Made Four Island 2 a little more sane

I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were: - "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables - Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on! - Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode. - Completely eradicated polls. Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
author: Starla Insigna <starla4444@gmail.com> 2010-12-11 14:05:05 -0500
committer: Starla Insigna <starla4444@gmail.com> 2010-12-11 14:05:05 -0500
commit: 74db7a24d9c2230b104979f4e4981c57ff73de71 (patch)
tree: 3059bb0a955a662cd9e04208eb6276071cea4c8a /pages/quotes.php
parent: 9efe4feaf5e19e51a18a229a6db36c5508e9faea (diff)
download: fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.gz
fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.bz2
fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/pages/quotes.php b/pages/quotes.php
index 3b00878..f47dbd3 100755
--- a/pages/quotes.php
+++ b/pages/quotes.php

@@ -70,7 +70,7 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id'])))
        $template = new FITemplate('quotes/add');
        if (isset($_GET['submit']))
        {
-                $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars(stripslashes($_POST['rash_quote'])))));
+                $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote']))));
                if (!isLoggedIn())
                {
                        $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")";
@@ -236,7 +236,7 @@ function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_l
                $template->add_ref($curID,'QUOTES',array(       'NUMBER' => $getquotes3[$i]['id'],
                                                                'RATING' => $getquotes3[$i]['rating'],
                                                                'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''),
-                                                                'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlspecialchars(stripslashes($getquotes3[$i]['quote'])))),
+                                                                'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlspecialchars($getquotes3[$i]['quote']))),
                                                                'COMMENTS' => $comments));
                if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($getquotes3[$i]['id'],$trackArr) === FALSE))
author	Starla Insigna <starla4444@gmail.com>	2010-12-11 14:05:05 -0500
committer	Starla Insigna <starla4444@gmail.com>	2010-12-11 14:05:05 -0500
commit	74db7a24d9c2230b104979f4e4981c57ff73de71 (patch)
tree	3059bb0a955a662cd9e04208eb6276071cea4c8a /pages/quotes.php
parent	9efe4feaf5e19e51a18a229a6db36c5508e9faea (diff)
download	fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.gz fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.bz2 fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.zip

diff --git a/pages/quotes.php b/pages/quotes.php index 3b00878..f47dbd3 100755 --- a/pages/quotes.php +++ b/pages/quotes.php
@@ -70,7 +70,7 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id'])))
70	$template = new FITemplate('quotes/add');	70	$template = new FITemplate('quotes/add');
71	if (isset($_GET['submit']))	71	if (isset($_GET['submit']))
72	{	72	{
73	$template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars(stripslashes($_POST['rash_quote'])))));	73	$template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote']))));
74	if (!isLoggedIn())	74	if (!isLoggedIn())
75	{	75	{
76	$insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")";	76	$insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")";
@@ -236,7 +236,7 @@ function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_l
236	$template->add_ref($curID,'QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'],	236	$template->add_ref($curID,'QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'],
237	'RATING' => $getquotes3[$i]['rating'],	237	'RATING' => $getquotes3[$i]['rating'],
238	'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''),	238	'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''),
239	'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlspecialchars(stripslashes($getquotes3[$i]['quote'])))),	239	'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlspecialchars($getquotes3[$i]['quote']))),
240	'COMMENTS' => $comments));	240	'COMMENTS' => $comments));
241		241
242	if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) \|\| (array_search($getquotes3[$i]['id'],$trackArr) === FALSE))	242	if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) \|\| (array_search($getquotes3[$i]['id'],$trackArr) === FALSE))