From 74db7a24d9c2230b104979f4e4981c57ff73de71 Mon Sep 17 00:00:00 2001 From: Starla Insigna Date: Sat, 11 Dec 2010 14:05:05 -0500 Subject: Made Four Island 2 a little more sane I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were: - "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables - Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on! - Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode. - Completely eradicated polls. Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island. --- admin/drafts.php | 2 +- admin/editLink.php | 4 ++-- admin/editPost.php | 4 ++-- admin/links.php | 2 +- admin/modquotes.php | 2 +- admin/newLink.php | 2 +- admin/newPost.php | 2 +- admin/pending.php | 2 +- admin/posts.php | 2 +- admin/welcome.php | 5 ----- 10 files changed, 11 insertions(+), 16 deletions(-) (limited to 'admin') diff --git a/admin/drafts.php b/admin/drafts.php index 5f7be1a..bb95b87 100755 --- a/admin/drafts.php +++ b/admin/drafts.php @@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) { if (!empty($post)) { - $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), + $template->adds_block('POST', array( 'TITLE' => htmlspecialchars($post['title']), 'AUTHOR' => $post['author'], 'ID' => $post['id'], 'CODED' => $post['slug'], diff --git a/admin/editLink.php b/admin/editLink.php index f3ba9cc..2bc86ab 100755 --- a/admin/editLink.php +++ b/admin/editLink.php @@ -74,10 +74,10 @@ if (isset($_GET['submit'])) $template->adds_block('FLASH', array('TEXT' => 'Your link has been sucessfully edited.')); } - $template->add('TITLEVALUE', htmlentities($_POST['title'])); + $template->add('TITLEVALUE', htmlspecialchars($_POST['title'])); $template->add('URLVALUE', $_POST['url']); } else { - $template->add('TITLEVALUE', htmlentities($getlink3['title'])); + $template->add('TITLEVALUE', htmlspecialchars($getlink3['title'])); $template->add('URLVALUE', $getlink3['url']); } diff --git a/admin/editPost.php b/admin/editPost.php index b87f895..6044431 100755 --- a/admin/editPost.php +++ b/admin/editPost.php @@ -201,13 +201,13 @@ if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id'])) $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit='); } - $template->add('TITLEVALUE', htmlentities($_POST['title'])); + $template->add('TITLEVALUE', htmlspecialchars($_POST['title'])); $template->add('TEXTVALUE', $_POST['text']); $template->add('TAGSVALUE', $_POST['tags']); $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); } else { - $template->add('TITLEVALUE', htmlentities($getpost3['title'])); + $template->add('TITLEVALUE', htmlspecialchars($getpost3['title'])); $template->add('TEXTVALUE', $getpost3['text']); $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); diff --git a/admin/links.php b/admin/links.php index fc1c813..da3fe5c 100755 --- a/admin/links.php +++ b/admin/links.php @@ -97,7 +97,7 @@ foreach ($pager->getPageData() as $link) { if (!empty($link)) { - $template->adds_block('LINK', array( 'TITLE' => htmlentities($link['title']), + $template->adds_block('LINK', array( 'TITLE' => htmlspecialchars($link['title']), 'URL' => $link['url'], 'ID' => $link['id'], 'ODD' => ($j % 2 ? '' : ' class="odd"'))); diff --git a/admin/modquotes.php b/admin/modquotes.php index 8340fd1..9ec6013 100755 --- a/admin/modquotes.php +++ b/admin/modquotes.php @@ -120,7 +120,7 @@ foreach ($pager->getPageData() as $quote) { if (!empty($quote)) { - $template->adds_block('QUOTE', array( 'TEXT' => str_replace("\n","
",htmlentities(stripslashes($quote['quote']))), + $template->adds_block('QUOTE', array( 'TEXT' => str_replace("\n","
",htmlspecialchars($quote['quote'])), 'ID' => $quote['id'], 'ODD' => ($j % 2 ? '' : ' class="odd"'))); } diff --git a/admin/newLink.php b/admin/newLink.php index 90313bd..abedb81 100755 --- a/admin/newLink.php +++ b/admin/newLink.php @@ -80,7 +80,7 @@ if (isset($_GET['submit'])) $template->add('TYPEDISABLED', ' readonly="readonly"'); } - $template->add('TITLEVALUE', htmlentities($_POST['title'])); + $template->add('TITLEVALUE', htmlspecialchars($_POST['title'])); $template->add('URLVALUE', $_POST['url']); $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); } else { diff --git a/admin/newPost.php b/admin/newPost.php index 32e7aa2..60819b9 100755 --- a/admin/newPost.php +++ b/admin/newPost.php @@ -145,7 +145,7 @@ if (isset($_GET['submit'])) if ($type != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); } - $template->add('TITLEVALUE', htmlentities($_POST['title'])); + $template->add('TITLEVALUE', htmlspecialchars($_POST['title'])); $template->add('TEXTVALUE', $_POST['text']); $template->add('TAGSVALUE', $_POST['tags']); $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); diff --git a/admin/pending.php b/admin/pending.php index 6f1cfaf..39295d6 100755 --- a/admin/pending.php +++ b/admin/pending.php @@ -148,7 +148,7 @@ foreach ($pager->getPageData() as $post) { if (!empty($post)) { - $template->add_ref($j, 'POST', array( 'TITLE' => htmlentities($post['title']), + $template->add_ref($j, 'POST', array( 'TITLE' => htmlspecialchars($post['title']), 'AUTHOR' => $post['author'], 'ID' => $post['id'], 'CODED' => $post['slug'], diff --git a/admin/posts.php b/admin/posts.php index d2e34c5..228a039 100755 --- a/admin/posts.php +++ b/admin/posts.php @@ -82,7 +82,7 @@ foreach ($pager->getPageData() as $post) { if (!empty($post)) { - $template->adds_block('POST', array( 'TITLE' => htmlentities($post['title']), + $template->adds_block('POST', array( 'TITLE' => htmlspecialchars($post['title']), 'AUTHOR' => $post['author'], 'ID' => $post['id'], 'CODED' => $post['slug'], diff --git a/admin/welcome.php b/admin/welcome.php index 76b42b1..9ca13ce 100755 --- a/admin/welcome.php +++ b/admin/welcome.php @@ -46,11 +46,6 @@ $cntcomments2 = mysql_query($cntcomments); $cntcomments3 = mysql_fetch_array($cntcomments2); $template->add('COMMENTS', $cntcomments3['COUNT(*)']); -$cntpolls = "SELECT COUNT(*) FROM polloftheweek"; -$cntpolls2 = mysql_query($cntpolls); -$cntpolls3 = mysql_fetch_array($cntpolls2); -$template->add('POLLS', $cntpolls3['COUNT(*)']); - $cntquotes = "SELECT COUNT(*) FROM rash_quotes"; $cntquotes2 = mysql_query($cntquotes); $cntquotes3 = mysql_fetch_array($cntquotes2); -- cgit 1.4.1