From 74db7a24d9c2230b104979f4e4981c57ff73de71 Mon Sep 17 00:00:00 2001
From: Starla Insigna <starla4444@gmail.com>
Date: Sat, 11 Dec 2010 14:05:05 -0500
Subject: Made Four Island 2 a little more sane

I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were:
- "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables
- Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on!
- Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode.
- Completely eradicated polls.
Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
---
 includes/comments.php  |  2 +-
 includes/common.php    |  3 ++
 includes/functions.php | 99 +-------------------------------------------------
 includes/layout.php    | 23 +++---------
 4 files changed, 10 insertions(+), 117 deletions(-)

(limited to 'includes')

diff --git a/includes/comments.php b/includes/comments.php
index be48c02..5aa8993 100755
--- a/includes/comments.php
+++ b/includes/comments.php
@@ -71,7 +71,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
 								'USERNAME' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username),
 								'DATE' => date("F jS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])),
 								'ID' => $getcomments3[$i]['id'],
-								'TEXT' => parseText(stripslashes($getcomments3[$i]['comment']))));
+								'TEXT' => parseText($getcomments3[$i]['comment'])));
 
 		if (isLoggedIn())
 		{
diff --git a/includes/common.php b/includes/common.php
index 8ca6958..7442a18 100755
--- a/includes/common.php
+++ b/includes/common.php
@@ -22,6 +22,9 @@ if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
 
 require('headerproc.php');
 
+$result = mysql_query('SET NAMES utf8');
+$result = mysql_query('SET CHARACTER SET utf8');
+
 include('includes/template.php');
 include('includes/session.php');
 include('includes/maintenance.php');
diff --git a/includes/functions.php b/includes/functions.php
index aed4516..b42ca7d 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -62,20 +62,6 @@ function dispIfNotOld($datTim)
 	}
 }
 
-function getpercent($getpoll3,$num)
-{
-	$maxper = ($getpoll3['clicks1'] + $getpoll3['clicks2'] + $getpoll3['clicks3'] + $getpoll3['clicks4']);
-
-	if ($maxper == 0)
-	{
-		return 0;
-	} else {
-		$percent = round(($getpoll3['clicks' . $num] / $maxper) * 100);
-	}
-
-	return($percent);
-}
-
 function generateSlug($title,$table)
 {
 	$title = preg_replace('/[^A-Za-z0-9]/','-',$title);
@@ -110,7 +96,7 @@ function postBlogPost($title,$author,$tags,$content)
 {
 	$slug = generateSlug($title,'updates');
 
-	$inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . $title . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")";
+	$inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . mysql_real_escape_string($title) . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")";
 	$inspost2 = mysql_query($inspost);
 
 	$id = mysql_insert_id();
@@ -269,31 +255,6 @@ if (!function_exists('unique_id'))
 	}
 }
 
-function displayRelated($title, $avoid = 0)
-{
-	$getrelated = "SELECT *, MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AS score FROM updates WHERE MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AND id <> " . $avoid . " LIMIT 0,5";
-	$getrelated2 = mysql_query($getrelated);
-	$i=0;
-	while ($getrelated3[$i] = mysql_fetch_array($getrelated2))
-	{
-		if ($i==0)
-		{
-			$template = new FITemplate('related');
-		}
-
-		$template->adds_block('POST', array(	'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getrelated3[$i]['title']))),
-							'CODED' => $getrelated3[$i]['slug'],
-							'AUTHOR' => $getrelated3[$i]['author'],
-							'DATE' => date('F jS Y',strtotime($getrelated3[$i]['pubDate']))));
-		$i++;
-	}
-
-	if ($i > 0)
-	{
-		$template->display();
-	}
-}
-
 function getCommentUrl($getcomment3)
 {
 	$page_id = $getcomment3['page_id'];
@@ -307,62 +268,12 @@ function getCommentUrl($getcomment3)
 		$getupdate3 = mysql_fetch_array($getupdate2);
 
 		return '/blog/' . $getupdate3['slug'] . '/';
-	} else if ($comType == 'polloftheweek')
-	{
-		return '/poll/' . $comID . '.php';
 	} else if ($comType == 'quote')
 	{
 		return '/quotes/' . $comID . '.php';
 	}
 }
 
-function getPollOfTheWeek($id = -1)
-{
-	static $showed_form = false;
-
-	$potw = new FITemplate('polloftheweek');
-	
-	if ($id == -1)
-	{
-		$getpoll = "SELECT * FROM polloftheweek ORDER BY id DESC LIMIT 0,1";
-	} else {
-		$getpoll = "SELECT * FROM polloftheweek WHERE id = " . $id;
-	}
-	$getpoll2 = mysql_query($getpoll);
-	$getpoll3 = mysql_fetch_array($getpoll2);
-
-	$potw->add('ID', $getpoll3['id']);
-	$potw->add('QUESTION', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['question']))));
-	$potw->add('OPTION1', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option1']))));
-	$potw->add('OPTION2', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option2']))));
-	$potw->add('OPTION3', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option3']))));
-	$potw->add('OPTION4', doAprilFoolsDay(stripslashes(htmlentities($getpoll3['option4']))));
-
-	$getip = "SELECT * FROM didpollalready WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
-	$getip2 = mysql_query($getip);
-	$getip3 = mysql_fetch_array($getip2);
-
-	if (($getip3['ip'] != $_SERVER['REMOTE_ADDR']) && ($id == -1) && ($showed_form == false))
-	{
-		$potw->adds_block('FORM',array('exi'=>1));
-		$showed_form = true;
-	} else {
-		$potw->adds_block('DISPLAY',array('exi'=>1));
-
-		$potw->add('PERCENT1', getpercent($getpoll3,'1'));
-		$potw->add('PERCENT2', getpercent($getpoll3,'2'));
-		$potw->add('PERCENT3', getpercent($getpoll3,'3'));
-		$potw->add('PERCENT4', getpercent($getpoll3,'4'));
-	}
-	
-	ob_start();
-	$potw->display();
-	$result = ob_get_contents();
-	ob_end_clean();
-	
-	return $result;
-}
-
 function getTagColor($i)
 {
 	switch ($i % 7)
@@ -417,14 +328,6 @@ function getRewriteURL()
 			} else {
 				return '/blog/';
 			}
-		} else if ($_GET['area'] == 'poll')
-		{
-			if (isset($_GET['id']))
-			{
-				return '/poll/' . $_GET['id'] . '.php';
-			} else {
-				return '/poll/';
-			}
 		} else if ($_GET['area'] == 'quotes')
 		{
 			if (isset($_GET['act']))
diff --git a/includes/layout.php b/includes/layout.php
index 9e94b69..22b87ea 100755
--- a/includes/layout.php
+++ b/includes/layout.php
@@ -74,7 +74,7 @@ $i=0;
 while ($getaffs3 = mysql_fetch_array($getaffs2))
 {
 	$template->adds_block('AFFILIATES', array(	'COLOR' => getTagColor($i++),
-							'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getaffs3['title']))),
+							'TITLE' => doAprilFoolsDay(htmlspecialchars($getaffs3['title'])),
 							'URL' => $getaffs3['url']));
 }
 
@@ -84,7 +84,7 @@ $i=0;
 while ($getwebps3 = mysql_fetch_array($getwebps2))
 {
 	$template->adds_block('WEBPROJS', array(	'COLOR' => getTagColor($i++),
-							'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getwebps3['title']))),
+							'TITLE' => doAprilFoolsDay(htmlspecialchars($getwebps3['title'])),
 							'URL' => $getwebps3['url']));
 }
 
@@ -129,7 +129,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
 								'AREA' => 'blog',
 								'CODED' => $getpost3['slug'],
 								'ENDING' => '/',
-								'TITLE' => stripslashes(htmlentities($getpost3['title'])),
+								'TITLE' => htmlspecialchars($getpost3['title']),
 								'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
 		$i++;
 	} else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)
@@ -143,20 +143,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
 								'TITLE' => 'Quote #' . $num,
 								'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
 		$i++;			
-	} else if (strpos($getcomments3[$i]['page_id'], 'polloftheweek') !== FALSE)
-	{
-		$getpotw = "SELECT * FROM polloftheweek WHERE id = " . substr($getcomments3[$i]['page_id'],strpos($getcomments3[$i]['page_id'],'-')+1);
-		$getpotw2 = mysql_query($getpotw);
-		$getpotw3 = mysql_fetch_array($getpotw2);
-
-		$template->adds_block('COMMENTS', array(	'ID' => $getcomments3[$i]['id'],
-								'AREA' => 'poll',
-								'CODED' => $getpotw3['id'],
-								'ENDING' => '.php',
-								'TITLE' => 'Poll "' . htmlentities($getpotw3['question']) . '"',
-								'AUTHOR' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username)));
-		$i++;			
-	}
+		}
 }
 
 $users = array();
@@ -233,7 +220,7 @@ $i=0;
 while ($getpopular3[$i] = mysql_fetch_array($getpopular2))
 {
 	$template->adds_block('POPULAR', array(	'CODED' => $getpopular3[$i]['slug'],
-						'TITLE' => doAprilFoolsDay(stripslashes(htmlentities($getpopular3[$i]['title'])))));
+						'TITLE' => doAprilFoolsDay(htmlspecialchars($getpopular3[$i]['title']))));
 	$i++;
 }
 
-- 
cgit 1.4.1