From: garvinhicking Date: Mon, 22 Aug 2005 09:07:56 +0000 (+0000) Subject: escaping X-Git-Tag: 0.9~191 X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=b3b11fd669afedaa0aac0029b7373403551eb415;p=s9y.git escaping --- diff --git a/plugins/serendipity_event_statistics/serendipity_event_statistics.php b/plugins/serendipity_event_statistics/serendipity_event_statistics.php index 9d47e74..f4bee29 100644 --- a/plugins/serendipity_event_statistics/serendipity_event_statistics.php +++ b/plugins/serendipity_event_statistics/serendipity_event_statistics.php @@ -157,7 +157,7 @@ class serendipity_event_statistics extends serendipity_event } //Unique visitors are beeing registered and counted here. Calling function below. - $sessionChecker = serendipity_db_query("SELECT count(sessID) FROM {$serendipity['dbPrefix']}visitors WHERE '".session_id()."' = sessID GROUP BY sessID", true); + $sessionChecker = serendipity_db_query("SELECT count(sessID) FROM {$serendipity['dbPrefix']}visitors WHERE '".serendipity_db_escape_string(session_id())."' = sessID GROUP BY sessID", true); if ((is_array($sessionChecker)) && ($sessionChecker[0] == 0)) { // avoiding banned browsers @@ -520,7 +520,7 @@ class serendipity_event_statistics extends serendipity_event $referer = $_SERVER['HTTP_REFERER']; $values = array( - 'sessID' => session_id(), + 'sessID' => strip_tags(session_id()), 'day' => date('Y-m-d'), 'time' => date('H:i'), 'ref' => strip_tags($referer),