escaping

diff --git a/plugins/serendipity_event_statistics/serendipity_event_statistics.php b/plugins/serendipity_event_statistics/serendipity_event_statistics.php
index 9d47e7413bcd235d7c1067bc73bf5b3515126eb3..f4bee297020f165112543fcaa867d194e5b140f4 100644 (file)
--- a/plugins/serendipity_event_statistics/serendipity_event_statistics.php
+++ b/plugins/serendipity_event_statistics/serendipity_event_statistics.php
@@ -157,7 +157,7 @@ class serendipity_event_statistics extends serendipity_event
                     }
                     
                     //Unique visitors are beeing registered and counted here. Calling function below.
-                    $sessionChecker = serendipity_db_query("SELECT count(sessID) FROM {$serendipity['dbPrefix']}visitors WHERE '".session_id()."' = sessID GROUP BY sessID", true);
+                    $sessionChecker = serendipity_db_query("SELECT count(sessID) FROM {$serendipity['dbPrefix']}visitors WHERE '".serendipity_db_escape_string(session_id())."' = sessID GROUP BY sessID", true);
                     if ((is_array($sessionChecker)) && ($sessionChecker[0] == 0)) {
                         
                         // avoiding banned browsers
@@ -520,7 +520,7 @@ class serendipity_event_statistics extends serendipity_event
 
         $referer = $_SERVER['HTTP_REFERER'];
         $values = array(
-            'sessID' => session_id(),
+            'sessID' => strip_tags(session_id()),
             'day'    => date('Y-m-d'),
             'time'   => date('H:i'),
             'ref'    => strip_tags($referer),