diff options
author | Starla Insigna <starla4444@gmail.com> | 2010-12-11 14:05:05 -0500 |
---|---|---|
committer | Starla Insigna <starla4444@gmail.com> | 2010-12-11 14:05:05 -0500 |
commit | 74db7a24d9c2230b104979f4e4981c57ff73de71 (patch) | |
tree | 3059bb0a955a662cd9e04208eb6276071cea4c8a /pages/blog.php | |
parent | 9efe4feaf5e19e51a18a229a6db36c5508e9faea (diff) | |
download | fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.gz fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.bz2 fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.zip |
Made Four Island 2 a little more sane
I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were: - "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables - Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on! - Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode. - Completely eradicated polls. Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
Diffstat (limited to 'pages/blog.php')
-rwxr-xr-x | pages/blog.php | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/pages/blog.php b/pages/blog.php index e7163ce..72e96bf 100755 --- a/pages/blog.php +++ b/pages/blog.php | |||
@@ -46,7 +46,7 @@ if (isset($_GET['post'])) | |||
46 | { | 46 | { |
47 | updatePop($getpost3['id'],'views'); | 47 | updatePop($getpost3['id'],'views'); |
48 | 48 | ||
49 | $title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive'; | 49 | $title = htmlspecialchars($getpost3['title']) . ' - Blog Archive'; |
50 | 50 | ||
51 | $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; | 51 | $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; |
52 | $getback2 = mysql_query($getback); | 52 | $getback2 = mysql_query($getback); |
@@ -54,7 +54,7 @@ if (isset($_GET['post'])) | |||
54 | if (isset($getback3['title'])) | 54 | if (isset($getback3['title'])) |
55 | { | 55 | { |
56 | $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], | 56 | $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], |
57 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getback3['title']))))); | 57 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getback3['title'])))); |
58 | } | 58 | } |
59 | 59 | ||
60 | $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; | 60 | $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; |
@@ -63,7 +63,7 @@ if (isset($_GET['post'])) | |||
63 | if (isset($getnext3['title'])) | 63 | if (isset($getnext3['title'])) |
64 | { | 64 | { |
65 | $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], | 65 | $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], |
66 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getnext3['title']))))); | 66 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getnext3['title'])))); |
67 | } | 67 | } |
68 | 68 | ||
69 | $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], | 69 | $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], |
@@ -72,10 +72,10 @@ if (isset($_GET['post'])) | |||
72 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), | 72 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), |
73 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), | 73 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), |
74 | 'CODED' => $getpost3['slug'], | 74 | 'CODED' => $getpost3['slug'], |
75 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))), | 75 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])), |
76 | 'AUTHOR' => $getpost3['author'], | 76 | 'AUTHOR' => $getpost3['author'], |
77 | 'RATING' => $getpost3['rating'], | 77 | 'RATING' => $getpost3['rating'], |
78 | 'TEXT' => parseText(stripslashes($getpost3['text'])))); | 78 | 'TEXT' => parseText($getpost3['text']))); |
79 | 79 | ||
80 | $tags = getTags($getpost3['id']); | 80 | $tags = getTags($getpost3['id']); |
81 | foreach ($tags as $tag) | 81 | foreach ($tags as $tag) |
@@ -121,8 +121,6 @@ if (isset($_GET['post'])) | |||
121 | 121 | ||
122 | $page_id = 'updates-' . $getpost3['id']; | 122 | $page_id = 'updates-' . $getpost3['id']; |
123 | include('includes/comments.php'); | 123 | include('includes/comments.php'); |
124 | |||
125 | displayRelated($getpost3['title'], $getpost3['id']); | ||
126 | } else { | 124 | } else { |
127 | generateError('404'); | 125 | generateError('404'); |
128 | } | 126 | } |
@@ -171,12 +169,12 @@ if (isset($_GET['post'])) | |||
171 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), | 169 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), |
172 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), | 170 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), |
173 | 'CODED' => $getpost3['slug'], | 171 | 'CODED' => $getpost3['slug'], |
174 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))), | 172 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])), |
175 | 'AUTHOR' => $getpost3['author'], | 173 | 'AUTHOR' => $getpost3['author'], |
176 | 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), | 174 | 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), |
177 | 'COMMENTS' => $comText, | 175 | 'COMMENTS' => $comText, |
178 | 'RATING' => $getpost3['rating'], | 176 | 'RATING' => $getpost3['rating'], |
179 | 'TEXT' => parseText(stripslashes($getpost3['text'])))); | 177 | 'TEXT' => parseText($getpost3['text']))); |
180 | 178 | ||
181 | $tags = getTags($getpost3['id']); | 179 | $tags = getTags($getpost3['id']); |
182 | foreach ($tags as $tag) | 180 | foreach ($tags as $tag) |