X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Fconfigure.inc;h=756abc239fc3c0d778463461276bf77e40c70f46;hb=0338f5119a7774a486c6cc6f033857d19703ae7c;hp=915d7ad0f5f60349279a0224297a4e45abc63e09;hpb=e909f81b8c7e4413f5788b36d8fbf2409ac11f46;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/configure.inc b/wwwroot/inc/eventz/configure.inc
index 915d7ad..756abc2 100644
--- a/wwwroot/inc/eventz/configure.inc
+++ b/wwwroot/inc/eventz/configure.inc
@@ -29,7 +29,7 @@
 			}
 
 			else {
-				$node_creator=$_POST['node_creator'];
+				$node_creator=intval($_POST['node_creator']);
 				$q="select user_id from users where login like '$node_creator'";
 				$ownerset=$db->query($q);
 				if (!$ownerset->getNumRows()) {
@@ -42,11 +42,11 @@
 				}
 			}
 
-			$node_vector=$_POST['node_vector'];
+			$node_vector=mysql_real_escape_string($_POST['node_vector']);
 			$old_vector=$node['node_vector'];
 			if (is_numeric($_POST['template_id'])) $template_id=$_POST['template_id'];
-			$node_parent=$_POST['node_parent'];
-			$node_created=$_POST['node_created'];
+			$node_parent=intval($_POST['node_parent']);
+			$node_created=mysql_real_escape_string($_POST['node_created']);
 			$node_id=$node['node_id'];
 
 
@@ -64,14 +64,14 @@
 				$node_vector=$parent_node['node_vector'].";".$parent_node['node_id'];;
 			}
 
-			$node_name=$_POST['node_name'];
+			$node_name=mysql_real_escape_string($_POST['node_name']);
 
-			$node_external_access=$_POST['node_external_access'];
-			$node_system_access=$_POST['node_system_access'];
+			$node_external_access=mysql_real_escape_string($_POST['node_external_access']);
+			$node_system_access=mysql_real_escape_string($_POST['node_system_access']);
 
 			require(INCLUDE_DIR.'htmlparse.inc');
 			global $htmlparse;
-			htmlparse::htmlparse($node_name);
+			htmlparser::htmlparse($node_name);
 
 			if (!empty($htmlparse)) {
 				$error=$htmlparse;