diff options
author | Starla Insigna <starla4444@gmail.com> | 2010-12-11 14:05:05 -0500 |
---|---|---|
committer | Starla Insigna <starla4444@gmail.com> | 2010-12-11 14:05:05 -0500 |
commit | 74db7a24d9c2230b104979f4e4981c57ff73de71 (patch) | |
tree | 3059bb0a955a662cd9e04208eb6276071cea4c8a /includes/layout.php | |
parent | 9efe4feaf5e19e51a18a229a6db36c5508e9faea (diff) | |
download | fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.gz fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.bz2 fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.zip |
Made Four Island 2 a little more sane
I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were: - "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables - Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on! - Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode. - Completely eradicated polls. Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
Diffstat (limited to 'includes/layout.php')
-rwxr-xr-x | includes/layout.php | 23 |
1 files changed, 5 insertions, 18 deletions
diff --git a/includes/layout.php b/includes/layout.php index 9e94b69..22b87ea 100755 --- a/includes/layout.php +++ b/includes/layout.php | |||
@@ -74,7 +74,7 @@ $i=0; | |||
74 | while ($getaffs3 = mysql_fetch_array($getaffs2)) | 74 | while ($getaffs3 = mysql_fetch_array($getaffs2)) |
75 | { | 75 | { |
76 | $template->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), | 76 | $template->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), |
77 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getaffs3['title']))), | 77 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getaffs3['title'])), |
78 | 'URL' => $getaffs3['url'])); | 78 | 'URL' => $getaffs3['url'])); |
79 | } | 79 | } |
80 | 80 | ||
@@ -84,7 +84,7 @@ $i=0; | |||
84 | while ($getwebps3 = mysql_fetch_array($getwebps2)) | 84 | while ($getwebps3 = mysql_fetch_array($getwebps2)) |
85 | { | 85 | { |
86 | $template->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), | 86 | $template->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), |
87 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getwebps3['title']))), | 87 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getwebps3['title'])), |
88 | 'URL' => $getwebps3['url'])); | 88 | 'URL' => $getwebps3['url'])); |
89 | } | 89 | } |
90 | 90 | ||
@@ -129,7 +129,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) | |||
129 | 'AREA' => 'blog', | 129 | 'AREA' => 'blog', |
130 | 'CODED' => $getpost3['slug'], | 130 | 'CODED' => $getpost3['slug'], |
131 | 'ENDING' => '/', | 131 | 'ENDING' => '/', |
132 | 'TITLE' => stripslashes(htmlentities($getpost3['title'])), | 132 | 'TITLE' => htmlspecialchars($getpost3['title']), |
133 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); | 133 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); |
134 | $i++; | 134 | $i++; |
135 | } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) | 135 | } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) |
@@ -143,20 +143,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) | |||
143 | 'TITLE' => 'Quote #' . $num, | 143 | 'TITLE' => 'Quote #' . $num, |
144 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); | 144 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); |
145 | $i++; | 145 | $i++; |
146 | } else if (strpos($getcomments3[$i]['page_id'], 'polloftheweek') !== FALSE) | 146 | } |
147 | { | ||
148 | $getpotw = "SELECT * FROM polloftheweek WHERE id = " . substr($getcomments3[$i]['page_id'],strpos($getcomments3[$i]['page_id'],'-')+1); | ||
149 | $getpotw2 = mysql_query($getpotw); | ||
150 | $getpotw3 = mysql_fetch_array($getpotw2); | ||
151 | |||
152 | $template->adds_block('COMMENTS', array( 'ID' => $getcomments3[$i]['id'], | ||
153 | 'AREA' => 'poll', | ||
154 | 'CODED' => $getpotw3['id'], | ||
155 | 'ENDING' => '.php', | ||
156 | 'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"', | ||
157 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); | ||
158 | $i++; | ||
159 | } | ||
160 | } | 147 | } |
161 | 148 | ||
162 | $users = array(); | 149 | $users = array(); |
@@ -233,7 +220,7 @@ $i=0; | |||
233 | while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) | 220 | while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) |
234 | { | 221 | { |
235 | $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], | 222 | $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], |
236 | 'TITLE' => doAprilFoolsDay(stripslashes(htmlentities($getpopular3[$i]['title']))))); | 223 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpopular3[$i]['title'])))); |
237 | $i++; | 224 | $i++; |
238 | } | 225 | } |
239 | 226 | ||