From 74db7a24d9c2230b104979f4e4981c57ff73de71 Mon Sep 17 00:00:00 2001
From: Starla Insigna <starla4444@gmail.com>
Date: Sat, 11 Dec 2010 14:05:05 -0500
Subject: Made Four Island 2 a little more sane

I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were:
- "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables
- Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on!
- Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode.
- Completely eradicated polls.
Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
---
 .htaccess                        |  3 --
 admin.php                        |  2 -
 admin/drafts.php                 |  2 +-
 admin/editLink.php               |  4 +-
 admin/editPost.php               |  4 +-
 admin/links.php                  |  2 +-
 admin/modquotes.php              |  2 +-
 admin/newLink.php                |  2 +-
 admin/newPost.php                |  2 +-
 admin/pending.php                |  2 +-
 admin/posts.php                  |  2 +-
 admin/welcome.php                |  5 --
 includes/comments.php            |  2 +-
 includes/common.php              |  3 ++
 includes/functions.php           | 99 +---------------------------------------
 includes/layout.php              | 23 ++--------
 pages/archive.php                |  2 +-
 pages/blog.php                   | 16 +++----
 pages/post.php                   |  4 +-
 pages/quotes.php                 |  4 +-
 pages/viewPost.php               |  2 +-
 rss.php                          | 34 ++------------
 theme/admin/header.tpl           |  5 --
 theme/admin/welcome.tpl          |  4 --
 theme/header.tpl                 | 13 ------
 theme/layouts/4.5/headers.php    |  3 --
 theme/layouts/4.5/layout.tpl     |  1 -
 theme/layouts/4.5/navigation.css | 11 +----
 theme/layouts/4.5/style.css      |  1 -
 theme/layouts/6.2/layout.tpl     |  7 ---
 theme/layouts/7/layout.tpl       |  7 ---
 theme/layouts/subtle/layout.tpl  |  7 ---
 32 files changed, 38 insertions(+), 242 deletions(-)

diff --git a/.htaccess b/.htaccess
index 7304983..1369b66 100755
--- a/.htaccess
+++ b/.htaccess
@@ -19,9 +19,6 @@ RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule ^wiki/(.+) /w/index.php?title=$1 [QSA,L]
 
-RewriteRule ^poll/$ /index.php?area=poll [QSA,L]
-RewriteRule ^poll/(.+).php /index.php?area=poll&id=$1 [QSA,L]
-
 RewriteRule ^quotes/$ /index.php?area=quotes [QSA,L]
 RewriteRule ^quotes/(.+).php /index.php?area=quotes&act=$1 [QSA,L]
 
diff --git a/admin.php b/admin.php
index 6657983..e7d4a8d 100755
--- a/admin.php
+++ b/admin.php
@@ -50,8 +50,6 @@ if (file_exists('admin/' . $pageName . '.php'))
 $doc = ob_get_contents();
 ob_end_clean();
 
-$doc = stripslashes($doc);
-
 $template = new FITemplate('admin/header');
 $template->add(strtoupper($category) . 'ACTIVECAT', ' class="active"');
 $template->adds_block(strtoupper($category) . 'ISACTIVECAT', array('exi'=>1));
diff --git a/admin/drafts.php b/admin/drafts.php
index 5f7be1a..bb95b87 100755
--- a/admin/drafts.php
+++ b/admin/drafts.php
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post)
 {
 	if (!empty($post))
 	{
-		$template->adds_block('POST', array(	'TITLE' => htmlentities($post['title']),
+		$template->adds_block('POST', array(	'TITLE' => htmlspecialchars($post['title']),
 							'AUTHOR' => $post['author'],
 							'ID' => $post['id'],
 							'CODED' => $post['slug'],
diff --git a/admin/editLink.php b/admin/editLink.php
index f3ba9cc..2bc86ab 100755
--- a/admin/editLink.php
+++ b/admin/editLink.php
@@ -74,10 +74,10 @@ if (isset($_GET['submit']))
 		$template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.'));
 	}
 
-	$template->add('TITLEVALUE', htmlentities($_POST['title']));
+	$template->add('TITLEVALUE', htmlspecialchars($_POST['title']));
 	$template->add('URLVALUE', $_POST['url']);
 } else {
-	$template->add('TITLEVALUE', htmlentities($getlink3['title']));
+	$template->add('TITLEVALUE', htmlspecialchars($getlink3['title']));
 	$template->add('URLVALUE', $getlink3['url']);
 }
 
diff --git a/admin/editPost.php b/admin/editPost.php
index b87f895..6044431 100755
--- a/admin/editPost.php
+++ b/admin/editPost.php
@@ -201,13 +201,13 @@ if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id']))
 				$template->add('ACTION', '/admin/editPost.php?type=' . $type . '&amp;id=' . $id . '&amp;submit=');
 			}
 
-			$template->add('TITLEVALUE', htmlentities($_POST['title']));
+			$template->add('TITLEVALUE', htmlspecialchars($_POST['title']));
 			$template->add('TEXTVALUE', $_POST['text']);
 			$template->add('TAGSVALUE', $_POST['tags']);
 			$template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
 			if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"');
 		} else {
-			$template->add('TITLEVALUE', htmlentities($getpost3['title']));
+			$template->add('TITLEVALUE', htmlspecialchars($getpost3['title']));
 			$template->add('TEXTVALUE', $getpost3['text']);
 			$template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']])));
 			$template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"');
diff --git a/admin/links.php b/admin/links.php
index fc1c813..da3fe5c 100755
--- a/admin/links.php
+++ b/admin/links.php
@@ -97,7 +97,7 @@ foreach ($pager->getPageData() as $link)
 {
 	if (!empty($link))
 	{
-		$template->adds_block('LINK', array(	'TITLE' => htmlentities($link['title']),
+		$template->adds_block('LINK', array(	'TITLE' => htmlspecialchars($link['title']),
 							'URL' => $link['url'],
 							'ID' => $link['id'],
 							'ODD' => ($j % 2 ? '' : ' class="odd"')));
diff --git a/admin/modquotes.php b/admin/modquotes.php
index 8340fd1..9ec6013 100755
--- a/admin/modquotes.php
+++ b/admin/modquotes.php
@@ -120,7 +120,7 @@ foreach ($pager->getPageData() as $quote)
 {
 	if (!empty($quote))
 	{
-		$template->adds_block('QUOTE', array(	'TEXT' => str_replace("\n","<br />",htmlentities(stripslashes($quote['quote']))),
+		$template->adds_block('QUOTE', array(	'TEXT' => str_replace("\n","<br />",htmlspecialchars($quote['quote'])),
 							'ID' => $quote['id'],
 							'ODD' => ($j % 2 ? '' : ' class="odd"')));
 	}
diff --git a/admin/newLink.php b/admin/newLink.php
index 90313bd..abedb81 100755
--- a/admin/newLink.php
+++ b/admin/newLink.php
@@ -80,7 +80,7 @@ if (isset($_GET['submit']))
 		$template->add('TYPEDISABLED', ' readonly="readonly"');
 	}
 
-	$template->add('TITLEVALUE', htmlentities($_POST['title']));
+	$template->add('TITLEVALUE', htmlspecialchars($_POST['title']));
 	$template->add('URLVALUE', $_POST['url']);
 	$template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
 } else {
diff --git a/admin/newPost.php b/admin/newPost.php
index 32e7aa2..60819b9 100755
--- a/admin/newPost.php
+++ b/admin/newPost.php
@@ -145,7 +145,7 @@ if (isset($_GET['submit']))
 		if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"');
 	}
 
-	$template->add('TITLEVALUE', htmlentities($_POST['title']));
+	$template->add('TITLEVALUE', htmlspecialchars($_POST['title']));
 	$template->add('TEXTVALUE', $_POST['text']);
 	$template->add('TAGSVALUE', $_POST['tags']);
 	$template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
diff --git a/admin/pending.php b/admin/pending.php
index 6f1cfaf..39295d6 100755
--- a/admin/pending.php
+++ b/admin/pending.php
@@ -148,7 +148,7 @@ foreach ($pager->getPageData() as $post)
 {
 	if (!empty($post))
 	{
-		$template->add_ref($j, 'POST', array(	'TITLE' => htmlentities($post['title']),
+		$template->add_ref($j, 'POST', array(	'TITLE' => htmlspecialchars($post['title']),
 							'AUTHOR' => $post['author'],
 							'ID' => $post['id'],
 							'CODED' => $post['slug'],
diff --git a/admin/posts.php b/admin/posts.php
index d2e34c5..228a039 100755
--- a/admin/posts.php
+++ b/admin/posts.php
@@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post)
 {
 	if (!empty($post))
 	{
-		$template->adds_block('POST', array(	'TITLE' => htmlentities($post['title']),
+		$template->adds_block('POST', array(	'TITLE' => htmlspecialchars($post['title']),
 							'AUTHOR' => $post['author'],
 							'ID' => $post['id'],
 							'CODED' => $post['slug'],
diff --git a/admin/welcome.php b/admin/welcome.php
index 76b42b1..9ca13ce 100755
--- a/admin/welcome.php
+++ b/admin/welcome.php
@@ -46,11 +46,6 @@ $cntcomments2 = mysql_query($cntcomments);
 $cntcomments3 = mysql_fetch_array($cntcomments2);
 $template->add('COMMENTS', $cntcomments3['COUNT(*)']);
 
-$cntpolls = "SELECT COUNT(*) FROM polloftheweek";
-$cntpolls2 = mysql_query($cntpolls);
-$cntpolls3 = mysql_fetch_array($cntpolls2);
-$template->add('POLLS', $cntpolls3['COUNT(*)']);
-
 $cntquotes = "SELECT COUNT(*) FROM rash_quotes";
 $cntquotes2 = mysql_query($cntquotes);
 $cntquotes3 = mysql_fetch_array($cntquotes2);
diff --git a/includes/comments.php b/includes/comments.php
index be48c02..5aa8993 100755
--- a/includes/comments.php
+++ b/includes/comments.php
@@ -71,7 +71,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
 								'USERNAME' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username),
 								'DATE' => date("F jS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])),
 								'ID' => $getcomments3[$i]['id'],
-								'TEXT' => parseText(stripslashes($getcomments3[$i]['comment']))));
+								'TEXT' => parseText($getcomments3[$i]['comment'])));
 
 		if (isLoggedIn())
 		{
diff --git a/includes/common.php b/includes/common.php
index 8ca6958..7442a18 100755
--- a/includes/common.php
+++ b/includes/common.php
@@ -22,6 +22,9 @@ if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
 
 require('headerproc.php');
 
+$result = mysql_query('SET NAMES utf8');
+$result = mysql_query('SET CHARACTER SET utf8');
+
 include('includes/template.php');
 include('includes/session.php');
 include('includes/maintenance.php');
diff --git a/includes/functions.php b/includes/functions.php
index aed4516..b42ca7d 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -62,20 +62,6 @@ function dispIfNotOld($datTim)
 	}
 }
 
-function getpercent($getpoll3,$num)
-{
-	$maxper = ($getpoll3['clicks1'] + $getpoll3['clicks2'] + $getpoll3['clicks3'] + $getpoll3['clicks4']);
-
-	if ($maxper == 0)
-	{
-		return 0;
-	} else {
-		$percent = round(($getpoll3['clicks' . $num] / $maxper) * 100);
-	}
-
-	return($percent);
-}
-
 function generateSlug($title,$table)
 {
 	$title = preg_replace('/[^A-Za-z0-9]/','-',$title);
@@ -110,7 +96,7 @@ function postBlogPost($title,$author,$tags,$content)
 {
 	$slug = generateSlug($title,'updates');
 
-	$inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . $title . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")";
+	$inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . mysql_real_escape_string($title) . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")";
 	$inspost2 = mysql_query($inspost);
 
 	$id = mysql_insert_id();
@@ -269,31 +255,6 @@ if (!function_exists('unique_id'))
 	}
 }
 
-function displayRelated($title, $avoid = 0)
-{
-	$getrelated = "SELECT *, MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AS score FROM updates WHERE MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AND id <> " . $avoid . " LIMIT 0,5";
-	$getrelated2 = mysql_query($getrelated);
-	$i=0;
-	while ($getrelated3[$i] = mysql_fetch_array($getrelated2))
-	{
-		if ($i==0)
-		{
-			$template = new FITemplate('related');
-		}
-
-		$template->adds_block('POST', array(	'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getrelated3[$i]['title']))),
-							'CODED' => $getrelated3[$i]['slug'],
-							'AUTHOR' => $getrelated3[$i]['author'],
-							'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate']))));
-		$i++;
-	}
-
-	if ($i > 0)
-	{
-		$template->display();
-	}
-}
-
 function getCommentUrl($getcomment3)
 {
 	$page_id = $getcomment3['page_id'];
@@ -307,62 +268,12 @@ function getCommentUrl($getcomment3)
 		$getupdate3 = mysql_fetch_array($getupdate2);
 
 		return '/blog/' . $getupdate3['slug'] . '/';
-	} else if ($comType == 'polloftheweek')
-	{
-		return '/poll/' . $comID . '.php';
 	} else if ($comType == 'quote')
 	{
 		return '/quotes/' . $comID . '.php';
 	}
 }
 
-function getPollOfTheWeek($id = -1)
-{
-	static $showed_form = false;
-
-	$potw = new FITemplate('polloftheweek');
-	
-	if ($id == -1)
-	{
-		$getpoll = "SELECT * FROM polloftheweek ORDER BY id DESC LIMIT 0,1";
-	} else {
-		$getpoll = "SELECT * FROM polloftheweek WHERE id = " . $id;
-	}
-	$getpoll2 = mysql_query($getpoll);
-	$getpoll3 = mysql_fetch_array($getpoll2);
-
-	$potw->add('ID', $getpoll3['id']);
-	$potw->add('QUESTION', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['question']))));
-	$potw->add('OPTION1', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option1']))));
-	$potw->add('OPTION2', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option2']))));
-	$potw->add('OPTION3', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option3']))));
-	$potw->add('OPTION4', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option4']))));
-
-	$getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
-	$getip2 = mysql_query($getip);
-	$getip3 = mysql_fetch_array($getip2);
-
-	if (($getip3['ip'] != $_SERVER['REMOTE_ADDR']) && ($id == -1) && ($showed_form == false))
-	{
-		$potw->adds_block('FORM',array('exi'=>1));
-		$showed_form = true;
-	} else {
-		$potw->adds_block('DISPLAY',array('exi'=>1));
-
-		$potw->add('PERCENT1', getpercent($getpoll3,'1'));
-		$potw->add('PERCENT2', getpercent($getpoll3,'2'));
-		$potw->add('PERCENT3', getpercent($getpoll3,'3'));
-		$potw->add('PERCENT4', getpercent($getpoll3,'4'));
-	}
-	
-	ob_start();
-	$potw->display();
-	$result = ob_get_contents();
-	ob_end_clean();
-	
-	return $result;
-}
-
 function getTagColor($i)
 {
 	switch ($i % 7)
@@ -417,14 +328,6 @@ function getRewriteURL()
 			} else {
 				return '/blog/';
 			}
-		} else if ($_GET['area'] == 'poll')
-		{
-			if (isset($_GET['id']))
-			{
-				return '/poll/' . $_GET['id'] . '.php';
-			} else {
-				return '/poll/';
-			}
 		} else if ($_GET['area'] == 'quotes')
 		{
 			if (isset($_GET['act']))
diff --git a/includes/layout.php b/includes/layout.php
index 9e94b69..22b87ea 100755
--- a/includes/layout.php
+++ b/includes/layout.php
@@ -74,7 +74,7 @@ $i=0;
 while ($getaffs3 = mysql_fetch_array($getaffs2))
 {
 	$template->adds_block('AFFILIATES', array(	'COLOR' => getTagColor($i++),
-							'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getaffs3['title']))),
+							'TITLE' => doAprilFoolsDay(htmlspecialchars($getaffs3['title'])),
 							'URL' => $getaffs3['url']));
 }
 
@@ -84,7 +84,7 @@ $i=0;
 while ($getwebps3 = mysql_fetch_array($getwebps2))
 {
 	$template->adds_block('WEBPROJS', array(	'COLOR' => getTagColor($i++),
-							'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getwebps3['title']))),
+							'TITLE' => doAprilFoolsDay(htmlspecialchars($getwebps3['title'])),
 							'URL' => $getwebps3['url']));
 }
 
@@ -129,7 +129,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
 								'AREA' => 'blog',
 								'CODED' => $getpost3['slug'],
 								'ENDING' => '/',
-								'TITLE' => stripslashes(htmlentities($getpost3['title'])),
+								'TITLE' => htmlspecialchars($getpost3['title']),
 								'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
 		$i++;
 	} else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)
@@ -143,20 +143,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
 								'TITLE' => 'Quote #' . $num,
 								'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
 		$i++;			
-	} else if (strpos($getcomments3[$i]['page_id'], 'polloftheweek') !== FALSE)
-	{
-		$getpotw = "SELECT * FROM polloftheweek WHERE id = " . substr($getcomments3[$i]['page_id'],strpos($getcomments3[$i]['page_id'],'-')+1);
-		$getpotw2 = mysql_query($getpotw);
-		$getpotw3 = mysql_fetch_array($getpotw2);
-
-		$template->adds_block('COMMENTS', array(	'ID' => $getcomments3[$i]['id'],
-								'AREA' => 'poll',
-								'CODED' => $getpotw3['id'],
-								'ENDING' => '.php',
-								'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"',
-								'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
-		$i++;			
-	}
+		}
 }
 
 $users = array();
@@ -233,7 +220,7 @@ $i=0;
 while ($getpopular3[$i] = mysql_fetch_array($getpopular2))
 {
 	$template->adds_block('POPULAR', array(	'CODED' => $getpopular3[$i]['slug'],
-						'TITLE' => doAprilFoolsDay(stripslashes(htmlentities($getpopular3[$i]['title'])))));
+						'TITLE' => doAprilFoolsDay(htmlspecialchars($getpopular3[$i]['title']))));
 	$i++;
 }
 
diff --git a/pages/archive.php b/pages/archive.php
index 024d3b5..73d0162 100755
--- a/pages/archive.php
+++ b/pages/archive.php
@@ -87,7 +87,7 @@ while ($getposts3[$i] = mysql_fetch_array($getposts2))
 
 	$template->adds_ref_sub($curID, 'SMALL',array(	'DATE' => date('m-d-Y',strtotime($getposts3[$i]['pubDate'])),
 							'CODED' => $getposts3[$i]['slug'],
-							'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getposts3[$i]['title'])))));
+							'TITLE' => doAprilFoolsDay(htmlspecialchars($getposts3[$i]['title']))));
 	$i++;
 }
 if ($i==0)
diff --git a/pages/blog.php b/pages/blog.php
index e7163ce..72e96bf 100755
--- a/pages/blog.php
+++ b/pages/blog.php
@@ -46,7 +46,7 @@ if (isset($_GET['post']))
 	{
 		updatePop($getpost3['id'],'views');
 
-		$title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive';
+		$title = htmlspecialchars($getpost3['title']) . ' - Blog Archive';
 
 		$getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1";
 		$getback2 = mysql_query($getback);
@@ -54,7 +54,7 @@ if (isset($_GET['post']))
 		if (isset($getback3['title']))
 		{
 			$template->adds_block('BACK', array(	'CODED' => $getback3['slug'],
-								'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getback3['title'])))));
+								'TITLE' => doAprilFoolsDay(htmlspecialchars($getback3['title']))));
 		}
 
 		$getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1";
@@ -63,7 +63,7 @@ if (isset($_GET['post']))
 		if (isset($getnext3['title']))
 		{
 			$template->adds_block('NEXT', array(	'CODED' => $getnext3['slug'],
-								'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getnext3['title'])))));
+								'TITLE' => doAprilFoolsDay(htmlspecialchars($getnext3['title']))));
 		}
 
 		$template->add_ref(0, 'POST', array(	'ID' => $getpost3['id'],
@@ -72,10 +72,10 @@ if (isset($_GET['post']))
 							'MONTH' => date('M',strtotime($getpost3['pubDate'])),
 							'DAY' => date('d',strtotime($getpost3['pubDate'])),
 							'CODED' => $getpost3['slug'],
-							'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))),
+							'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])),
 							'AUTHOR' => $getpost3['author'],
 							'RATING' => $getpost3['rating'],
-							'TEXT' => parseText(stripslashes($getpost3['text']))));
+							'TEXT' => parseText($getpost3['text'])));
 
 		$tags = getTags($getpost3['id']);
 		foreach ($tags as $tag)
@@ -121,8 +121,6 @@ if (isset($_GET['post']))
 
 		$page_id = 'updates-' . $getpost3['id'];
 		include('includes/comments.php');
-
-		displayRelated($getpost3['title'], $getpost3['id']);
 	} else {
 		generateError('404');
 	}
@@ -171,12 +169,12 @@ if (isset($_GET['post']))
 								'MONTH' => date('M',strtotime($getpost3['pubDate'])),
 								'DAY' => date('d',strtotime($getpost3['pubDate'])),
 								'CODED' => $getpost3['slug'],
-								'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))),
+								'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])),
 								'AUTHOR' => $getpost3['author'],
 								'PLURALCOMMENT' => (isset($plural) ? $plural : ''),
 								'COMMENTS' => $comText,
 								'RATING' => $getpost3['rating'],
-								'TEXT' => parseText(stripslashes($getpost3['text']))));
+								'TEXT' => parseText($getpost3['text'])));
 
 		$tags = getTags($getpost3['id']);
 		foreach ($tags as $tag)
diff --git a/pages/post.php b/pages/post.php
index 3f728c8..a5435c9 100755
--- a/pages/post.php
+++ b/pages/post.php
@@ -68,7 +68,7 @@ if (!isset($_POST['id']))
 								$template = new FITemplate('new-comment');
 								$template->add('ID', $cid);
 								$template->add('CODEDEMAIL', md5(strtolower($getanon3['email'])));
-								$template->add('TEXT', stripslashes($_POST['comment']));
+								$template->add('TEXT', $_POST['comment']);
 								$template->add('USERNAME', $getanon3['username']);
 								$template->add('DATE', date("F jS Y \a\\t g:i:s a"));
 								$template->display();
@@ -108,7 +108,7 @@ if (!isset($_POST['id']))
 			$template = new FITemplate('new-comment');
 			$template->add('ID', $cid);
 			$template->add('CODEDEMAIL', md5(strtolower($getuser3['user_email'])));
-			$template->add('TEXT', stripslashes($_POST['comment']));
+			$template->add('TEXT', $_POST['comment']);
 			$template->add('USERNAME', getSessionUsername());
 			$template->add('DATE', date("F jS Y \a\\t g:i:s a"));
 			$template->display();
diff --git a/pages/quotes.php b/pages/quotes.php
index 3b00878..f47dbd3 100755
--- a/pages/quotes.php
+++ b/pages/quotes.php
@@ -70,7 +70,7 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id'])))
 	$template = new FITemplate('quotes/add');
 	if (isset($_GET['submit']))
 	{
-		$template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars(stripslashes($_POST['rash_quote'])))));
+		$template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote']))));
 		if (!isLoggedIn())
 		{
 			$insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")";
@@ -236,7 +236,7 @@ function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_l
 		$template->add_ref($curID,'QUOTES',array(	'NUMBER' => $getquotes3[$i]['id'],
 								'RATING' => $getquotes3[$i]['rating'],
 								'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''),
-								'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlspecialchars(stripslashes($getquotes3[$i]['quote'])))),
+								'QUOTE' => doAprilFoolsDay(str_replace("\n","<br />",htmlspecialchars($getquotes3[$i]['quote']))),
 								'COMMENTS' => $comments));
 
 		if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($getquotes3[$i]['id'],$trackArr) === FALSE))
diff --git a/pages/viewPost.php b/pages/viewPost.php
index 0d84df7..fa371cf 100755
--- a/pages/viewPost.php
+++ b/pages/viewPost.php
@@ -44,7 +44,7 @@ if (!isAdmin())
 							'TITLE' => $getpost3['title'],
 							'AUTHOR' => $getpost3['author'],
 							'RATING' => $getpost3['rating'],
-							'TEXT' => parseText(stripslashes($getpost3['text']))));
+							'TEXT' => parseText($getpost3['text'])));
 
 		$tags = getTags($getpost3['id']);
 		foreach ($tags as $tag)
diff --git a/rss.php b/rss.php
index 2a72d8a..fddd631 100755
--- a/rss.php
+++ b/rss.php
@@ -59,9 +59,6 @@ if (isset($_GET['mode']))
 		case 'quotes':
 ?> Quotes<?php
 			break;
-		case 'poll':
-?> Polls<?php
-			break;
 		case 'comments':
 ?> Comments<?php
 			break;
@@ -95,9 +92,6 @@ if (isset($_GET['mode']))
 		case 'quotes':
 ?>An archive of all Four Island quotes<?php
 			break;
-		case 'poll':
-?>An archive of all of the Four Island POTWs<?php
-			break;
 		case 'comments':
 ?>An archive of all of the comments people have left on Four Island<?php
 			break;
@@ -149,18 +143,6 @@ if (!isset($_GET['mode']) || ($_GET['mode'] == 'quotes'))
 	}
 }
 
-if ($_GET['mode'] == 'poll')
-{
-	$getpolls = "SELECT * FROM polloftheweek";
-	$getpolls2 = mysql_query($getpolls);
-	while (($items[$i] = mysql_fetch_array($getpolls2)) && ($i < ($si+10)))
-	{
-		$items[$i]['sortDate'] = strtotime($items[$i]['week']);
-		$items[$i]['itemType'] = 'poll';
-		$i++;
-	}
-}
-
 if (!isset($_GET['mode']) || ($_GET['mode'] == 'comments'))
 {
 	$getcomments = "SELECT * FROM comments ORDER BY id DESC LIMIT 0,10";
@@ -204,14 +186,6 @@ if (!isset($_GET['mode']) || ($_GET['mode'] == 'comments'))
 				$items[$i]['title'] = '"' . $getpost3['title'] . '"';
 				$items[$i]['url'] = 'blog/' . $getpost3['slug'] . '/';
 				break;
-			case 'polloftheweek':
-				$getpoll = "SELECT * FROM polloftheweek WHERE id = " . $comID;
-				$getpoll2 = mysql_query($getpoll);
-				$getpoll3 = mysql_fetch_array($getpoll2);
-
-				$items[$i]['title'] = '"' . $getpoll3['question'] . '"';
-				$items[$i]['url'] = 'poll/' . $getpoll3['id'] . '.php';
-				break;
 			case 'quote':
 				$getquote = "SELECT * FROM rash_quotes WHERE id = " . $comID;
 				$getquote2 = mysql_query($getquote);
@@ -253,7 +227,7 @@ foreach ($items as $key => $value)
 
 			<link>http://fourisland.com/blog/<?php echo($value['slug']); ?>/</link>
 
-			<description><?php echo(stripslashes(htmlentities(parseText($value['text'])))); ?></description>
+			<description><?php echo(htmlspecialchars(parseText($value['text']))); ?></description>
 
 			<pubDate><?php echo(date('D, d M Y H:i:s O',$value['sortDate'])); ?></pubDate>
 		</item>
@@ -266,14 +240,12 @@ foreach ($items as $key => $value)
 
 			<link>http://fourisland.com/quotes/<?php echo(urlencode($value['id'])); ?>.php</link>
 
-			<description><?php echo(htmlentities(nl2br($value['quote']))); ?></description>
+			<description><?php echo(htmlspecialchars(nl2br($value['quote']))); ?></description>
 
 			<pubDate><?php echo(date('D, d M Y H:i:s O',$value['sortDate'])); ?></pubDate>
 		</item>
 <?php
 			break;
-		case 'poll':
-			break;
 		case 'comment':
 ?>
 		<item>
@@ -281,7 +253,7 @@ foreach ($items as $key => $value)
 
 			<link>http://fourisland.com/<?php echo($value['url']); ?>#comment-<?php echo($value['id']); ?></link>
 
-			<description><?php echo(stripslashes(htmlentities(parseText($value['comment'])))); ?></description>
+			<description><?php echo(htmlspecialchars(parseText($value['comment']))); ?></description>
 
 			<pubDate><?php echo(date('D, d M Y H:i:s O',$value['sortDate'])); ?></pubDate>
 		</item>
diff --git a/theme/admin/header.tpl b/theme/admin/header.tpl
index 62beb89..6def3fe 100755
--- a/theme/admin/header.tpl
+++ b/theme/admin/header.tpl
@@ -22,7 +22,6 @@
 			<ul id="mainNav">
 				<li><a href="/admin/"<!--HOMEACTIVECAT-->>DASHBOARD</a></li>
 				<li><a href="/admin/posts.php"<!--POSTSACTIVECAT-->>POSTS</a></li>
-				<li><a href="/admin/polls.php"<!--POLLSACTIVECAT-->>POLLS</a></li>
 				<li><a href="/admin/quotes.php"<!--QUOTESACTIVECAT-->>QUOTES</a></li>
 				<li><a href="/admin/links.php"<!--LINKSACTIVECAT-->>LINKS</a></li>
 				<li class="logout"><a href="/">FOUR ISLAND</a></li>
@@ -43,10 +42,6 @@
 							<li><a href="/admin/pending.php"<!--PENDINGACTIVE-->>Manage Pending Posts</a></li>
 							<li><a href="/admin/comments.php"<!--COMMENTSACTIVE-->>Moderate Comments</a></li>
 							<!--END POSTSISACTIVECAT-->
-							<!--BEGIN POLLSISACTIVECAT-->
-							<li><a href="/admin/newPoll.php"<!--NEWPOLLACTIVE-->>Write a new poll</a></li>
-							<li><a href="/admin/polls.php"<!--POLLSACTIVE-->>Manage Polls</a></li>
-							<!--END POLLSISACTIVECAT-->
 							<!--BEGIN QUOTESISACTIVECAT-->
 							<li><a href="/admin/quotes.php"<!--QUOTESACTIVE-->>Manage Quotes</a></li>
 							<li><a href="/admin/modquotes.php"<!--MODQUOTESACTIVE-->>Moderate Quotes</a></li>
diff --git a/theme/admin/welcome.tpl b/theme/admin/welcome.tpl
index dc4e246..6c37c93 100755
--- a/theme/admin/welcome.tpl
+++ b/theme/admin/welcome.tpl
@@ -8,10 +8,6 @@
 	There are <!--COMMENTS--> unmoderated comments.
 </p>
 
-<p>
-	There are <!--POLLS--> polls.
-</p>
-
 <p>
 	There are <!--QUOTES--> quotes, including <!--FLAGGED--> flagged quotes. There are also <!--MODCOM--> unmoderated quotes.
 </p>
diff --git a/theme/header.tpl b/theme/header.tpl
index 014e34b..bd1df91 100755
--- a/theme/header.tpl
+++ b/theme/header.tpl
@@ -53,12 +53,6 @@
 				<!--BEGIN CREATE_HATNAV-->
 				</ul>
 				<!--END CREATE_HATNAV-->
-				
-				<div class="module rounded sidebar">
-					<h3>Poll of the Week</h3>
-					
-					<!--POTW-->
-				</div>
 
 				<div class="module rounded sidebar">
 					<h3>Affiliates</h3>
@@ -125,13 +119,6 @@
 						</a>
 					</li>
 
-					<li<!--POLLACTIVE-->>
-						<a href="/poll/">
-							<img src="/theme/images/icons/overlays.png" alt="Polls" />
-							<span>Polls</span>
-						</a>
-					</li>
-
 					<li<!--QUOTESACTIVE-->>
 						<a href="/quotes/">
 							<img src="/theme/images/icons/16-file-page.png" alt="Quotes" />
diff --git a/theme/layouts/4.5/headers.php b/theme/layouts/4.5/headers.php
index bb5a179..ee84e2d 100755
--- a/theme/layouts/4.5/headers.php
+++ b/theme/layouts/4.5/headers.php
@@ -73,9 +73,6 @@ body.webs div#banner {
 body.quotes div#banner {
  background-image: url("/theme/images/headers/quotes.png");
 }
-body.poll div#banner {
- background-image: url("/theme/images/headers/potw.png");
-}
 /* AID-Based Headers */
 <?php
 }
diff --git a/theme/layouts/4.5/layout.tpl b/theme/layouts/4.5/layout.tpl
index 27abd83..bb43e95 100755
--- a/theme/layouts/4.5/layout.tpl
+++ b/theme/layouts/4.5/layout.tpl
@@ -45,7 +45,6 @@ AudioPlayer.setup("http://fourisland.com/theme/js/audio-player/player.swf", {
 					<LI id="bannernav-projects"><A HREF="http://projects.fourisland.com/"><B><SPAN>Projects</SPAN></B></A></LI>
 					<LI id="bannernav-fourm"><A HREF="/fourm/"><B><SPAN>Fourm</SPAN></B></A></LI>
 					<LI id="bannernav-wiki"><A HREF="/wiki/"><B><SPAN>Wiki</SPAN></B></A></LI>
-					<LI id="bannernav-poll"><A HREF="/poll/"><B><SPAN>Poll</SPAN></B></A></LI>
 					<LI id="bannernav-quotes"><A HREF="/quotes/"><B><SPAN>Quotes</SPAN></B></A></LI>
 					<LI id="bannernav-<!--LOWERLOGDATA-->"><A HREF="/fourm/ucp.php?mode=log<!--LOGDATA-->&amp;redirect=<!--REDIRPAGE-->&amp;sid=<!--SID-->"><B><SPAN>Log<!--LOGDATA--></SPAN></B></A></LI>
 					<!--BEGIN PANEL-->
diff --git a/theme/layouts/4.5/navigation.css b/theme/layouts/4.5/navigation.css
index 4d3156b..386ac26 100755
--- a/theme/layouts/4.5/navigation.css
+++ b/theme/layouts/4.5/navigation.css
@@ -89,15 +89,6 @@ ul#bannernav li#bannernav-webs a:hover {
  background-image: url("/theme/images/Links_ro.gif");
 }
 
-ul#bannernav li#bannernav-poll a {
- background-image: url("/theme/images/Poll.gif");
-}
-
-body.poll ul#bannernav li#bannernav-poll a,
-ul#bannernav li#bannernav-poll a:hover {
- background-image: url("/theme/images/Poll_ro.gif");
-}
-
 ul#bannernav li#bannernav-quotes a {
  background-image: url("/theme/images/Quotes.gif");
 }
@@ -170,4 +161,4 @@ body.fourm ul#bannernav li#bannernav-search input {
  margin-top: 0px;
  font-size: 1.1em !important;
  margin-left: 28px;
-}
+}
diff --git a/theme/layouts/4.5/style.css b/theme/layouts/4.5/style.css
index a8b9306..7e8c2c4 100755
--- a/theme/layouts/4.5/style.css
+++ b/theme/layouts/4.5/style.css
@@ -17,7 +17,6 @@ body.fourm div#content {
 }
 
 body.fourm div#wrap,
-body.poll div#wrap,
 body.quotes div#wrap,
 body.admin div#wrap {
  background-image: url(/theme/images/bg_body.gif);
diff --git a/theme/layouts/6.2/layout.tpl b/theme/layouts/6.2/layout.tpl
index 6ba1d1e..d0991ff 100755
--- a/theme/layouts/6.2/layout.tpl
+++ b/theme/layouts/6.2/layout.tpl
@@ -66,13 +66,6 @@ AudioPlayer.setup("http://fourisland.com/theme/js/audio-player/player.swf", {
 							</A>
 						</LI>
 
-						<LI<!--POLLACTIVE-->>
-							<A HREF="/poll/">
-								<IMG SRC="/theme/images/icons/overlays.png" ALT="Polls">
-								<SPAN>Polls</SPAN>
-							</A>
-						</LI>
-
 						<LI<!--QUOTESACTIVE-->>
 							<A HREF="/quotes/">
 								<IMG SRC="/theme/images/icons/16-file-page.png" ALT="Quotes">
diff --git a/theme/layouts/7/layout.tpl b/theme/layouts/7/layout.tpl
index 2cacae5..5f722a3 100755
--- a/theme/layouts/7/layout.tpl
+++ b/theme/layouts/7/layout.tpl
@@ -146,13 +146,6 @@ AudioPlayer.setup("http://fourisland.com/theme/js/audio-player/player.swf", {
 						</a>
 					</li>
 
-					<li<!--POLLACTIVE-->>
-						<a href="/poll/">
-							<img src="/theme/images/icons/overlays.png" alt="Polls" />
-							<span>Polls</span>
-						</a>
-					</li>
-
 					<li<!--QUOTESACTIVE-->>
 						<a href="/quotes/">
 							<img src="/theme/images/icons/16-file-page.png" alt="Quotes" />
diff --git a/theme/layouts/subtle/layout.tpl b/theme/layouts/subtle/layout.tpl
index ac57aa7..227c87b 100755
--- a/theme/layouts/subtle/layout.tpl
+++ b/theme/layouts/subtle/layout.tpl
@@ -58,13 +58,6 @@ AudioPlayer.setup("http://fourisland.com/theme/js/audio-player/player.swf", {
 						</a>
 					</li>
 
-					<li<!--POLLACTIVE-->>
-						<a href="/poll/">
-							<img src="/theme/images/icons/overlays.png" alt="Polls" />
-							<span>Polls</span>
-						</a>
-					</li>
-
 					<li<!--QUOTESACTIVE-->>
 						<a href="/quotes/">
 							<img src="/theme/images/icons/16-file-page.png" alt="Quotes" />
-- 
cgit 1.4.1