X-Git-Url: https://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Fdisplay.inc;h=934e1915f6ee8f399cdd4b659bc49f2a0fe385d7;hb=fee499b9645a7e92231f225a61f10341b1e7384c;hp=8b4a883957cc667348a93ff4aa3080279cd864d5;hpb=d068d94b5e62de2f80164fd8062adce6e0ad93ae;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/display.inc b/wwwroot/inc/eventz/display.inc
index 8b4a883..934e191 100644
--- a/wwwroot/inc/eventz/display.inc
+++ b/wwwroot/inc/eventz/display.inc
@@ -3,6 +3,7 @@ function display() {
 	global $node,$db,$error,$referer_id,$smarty,$permissions,$template_id;
 	global $timer_start;
 	if (!$referer_id) $referer_id=1;
+	$content='';
 
 	$node_id=$node['node_id'];
 	$user_id=$_SESSION['user_id'];
@@ -226,13 +227,13 @@ if (!empty($_POST['template_event'])) {
 	$descendant_count=$node['node_descendant_count'];
 
         if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) { 
-		$listing_amount=mysql_real_escape_string($_POST['listing_amount']);
+		$listing_amount=db_escape_string($_POST['listing_amount']);
 	}elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
         else $listing_amount=DEFAULT_LISTING_AMOUNT;
 	$smarty->assign('listing_amount',$listing_amount);
 
 	if (isset($_POST['listing_order']) && $_POST['listing_order']) {
-		$listing_order=mysql_real_escape_string($_POST['listing_order']);
+		$listing_order=db_escape_string($_POST['listing_order']);
 	} elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
 	else $listing_order=DEFAULT_LISTING_ORDER;
 	$smarty->assign('listing_order',$listing_order);
@@ -265,7 +266,6 @@ if (!empty($_POST['template_event'])) {
 	$_POST['offset']=$offset; // XXX sqli?
 	$smarty->assign('offset',$offset);
 
-
 if ($node['external_link']=='header://svg' && !is_numeric($template_id)) {
 	header("Content-Type: image/svg+xml");
 }