From b3b11fd669afedaa0aac0029b7373403551eb415 Mon Sep 17 00:00:00 2001
From: garvinhicking <garvinhicking>
Date: Mon, 22 Aug 2005 09:07:56 +0000
Subject: [PATCH] escaping

---
 .../serendipity_event_statistics.php                          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/serendipity_event_statistics/serendipity_event_statistics.php b/plugins/serendipity_event_statistics/serendipity_event_statistics.php
index 9d47e74..f4bee29 100644
--- a/plugins/serendipity_event_statistics/serendipity_event_statistics.php
+++ b/plugins/serendipity_event_statistics/serendipity_event_statistics.php
@@ -157,7 +157,7 @@ class serendipity_event_statistics extends serendipity_event
                     }
                     
                     //Unique visitors are beeing registered and counted here. Calling function below.
-                    $sessionChecker = serendipity_db_query("SELECT count(sessID) FROM {$serendipity['dbPrefix']}visitors WHERE '".session_id()."' = sessID GROUP BY sessID", true);
+                    $sessionChecker = serendipity_db_query("SELECT count(sessID) FROM {$serendipity['dbPrefix']}visitors WHERE '".serendipity_db_escape_string(session_id())."' = sessID GROUP BY sessID", true);
                     if ((is_array($sessionChecker)) && ($sessionChecker[0] == 0)) {
                         
                         // avoiding banned browsers
@@ -520,7 +520,7 @@ class serendipity_event_statistics extends serendipity_event
 
         $referer = $_SERVER['HTTP_REFERER'];
         $values = array(
-            'sessID' => session_id(),
+            'sessID' => strip_tags(session_id()),
             'day'    => date('Y-m-d'),
             'time'   => date('H:i'),
             'ref'    => strip_tags($referer),
-- 
2.39.5