diff options
author | Starla Insigna <starla4444@gmail.com> | 2010-12-11 14:05:05 -0500 |
---|---|---|
committer | Starla Insigna <starla4444@gmail.com> | 2010-12-11 14:05:05 -0500 |
commit | 74db7a24d9c2230b104979f4e4981c57ff73de71 (patch) | |
tree | 3059bb0a955a662cd9e04208eb6276071cea4c8a /includes | |
parent | 9efe4feaf5e19e51a18a229a6db36c5508e9faea (diff) | |
download | fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.gz fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.bz2 fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.zip |
Made Four Island 2 a little more sane
I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were: - "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables - Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on! - Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode. - Completely eradicated polls. Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
Diffstat (limited to 'includes')
-rwxr-xr-x | includes/comments.php | 2 | ||||
-rwxr-xr-x | includes/common.php | 3 | ||||
-rwxr-xr-x | includes/functions.php | 99 | ||||
-rwxr-xr-x | includes/layout.php | 23 |
4 files changed, 10 insertions, 117 deletions
diff --git a/includes/comments.php b/includes/comments.php index be48c02..5aa8993 100755 --- a/includes/comments.php +++ b/includes/comments.php | |||
@@ -71,7 +71,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) | |||
71 | 'USERNAME' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username), | 71 | 'USERNAME' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username), |
72 | 'DATE' => date("F jS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])), | 72 | 'DATE' => date("F jS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])), |
73 | 'ID' => $getcomments3[$i]['id'], | 73 | 'ID' => $getcomments3[$i]['id'], |
74 | 'TEXT' => parseText(stripslashes($getcomments3[$i]['comment'])))); | 74 | 'TEXT' => parseText($getcomments3[$i]['comment']))); |
75 | 75 | ||
76 | if (isLoggedIn()) | 76 | if (isLoggedIn()) |
77 | { | 77 | { |
diff --git a/includes/common.php b/includes/common.php index 8ca6958..7442a18 100755 --- a/includes/common.php +++ b/includes/common.php | |||
@@ -22,6 +22,9 @@ if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);} | |||
22 | 22 | ||
23 | require('headerproc.php'); | 23 | require('headerproc.php'); |
24 | 24 | ||
25 | $result = mysql_query('SET NAMES utf8'); | ||
26 | $result = mysql_query('SET CHARACTER SET utf8'); | ||
27 | |||
25 | include('includes/template.php'); | 28 | include('includes/template.php'); |
26 | include('includes/session.php'); | 29 | include('includes/session.php'); |
27 | include('includes/maintenance.php'); | 30 | include('includes/maintenance.php'); |
diff --git a/includes/functions.php b/includes/functions.php index aed4516..b42ca7d 100755 --- a/includes/functions.php +++ b/includes/functions.php | |||
@@ -62,20 +62,6 @@ function dispIfNotOld($datTim) | |||
62 | } | 62 | } |
63 | } | 63 | } |
64 | 64 | ||
65 | function getpercent($getpoll3,$num) | ||
66 | { | ||
67 | $maxper = ($getpoll3['clicks1'] + $getpoll3['clicks2'] + $getpoll3['clicks3'] + $getpoll3['clicks4']); | ||
68 | |||
69 | if ($maxper == 0) | ||
70 | { | ||
71 | return 0; | ||
72 | } else { | ||
73 | $percent = round(($getpoll3['clicks' . $num] / $maxper) * 100); | ||
74 | } | ||
75 | |||
76 | return($percent); | ||
77 | } | ||
78 | |||
79 | function generateSlug($title,$table) | 65 | function generateSlug($title,$table) |
80 | { | 66 | { |
81 | $title = preg_replace('/[^A-Za-z0-9]/','-',$title); | 67 | $title = preg_replace('/[^A-Za-z0-9]/','-',$title); |
@@ -110,7 +96,7 @@ function postBlogPost($title,$author,$tags,$content) | |||
110 | { | 96 | { |
111 | $slug = generateSlug($title,'updates'); | 97 | $slug = generateSlug($title,'updates'); |
112 | 98 | ||
113 | $inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . $title . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")"; | 99 | $inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . mysql_real_escape_string($title) . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")"; |
114 | $inspost2 = mysql_query($inspost); | 100 | $inspost2 = mysql_query($inspost); |
115 | 101 | ||
116 | $id = mysql_insert_id(); | 102 | $id = mysql_insert_id(); |
@@ -269,31 +255,6 @@ if (!function_exists('unique_id')) | |||
269 | } | 255 | } |
270 | } | 256 | } |
271 | 257 | ||
272 | function displayRelated($title, $avoid = 0) | ||
273 | { | ||
274 | $getrelated = "SELECT *, MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AS score FROM updates WHERE MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AND id <> " . $avoid . " LIMIT 0,5"; | ||
275 | $getrelated2 = mysql_query($getrelated); | ||
276 | $i=0; | ||
277 | while ($getrelated3[$i] = mysql_fetch_array($getrelated2)) | ||
278 | { | ||
279 | if ($i==0) | ||
280 | { | ||
281 | $template = new FITemplate('related'); | ||
282 | } | ||
283 | |||
284 | $template->adds_block('POST', array( 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getrelated3[$i]['title']))), | ||
285 | 'CODED' => $getrelated3[$i]['slug'], | ||
286 | 'AUTHOR' => $getrelated3[$i]['author'], | ||
287 | 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate'])))); | ||
288 | $i++; | ||
289 | } | ||
290 | |||
291 | if ($i > 0) | ||
292 | { | ||
293 | $template->display(); | ||
294 | } | ||
295 | } | ||
296 | |||
297 | function getCommentUrl($getcomment3) | 258 | function getCommentUrl($getcomment3) |
298 | { | 259 | { |
299 | $page_id = $getcomment3['page_id']; | 260 | $page_id = $getcomment3['page_id']; |
@@ -307,62 +268,12 @@ function getCommentUrl($getcomment3) | |||
307 | $getupdate3 = mysql_fetch_array($getupdate2); | 268 | $getupdate3 = mysql_fetch_array($getupdate2); |
308 | 269 | ||
309 | return '/blog/' . $getupdate3['slug'] . '/'; | 270 | return '/blog/' . $getupdate3['slug'] . '/'; |
310 | } else if ($comType == 'polloftheweek') | ||
311 | { | ||
312 | return '/poll/' . $comID . '.php'; | ||
313 | } else if ($comType == 'quote') | 271 | } else if ($comType == 'quote') |
314 | { | 272 | { |
315 | return '/quotes/' . $comID . '.php'; | 273 | return '/quotes/' . $comID . '.php'; |
316 | } | 274 | } |
317 | } | 275 | } |
318 | 276 | ||
319 | function getPollOfTheWeek($id = -1) | ||
320 | { | ||
321 | static $showed_form = false; | ||
322 | |||
323 | $potw = new FITemplate('polloftheweek'); | ||
324 | |||
325 | if ($id == -1) | ||
326 | { | ||
327 | $getpoll = "SELECT * FROM polloftheweek ORDER BY id DESC LIMIT 0,1"; | ||
328 | } else { | ||
329 | $getpoll = "SELECT * FROM polloftheweek WHERE id = " . $id; | ||
330 | } | ||
331 | $getpoll2 = mysql_query($getpoll); | ||
332 | $getpoll3 = mysql_fetch_array($getpoll2); | ||
333 | |||
334 | $potw->add('ID', $getpoll3['id']); | ||
335 | $potw->add('QUESTION', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['question'])))); | ||
336 | $potw->add('OPTION1', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option1'])))); | ||
337 | $potw->add('OPTION2', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option2'])))); | ||
338 | $potw->add('OPTION3', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option3'])))); | ||
339 | $potw->add('OPTION4', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option4'])))); | ||
340 | |||
341 | $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; | ||
342 | $getip2 = mysql_query($getip); | ||
343 | $getip3 = mysql_fetch_array($getip2); | ||
344 | |||
345 | if (($getip3['ip'] != $_SERVER['REMOTE_ADDR']) && ($id == -1) && ($showed_form == false)) | ||
346 | { | ||
347 | $potw->adds_block('FORM',array('exi'=>1)); | ||
348 | $showed_form = true; | ||
349 | } else { | ||
350 | $potw->adds_block('DISPLAY',array('exi'=>1)); | ||
351 | |||
352 | $potw->add('PERCENT1', getpercent($getpoll3,'1')); | ||
353 | $potw->add('PERCENT2', getpercent($getpoll3,'2')); | ||
354 | $potw->add('PERCENT3', getpercent($getpoll3,'3')); | ||
355 | $potw->add('PERCENT4', getpercent($getpoll3,'4')); | ||
356 | } | ||
357 | |||
358 | ob_start(); | ||
359 | $potw->display(); | ||
360 | $result = ob_get_contents(); | ||
361 | ob_end_clean(); | ||
362 | |||
363 | return $result; | ||
364 | } | ||
365 | |||
366 | function getTagColor($i) | 277 | function getTagColor($i) |
367 | { | 278 | { |
368 | switch ($i % 7) | 279 | switch ($i % 7) |
@@ -417,14 +328,6 @@ function getRewriteURL() | |||
417 | } else { | 328 | } else { |
418 | return '/blog/'; | 329 | return '/blog/'; |
419 | } | 330 | } |
420 | } else if ($_GET['area'] == 'poll') | ||
421 | { | ||
422 | if (isset($_GET['id'])) | ||
423 | { | ||
424 | return '/poll/' . $_GET['id'] . '.php'; | ||
425 | } else { | ||
426 | return '/poll/'; | ||
427 | } | ||
428 | } else if ($_GET['area'] == 'quotes') | 331 | } else if ($_GET['area'] == 'quotes') |
429 | { | 332 | { |
430 | if (isset($_GET['act'])) | 333 | if (isset($_GET['act'])) |
diff --git a/includes/layout.php b/includes/layout.php index 9e94b69..22b87ea 100755 --- a/includes/layout.php +++ b/includes/layout.php | |||
@@ -74,7 +74,7 @@ $i=0; | |||
74 | while ($getaffs3 = mysql_fetch_array($getaffs2)) | 74 | while ($getaffs3 = mysql_fetch_array($getaffs2)) |
75 | { | 75 | { |
76 | $template->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), | 76 | $template->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), |
77 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getaffs3['title']))), | 77 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getaffs3['title'])), |
78 | 'URL' => $getaffs3['url'])); | 78 | 'URL' => $getaffs3['url'])); |
79 | } | 79 | } |
80 | 80 | ||
@@ -84,7 +84,7 @@ $i=0; | |||
84 | while ($getwebps3 = mysql_fetch_array($getwebps2)) | 84 | while ($getwebps3 = mysql_fetch_array($getwebps2)) |
85 | { | 85 | { |
86 | $template->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), | 86 | $template->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), |
87 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getwebps3['title']))), | 87 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getwebps3['title'])), |
88 | 'URL' => $getwebps3['url'])); | 88 | 'URL' => $getwebps3['url'])); |
89 | } | 89 | } |
90 | 90 | ||
@@ -129,7 +129,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) | |||
129 | 'AREA' => 'blog', | 129 | 'AREA' => 'blog', |
130 | 'CODED' => $getpost3['slug'], | 130 | 'CODED' => $getpost3['slug'], |
131 | 'ENDING' => '/', | 131 | 'ENDING' => '/', |
132 | 'TITLE' => stripslashes(htmlentities($getpost3['title'])), | 132 | 'TITLE' => htmlspecialchars($getpost3['title']), |
133 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); | 133 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); |
134 | $i++; | 134 | $i++; |
135 | } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) | 135 | } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) |
@@ -143,20 +143,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) | |||
143 | 'TITLE' => 'Quote #' . $num, | 143 | 'TITLE' => 'Quote #' . $num, |
144 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); | 144 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); |
145 | $i++; | 145 | $i++; |
146 | } else if (strpos($getcomments3[$i]['page_id'], 'polloftheweek') !== FALSE) | 146 | } |
147 | { | ||
148 | $getpotw = "SELECT * FROM polloftheweek WHERE id = " . substr($getcomments3[$i]['page_id'],strpos($getcomments3[$i]['page_id'],'-')+1); | ||
149 | $getpotw2 = mysql_query($getpotw); | ||
150 | $getpotw3 = mysql_fetch_array($getpotw2); | ||
151 | |||
152 | $template->adds_block('COMMENTS', array( 'ID' => $getcomments3[$i]['id'], | ||
153 | 'AREA' => 'poll', | ||
154 | 'CODED' => $getpotw3['id'], | ||
155 | 'ENDING' => '.php', | ||
156 | 'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"', | ||
157 | 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); | ||
158 | $i++; | ||
159 | } | ||
160 | } | 147 | } |
161 | 148 | ||
162 | $users = array(); | 149 | $users = array(); |
@@ -233,7 +220,7 @@ $i=0; | |||
233 | while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) | 220 | while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) |
234 | { | 221 | { |
235 | $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], | 222 | $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], |
236 | 'TITLE' => doAprilFoolsDay(stripslashes(htmlentities($getpopular3[$i]['title']))))); | 223 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpopular3[$i]['title'])))); |
237 | $i++; | 224 | $i++; |
238 | } | 225 | } |
239 | 226 | ||