X-Git-Url: https://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Fconfigure.inc;h=9024d16f7c96449a21fbeed7d12269c203720aac;hb=6973651b3c2a24a974b824b649c17913e87457e8;hp=7959a0e5c5d4f8d56b14b7949eb77d224a1d9993;hpb=4ad7056d116f313a83695458d0f17e1aef75a9d2;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/configure.inc b/wwwroot/inc/eventz/configure.inc
index 7959a0e..9024d16 100644
--- a/wwwroot/inc/eventz/configure.inc
+++ b/wwwroot/inc/eventz/configure.inc
@@ -13,10 +13,10 @@
 			else $width=123;
 
 			if (stristr($image_name,".jpg") || stristr($image_name,".jpeg") ){
-		                $cmd=UTILZ_DIR."/jpegtopnm  $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT."images/nodes/".substr($node['node_id'],0,1)."/".substr($node['node_id'],1,1)."/".$node['node_id'].".gif";
+		                $cmd=UTILZ_DIR."/jpegtopnm  $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($node['node_id'],0,1)."/".substr($node['node_id'],1,1)."/".$node['node_id'].".gif";
 			}
 		        elseif (stristr($image_name,".gif")) {
-        		        $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTEM_ROOT."images/nodes/".substr($node['node_id'],0,1)."/".substr($node['node_id'],1,1)."/".$node['node_id'].".gif";
+				$cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($node['node_id'],0,1)."/".substr($node['node_id'],1,1)."/".$node['node_id'].".gif";
 	        	}
 			if ($cmd) {
 				shell_exec($cmd);
@@ -29,7 +29,7 @@
 			}
 
 			else {
-				$node_creator=$_POST['node_creator'];
+				$node_creator=intval($_POST['node_creator']);
 				$q="select user_id from users where login like '$node_creator'";
 				$ownerset=$db->query($q);
 				if (!$ownerset->getNumRows()) {
@@ -42,11 +42,11 @@
 				}
 			}
 
-			$node_vector=$_POST['node_vector'];
+			$node_vector=db_escape_string($_POST['node_vector']);
 			$old_vector=$node['node_vector'];
 			if (is_numeric($_POST['template_id'])) $template_id=$_POST['template_id'];
-			$node_parent=$_POST['node_parent'];
-			$node_created=$_POST['node_created'];
+			$node_parent=intval($_POST['node_parent']);
+			$node_created=db_escape_string($_POST['node_created']);
 			$node_id=$node['node_id'];
 
 
@@ -64,10 +64,10 @@
 				$node_vector=$parent_node['node_vector'].";".$parent_node['node_id'];;
 			}
 
-			$node_name=$_POST['node_name'];
+			$node_name=db_escape_string($_POST['node_name']);
 
-			$node_external_access=$_POST['node_external_access'];
-			$node_system_access=$_POST['node_system_access'];
+			$node_external_access=db_escape_string($_POST['node_external_access']);
+			$node_system_access=db_escape_string($_POST['node_system_access']);
 
 			require(INCLUDE_DIR.'htmlparse.inc');
 			global $htmlparse;