X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Fconfigure.inc;h=756abc239fc3c0d778463461276bf77e40c70f46;hb=827c8e7dbe1be62a0549b0b285ae10e50dd1aebf;hp=08e0269bfab28e3d96c76b49ac3ce61a7bea86af;hpb=51ff32267c4949bad6a8dddc502cbc01ed56edc8;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/configure.inc b/wwwroot/inc/eventz/configure.inc
index 08e0269..756abc2 100644
--- a/wwwroot/inc/eventz/configure.inc
+++ b/wwwroot/inc/eventz/configure.inc
@@ -29,7 +29,7 @@
 			}
 
 			else {
-				$node_creator=$_POST['node_creator'];
+				$node_creator=intval($_POST['node_creator']);
 				$q="select user_id from users where login like '$node_creator'";
 				$ownerset=$db->query($q);
 				if (!$ownerset->getNumRows()) {
@@ -42,11 +42,11 @@
 				}
 			}
 
-			$node_vector=$_POST['node_vector'];
+			$node_vector=mysql_real_escape_string($_POST['node_vector']);
 			$old_vector=$node['node_vector'];
 			if (is_numeric($_POST['template_id'])) $template_id=$_POST['template_id'];
-			$node_parent=$_POST['node_parent'];
-			$node_created=$_POST['node_created'];
+			$node_parent=intval($_POST['node_parent']);
+			$node_created=mysql_real_escape_string($_POST['node_created']);
 			$node_id=$node['node_id'];
 
 
@@ -64,14 +64,14 @@
 				$node_vector=$parent_node['node_vector'].";".$parent_node['node_id'];;
 			}
 
-			$node_name=$_POST['node_name'];
+			$node_name=mysql_real_escape_string($_POST['node_name']);
 
-			$node_external_access=$_POST['node_external_access'];
-			$node_system_access=$_POST['node_system_access'];
+			$node_external_access=mysql_real_escape_string($_POST['node_external_access']);
+			$node_system_access=mysql_real_escape_string($_POST['node_system_access']);
 
-			require(SYSTEM_ROOT.'/inc/htmlparse.inc');
+			require(INCLUDE_DIR.'htmlparse.inc');
 			global $htmlparse;
-			htmlparse::htmlparse($node_name);
+			htmlparser::htmlparse($node_name);
 
 			if (!empty($htmlparse)) {
 				$error=$htmlparse;
@@ -102,4 +102,4 @@
 		}
 
 	}
-?>
\ No newline at end of file
+?>