From 74db7a24d9c2230b104979f4e4981c57ff73de71 Mon Sep 17 00:00:00 2001
From: Starla Insigna <starla4444@gmail.com>
Date: Sat, 11 Dec 2010 14:05:05 -0500
Subject: Made Four Island 2 a little more sane
I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were:
- "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables
- Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on!
- Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode.
- Completely eradicated polls.
Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island.
---
pages/blog.php | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
(limited to 'pages/blog.php')
diff --git a/pages/blog.php b/pages/blog.php
index e7163ce..72e96bf 100755
--- a/pages/blog.php
+++ b/pages/blog.php
@@ -46,7 +46,7 @@ if (isset($_GET['post']))
{
updatePop($getpost3['id'],'views');
- $title = stripslashes(htmlentities($getpost3['title'])) . ' - Blog Archive';
+ $title = htmlspecialchars($getpost3['title']) . ' - Blog Archive';
$getback = "SELECT * FROM updates WHERE id < " . $getpost3['id'] . " ORDER BY id DESC LIMIT 0,1";
$getback2 = mysql_query($getback);
@@ -54,7 +54,7 @@ if (isset($_GET['post']))
if (isset($getback3['title']))
{
$template->adds_block('BACK', array( 'CODED' => $getback3['slug'],
- 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getback3['title'])))));
+ 'TITLE' => doAprilFoolsDay(htmlspecialchars($getback3['title']))));
}
$getnext = "SELECT * FROM updates WHERE id > " . $getpost3['id'] . " ORDER BY id ASC LIMIT 0,1";
@@ -63,7 +63,7 @@ if (isset($_GET['post']))
if (isset($getnext3['title']))
{
$template->adds_block('NEXT', array( 'CODED' => $getnext3['slug'],
- 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getnext3['title'])))));
+ 'TITLE' => doAprilFoolsDay(htmlspecialchars($getnext3['title']))));
}
$template->add_ref(0, 'POST', array( 'ID' => $getpost3['id'],
@@ -72,10 +72,10 @@ if (isset($_GET['post']))
'MONTH' => date('M',strtotime($getpost3['pubDate'])),
'DAY' => date('d',strtotime($getpost3['pubDate'])),
'CODED' => $getpost3['slug'],
- 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))),
+ 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])),
'AUTHOR' => $getpost3['author'],
'RATING' => $getpost3['rating'],
- 'TEXT' => parseText(stripslashes($getpost3['text']))));
+ 'TEXT' => parseText($getpost3['text'])));
$tags = getTags($getpost3['id']);
foreach ($tags as $tag)
@@ -121,8 +121,6 @@ if (isset($_GET['post']))
$page_id = 'updates-' . $getpost3['id'];
include('includes/comments.php');
-
- displayRelated($getpost3['title'], $getpost3['id']);
} else {
generateError('404');
}
@@ -171,12 +169,12 @@ if (isset($_GET['post']))
'MONTH' => date('M',strtotime($getpost3['pubDate'])),
'DAY' => date('d',strtotime($getpost3['pubDate'])),
'CODED' => $getpost3['slug'],
- 'TITLE' => doAprilFoolsDay(htmlentities(stripslashes($getpost3['title']))),
+ 'TITLE' => doAprilFoolsDay(htmlspecialchars($getpost3['title'])),
'AUTHOR' => $getpost3['author'],
'PLURALCOMMENT' => (isset($plural) ? $plural : ''),
'COMMENTS' => $comText,
'RATING' => $getpost3['rating'],
- 'TEXT' => parseText(stripslashes($getpost3['text']))));
+ 'TEXT' => parseText($getpost3['text'])));
$tags = getTags($getpost3['id']);
foreach ($tags as $tag)
--
cgit 1.4.1