From 74db7a24d9c2230b104979f4e4981c57ff73de71 Mon Sep 17 00:00:00 2001
From: Starla Insigna <starla4444@gmail.com>
Date: Sat, 11 Dec 2010 14:05:05 -0500
Subject: Made Four Island 2 a little more sane

I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were:
- "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables
- Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on!
- Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode.
- Completely eradicated polls.
Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
---
 includes/layout.php | 23 +++++------------------
 1 file changed, 5 insertions(+), 18 deletions(-)

(limited to 'includes/layout.php')

diff --git a/includes/layout.php b/includes/layout.php
index 9e94b69..22b87ea 100755
--- a/includes/layout.php
+++ b/includes/layout.php
@@ -74,7 +74,7 @@ $i=0;
 while ($getaffs3 = mysql_fetch_array($getaffs2))
 {
 	$template->adds_block('AFFILIATES', array(	'COLOR' => getTagColor($i++),
-							'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getaffs3['title']))),
+							'TITLE' => doAprilFoolsDay(htmlspecialchars($getaffs3['title'])),
 							'URL' => $getaffs3['url']));
 }
 
@@ -84,7 +84,7 @@ $i=0;
 while ($getwebps3 = mysql_fetch_array($getwebps2))
 {
 	$template->adds_block('WEBPROJS', array(	'COLOR' => getTagColor($i++),
-							'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getwebps3['title']))),
+							'TITLE' => doAprilFoolsDay(htmlspecialchars($getwebps3['title'])),
 							'URL' => $getwebps3['url']));
 }
 
@@ -129,7 +129,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
 								'AREA' => 'blog',
 								'CODED' => $getpost3['slug'],
 								'ENDING' => '/',
-								'TITLE' => stripslashes(htmlentities($getpost3['title'])),
+								'TITLE' => htmlspecialchars($getpost3['title']),
 								'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
 		$i++;
 	} else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)
@@ -143,20 +143,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
 								'TITLE' => 'Quote #' . $num,
 								'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
 		$i++;			
-	} else if (strpos($getcomments3[$i]['page_id'], 'polloftheweek') !== FALSE)
-	{
-		$getpotw = "SELECT * FROM polloftheweek WHERE id = " . substr($getcomments3[$i]['page_id'],strpos($getcomments3[$i]['page_id'],'-')+1);
-		$getpotw2 = mysql_query($getpotw);
-		$getpotw3 = mysql_fetch_array($getpotw2);
-
-		$template->adds_block('COMMENTS', array(	'ID' => $getcomments3[$i]['id'],
-								'AREA' => 'poll',
-								'CODED' => $getpotw3['id'],
-								'ENDING' => '.php',
-								'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"',
-								'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
-		$i++;			
-	}
+		}
 }
 
 $users = array();
@@ -233,7 +220,7 @@ $i=0;
 while ($getpopular3[$i] = mysql_fetch_array($getpopular2))
 {
 	$template->adds_block('POPULAR', array(	'CODED' => $getpopular3[$i]['slug'],
-						'TITLE' => doAprilFoolsDay(stripslashes(htmlentities($getpopular3[$i]['title'])))));
+						'TITLE' => doAprilFoolsDay(htmlspecialchars($getpopular3[$i]['title']))));
 	$i++;
 }
 
-- 
cgit 1.4.1