X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Fsend.inc;h=a3389330b944edcb8cd8917f085c909adef519b4;hb=d2cf0fe02b06534a460bd8f9dc814007dc66ac41;hp=bf217beb41aed63e4f559e6264ec64d7ff8abb99;hpb=cb7733d8e1998c96e7a868b47d4ba0ed74e94eec;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/send.inc b/wwwroot/inc/eventz/send.inc
index bf217be..a338933 100644
--- a/wwwroot/inc/eventz/send.inc
+++ b/wwwroot/inc/eventz/send.inc
@@ -8,9 +8,9 @@ $error="Ak sa toto stane a citas tuto spravu chod navstivit buglist....ak robis
 return false;
 }
 
-                $user_id=mysql_real_escape_string($_SESSION['user_id']);
-                $user_name=mysql_real_escape_string($_SESSION['user_name']);
-                $mail_name=mysql_real_escape_string($_POST['mail_to']);
+                $user_id=db_escape_string($_SESSION['user_id']);
+                $user_name=db_escape_string($_SESSION['user_name']);
+                $mail_name=db_escape_string($_POST['mail_to']);
 
                if (!$mail_name) {
                                    global $error;
@@ -70,7 +70,7 @@ return false;
 
                 if ($mail_to_id) {
 
-                        $mail_text=nodes::processContent($mail_text);
+                        $mail_text=db_escape_string(nodes::processContent($mail_text));
 global $htmlparse;
 if ($htmlparse) {
 $error=$htmlparse;
@@ -88,7 +88,7 @@ mail_to='$mail_to_id_send',mail_timestamp=NOW()";
 			$result=$db->query($q);
 			$db->query("update users set user_mail=user_mail+1,".
 			//"user_mail_name='$user_name',". //Not in DB yet!
-			"user_mail_id='".mysql_real_escape_string($_SESSION['user_id'])."' where user_id='$mail_to_id_send'");
+			"user_mail_id='".db_escape_string($_SESSION['user_id'])."' where user_id='$mail_to_id_send'");
                 }
             return true;