From 74db7a24d9c2230b104979f4e4981c57ff73de71 Mon Sep 17 00:00:00 2001 From: Starla Insigna Date: Sat, 11 Dec 2010 14:05:05 -0500 Subject: Made Four Island 2 a little more sane I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were: - "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables - Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on! - Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode. - Completely eradicated polls. Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island. --- includes/functions.php | 99 +------------------------------------------------- 1 file changed, 1 insertion(+), 98 deletions(-) (limited to 'includes/functions.php') diff --git a/includes/functions.php b/includes/functions.php index aed4516..b42ca7d 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -62,20 +62,6 @@ function dispIfNotOld($datTim) } } -function getpercent($getpoll3,$num) -{ - $maxper = ($getpoll3['clicks1'] + $getpoll3['clicks2'] + $getpoll3['clicks3'] + $getpoll3['clicks4']); - - if ($maxper == 0) - { - return 0; - } else { - $percent = round(($getpoll3['clicks' . $num] / $maxper) * 100); - } - - return($percent); -} - function generateSlug($title,$table) { $title = preg_replace('/[^A-Za-z0-9]/','-',$title); @@ -110,7 +96,7 @@ function postBlogPost($title,$author,$tags,$content) { $slug = generateSlug($title,'updates'); - $inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . $title . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")"; + $inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . mysql_real_escape_string($title) . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")"; $inspost2 = mysql_query($inspost); $id = mysql_insert_id(); @@ -269,31 +255,6 @@ if (!function_exists('unique_id')) } } -function displayRelated($title, $avoid = 0) -{ - $getrelated = "SELECT *, MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AS score FROM updates WHERE MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AND id <> " . $avoid . " LIMIT 0,5"; - $getrelated2 = mysql_query($getrelated); - $i=0; - while ($getrelated3[$i] = mysql_fetch_array($getrelated2)) - { - if ($i==0) - { - $template = new FITemplate('related'); - } - - $template->adds_block('POST', array( 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getrelated3[$i]['title']))), - 'CODED' => $getrelated3[$i]['slug'], - 'AUTHOR' => $getrelated3[$i]['author'], - 'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate'])))); - $i++; - } - - if ($i > 0) - { - $template->display(); - } -} - function getCommentUrl($getcomment3) { $page_id = $getcomment3['page_id']; @@ -307,62 +268,12 @@ function getCommentUrl($getcomment3) $getupdate3 = mysql_fetch_array($getupdate2); return '/blog/' . $getupdate3['slug'] . '/'; - } else if ($comType == 'polloftheweek') - { - return '/poll/' . $comID . '.php'; } else if ($comType == 'quote') { return '/quotes/' . $comID . '.php'; } } -function getPollOfTheWeek($id = -1) -{ - static $showed_form = false; - - $potw = new FITemplate('polloftheweek'); - - if ($id == -1) - { - $getpoll = "SELECT * FROM polloftheweek ORDER BY id DESC LIMIT 0,1"; - } else { - $getpoll = "SELECT * FROM polloftheweek WHERE id = " . $id; - } - $getpoll2 = mysql_query($getpoll); - $getpoll3 = mysql_fetch_array($getpoll2); - - $potw->add('ID', $getpoll3['id']); - $potw->add('QUESTION', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['question'])))); - $potw->add('OPTION1', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option1'])))); - $potw->add('OPTION2', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option2'])))); - $potw->add('OPTION3', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option3'])))); - $potw->add('OPTION4', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option4'])))); - - $getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; - $getip2 = mysql_query($getip); - $getip3 = mysql_fetch_array($getip2); - - if (($getip3['ip'] != $_SERVER['REMOTE_ADDR']) && ($id == -1) && ($showed_form == false)) - { - $potw->adds_block('FORM',array('exi'=>1)); - $showed_form = true; - } else { - $potw->adds_block('DISPLAY',array('exi'=>1)); - - $potw->add('PERCENT1', getpercent($getpoll3,'1')); - $potw->add('PERCENT2', getpercent($getpoll3,'2')); - $potw->add('PERCENT3', getpercent($getpoll3,'3')); - $potw->add('PERCENT4', getpercent($getpoll3,'4')); - } - - ob_start(); - $potw->display(); - $result = ob_get_contents(); - ob_end_clean(); - - return $result; -} - function getTagColor($i) { switch ($i % 7) @@ -417,14 +328,6 @@ function getRewriteURL() } else { return '/blog/'; } - } else if ($_GET['area'] == 'poll') - { - if (isset($_GET['id'])) - { - return '/poll/' . $_GET['id'] . '.php'; - } else { - return '/poll/'; - } } else if ($_GET['area'] == 'quotes') { if (isset($_GET['act'])) -- cgit 1.4.1