 | } | 82 | } |
83 | 83 | ||
diff --git a/admin/editPost.php b/admin/editPost.php index b87f895..6044431 100755 --- a/admin/editPost.php +++ b/admin/editPost.php | |||
@@ -201,13 +201,13 @@ if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id'])) | |||
201 | $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit='); | 201 | $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit='); |
202 | } | 202 | } |
203 | 203 | ||
204 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); | 204 | $template->add('TITLEVALUE', htmlspecialchars($_POST['title'])); |
205 | $template->add('TEXTVALUE', $_POST['text']); | 205 | $template->add('TEXTVALUE', $_POST['text']); |
206 | $template->add('TAGSVALUE', $_POST['tags']); | 206 | $template->add('TAGSVALUE', $_POST['tags']); |
207 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); | 207 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); |
208 | if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); | 208 | if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); |
209 | } else { | 209 | } else { |
210 | $template->add('TITLEVALUE', htmlentities($getpost3['title'])); | 210 | $template->add('TITLEVALUE', htmlspecialchars($getpost3['title'])); |
211 | $template->add('TEXTVALUE', $getpost3['text']); | 211 | $template->add('TEXTVALUE', $getpost3['text']); |
212 | $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); | 212 | $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); |
213 | $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); | 213 | $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); |
diff --git a/admin/links.php b/admin/links.php index fc1c813..da3fe5c 100755 --- a/admin/links.php +++ b/admin/links.php | |||
@@ -97,7 +97,7 @@ foreach ($pager->getPageData() as $link) | |||
97 | { | 97 | { |
98 | if (!empty($link)) | 98 | if (!empty($link)) |
99 | { | 99 | { |
100 | $template->adds_block('LINK', array( 'TITLE' => htmlentities($link['title']), | 100 | $template->adds_block('LINK', array( 'TITLE' => htmlspecialchars($link['title']), |
101 | 'URL' => $link['url'], | 101 | 'URL' => $link['url'], |
102 | 'ID' => $link['id'], | 102 | 'ID' => $link['id'], |
103 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); | 103 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); |
diff --git a/admin/modquotes.php b/admin/modquotes.php index 8340fd1..9ec6013 100755 --- a/admin/modquotes.php +++ b/admin/modquotes.php | |||
@@ -120,7 +120,7 @@ foreach ($pager->getPageData() as $quote) | |||
120 | { | 120 | { |
121 | if (!empty($quote)) | 121 | if (!empty($quote)) |
122 | { | 122 | { |
123 | $template->adds_block('QUOTE', array( 'TEXT' => str_replace("\n","<br />",htmlentities(stripslashes($quote['quote']))), | 123 | $template->adds_block('QUOTE', array( 'TEXT' => str_replace("\n","<br />",htmlspecialchars($quote['quote'])), |
124 | 'ID' => $quote['id'], | 124 | 'ID' => $quote['id'], |
125 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); | 125 | 'ODD' => ($j % 2 ? '' : ' class="odd"'))); |
126 | } | 126 | } |
diff --git a/admin/newLink.php b/admin/newLink.php index 90313bd..abedb81 100755 --- a/admin/newLink.php +++ b/admin/newLink.php | |||
@@ -80,7 +80,7 @@ if (isset($_GET['submit'])) | |||
80 | $template->add('TYPEDISABLED', ' readonly="readonly"'); | 80 | $template->add('TYPEDISABLED', ' readonly="readonly"'); |
81 | } | 81 | } |
82 | 82 | ||
83 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); | 83 | $template->add('TITLEVALUE', htmlspecialchars($_POST['title'])); |
84 | $template->add('URLVALUE', $_POST['url']); | 84 | $template->add('URLVALUE', $_POST['url']); |
85 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); | 85 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); |
86 | } else { | 86 | } else { |
diff --git a/admin/newPost.php b/admin/newPost.php index 32e7aa2..60819b9 100755 --- a/admin/newPost.php +++ b/admin/newPost.php | |||
@@ -145,7 +145,7 @@ if (isset($_GET['submit'])) | |||
145 | if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); | 145 | if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); |
146 | } | 146 | } |
147 | 147 | ||
148 | $template->add('TITLEVALUE', htmlentities($_POST['title'])); | 148 | $template->add('TITLEVALUE', htmlspecialchars($_POST['title'])); |
149 | $template->add('TEXTVALUE', $_POST['text']); | 149 | $template->add('TEXTVALUE', $_POST['text']); |
150 | $template->add('TAGSVALUE', $_POST['tags']); | 150 | $template->add('TAGSVALUE', $_POST['tags']); |
151 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); | 151 | $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); |
diff --git a/admin/pending.php b/admin/pending.php index 6f1cfaf..39295d6 100755 --- a/admin/pending.php +++ b/admin/pending.php | |||
@@ -148,7 +148,7 @@ foreach ($pager->getPageData() as $post) | |||
148 | { | 148 | { |
149 | if (!empty($post)) | 149 | if (!empty($post)) |
150 | { | 150 | { |
151 | $template->add_ref($j, 'POST', array( 'TITLE' => htmlentities($post['title']), | 151 | $template->add_ref($j, 'POST', array( 'TITLE' => htmlspecialchars($post['title']), |
152 | 'AUTHOR' => $post['author'], | 152 | 'AUTHOR' => $post['author'], |
153 | 'ID' => $post['id'], | 153 | 'ID' => $post['id'], |
154 | 'CODED' => $post['slug'], | 154 | 'CODED' => $post['slug'], |
diff --git a/admin/posts.php b/admin/posts.php index d2e34c5..228a039 100755 --- a/admin/posts.php +++ b/admin/posts.php | |||
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) | |||
82 | { | 82 | { |
83 | if (!empty($post)) | 83 | if (!empty($post)) |
84 | { | 84 | { |
85 | $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), | 85 | $template->adds_block('POST', array( 'TITLE' => htmlspecialchars($post['title']), |
86 | 'AUTHOR' => $post['author'], | 86 | 'AUTHOR' => $post['author'], |
87 | 'ID' => $post['id'], | 87 | 'ID' => $post['id'], |
88 | 'CODED' => $post['slug'], | 88 | 'CODED' => $post['slug'], |
diff --git a/admin/welcome.php b/admin/welcome.php index 76b42b1..9ca13ce 100755 --- a/admin/welcome.php +++ b/admin/welcome.php | |||
@@ -46,11 +46,6 @@ $cntcomments2 = mysql_query($cntcomments); | |||
46 | $cntcomments3 = mysql_fetch_array($cntcomments2); | 46 | $cntcomments3 = mysql_fetch_array($cntcomments2); |
47 | $template->add('COMMENTS', $cntcomments3['COUNT(*)']); | 47 | $template->add('COMMENTS', $cntcomments3['COUNT(*)']); |
48 | 48 | ||
49 | $cntpolls = "SELECT COUNT(*) FROM polloftheweek"; | ||
50 | $cntpolls2 = mysql_query($cntpolls); | ||
51 | $cntpolls3 = mysql_fetch_array($cntpolls2); | ||
52 | $template->add('POLLS', $cntpolls3['COUNT(*)']); | ||
53 | |||
54 | $cntquotes = "SELECT COUNT(*) FROM rash_quotes"; | 49 | $cntquotes = "SELECT COUNT(*) FROM rash_quotes"; |
55 | $cntquotes2 = mysql_query($cntquotes); | 50 | $cntquotes2 = mysql_query($cntquotes); |
56 | $cntquotes3 = mysql_fetch_array($cntquotes2); | 51 | $cntquotes3 = mysql_fetch_array($cntquotes2); |