Changeset 38

Show
Ignore:
Timestamp:
10/26/06 14:44:15 (14 years ago)
Author:
exi
Message:

Changed alliance pictures to work like the corp-ones (eg: upload ALLIANCE_ID.jpg to img/alliances/)
Fixed Security Issue in Server Synchronization

Location:
dev/common
Files:
3 modified

Legend:

Unmodified
Added
Removed
  • dev/common/admin_sync.php

    r15 r38  
    9797        for ($i = 0; $i<$results; $i++) 
    9898        { 
    99             $update->execute("update kb3_pilots set plt_externalid='".$matches[2][$i]."' where plt_name='".$matches[1][$i]."'"); 
     99            $update->execute("update kb3_pilots set plt_externalid='".$matches[2][$i]."' where plt_name='".addslashes($matches[1][$i])."' limit 1"); 
    100100        } 
    101101        $html .= "Synchronization complete, got $results new ids from server running version ".$version[0].'.'.$version[1].'.'.$version[2].'.<br>'; 
  • dev/common/alliance_detail.php

    r10 r38  
    2828$html .= "<table class=kb-table width=\"100%\" border=\"0\" cellspacing=1><tr class=kb-table-row-even><td rowspan=8 width=128 align=center>"; 
    2929 
    30 $html .= "<img src=\"" . IMG_URL . "/alliances/default.gif\" border=\"0\">"; 
    31 $html .= "</td>"; 
     30if (file_exists("img/alliances/".$alliance->getID().".jpg")) 
     31{ 
     32    $html .= "<img src=\"".IMG_URL."/alliances/".$alliance->getID().".jpg\" border=\"0\"></td>"; 
     33} 
     34else 
     35{ 
     36    $html .= "<img src=\"".IMG_URL."/alliances/default.gif\" border=\"0\"></td>"; 
     37} 
    3238 
    3339$html .= "<td class=kb-table-cell width=180><b>Kills:</b></td><td class=kl-kill>" . $klist->getCount() . "</td></tr>"; 
     
    293299$page->setContent($html); 
    294300$page->generate(); 
    295  
    296301?> 
  • dev/common/sync_server.php

    r31 r38  
    6666        // we dont got that one in our database, update 
    6767        // TODO: we don't care about missing pilots yet 
    68         $update->execute("update kb3_pilots set plt_externalid='".$id."' where plt_name='".$name."'"); 
     68        $update->execute("update kb3_pilots set plt_externalid='".$id."' where plt_name='".addslashes($name)."' limit 1"); 
    6969    } 
    7070    else