From 74db7a24d9c2230b104979f4e4981c57ff73de71 Mon Sep 17 00:00:00 2001 From: Starla Insigna Date: Sat, 11 Dec 2010 14:05:05 -0500 Subject: Made Four Island 2 a little more sane I spent the last few hours sanitizing the database and fixing huge bugs in the code. Among the changes made were: - "Theoretically related posts" have been removed due to the lack of FULLTEXT index support in InnoDB tables - Removed tons of stripslashes() calls that were used to remove slashes from records before I realized (while doing all of this work) that magic_quotes_gpc was on for some reason. I mean, like, come on! - Replaced all non-library uses of htmlentities() with htmlspecialchars(), which basically does the same thing except it doesn't mangle Unicode. - Completely eradicated polls. Note that this does mean that all database backups prior to December 11th 2010 are now incompatible with Four Island. --- pages/quotes.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pages/quotes.php') diff --git a/pages/quotes.php b/pages/quotes.php index 3b00878..f47dbd3 100755 --- a/pages/quotes.php +++ b/pages/quotes.php @@ -70,7 +70,7 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id']))) $template = new FITemplate('quotes/add'); if (isset($_GET['submit'])) { - $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","
",htmlspecialchars(stripslashes($_POST['rash_quote']))))); + $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","
",htmlspecialchars($_POST['rash_quote'])))); if (!isLoggedIn()) { $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; @@ -236,7 +236,7 @@ function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_l $template->add_ref($curID,'QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'], 'RATING' => $getquotes3[$i]['rating'], 'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''), - 'QUOTE' => doAprilFoolsDay(str_replace("\n","
",htmlspecialchars(stripslashes($getquotes3[$i]['quote'])))), + 'QUOTE' => doAprilFoolsDay(str_replace("\n","
",htmlspecialchars($getquotes3[$i]['quote']))), 'COMMENTS' => $comments)); if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($getquotes3[$i]['id'],$trackArr) === FALSE)) -- cgit 1.4.1