4 files changed, 10 insertions, 117 deletions
diff --git a/includes/comments.php b/includes/comments.php
index be48c02..5aa8993 100755
--- a/includes/comments.php
+++ b/includes/comments.php

@@ -71,7 +71,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
                                                                'USERNAME' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username),
                                                                'DATE' => date("F jS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])),
                                                                'ID' => $getcomments3[$i]['id'],
-                                                                'TEXT' => parseText(stripslashes($getcomments3[$i]['comment']))));
+                                                                'TEXT' => parseText($getcomments3[$i]['comment'])));
                if (isLoggedIn())
                {
diff --git a/includes/common.php b/includes/common.php
index 8ca6958..7442a18 100755
--- a/includes/common.php
+++ b/includes/common.php

@@ -22,6 +22,9 @@ if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
 require('headerproc.php');
+$result = mysql_query('SET NAMES utf8');
+$result = mysql_query('SET CHARACTER SET utf8');
 include('includes/template.php');
 include('includes/session.php');
 include('includes/maintenance.php');
diff --git a/includes/functions.php b/includes/functions.php
index aed4516..b42ca7d 100755
--- a/includes/functions.php
+++ b/includes/functions.php

@@ -62,20 +62,6 @@ function dispIfNotOld($datTim)
        }
 }
-function getpercent($getpoll3,$num)
-{
-        $maxper = ($getpoll3['clicks1'] + $getpoll3['clicks2'] + $getpoll3['clicks3'] + $getpoll3['clicks4']);
-        if ($maxper == 0)
-        {
-                return 0;
-        } else {
-                $percent = round(($getpoll3['clicks' . $num] / $maxper) * 100);
-        }
-        return($percent);
-}
 function generateSlug($title,$table)
 {
        $title = preg_replace('/[^A-Za-z0-9]/','-',$title);
@@ -110,7 +96,7 @@ function postBlogPost($title,$author,$tags,$content)
 {
        $slug = generateSlug($title,'updates');
-        $inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . $title . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")";
+        $inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . mysql_real_escape_string($title) . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")";
        $inspost2 = mysql_query($inspost);
        $id = mysql_insert_id();
@@ -269,31 +255,6 @@ if (!function_exists('unique_id'))
        }
 }
-function displayRelated($title, $avoid = 0)
-{
-        $getrelated = "SELECT *, MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AS score FROM updates WHERE MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AND id <> " . $avoid . " LIMIT 0,5";
-        $getrelated2 = mysql_query($getrelated);
-        $i=0;
-        while ($getrelated3[$i] = mysql_fetch_array($getrelated2))
-        {
-                if ($i==0)
-                {
-                        $template = new FITemplate('related');
-                }
-                $template->adds_block('POST', array(    'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getrelated3[$i]['title']))),
-                                                        'CODED' => $getrelated3[$i]['slug'],
-                                                        'AUTHOR' => $getrelated3[$i]['author'],
-                                                        'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate']))));
-                $i++;
-        }
-        if ($i > 0)
-        {
-                $template->display();
-        }
-}
 function getCommentUrl($getcomment3)
 {
        $page_id = $getcomment3['page_id'];
@@ -307,62 +268,12 @@ function getCommentUrl($getcomment3)
                $getupdate3 = mysql_fetch_array($getupdate2);
                return '/blog/' . $getupdate3['slug'] . '/';
-        } else if ($comType == 'polloftheweek')
-        {
-                return '/poll/' . $comID . '.php';
        } else if ($comType == 'quote')
        {
                return '/quotes/' . $comID . '.php';
        }
 }
-function getPollOfTheWeek($id = -1)
-{
-        static $showed_form = false;
-        $potw = new FITemplate('polloftheweek');
-        
-        if ($id == -1)
-        {
-                $getpoll = "SELECT * FROM polloftheweek ORDER BY id DESC LIMIT 0,1";
-        } else {
-                $getpoll = "SELECT * FROM polloftheweek WHERE id = " . $id;
-        }
-        $getpoll2 = mysql_query($getpoll);
-        $getpoll3 = mysql_fetch_array($getpoll2);
-        $potw->add('ID', $getpoll3['id']);
-        $potw->add('QUESTION', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['question']))));
-        $potw->add('OPTION1', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option1']))));
-        $potw->add('OPTION2', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option2']))));
-        $potw->add('OPTION3', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option3']))));
-        $potw->add('OPTION4', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option4']))));
-        $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
-        $getip2 = mysql_query($getip);
-        $getip3 = mysql_fetch_array($getip2);
-        if (($getip3['ip'] != $_SERVER['REMOTE_ADDR']) && ($id == -1) && ($showed_form == false))
-        {
-                $potw->adds_block('FORM',array('exi'=>1));
-                $showed_form = true;
-        } else {
-                $potw->adds_block('DISPLAY',array('exi'=>1));
-                $potw->add('PERCENT1', getpercent($getpoll3,'1'));
-                $potw->add('PERCENT2', getpercent($getpoll3,'2'));
-                $potw->add('PERCENT3', getpercent($getpoll3,'3'));
-                $potw->add('PERCENT4', getpercent($getpoll3,'4'));
-        }
-        
-        ob_start();
-        $potw->display();
-        $result = ob_get_contents();
-        ob_end_clean();
-        
-        return $result;
-}
 function getTagColor($i)
 {
        switch ($i % 7)
@@ -417,14 +328,6 @@ function getRewriteURL()
                        } else {
                                return '/blog/';
                        }
-                } else if ($_GET['area'] == 'poll')
-                {
-                        if (isset($_GET['id']))
-                        {
-                                return '/poll/' . $_GET['id'] . '.php';
-                        } else {
-                                return '/poll/';
-                        }
                } else if ($_GET['area'] == 'quotes')
                {
                        if (isset($_GET['act']))
diff --git a/includes/layout.php b/includes/layout.php
index 9e94b69..22b87ea 100755
--- a/includes/layout.php
+++ b/includes/layout.php

@@ -74,7 +74,7 @@ $i=0;
 while ($getaffs3 = mysql_fetch_array($getaffs2))
 {
        $template->adds_block('AFFILIATES', array(      'COLOR' => getTagColor($i++),
-                                                        'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getaffs3['title']))),
+                                                        'TITLE' => doAprilFoolsDay(htmlspecialchars($getaffs3['title'])),
                                                        'URL' => $getaffs3['url']));
 }
@@ -84,7 +84,7 @@ $i=0;
 while ($getwebps3 = mysql_fetch_array($getwebps2))
 {
        $template->adds_block('WEBPROJS', array(        'COLOR' => getTagColor($i++),
-                                                        'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getwebps3['title']))),
+                                                        'TITLE' => doAprilFoolsDay(htmlspecialchars($getwebps3['title'])),
                                                        'URL' => $getwebps3['url']));
 }
@@ -129,7 +129,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
                                                                'AREA' => 'blog',
                                                                'CODED' => $getpost3['slug'],
                                                                'ENDING' => '/',
-                                                                'TITLE' => stripslashes(htmlentities($getpost3['title'])),
+                                                                'TITLE' => htmlspecialchars($getpost3['title']),
                                                                'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
                $i++;
        } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)
@@ -143,20 +143,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
                                                                'TITLE' => 'Quote #' . $num,
                                                                'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
                $i++;                   
-        } else if (strpos($getcomments3[$i]['page_id'], 'polloftheweek') !== FALSE)
+                }
-        {
-                $getpotw = "SELECT * FROM polloftheweek WHERE id = " . substr($getcomments3[$i]['page_id'],strpos($getcomments3[$i]['page_id'],'-')+1);
-                $getpotw2 = mysql_query($getpotw);
-                $getpotw3 = mysql_fetch_array($getpotw2);
-                $template->adds_block('COMMENTS', array(        'ID' => $getcomments3[$i]['id'],
-                                                                'AREA' => 'poll',
-                                                                'CODED' => $getpotw3['id'],
-                                                                'ENDING' => '.php',
-                                                                'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"',
-                                                                'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
-                $i++;                   
-        }
 }
 $users = array();
@@ -233,7 +220,7 @@ $i=0;
 while ($getpopular3[$i] = mysql_fetch_array($getpopular2))
 {
        $template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'],
-                                                'TITLE' => doAprilFoolsDay(stripslashes(htmlentities($getpopular3[$i]['title'])))));
+                                                'TITLE' => doAprilFoolsDay(htmlspecialchars($getpopular3[$i]['title']))));
        $i++;
 }

diff --git a/includes/comments.php b/includes/comments.php index be48c02..5aa8993 100755 --- a/includes/comments.php +++ b/includes/comments.php
@@ -71,7 +71,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
71	'USERNAME' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username),	71	'USERNAME' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username),
72	'DATE' => date("F jS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])),	72	'DATE' => date("F jS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])),
73	'ID' => $getcomments3[$i]['id'],	73	'ID' => $getcomments3[$i]['id'],
74	'TEXT' => parseText(stripslashes($getcomments3[$i]['comment']))));	74	'TEXT' => parseText($getcomments3[$i]['comment'])));
75		75
76	if (isLoggedIn())	76	if (isLoggedIn())
77	{	77	{


diff --git a/includes/common.php b/includes/common.php index 8ca6958..7442a18 100755 --- a/includes/common.php +++ b/includes/common.php
@@ -22,6 +22,9 @@ if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
22		22
23	require('headerproc.php');	23	require('headerproc.php');
24		24
		25	$result = mysql_query('SET NAMES utf8');
		26	$result = mysql_query('SET CHARACTER SET utf8');
		27
25	include('includes/template.php');	28	include('includes/template.php');
26	include('includes/session.php');	29	include('includes/session.php');
27	include('includes/maintenance.php');	30	include('includes/maintenance.php');


diff --git a/includes/functions.php b/includes/functions.php index aed4516..b42ca7d 100755 --- a/includes/functions.php +++ b/includes/functions.php
@@ -62,20 +62,6 @@ function dispIfNotOld($datTim)
62	}	62	}
63	}	63	}
64		64
65	function getpercent($getpoll3,$num)
66	{
67	$maxper = ($getpoll3['clicks1'] + $getpoll3['clicks2'] + $getpoll3['clicks3'] + $getpoll3['clicks4']);
68
69	if ($maxper == 0)
70	{
71	return 0;
72	} else {
73	$percent = round(($getpoll3['clicks' . $num] / $maxper) * 100);
74	}
75
76	return($percent);
77	}
78
79	function generateSlug($title,$table)	65	function generateSlug($title,$table)
80	{	66	{
81	$title = preg_replace('/[^A-Za-z0-9]/','-',$title);	67	$title = preg_replace('/[^A-Za-z0-9]/','-',$title);
@@ -110,7 +96,7 @@ function postBlogPost($title,$author,$tags,$content)
110	{	96	{
111	$slug = generateSlug($title,'updates');	97	$slug = generateSlug($title,'updates');
112		98
113	$inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . $title . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")";	99	$inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . mysql_real_escape_string($title) . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")";
114	$inspost2 = mysql_query($inspost);	100	$inspost2 = mysql_query($inspost);
115		101
116	$id = mysql_insert_id();	102	$id = mysql_insert_id();
@@ -269,31 +255,6 @@ if (!function_exists('unique_id'))
269	}	255	}
270	}	256	}
271		257
272	function displayRelated($title, $avoid = 0)
273	{
274	$getrelated = "SELECT *, MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AS score FROM updates WHERE MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AND id <> " . $avoid . " LIMIT 0,5";
275	$getrelated2 = mysql_query($getrelated);
276	$i=0;
277	while ($getrelated3[$i] = mysql_fetch_array($getrelated2))
278	{
279	if ($i==0)
280	{
281	$template = new FITemplate('related');
282	}
283
284	$template->adds_block('POST', array( 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getrelated3[$i]['title']))),
285	'CODED' => $getrelated3[$i]['slug'],
286	'AUTHOR' => $getrelated3[$i]['author'],
287	'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate']))));
288	$i++;
289	}
290
291	if ($i > 0)
292	{
293	$template->display();
294	}
295	}
296
297	function getCommentUrl($getcomment3)	258	function getCommentUrl($getcomment3)
298	{	259	{
299	$page_id = $getcomment3['page_id'];	260	$page_id = $getcomment3['page_id'];
@@ -307,62 +268,12 @@ function getCommentUrl($getcomment3)
307	$getupdate3 = mysql_fetch_array($getupdate2);	268	$getupdate3 = mysql_fetch_array($getupdate2);
308		269
309	return '/blog/' . $getupdate3['slug'] . '/';	270	return '/blog/' . $getupdate3['slug'] . '/';
310	} else if ($comType == 'polloftheweek')
311	{
312	return '/poll/' . $comID . '.php';
313	} else if ($comType == 'quote')	271	} else if ($comType == 'quote')
314	{	272	{
315	return '/quotes/' . $comID . '.php';	273	return '/quotes/' . $comID . '.php';
316	}	274	}
317	}	275	}
318		276
319	function getPollOfTheWeek($id = -1)
320	{
321	static $showed_form = false;
322
323	$potw = new FITemplate('polloftheweek');
324
325	if ($id == -1)
326	{
327	$getpoll = "SELECT * FROM polloftheweek ORDER BY id DESC LIMIT 0,1";
328	} else {
329	$getpoll = "SELECT * FROM polloftheweek WHERE id = " . $id;
330	}
331	$getpoll2 = mysql_query($getpoll);
332	$getpoll3 = mysql_fetch_array($getpoll2);
333
334	$potw->add('ID', $getpoll3['id']);
335	$potw->add('QUESTION', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['question']))));
336	$potw->add('OPTION1', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option1']))));
337	$potw->add('OPTION2', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option2']))));
338	$potw->add('OPTION3', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option3']))));
339	$potw->add('OPTION4', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option4']))));
340
341	$getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
342	$getip2 = mysql_query($getip);
343	$getip3 = mysql_fetch_array($getip2);
344
345	if (($getip3['ip'] != $_SERVER['REMOTE_ADDR']) && ($id == -1) && ($showed_form == false))
346	{
347	$potw->adds_block('FORM',array('exi'=>1));
348	$showed_form = true;
349	} else {
350	$potw->adds_block('DISPLAY',array('exi'=>1));
351
352	$potw->add('PERCENT1', getpercent($getpoll3,'1'));
353	$potw->add('PERCENT2', getpercent($getpoll3,'2'));
354	$potw->add('PERCENT3', getpercent($getpoll3,'3'));
355	$potw->add('PERCENT4', getpercent($getpoll3,'4'));
356	}
357
358	ob_start();
359	$potw->display();
360	$result = ob_get_contents();
361	ob_end_clean();
362
363	return $result;
364	}
365
366	function getTagColor($i)	277	function getTagColor($i)
367	{	278	{
368	switch ($i % 7)	279	switch ($i % 7)
@@ -417,14 +328,6 @@ function getRewriteURL()
417	} else {	328	} else {
418	return '/blog/';	329	return '/blog/';
419	}	330	}
420	} else if ($_GET['area'] == 'poll')
421	{
422	if (isset($_GET['id']))
423	{
424	return '/poll/' . $_GET['id'] . '.php';
425	} else {
426	return '/poll/';
427	}
428	} else if ($_GET['area'] == 'quotes')	331	} else if ($_GET['area'] == 'quotes')
429	{	332	{
430	if (isset($_GET['act']))	333	if (isset($_GET['act']))


diff --git a/includes/layout.php b/includes/layout.php index 9e94b69..22b87ea 100755 --- a/includes/layout.php +++ b/includes/layout.php
@@ -74,7 +74,7 @@ $i=0;
74	while ($getaffs3 = mysql_fetch_array($getaffs2))	74	while ($getaffs3 = mysql_fetch_array($getaffs2))
75	{	75	{
76	$template->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++),	76	$template->adds_block('AFFILIATES', array( 'COLOR' => getTagColor($i++),
77	'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getaffs3['title']))),	77	'TITLE' => doAprilFoolsDay(htmlspecialchars($getaffs3['title'])),
78	'URL' => $getaffs3['url']));	78	'URL' => $getaffs3['url']));
79	}	79	}
80		80
@@ -84,7 +84,7 @@ $i=0;
84	while ($getwebps3 = mysql_fetch_array($getwebps2))	84	while ($getwebps3 = mysql_fetch_array($getwebps2))
85	{	85	{
86	$template->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++),	86	$template->adds_block('WEBPROJS', array( 'COLOR' => getTagColor($i++),
87	'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getwebps3['title']))),	87	'TITLE' => doAprilFoolsDay(htmlspecialchars($getwebps3['title'])),
88	'URL' => $getwebps3['url']));	88	'URL' => $getwebps3['url']));
89	}	89	}
90		90
@@ -129,7 +129,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
129	'AREA' => 'blog',	129	'AREA' => 'blog',
130	'CODED' => $getpost3['slug'],	130	'CODED' => $getpost3['slug'],
131	'ENDING' => '/',	131	'ENDING' => '/',
132	'TITLE' => stripslashes(htmlentities($getpost3['title'])),	132	'TITLE' => htmlspecialchars($getpost3['title']),
133	'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));	133	'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
134	$i++;	134	$i++;
135	} else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)	135	} else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)
@@ -143,20 +143,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
143	'TITLE' => 'Quote #' . $num,	143	'TITLE' => 'Quote #' . $num,
144	'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));	144	'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
145	$i++;	145	$i++;
146	} else if (strpos($getcomments3[$i]['page_id'], 'polloftheweek') !== FALSE)	146	}
147	{
148	$getpotw = "SELECT * FROM polloftheweek WHERE id = " . substr($getcomments3[$i]['page_id'],strpos($getcomments3[$i]['page_id'],'-')+1);
149	$getpotw2 = mysql_query($getpotw);
150	$getpotw3 = mysql_fetch_array($getpotw2);
151
152	$template->adds_block('COMMENTS', array( 'ID' => $getcomments3[$i]['id'],
153	'AREA' => 'poll',
154	'CODED' => $getpotw3['id'],
155	'ENDING' => '.php',
156	'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"',
157	'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
158	$i++;
159	}
160	}	147	}
161		148
162	$users = array();	149	$users = array();
@@ -233,7 +220,7 @@ $i=0;
233	while ($getpopular3[$i] = mysql_fetch_array($getpopular2))	220	while ($getpopular3[$i] = mysql_fetch_array($getpopular2))
234	{	221	{
235	$template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'],	222	$template->adds_block('POPULAR', array( 'CODED' => $getpopular3[$i]['slug'],
236	'TITLE' => doAprilFoolsDay(stripslashes(htmlentities($getpopular3[$i]['title'])))));	223	'TITLE' => doAprilFoolsDay(htmlspecialchars($getpopular3[$i]['title']))));
237	$i++;	224	$i++;
238	}	225	}
239		226