summary refs log tree commit diff stats
path: root/pages/blog.php
diff options
context:
space:
mode:
authorStarla Insigna <starla4444@gmail.com>2010-12-11 14:05:05 -0500
committerStarla Insigna <starla4444@gmail.com>2010-12-11 14:05:05 -0500
commit74db7a24d9c2230b104979f4e4981c57ff73de71 (patch)
tree3059bb0a955a662cd9e04208eb6276071cea4c8a /pages/blog.php
parent9efe4feaf5e19e51a18a229a6db36c5508e9faea (diff)
downloadfourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.gz
fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.bz2
fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.zip
Made Four Island 2 a little more sane
I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were:
- "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables
- Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on!
- Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode.
- Completely eradicated polls.
Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
Diffstat (limited to 'pages/blog.php')
-rwxr-xr-xpages/blog.php16
1 files changed, 7 insertions, 9 deletions
diff --git a/pages/blog.php b/pages/blog.php index e7163ce..72e96bf 100755 --- a/pages/blog.php +++ b/pages/blog.php
@@ -46,7 +46,7 @@ if (isset($_GET['post']))
46 { 46 {
47 updatePop($getpost3['id'],'views'); 47 updatePop($getpost3['id'],'views');
48 48
49 $title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive'; 49 $title = htmlspecialchars($getpost3['title']) . ' - Blog Archive';
50 50
51 $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; 51 $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1";
52 $getback2 = mysql_query($getback); 52 $getback2 = mysql_query($getback);
@@ -54,7 +54,7 @@ if (isset($_GET['post']))
54 if (isset($getback3['title'])) 54 if (isset($getback3['title']))
55 { 55 {
56 $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], 56 $template->adds_block('BACK', array( 'CODED' => $getback3['slug'],
57 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getback3['title']))))); 57 'TITLE' => doAprilFoolsDay(htmlspecialchars($getback3['title']))));
58 } 58 }
59 59
60 $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; 60 $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1";
@@ -63,7 +63,7 @@ if (isset($_GET['post']))
63 if (isset($getnext3['title'])) 63 if (isset($getnext3['title']))
64 { 64 {
65 $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], 65 $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'],
66 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getnext3['title']))))); 66 'TITLE' => doAprilFoolsDay(htmlspecialchars($getnext3['title']))));
67 } 67 }
68 68
69 $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], 69 $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'],
@@ -72,10 +72,10 @@ if (isset($_GET['post']))
72 'MONTH' => date('M',strtotime($getpost3['pubDate'])), 72 'MONTH' => date('M',strtotime($getpost3['pubDate'])),
73 'DAY' => date('d',strtotime($getpost3['pubDate'])), 73 'DAY' => date('d',strtotime($getpost3['pubDate'])),
74 'CODED' => $getpost3['slug'], 74 'CODED' => $getpost3['slug'],
75 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))), 75 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])),
76 'AUTHOR' => $getpost3['author'], 76 'AUTHOR' => $getpost3['author'],
77 'RATING' => $getpost3['rating'], 77 'RATING' => $getpost3['rating'],
78 'TEXT' => parseText(stripslashes($getpost3['text'])))); 78 'TEXT' => parseText($getpost3['text'])));
79 79
80 $tags = getTags($getpost3['id']); 80 $tags = getTags($getpost3['id']);
81 foreach ($tags as $tag) 81 foreach ($tags as $tag)
@@ -121,8 +121,6 @@ if (isset($_GET['post']))
121 121
122 $page_id = 'updates-' . $getpost3['id']; 122 $page_id = 'updates-' . $getpost3['id'];
123 include('includes/comments.php'); 123 include('includes/comments.php');
124
125 displayRelated($getpost3['title'], $getpost3['id']);
126 } else { 124 } else {
127 generateError('404'); 125 generateError('404');
128 } 126 }
@@ -171,12 +169,12 @@ if (isset($_GET['post']))
171 'MONTH' => date('M',strtotime($getpost3['pubDate'])), 169 'MONTH' => date('M',strtotime($getpost3['pubDate'])),
172 'DAY' => date('d',strtotime($getpost3['pubDate'])), 170 'DAY' => date('d',strtotime($getpost3['pubDate'])),
173 'CODED' => $getpost3['slug'], 171 'CODED' => $getpost3['slug'],
174 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))), 172 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])),
175 'AUTHOR' => $getpost3['author'], 173 'AUTHOR' => $getpost3['author'],
176 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), 174 'PLURALCOMMENT' => (isset($plural) ? $plural : ''),
177 'COMMENTS' => $comText, 175 'COMMENTS' => $comText,
178 'RATING' => $getpost3['rating'], 176 'RATING' => $getpost3['rating'],
179 'TEXT' => parseText(stripslashes($getpost3['text'])))); 177 'TEXT' => parseText($getpost3['text'])));
180 178
181 $tags = getTags($getpost3['id']); 179 $tags = getTags($getpost3['id']);
182 foreach ($tags as $tag) 180 foreach ($tags as $tag)