summary refs log tree commit diff stats
path: root/includes
diff options
context:
space:
mode:
authorStarla Insigna <starla4444@gmail.com>2010-12-11 14:05:05 -0500
committerStarla Insigna <starla4444@gmail.com>2010-12-11 14:05:05 -0500
commit74db7a24d9c2230b104979f4e4981c57ff73de71 (patch)
tree3059bb0a955a662cd9e04208eb6276071cea4c8a /includes
parent9efe4feaf5e19e51a18a229a6db36c5508e9faea (diff)
downloadfourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.gz
fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.bz2
fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.zip
Made Four Island 2 a little more sane
I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were:
- "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables
- Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on!
- Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode.
- Completely eradicated polls.
Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
Diffstat (limited to 'includes')
-rwxr-xr-xincludes/comments.php2
-rwxr-xr-xincludes/common.php3
-rwxr-xr-xincludes/functions.php99
-rwxr-xr-xincludes/layout.php23
4 files changed, 10 insertions, 117 deletions
diff --git a/includes/comments.php b/includes/comments.php index be48c02..5aa8993 100755 --- a/includes/comments.php +++ b/includes/comments.php
@@ -71,7 +71,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
71 'USERNAME' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username), 71 'USERNAME' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username),
72 'DATE' => date("F jS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])), 72 'DATE' => date("F jS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])),
73 'ID' => $getcomments3[$i]['id'], 73 'ID' => $getcomments3[$i]['id'],
74 'TEXT' => parseText(stripslashes($getcomments3[$i]['comment'])))); 74 'TEXT' => parseText($getcomments3[$i]['comment'])));
75 75
76 if (isLoggedIn()) 76 if (isLoggedIn())
77 { 77 {
diff --git a/includes/common.php b/includes/common.php index 8ca6958..7442a18 100755 --- a/includes/common.php +++ b/includes/common.php
@@ -22,6 +22,9 @@ if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
22 22
23require('headerproc.php'); 23require('headerproc.php');
24 24
25$result = mysql_query('SET NAMES utf8');
26$result = mysql_query('SET CHARACTER SET utf8');
27
25include('includes/template.php'); 28include('includes/template.php');
26include('includes/session.php'); 29include('includes/session.php');
27include('includes/maintenance.php'); 30include('includes/maintenance.php');
diff --git a/includes/functions.php b/includes/functions.php index aed4516..b42ca7d 100755 --- a/includes/functions.php +++ b/includes/functions.php
@@ -62,20 +62,6 @@ function dispIfNotOld($datTim)
62 } 62 }
63} 63}
64 64
65function getpercent($getpoll3,$num)
66{
67 $maxper = ($getpoll3['clicks1'] + $getpoll3['clicks2'] + $getpoll3['clicks3'] + $getpoll3['clicks4']);
68
69 if ($maxper == 0)
70 {
71 return 0;
72 } else {
73 $percent = round(($getpoll3['clicks' . $num] / $maxper) * 100);
74 }
75
76 return($percent);
77}
78
79function generateSlug($title,$table) 65function generateSlug($title,$table)
80{ 66{
81 $title = preg_replace('/[^A-Za-z0-9]/','-',$title); 67 $title = preg_replace('/[^A-Za-z0-9]/','-',$title);
@@ -110,7 +96,7 @@ function postBlogPost($title,$author,$tags,$content)
110{ 96{
111 $slug = generateSlug($title,'updates'); 97 $slug = generateSlug($title,'updates');
112 98
113 $inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . $title . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")"; 99 $inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . mysql_real_escape_string($title) . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")";
114 $inspost2 = mysql_query($inspost); 100 $inspost2 = mysql_query($inspost);
115 101
116 $id = mysql_insert_id(); 102 $id = mysql_insert_id();
@@ -269,31 +255,6 @@ if (!function_exists('unique_id'))
269 } 255 }
270} 256}
271 257
272function displayRelated($title, $avoid = 0)
273{
274 $getrelated = "SELECT *, MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AS score FROM updates WHERE MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AND id <> " . $avoid . " LIMIT 0,5";
275 $getrelated2 = mysql_query($getrelated);
276 $i=0;
277 while ($getrelated3[$i] = mysql_fetch_array($getrelated2))
278 {
279 if ($i==0)
280 {
281 $template = new FITemplate('related');
282 }
283
284 $template->adds_block('POST', array( 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getrelated3[$i]['title']))),
285 'CODED' => $getrelated3[$i]['slug'],
286 'AUTHOR' => $getrelated3[$i]['author'],
287 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate']))));
288 $i++;
289 }
290
291 if ($i > 0)
292 {
293 $template->display();
294 }
295}
296
297function getCommentUrl($getcomment3) 258function getCommentUrl($getcomment3)
298{ 259{
299 $page_id = $getcomment3['page_id']; 260 $page_id = $getcomment3['page_id'];
@@ -307,62 +268,12 @@ function getCommentUrl($getcomment3)
307 $getupdate3 = mysql_fetch_array($getupdate2); 268 $getupdate3 = mysql_fetch_array($getupdate2);
308 269
309 return '/blog/' . $getupdate3['slug'] . '/'; 270 return '/blog/' . $getupdate3['slug'] . '/';
310 } else if ($comType == 'polloftheweek')
311 {
312 return '/poll/' . $comID . '.php';
313 } else if ($comType == 'quote') 271 } else if ($comType == 'quote')
314 { 272 {
315 return '/quotes/' . $comID . '.php'; 273 return '/quotes/' . $comID . '.php';
316 } 274 }
317} 275}
318 276
319function getPollOfTheWeek($id = -1)
320{
321 static $showed_form = false;
322
323 $potw = new FITemplate('polloftheweek');
324
325 if ($id == -1)
326 {
327 $getpoll = "SELECT * FROM polloftheweek ORDER BY id DESC LIMIT 0,1";
328 } else {
329 $getpoll = "SELECT * FROM polloftheweek WHERE id = " . $id;
330 }
331 $getpoll2 = mysql_query($getpoll);
332 $getpoll3 = mysql_fetch_array($getpoll2);
333
334 $potw->add('ID', $getpoll3['id']);
335 $potw->add('QUESTION', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['question']))));
336 $potw->add('OPTION1', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option1']))));
337 $potw->add('OPTION2', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option2']))));
338 $potw->add('OPTION3', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option3']))));
339 $potw->add('OPTION4', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option4']))));
340
341 $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
342 $getip2 = mysql_query($getip);
343 $getip3 = mysql_fetch_array($getip2);
344
345 if (($getip3['ip'] != $_SERVER['REMOTE_ADDR']) && ($id == -1) && ($showed_form == false))
346 {
347 $potw->adds_block('FORM',array('exi'=>1));
348 $showed_form = true;
349 } else {
350 $potw->adds_block('DISPLAY',array('exi'=>1));
351
352 $potw->add('PERCENT1', getpercent($getpoll3,'1'));
353 $potw->add('PERCENT2', getpercent($getpoll3,'2'));
354 $potw->add('PERCENT3', getpercent($getpoll3,'3'));
355 $potw->add('PERCENT4', getpercent($getpoll3,'4'));
356 }
357
358 ob_start();
359 $potw->display();
360 $result = ob_get_contents();
361 ob_end_clean();
362
363 return $result;
364}
365
366function getTagColor($i) 277function getTagColor($i)
367{ 278{
368 switch ($i % 7) 279 switch ($i % 7)
@@ -417,14 +328,6 @@ function getRewriteURL()
417 } else { 328 } else {
418 return '/blog/'; 329 return '/blog/';
419 } 330 }
420 } else if ($_GET['area'] == 'poll')
421 {
422 if (isset($_GET['id']))
423 {
424 return '/poll/' . $_GET['id'] . '.php';
425 } else {
426 return '/poll/';
427 }
428 } else if ($_GET['area'] == 'quotes') 331 } else if ($_GET['area'] == 'quotes')
429 { 332 {
430 if (isset($_GET['act'])) 333 if (isset($_GET['act']))
diff --git a/includes/layout.php b/includes/layout.php index 9e94b69..22b87ea 100755 --- a/includes/layout.php +++ b/includes/layout.php
@@ -74,7 +74,7 @@ $i=0;
74while ($getaffs3 = mysql_fetch_array($getaffs2)) 74while ($getaffs3 = mysql_fetch_array($getaffs2))
75{ 75{
76 $template->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++), 76 $template->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++),
77 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getaffs3['title']))), 77 'TITLE' => doAprilFoolsDay(htmlspecialchars($getaffs3['title'])),
78 'URL' => $getaffs3['url'])); 78 'URL' => $getaffs3['url']));
79} 79}
80 80
@@ -84,7 +84,7 @@ $i=0;
84while ($getwebps3 = mysql_fetch_array($getwebps2)) 84while ($getwebps3 = mysql_fetch_array($getwebps2))
85{ 85{
86 $template->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++), 86 $template->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++),
87 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getwebps3['title']))), 87 'TITLE' => doAprilFoolsDay(htmlspecialchars($getwebps3['title'])),
88 'URL' => $getwebps3['url'])); 88 'URL' => $getwebps3['url']));
89} 89}
90 90
@@ -129,7 +129,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
129 'AREA' => 'blog', 129 'AREA' => 'blog',
130 'CODED' => $getpost3['slug'], 130 'CODED' => $getpost3['slug'],
131 'ENDING' => '/', 131 'ENDING' => '/',
132 'TITLE' => stripslashes(htmlentities($getpost3['title'])), 132 'TITLE' => htmlspecialchars($getpost3['title']),
133 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); 133 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
134 $i++; 134 $i++;
135 } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) 135 } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)
@@ -143,20 +143,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
143 'TITLE' => 'Quote #' . $num, 143 'TITLE' => 'Quote #' . $num,
144 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username))); 144 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
145 $i++; 145 $i++;
146 } else if (strpos($getcomments3[$i]['page_id'], 'polloftheweek') !== FALSE) 146 }
147 {
148 $getpotw = "SELECT * FROM polloftheweek WHERE id = " . substr($getcomments3[$i]['page_id'],strpos($getcomments3[$i]['page_id'],'-')+1);
149 $getpotw2 = mysql_query($getpotw);
150 $getpotw3 = mysql_fetch_array($getpotw2);
151
152 $template->adds_block('COMMENTS', array( 'ID' => $getcomments3[$i]['id'],
153 'AREA' => 'poll',
154 'CODED' => $getpotw3['id'],
155 'ENDING' => '.php',
156 'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"',
157 'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
158 $i++;
159 }
160} 147}
161 148
162$users = array(); 149$users = array();
@@ -233,7 +220,7 @@ $i=0;
233while ($getpopular3[$i] = mysql_fetch_array($getpopular2)) 220while ($getpopular3[$i] = mysql_fetch_array($getpopular2))
234{ 221{
235 $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'], 222 $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'],
236 'TITLE' => doAprilFoolsDay(stripslashes(htmlentities($getpopular3[$i]['title']))))); 223 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpopular3[$i]['title']))));
237 $i++; 224 $i++;
238} 225}
239 226