X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Fexecutorlist.inc;h=04231bbf3a1e61b1fcb32084b2f1f4e26fc02ec3;hb=8630d2174a0f798739eeea16be61b8653a10a5da;hp=a00468cbd7b73e41b7f3361bdc01d129735775f8;hpb=58278a1ca7aad7ea33b99ff24a9fbc8e87f25e1d;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/executorlist.inc b/wwwroot/inc/eventz/executorlist.inc
index a00468c..04231bb 100644
--- a/wwwroot/inc/eventz/executorlist.inc
+++ b/wwwroot/inc/eventz/executorlist.inc
@@ -1,32 +1,32 @@
 <?php
 
-        function executorlist() {
-                global $db,$error,$node,$logger;
-                $node_id=$node['node_id'];
-                if ($node['node_permission']!='owner') {
-                        $error=$error_messages['EVENT_PERMISSION_ERROR'];
-                        return false;
-                }
+function executorlist() {
+        global $db,$error,$node;
+        $node_id=$node['node_id'];
+        if ($node['node_permission']!='owner') {
+                $error=$error_messages['EVENT_PERMISSION_ERROR'];
+                return false;
+        }
 
-                $executors=explode(";",$_POST['executorlist']);
-                $db->query("update node_access set node_permission='' where
- node_id=$node_id and node_permission='exec'");
-                foreach ($executors as $execitpr) {
-                        $set=$db->query("select user_id from users where login='$executor'");
-                        $set->next();
-                        if ($set->getString('user_id')) {
-                                $q="update node_access set node_permission='exec' where node_id=$node_id and
+        $executors=explode(";",$_POST['executorlist']); // XXX sqli
+        $db->query("update node_access set node_permission='' where
+		node_id=$node_id and node_permission='exec'");
+        foreach ($executors as $execitpr) {
+                 $set=$db->query("select user_id from users where login='$executor'");
+                 $set->next();
+                 if ($set->getString('user_id')) {
+                        $q="update node_access set node_permission='exec' where node_id=$node_id and
 user_id='".$set->getString('user_id')."'";
-                                $changed=$db->update($q);
-                                if (!$changed) {
-                                        $q="insert into node_access set
+                        $changed=$db->update($q);
+                        if (!$changed) {
+                                $q="insert into node_access set
 node_permission='exec',node_id=$node_id,user_id=".$set->getString('user_id');
-                                        $db->query($q);
-                                        $logger->log('add exec',$node_id,'ok',$executor);
+                                $db->query($q);
+                                $logger::log('add exec',$node_id,'ok',$executor);
 
-                                }
                         }
-                        else { $error .= "$executor does not exist..."; }
                 }
+                else { $error .= "$executor does not exist..."; }
         }
+}
 ?>