GIT.Harvie.CZ
/
mirrors
/
Kyberia-bloodline.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
added script for fixing vectors
[mirrors/Kyberia-bloodline.git]
/
wwwroot
/
inc
/
eventz
/
banlist.inc
diff --git
a/wwwroot/inc/eventz/banlist.inc
b/wwwroot/inc/eventz/banlist.inc
index b806cb1c939b511f460801f88ca621a6ade24995..3f08d4d01cf9e0bd5bc26413e8ca025fb47ba620 100644
(file)
--- a/
wwwroot/inc/eventz/banlist.inc
+++ b/
wwwroot/inc/eventz/banlist.inc
@@
-8,7
+8,8
@@
if ($node['node_permission']!=('owner' || 'master' || 'op')) {
$error=$error_messages['EVENT_PERMISSION_ERROR'];
return false;
}
$error=$error_messages['EVENT_PERMISSION_ERROR'];
return false;
}
- $bans=explode(";",$_POST['bans']); // XXX sqli?
+ $bans = explode(";",$_POST['bans']); // XXX sqli?
+ $bans = array_map('mysql_real_escape_string', $bans);
$db->query("update node_access set node_permission='' where node_id=$node_id and node_permission='ban'");
foreach ($bans as $ban) {
$db->query("update node_access set node_permission='' where node_id=$node_id and node_permission='ban'");
foreach ($bans as $ban) {
This page took
0.242243 seconds
and
4
git commands to generate.