diff options
| author | Starla Insigna <starla4444@gmail.com> | 2010-12-11 14:05:05 -0500 |
|---|---|---|
| committer | Starla Insigna <starla4444@gmail.com> | 2010-12-11 14:05:05 -0500 |
| commit | 74db7a24d9c2230b104979f4e4981c57ff73de71 (patch) | |
| tree | 3059bb0a955a662cd9e04208eb6276071cea4c8a /pages | |
| parent | 9efe4feaf5e19e51a18a229a6db36c5508e9faea (diff) | |
| download | fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.gz fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.tar.bz2 fourisland-74db7a24d9c2230b104979f4e4981c57ff73de71.zip | |
Made Four Island 2 a little more sane
I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were: - "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables - Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on! - Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode. - Completely eradicated polls. Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
Diffstat (limited to 'pages')
| -rwxr-xr-x | pages/archive.php | 2 | ||||
| -rwxr-xr-x | pages/blog.php | 16 | ||||
| -rwxr-xr-x | pages/post.php | 4 | ||||
| -rwxr-xr-x | pages/quotes.php | 4 | ||||
| -rwxr-xr-x | pages/viewPost.php | 2 |
5 files changed, 13 insertions, 15 deletions
| diff --git a/pages/archive.php b/pages/archive.php index 024d3b5..73d0162 100755 --- a/pages/archive.php +++ b/pages/archive.php | |||
| @@ -87,7 +87,7 @@ while ($getposts3[$i] = mysql_fetch_array($getposts2)) | |||
| 87 | 87 | ||
| 88 | $template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])), | 88 | $template->adds_ref_sub($curID, 'SMALL',array( 'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])), |
| 89 | 'CODED' => $getposts3[$i]['slug'], | 89 | 'CODED' => $getposts3[$i]['slug'], |
| 90 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getposts3[$i]['title']))))); | 90 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getposts3[$i]['title'])))); |
| 91 | $i++; | 91 | $i++; |
| 92 | } | 92 | } |
| 93 | if ($i==0) | 93 | if ($i==0) |
| diff --git a/pages/blog.php b/pages/blog.php index e7163ce..72e96bf 100755 --- a/pages/blog.php +++ b/pages/blog.php | |||
| @@ -46,7 +46,7 @@ if (isset($_GET['post'])) | |||
| 46 | { | 46 | { |
| 47 | updatePop($getpost3['id'],'views'); | 47 | updatePop($getpost3['id'],'views'); |
| 48 | 48 | ||
| 49 | $title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive'; | 49 | $title = htmlspecialchars($getpost3['title']) . ' - Blog Archive'; |
| 50 | 50 | ||
| 51 | $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; | 51 | $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; |
| 52 | $getback2 = mysql_query($getback); | 52 | $getback2 = mysql_query($getback); |
| @@ -54,7 +54,7 @@ if (isset($_GET['post'])) | |||
| 54 | if (isset($getback3['title'])) | 54 | if (isset($getback3['title'])) |
| 55 | { | 55 | { |
| 56 | $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], | 56 | $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], |
| 57 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getback3['title']))))); | 57 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getback3['title'])))); |
| 58 | } | 58 | } |
| 59 | 59 | ||
| 60 | $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; | 60 | $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; |
| @@ -63,7 +63,7 @@ if (isset($_GET['post'])) | |||
| 63 | if (isset($getnext3['title'])) | 63 | if (isset($getnext3['title'])) |
| 64 | { | 64 | { |
| 65 | $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], | 65 | $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], |
| 66 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getnext3['title']))))); | 66 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getnext3['title'])))); |
| 67 | } | 67 | } |
| 68 | 68 | ||
| 69 | $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], | 69 | $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], |
| @@ -72,10 +72,10 @@ if (isset($_GET['post'])) | |||
| 72 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), | 72 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), |
| 73 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), | 73 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), |
| 74 | 'CODED' => $getpost3['slug'], | 74 | 'CODED' => $getpost3['slug'], |
| 75 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))), | 75 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])), |
| 76 | 'AUTHOR' => $getpost3['author'], | 76 | 'AUTHOR' => $getpost3['author'], |
| 77 | 'RATING' => $getpost3['rating'], | 77 | 'RATING' => $getpost3['rating'], |
| 78 | 'TEXT' => parseText(stripslashes($getpost3['text'])))); | 78 | 'TEXT' => parseText($getpost3['text']))); |
| 79 | 79 | ||
| 80 | $tags = getTags($getpost3['id']); | 80 | $tags = getTags($getpost3['id']); |
| 81 | foreach ($tags as $tag) | 81 | foreach ($tags as $tag) |
| @@ -121,8 +121,6 @@ if (isset($_GET['post'])) | |||
| 121 | 121 | ||
| 122 | $page_id = 'updates-' . $getpost3['id']; | 122 | $page_id = 'updates-' . $getpost3['id']; |
| 123 | include('includes/comments.php'); | 123 | include('includes/comments.php'); |
| 124 | |||
| 125 | displayRelated($getpost3['title'], $getpost3['id']); | ||
| 126 | } else { | 124 | } else { |
| 127 | generateError('404'); | 125 | generateError('404'); |
| 128 | } | 126 | } |
| @@ -171,12 +169,12 @@ if (isset($_GET['post'])) | |||
| 171 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), | 169 | 'MONTH' => date('M',strtotime($getpost3['pubDate'])), |
| 172 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), | 170 | 'DAY' => date('d',strtotime($getpost3['pubDate'])), |
| 173 | 'CODED' => $getpost3['slug'], | 171 | 'CODED' => $getpost3['slug'], |
| 174 | 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))), | 172 | 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])), |
| 175 | 'AUTHOR' => $getpost3['author'], | 173 | 'AUTHOR' => $getpost3['author'], |
| 176 | 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), | 174 | 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), |
| 177 | 'COMMENTS' => $comText, | 175 | 'COMMENTS' => $comText, |
| 178 | 'RATING' => $getpost3['rating'], | 176 | 'RATING' => $getpost3['rating'], |
| 179 | 'TEXT' => parseText(stripslashes($getpost3['text'])))); | 177 | 'TEXT' => parseText($getpost3['text']))); |
| 180 | 178 | ||
| 181 | $tags = getTags($getpost3['id']); | 179 | $tags = getTags($getpost3['id']); |
| 182 | foreach ($tags as $tag) | 180 | foreach ($tags as $tag) |
| diff --git a/pages/post.php b/pages/post.php index 3f728c8..a5435c9 100755 --- a/pages/post.php +++ b/pages/post.php | |||
| @@ -68,7 +68,7 @@ if (!isset($_POST['id'])) | |||
| 68 | $template = new FITemplate('new-comment'); | 68 | $template = new FITemplate('new-comment'); |
| 69 | $template->add('ID', $cid); | 69 | $template->add('ID', $cid); |
| 70 | $template->add('CODEDEMAIL', md5(strtolower($getanon3['email']))); | 70 | $template->add('CODEDEMAIL', md5(strtolower($getanon3['email']))); |
| 71 | $template->add('TEXT', stripslashes($_POST['comment'])); | 71 | $template->add('TEXT', $_POST['comment']); |
| 72 | $template->add('USERNAME', $getanon3['username']); | 72 | $template->add('USERNAME', $getanon3['username']); |
| 73 | $template->add('DATE', date("F jS Y \a\\t g:i:s a")); | 73 | $template->add('DATE', date("F jS Y \a\\t g:i:s a")); |
| 74 | $template->display(); | 74 | $template->display(); |
| @@ -108,7 +108,7 @@ if (!isset($_POST['id'])) | |||
| 108 | $template = new FITemplate('new-comment'); | 108 | $template = new FITemplate('new-comment'); |
| 109 | $template->add('ID', $cid); | 109 | $template->add('ID', $cid); |
| 110 | $template->add('CODEDEMAIL', md5(strtolower($getuser3['user_email']))); | 110 | $template->add('CODEDEMAIL', md5(strtolower($getuser3['user_email']))); |
| 111 | $template->add('TEXT', stripslashes($_POST['comment'])); | 111 | $template->add('TEXT', $_POST['comment']); |
| 112 | $template->add('USERNAME', getSessionUsername()); | 112 | $template->add('USERNAME', getSessionUsername()); |
| 113 | $template->add('DATE', date("F jS Y \a\\t g:i:s a")); | 113 | $template->add('DATE', date("F jS Y \a\\t g:i:s a")); |
| 114 | $template->display(); | 114 | $template->display(); |
| diff --git a/pages/quotes.php b/pages/quotes.php index 3b00878..f47dbd3 100755 --- a/pages/quotes.php +++ b/pages/quotes.php | |||
| @@ -70,7 +70,7 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id']))) | |||
| 70 | $template = new FITemplate('quotes/add'); | 70 | $template = new FITemplate('quotes/add'); |
| 71 | if (isset($_GET['submit'])) | 71 | if (isset($_GET['submit'])) |
| 72 | { | 72 | { |
| 73 | $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars(stripslashes($_POST['rash_quote']))))); | 73 | $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote'])))); |
| 74 | if (!isLoggedIn()) | 74 | if (!isLoggedIn()) |
| 75 | { | 75 | { |
| 76 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; | 76 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; |
| @@ -236,7 +236,7 @@ function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_l | |||
| 236 | $template->add_ref($curID,'QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'], | 236 | $template->add_ref($curID,'QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'], |
| 237 | 'RATING' => $getquotes3[$i]['rating'], | 237 | 'RATING' => $getquotes3[$i]['rating'], |
| 238 | 'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''), | 238 | 'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''), |
| 239 | 'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlspecialchars(stripslashes($getquotes3[$i]['quote'])))), | 239 | 'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlspecialchars($getquotes3[$i]['quote']))), |
| 240 | 'COMMENTS' => $comments)); | 240 | 'COMMENTS' => $comments)); |
| 241 | 241 | ||
| 242 | if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($getquotes3[$i]['id'],$trackArr) === FALSE)) | 242 | if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($getquotes3[$i]['id'],$trackArr) === FALSE)) |
| diff --git a/pages/viewPost.php b/pages/viewPost.php index 0d84df7..fa371cf 100755 --- a/pages/viewPost.php +++ b/pages/viewPost.php | |||
| @@ -44,7 +44,7 @@ if (!isAdmin()) | |||
| 44 | 'TITLE' => $getpost3['title'], | 44 | 'TITLE' => $getpost3['title'], |
| 45 | 'AUTHOR' => $getpost3['author'], | 45 | 'AUTHOR' => $getpost3['author'], |
| 46 | 'RATING' => $getpost3['rating'], | 46 | 'RATING' => $getpost3['rating'], |
| 47 | 'TEXT' => parseText(stripslashes($getpost3['text'])))); | 47 | 'TEXT' => parseText($getpost3['text']))); |
| 48 | 48 | ||
| 49 | $tags = getTags($getpost3['id']); | 49 | $tags = getTags($getpost3['id']); |
| 50 | foreach ($tags as $tag) | 50 | foreach ($tags as $tag) |