GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Migration to PDO database abstraction layer
[mirrors/Kyberia-bloodline.git] / wwwroot / inc / eventz / banlist.inc
diff --git a/wwwroot/inc/eventz/banlist.inc b/wwwroot/inc/eventz/banlist.inc
index 571c7128e46d99e5c1549e91e0e4d67e7091e91c..8f14448b3f372f1613fff245f7d489f98aa2ba90 100644 (file)
--- a/wwwroot/inc/eventz/banlist.inc
+++ b/wwwroot/inc/eventz/banlist.inc
@@ -8,7 +8,8 @@ if ($node['node_permission']!=('owner' || 'master' || 'op')) {
 $error=$error_messages['EVENT_PERMISSION_ERROR'];
 return false;
 }
-               $bans=explode(";",$_POST['bans']);
+               $bans = explode(";",$_POST['bans']); // XXX sqli?
+               $bans = array_map('db_escape_string', $bans); 
 
                $db->query("update node_access set node_permission='' where node_id=$node_id and node_permission='ban'");
                foreach ($bans as $ban) {
@@ -22,7 +23,7 @@ return false;
                                        $q="insert into node_access set node_permission='ban',node_id=$node_id,user_id=".$set->getString('user_id');
                                        $db->query($q);
                                }
-                               $log->log('add ban',$node_id,'ok',$ban);
+                               logger::log('add ban',$node_id,'ok',$ban);
                        }
                        else { $error .= "$ban does not exist..."; }
                }
https://github.com/Kyberia/Kyberia-bloodline.git (mirrored @ Sat, 01 Jun 2024 15:40:09 +0200)
This page took 0.096727 seconds and 4 git commands to generate.