summary refs log tree commit diff stats
path: root/includes/layout.php
diff options
context:
space:
mode:
authorStarla Insigna <starla4444@gmail.com>2010-12-11 14:05:05 -0500
committerStarla Insigna <starla4444@gmail.com>2010-12-11 14:05:05 -0500
commit74db7a24d9c2230b104979f4e4981c57ff73de71 (patch)
tree3059bb0a955a662cd9e04208eb6276071cea4c8a /includes/layout.php
parent9efe4feaf5e19e51a18a229a6db36c5508e9faea (diff)
downloadfourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.gz
fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.bz2
fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.zip
Made Four Island 2 a little more sane
I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were:
- "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables
- Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on!
- Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode.
- Completely eradicated polls.
Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
Diffstat (limited to 'includes/layout.php')
-rwxr-xr-xincludes/layout.php23
1 files changed, 5 insertions, 18 deletions
diff --git a/includes/layout.php b/includes/layout.php index 9e94b69..22b87ea 100755 --- a/includes/layout.php +++ b/includes/layout.php
@@ -74,7 +74,7 @@ $i=0;
74while ($getaffs3 = mysql_fetch_array($getaffs2)) 74while ($getaffs3 = mysql_fetch_array($getaffs2))
75{ 75{
76 $template->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), 76 $template->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++),
77 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getaffs3['title']))), 77 'TITLE' => doAprilFoolsDay(htmlspecialchars($getaffs3['title'])),
78 'URL' => $getaffs3['url'])); 78 'URL' => $getaffs3['url']));
79} 79}
80 80
@@ -84,7 +84,7 @@ $i=0;
84while ($getwebps3 = mysql_fetch_array($getwebps2)) 84while ($getwebps3 = mysql_fetch_array($getwebps2))
85{ 85{
86 $template->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), 86 $template->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++),
87 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getwebps3['title']))), 87 'TITLE' => doAprilFoolsDay(htmlspecialchars($getwebps3['title'])),
88 'URL' => $getwebps3['url'])); 88 'URL' => $getwebps3['url']));
89} 89}
90 90
@@ -129,7 +129,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
129 'AREA' => 'blog', 129 'AREA' => 'blog',
130 'CODED' => $getpost3['slug'], 130 'CODED' => $getpost3['slug'],
131 'ENDING' => '/', 131 'ENDING' => '/',
132 'TITLE' => stripslashes(htmlentities($getpost3['title'])), 132 'TITLE' => htmlspecialchars($getpost3['title']),
133 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); 133 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
134 $i++; 134 $i++;
135 } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) 135 } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)
@@ -143,20 +143,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
143 'TITLE' => 'Quote #' . $num, 143 'TITLE' => 'Quote #' . $num,
144 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); 144 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
145 $i++; 145 $i++;
146 } else if (strpos($getcomments3[$i]['page_id'], 'polloftheweek') !== FALSE) 146 }
147 {
148 $getpotw = "SELECT * FROM polloftheweek WHERE id = " . substr($getcomments3[$i]['page_id'],strpos($getcomments3[$i]['page_id'],'-')+1);
149 $getpotw2 = mysql_query($getpotw);
150 $getpotw3 = mysql_fetch_array($getpotw2);
151
152 $template->adds_block('COMMENTS', array( 'ID' => $getcomments3[$i]['id'],
153 'AREA' => 'poll',
154 'CODED' => $getpotw3['id'],
155 'ENDING' => '.php',
156 'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"',
157 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
158 $i++;
159 }
160} 147}
161 148
162$users = array(); 149$users = array();
@@ -233,7 +220,7 @@ $i=0;
233while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) 220while ($getpopular3[$i] = mysql_fetch_array($getpopular2))
234{ 221{
235 $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], 222 $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'],
236 'TITLE' => doAprilFoolsDay(stripslashes(htmlentities($getpopular3[$i]['title']))))); 223 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpopular3[$i]['title']))));
237 $i++; 224 $i++;
238} 225}
239 226