X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Fbanlist.inc;h=8f14448b3f372f1613fff245f7d489f98aa2ba90;hb=d2cf0fe02b06534a460bd8f9dc814007dc66ac41;hp=571c7128e46d99e5c1549e91e0e4d67e7091e91c;hpb=e23557a6a6a9b7bf1a2f49772ed5856f2c45f084;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/banlist.inc b/wwwroot/inc/eventz/banlist.inc
index 571c712..8f14448 100644
--- a/wwwroot/inc/eventz/banlist.inc
+++ b/wwwroot/inc/eventz/banlist.inc
@@ -8,7 +8,8 @@ if ($node['node_permission']!=('owner' || 'master' || 'op')) {
 $error=$error_messages['EVENT_PERMISSION_ERROR'];
 return false;
 }
-		$bans=explode(";",$_POST['bans']);
+		$bans = explode(";",$_POST['bans']); // XXX sqli?
+		$bans = array_map('db_escape_string', $bans); 
 
 		$db->query("update node_access set node_permission='' where node_id=$node_id and node_permission='ban'");
 		foreach ($bans as $ban) {
@@ -22,7 +23,7 @@ return false;
 					$q="insert into node_access set node_permission='ban',node_id=$node_id,user_id=".$set->getString('user_id');
 					$db->query($q);
 				}
-				$log->log('add ban',$node_id,'ok',$ban);
+				logger::log('add ban',$node_id,'ok',$ban);
 			}
 			else { $error .= "$ban does not exist..."; }
 		}