From 801e0bcbef6a1efb93e4d68a5f1e212c028a6bdd Mon Sep 17 00:00:00 2001
From: Stefan Brannfjell <braste10@nith.no>
Date: Thu, 6 Feb 2014 22:51:05 +0100
Subject: [PATCH] Fixes escape string by using custom function #18

---
 admin_news.php              | 4 ++--
 engine/database/connect.php | 2 +-
 engine/function/general.php | 4 ++--
 paygol_ipn.php              | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/admin_news.php b/admin_news.php
index 8188d72..bff73b4 100644
--- a/admin_news.php
+++ b/admin_news.php
@@ -59,7 +59,7 @@ if (empty($_POST) === false) {
 	// Insert news
 	if ($action === 'i') {
 		echo '<font color="green"><b>News created successfully!</b></font>';
-		list($charid, $title, $text) = array((int)$_POST['selected_char'], mysql_real_escape_string($_POST['title']), mysql_real_escape_string($_POST['text']));
+		list($charid, $title, $text) = array((int)$_POST['selected_char'], mysql_znote_escape_string($_POST['title']), mysql_znote_escape_string($_POST['text']));
 		$date = time();
 		mysql_insert("INSERT INTO `znote_news` (`title`, `text`, `date`, `pid`) VALUES ('$title', '$text', '$date', '$charid');");
 		// Reload the cache.
@@ -71,7 +71,7 @@ if (empty($_POST) === false) {
 	// Save
 	if ($action === 's') {
 		echo '<font color="green"><b>News successfully updated!</b></font>';
-		list($title, $text) = array(mysql_real_escape_string($_POST['title']), mysql_real_escape_string($_POST['text']));
+		list($title, $text) = array(mysql_znote_escape_string($_POST['title']), mysql_znote_escape_string($_POST['text']));
 		mysql_update("UPDATE `znote_news` SET `title`='$title',`text`='$text' WHERE `id`='$id';") or die("FUCK!");
 		$cache = new Cache('engine/cache/news');
 		$news = fetchAllNews();
diff --git a/engine/database/connect.php b/engine/database/connect.php
index 9385c2b..24f5775 100644
--- a/engine/database/connect.php
+++ b/engine/database/connect.php
@@ -199,7 +199,7 @@ if ($connect->connect_errno) {
     die("Failed to connect to MySQL: (" . $connect->connect_errno . ") " . $connect->connect_error . $install);
 }
 
-function mysql_real_escape_string($escapestr) {
+function mysql_znote_escape_string($escapestr) {
   global $connect;
   return mysqli_real_escape_string($connect, $escapestr);
 }
diff --git a/engine/function/general.php b/engine/function/general.php
index ba916d6..98e7747 100644
--- a/engine/function/general.php
+++ b/engine/function/general.php
@@ -401,11 +401,11 @@ function is_admin($user_data) {
 }
 
 function array_sanitize(&$item) {
-	$item = htmlentities(strip_tags(mysql_real_escape_string($item)));
+	$item = htmlentities(strip_tags(mysql_znote_escape_string($item)));
 }
 
 function sanitize($data) {
-	return htmlentities(strip_tags(mysql_real_escape_string($data)));
+	return htmlentities(strip_tags(mysql_znote_escape_string($data)));
 }
 
 function output_errors($errors) {
diff --git a/paygol_ipn.php b/paygol_ipn.php
index 06c85f2..7c12291 100644
--- a/paygol_ipn.php
+++ b/paygol_ipn.php
@@ -29,7 +29,7 @@
 	
 	// FUNCTIONS
 	function sanitize($data)/* Security reasons */ {
-		return htmlentities(strip_tags(mysql_real_escape_string($data)));
+		return htmlentities(strip_tags(mysql_znote_escape_string($data)));
 	}
 	function user_data($user_id)/* account data */ {
 		$data = array();