From 74db7a24d9c2230b104979f4e4981c57ff73de71 Mon Sep 17 00:00:00 2001 From: Starla Insigna Date: Sat, 11 Dec 2010 14:05:05 -0500 Subject: Made Four Island 2 a little more sane I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were: - "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables - Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on! - Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode. - Completely eradicated polls. Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island. --- pages/blog.php | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'pages/blog.php') diff --git a/pages/blog.php b/pages/blog.php index e7163ce..72e96bf 100755 --- a/pages/blog.php +++ b/pages/blog.php @@ -46,7 +46,7 @@ if (isset($_GET['post'])) { updatePop($getpost3['id'],'views'); - $title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive'; + $title = htmlspecialchars($getpost3['title']) . ' - Blog Archive'; $getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1"; $getback2 = mysql_query($getback); @@ -54,7 +54,7 @@ if (isset($_GET['post'])) if (isset($getback3['title'])) { $template->adds_block('BACK', array( 'CODED' => $getback3['slug'], - 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getback3['title']))))); + 'TITLE' => doAprilFoolsDay(htmlspecialchars($getback3['title'])))); } $getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1"; @@ -63,7 +63,7 @@ if (isset($_GET['post'])) if (isset($getnext3['title'])) { $template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'], - 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getnext3['title']))))); + 'TITLE' => doAprilFoolsDay(htmlspecialchars($getnext3['title'])))); } $template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'], @@ -72,10 +72,10 @@ if (isset($_GET['post'])) 'MONTH' => date('M',strtotime($getpost3['pubDate'])), 'DAY' => date('d',strtotime($getpost3['pubDate'])), 'CODED' => $getpost3['slug'], - 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))), + 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])), 'AUTHOR' => $getpost3['author'], 'RATING' => $getpost3['rating'], - 'TEXT' => parseText(stripslashes($getpost3['text'])))); + 'TEXT' => parseText($getpost3['text']))); $tags = getTags($getpost3['id']); foreach ($tags as $tag) @@ -121,8 +121,6 @@ if (isset($_GET['post'])) $page_id = 'updates-' . $getpost3['id']; include('includes/comments.php'); - - displayRelated($getpost3['title'], $getpost3['id']); } else { generateError('404'); } @@ -171,12 +169,12 @@ if (isset($_GET['post'])) 'MONTH' => date('M',strtotime($getpost3['pubDate'])), 'DAY' => date('d',strtotime($getpost3['pubDate'])), 'CODED' => $getpost3['slug'], - 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))), + 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])), 'AUTHOR' => $getpost3['author'], 'PLURALCOMMENT' => (isset($plural) ? $plural : ''), 'COMMENTS' => $comText, 'RATING' => $getpost3['rating'], - 'TEXT' => parseText(stripslashes($getpost3['text'])))); + 'TEXT' => parseText($getpost3['text']))); $tags = getTags($getpost3['id']); foreach ($tags as $tag) -- cgit 1.4.1