X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Fbanlist.inc;h=3f08d4d01cf9e0bd5bc26413e8ca025fb47ba620;hb=d068d94b5e62de2f80164fd8062adce6e0ad93ae;hp=d817840602ddba28b6674bfb6a0c1646643e40f2;hpb=fd15ea3a496d31453e21ac89ff4be0ae3fe671ef;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/banlist.inc b/wwwroot/inc/eventz/banlist.inc
index d817840..3f08d4d 100644
--- a/wwwroot/inc/eventz/banlist.inc
+++ b/wwwroot/inc/eventz/banlist.inc
@@ -8,7 +8,8 @@ if ($node['node_permission']!=('owner' || 'master' || 'op')) {
 $error=$error_messages['EVENT_PERMISSION_ERROR'];
 return false;
 }
-		$bans=explode(";",$_POST['bans']);
+		$bans = explode(";",$_POST['bans']); // XXX sqli?
+		$bans = array_map('mysql_real_escape_string', $bans); 
 
 		$db->query("update node_access set node_permission='' where node_id=$node_id and node_permission='ban'");
 		foreach ($bans as $ban) {