- $executors=explode(";",$_POST['executorlist']);
- $db->query("update node_access set node_permission='' where
- node_id=$node_id and node_permission='exec'");
- foreach ($executors as $execitpr) {
- $set=$db->query("select user_id from users where login='$executor'");
- $set->next();
- if ($set->getString('user_id')) {
- $q="update node_access set node_permission='exec' where node_id=$node_id and
+ $executors=explode(";",$_POST['executorlist']); // XXX sqli
+ $db->query("update node_access set node_permission='' where
+ node_id=$node_id and node_permission='exec'");
+ foreach ($executors as $execitpr) {
+ $set=$db->query("select user_id from users where login='$executor'");
+ $set->next();
+ if ($set->getString('user_id')) {
+ $q="update node_access set node_permission='exec' where node_id=$node_id and