X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2FK.inc;h=8a5aca46578437734adf0b89698db39e26973dbc;hb=HEAD;hp=05485e4d498f7497f5dc2c5cf5b6e00ca5b4cbea;hpb=51ff32267c4949bad6a8dddc502cbc01ed56edc8;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/K.inc b/wwwroot/inc/eventz/K.inc
index 05485e4..8a5aca4 100644
--- a/wwwroot/inc/eventz/K.inc
+++ b/wwwroot/inc/eventz/K.inc
@@ -56,6 +56,7 @@ function K() {
     $kset->next();
     $user_k=$kset->getString('user_k');
 
+    // XXX hard coded
     $senat_id = 876611;
     $K_id     = 1961061;
     $comms    = getCommanders($K_id);
@@ -70,6 +71,11 @@ function K() {
 
     foreach ($k as $id) {
 
+	// prevent sqli
+	$k = intval($k);
+	if ($k == 0) {	continue; }
+	
+	
         if ($user_k) {
             $isSenat = hasAncestor(getAncestors($id), $senat_id);
             if ($isSenat && !($isComm || $isSOwner)){