after the registration verification, the registration request shall be put into...

[mirrors/Kyberia-bloodline.git] / wwwroot / inc / eventz / configure.inc

diff --git a/wwwroot/inc/eventz/configure.inc b/wwwroot/inc/eventz/configure.inc
index 915d7ad0f5f60349279a0224297a4e45abc63e09..8479152c035019886102c12cc4846f19b4a1679e 100644 (file)
--- a/wwwroot/inc/eventz/configure.inc
+++ b/wwwroot/inc/eventz/configure.inc
@@ -13,10 +13,10 @@
                        else $width=123;
 
                        if (stristr($image_name,".jpg") || stristr($image_name,".jpeg") ){
-                               $cmd=UTILZ_DIR."/jpegtopnm  $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT."images/nodes/".substr($node['node_id'],0,1)."/".substr($node['node_id'],1,1)."/".$node['node_id'].".gif";
+                               $cmd=UTILZ_DIR."/jpegtopnm  $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($node['node_id'],0,1)."/".substr($node['node_id'],1,1)."/".$node['node_id'].".gif";
                        }
                        elseif (stristr($image_name,".gif")) {
-                               $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTEM_ROOT."images/nodes/".substr($node['node_id'],0,1)."/".substr($node['node_id'],1,1)."/".$node['node_id'].".gif";
+                               $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($node['node_id'],0,1)."/".substr($node['node_id'],1,1)."/".$node['node_id'].".gif";
                        }
                        if ($cmd) {
                                shell_exec($cmd);
@@ -29,7 +29,7 @@
                        }
 
                        else {
-                               $node_creator=$_POST['node_creator'];
+                               $node_creator=intval($_POST['node_creator']);
                                $q="select user_id from users where login like '$node_creator'";
                                $ownerset=$db->query($q);
                                if (!$ownerset->getNumRows()) {
@@ -42,11 +42,11 @@
                                }
                        }
 
-                       $node_vector=$_POST['node_vector'];
+                       $node_vector=mysql_real_escape_string($_POST['node_vector']);
                        $old_vector=$node['node_vector'];
                        if (is_numeric($_POST['template_id'])) $template_id=$_POST['template_id'];
-                       $node_parent=$_POST['node_parent'];
-                       $node_created=$_POST['node_created'];
+                       $node_parent=intval($_POST['node_parent']);
+                       $node_created=mysql_real_escape_string($_POST['node_created']);
                        $node_id=$node['node_id'];
 
 
@@ -64,14 +64,14 @@
                                $node_vector=$parent_node['node_vector'].";".$parent_node['node_id'];;
                        }
 
-                       $node_name=$_POST['node_name'];
+                       $node_name=mysql_real_escape_string($_POST['node_name']);
 
-                       $node_external_access=$_POST['node_external_access'];
-                       $node_system_access=$_POST['node_system_access'];
+                       $node_external_access=mysql_real_escape_string($_POST['node_external_access']);
+                       $node_system_access=mysql_real_escape_string($_POST['node_system_access']);
 
                        require(INCLUDE_DIR.'htmlparse.inc');
                        global $htmlparse;
-                       htmlparse::htmlparse($node_name);
+                       htmlparser::htmlparse($node_name);
 
                        if (!empty($htmlparse)) {
                                $error=$htmlparse;