X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Fsend.inc;h=a3389330b944edcb8cd8917f085c909adef519b4;hb=d2cf0fe02b06534a460bd8f9dc814007dc66ac41;hp=9e6959d73dc878f9ae86462fe0674ad79526c7ea;hpb=51ff32267c4949bad6a8dddc502cbc01ed56edc8;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/send.inc b/wwwroot/inc/eventz/send.inc
index 9e6959d..a338933 100644
--- a/wwwroot/inc/eventz/send.inc
+++ b/wwwroot/inc/eventz/send.inc
@@ -8,9 +8,9 @@ $error="Ak sa toto stane a citas tuto spravu chod navstivit buglist....ak robis
 return false;
 }
 
-                $user_id=mysql_real_escape_string($_SESSION['user_id']);
-                $user_name=mysql_real_escape_string($_SESSION['user_name']);
-                $mail_name=mysql_real_escape_string($_POST['mail_to']);
+                $user_id=db_escape_string($_SESSION['user_id']);
+                $user_name=db_escape_string($_SESSION['user_name']);
+                $mail_name=db_escape_string($_POST['mail_to']);
 
                if (!$mail_name) {
                                    global $error;
@@ -30,12 +30,12 @@ return false;
                                        $error="Dana osobka ktorej by si chcel poslat spravicku si bud zmenila nick alebo robis preklepy.";
                                        return false;
                         }
-                        // fuck off toth
+                        /* // fuck off toth
                         elseif ($user_id == 1859269 && $to['user_id'] == 2334) {
                             global $error;
                             $error = 'fuck you!';
                             return false;
-                        }
+                        } */
                         else {
                             $mail_to_id[]=$to['user_id'];
                         }
@@ -51,12 +51,12 @@ return false;
                                        global $error;
                                        $error="Pravdepodobne si osobka $mail_to_exploded zmenila nick alebo mas niekde preklep. Skus to opravit a potom try again:-]";
                                        return false; }
-                                // fuck off toth
+                                /* // fuck off toth
                                 elseif ($user_id == 1859269 && $to['user_id'] == 2334) {
                                     global $error;
                                     $error = 'fuck you!';
                                     return false;
-                                }
+                                } */
                                 else {$mail_to_id[]=$to['user_id'];}
             }
         }
@@ -70,7 +70,7 @@ return false;
 
                 if ($mail_to_id) {
 
-                        $mail_text=nodes::processContent($mail_text);
+                        $mail_text=db_escape_string(nodes::processContent($mail_text));
 global $htmlparse;
 if ($htmlparse) {
 $error=$htmlparse;
@@ -85,9 +85,10 @@ mail_from='$user_id',mail_text='$mail_text',mail_to='$mail_to_id_send',mail_time
                        $q="insert into mail set mail_duplicate_id='$duplicate_id',
 mail_read='no',mail_user='$mail_to_id_send',mail_from='$user_id',mail_text='$mail_text',
 mail_to='$mail_to_id_send',mail_timestamp=NOW()";
-                        $result=$db->query($q);
-                        $db->query("update users set user_mail=user_mail+1,
-user_mail_name='$user_name', user_mail_id = '".mysql_real_escape_string($_SESSION['user_id'])."' where user_id='$mail_to_id_send'");
+			$result=$db->query($q);
+			$db->query("update users set user_mail=user_mail+1,".
+			//"user_mail_name='$user_name',". //Not in DB yet!
+			"user_mail_id='".db_escape_string($_SESSION['user_id'])."' where user_id='$mail_to_id_send'");
                 }
             return true;
 
@@ -101,4 +102,4 @@ user_mail_name='$user_name', user_mail_id = '".mysql_real_escape_string($_SESSIO
         }
 
 
-?>
\ No newline at end of file
+?>