From f516626a293edd613cb823db88e36dcf7e1fb8f4 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Wed, 7 Mar 2001 21:29:40 +0000
Subject: A rather large and important update:

revised most of the SQL queries and tried to make drupal as secure as possible (while trying to avoid redundant/duplicate checks).  For drupal's sake, try to screw something up.  See the mail about PHPNuke being hacked appr. 6 days ago.  The one who finds a problem is rewarded a beer (and I'm willing to ship it to Norway if required).  I beg you to be evil.  Try dumping a table a la "http://localhost/index.php?date=77778;DROP TABLE users" or something. ;)
---
 modules/ban.module | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'modules/ban.module')

diff --git a/modules/ban.module b/modules/ban.module
index a6586ab4d..9e734b722 100644
--- a/modules/ban.module
+++ b/modules/ban.module
@@ -118,11 +118,11 @@ function ban_admin() {
 
   switch ($op) {
     case "Add ban":
-      ban_admin_new($mask, $category, $reason);
-      ban_display($category);
+      ban_admin_new(check_input($mask), check_input($category), check_input($reason));
+      ban_display(check_input($category));
       break;
     case "Check ban":
-      ban_check($mask, $category);
+      ban_check(check_input($mask), check_input($category));
       break;
     case "add":
       ban_admin_add();
@@ -134,9 +134,9 @@ function ban_admin() {
       ban_admin_check();
       break;
     case "delete":
-      ban_delete($id);
+      ban_delete(check_input($id));
     default:
-      ban_display($category);
+      ban_display(check_input($category));
   }
 }
 
-- 
cgit v1.2.3