warnings cleanup

[mirrors/Kyberia-bloodline.git] / wwwroot / inc / eventz / configure.inc

diff --git a/wwwroot/inc/eventz/configure.inc b/wwwroot/inc/eventz/configure.inc
index 7959a0e5c5d4f8d56b14b7949eb77d224a1d9993..9024d16f7c96449a21fbeed7d12269c203720aac 100644 (file)
--- a/wwwroot/inc/eventz/configure.inc
+++ b/wwwroot/inc/eventz/configure.inc
@@ -13,10 +13,10 @@
                        else $width=123;
 
                        if (stristr($image_name,".jpg") || stristr($image_name,".jpeg") ){
-                               $cmd=UTILZ_DIR."/jpegtopnm  $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT."images/nodes/".substr($node['node_id'],0,1)."/".substr($node['node_id'],1,1)."/".$node['node_id'].".gif";
+                               $cmd=UTILZ_DIR."/jpegtopnm  $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($node['node_id'],0,1)."/".substr($node['node_id'],1,1)."/".$node['node_id'].".gif";
                        }
                        elseif (stristr($image_name,".gif")) {
-                               $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTEM_ROOT."images/nodes/".substr($node['node_id'],0,1)."/".substr($node['node_id'],1,1)."/".$node['node_id'].".gif";
+                               $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($node['node_id'],0,1)."/".substr($node['node_id'],1,1)."/".$node['node_id'].".gif";
                        }
                        if ($cmd) {
                                shell_exec($cmd);
@@ -29,7 +29,7 @@
                        }
 
                        else {
-                               $node_creator=$_POST['node_creator'];
+                               $node_creator=intval($_POST['node_creator']);
                                $q="select user_id from users where login like '$node_creator'";
                                $ownerset=$db->query($q);
                                if (!$ownerset->getNumRows()) {
@@ -42,11 +42,11 @@
                                }
                        }
 
-                       $node_vector=$_POST['node_vector'];
+                       $node_vector=db_escape_string($_POST['node_vector']);
                        $old_vector=$node['node_vector'];
                        if (is_numeric($_POST['template_id'])) $template_id=$_POST['template_id'];
-                       $node_parent=$_POST['node_parent'];
-                       $node_created=$_POST['node_created'];
+                       $node_parent=intval($_POST['node_parent']);
+                       $node_created=db_escape_string($_POST['node_created']);
                        $node_id=$node['node_id'];
 
 
@@ -64,10 +64,10 @@
                                $node_vector=$parent_node['node_vector'].";".$parent_node['node_id'];;
                        }
 
-                       $node_name=$_POST['node_name'];
+                       $node_name=db_escape_string($_POST['node_name']);
 
-                       $node_external_access=$_POST['node_external_access'];
-                       $node_system_access=$_POST['node_system_access'];
+                       $node_external_access=db_escape_string($_POST['node_external_access']);
+                       $node_system_access=db_escape_string($_POST['node_system_access']);
 
                        require(INCLUDE_DIR.'htmlparse.inc');
                        global $htmlparse;