From f8df6da103a4851d7f691b8aae9a08fc6c0cc711 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mike=20Schw=C3=B6rer?= <mailport@mikescher.de>
Date: Mon, 4 Aug 2014 16:37:13 +0200
Subject: [PATCH] Fixed mysql_real_escape_char errors

---
 www/images/log/ms_de_v4.jpg                      | Bin 0 -> 4049 bytes
 .../controllers/HighscoresController.php         |   6 +++---
 www/protected/yiic.php                           |   3 ++-
 3 files changed, 5 insertions(+), 4 deletions(-)
 create mode 100644 www/images/log/ms_de_v4.jpg

diff --git a/www/images/log/ms_de_v4.jpg b/www/images/log/ms_de_v4.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..d25a1aefd2e048ca3a505f773d42c65c1785b84e
GIT binary patch
literal 4049
zcmbVOdpJ~G+uvg_4&{7Gp_mYnh#Z?FBvDifF(l+nQe>D%l9F@bNrwp)qU8MKFq7jT
zawsMSGYlp<&J1H?%)F!Ty`Jy;-ap>!{l0szd++;N>t1X9e(PRq-JA1+Lk7f7TiI9v
z5C{bD;64Cn0`Ren^z#7#J3BxF0004i7a|YvaV-c}k3n|-ZCgRq0qE~~9&Y1dfcpl-
zxN6VUZSmmhcAwwhP*1<$o7%zNH}@XV*3s4lI7Gk#;DJE4%RdFm2i+EaUS234j2{Nu
zRslg_K>-0F0T@hZr;w2F4z9oiMMQV*5ZSi32ifkv-HTgx2*3okJ^pXP`3#5)0FFQi
z6rv39h(n;_5Kb$g#Kq3XU6t*H`KLg5puBwiTu4H~T!(5gE_^7IhYOaEmzV1u!)*t6
z#rY)m9X98ebnt{Jhe_$iW#kE{oG5RScI;n<>s`HZS5QbsR&JO4epNN~0~$y44UQTb
z8C#sRw6Z>BbNc*+i%yp=JG*#Y^Y-z*?&lwVGve0m$f!H<_Y&?WK6sdv`S?jzcFvzq
zbMp&czj<3&RQ#@@vZ}hK_ODNM%`L5M?f8z)u7Pjg2ZsnhhDRnQDO1xk)St7zXmrNP
zDsv57-`M5_0igdy>u+ZN!b_aXi-#KnUf4D-2+wV<LdALc_8sPzFn54?hDj>x#tBHB
z$jB>i5>(N1T$a9iqhCk{eq>@lZJXL}X8#$nyZ<j{e-ry}UL(K`D1;k4s5pQC7)rt%
zpvgFPpEcP;;ZQ5GGOf+^y}w|tZKG5BVAdl4?5%c47dhAwSwhz4@9WV+Hyt%~Qy45k
zx0s+ja~0;8uicDKT`tQUrvKTs8D=nG0ULcqZjVItt>!el$=VI+2b~xvb~X^;sjlni
zvI25aWRCc(3B3EH@Wd&r_TIw$B%Km<BDJj+ZM=f0QftJ?gl<`xaR8O|K`aNj8v?$w
zi^(N1Bfv&Q%yho?f`;S7z067@WEJB{<m2FFJ(>BGwt&_*T-S^2zLaRaE2y1dj=@Y<
zm2tE+aZDapj03H`IKa!y*eB>_6D8Kl<CTI<tC)u`k%F2AY?oMT25gzi7L1^^*fDah
zfa0{%zs87Dt^pRj<!M){f(2)Zd!lK#Ex6-*paS9@Fq^hyWSeHm(ex;!Z?#U3L@*WJ
z+SOX70Q8{kIKXl$o&%V{w=@qSaRUu{2gAnQY$Q($s|&cQEKBEi{|fR3<G+xr1KIu&
zXi!zO-9|Nj9syx%S;}|sXrA1sVk;Zr_)&X^16*HJY|mRJuq0s=@2aDkr6@tLAhNf%
zBihz0WZKK5LSAj`dD&Z?J5-g8GaTR^u?5HA07tjhL)fZmpk0Fr2S6~;q-+i_>Bj;5
zF0zr`nBoC;NC!I#=hF+SF17axqeAbqH_6nr(jyU)_crZw7yFB0{*?(pjp0{7?c*%+
zg3=FC`(J0lYOJB!3$lwe?CogmJO!)}i4Om+L{R$Qvt0id5Dndd?yCObb+tZ(sjsER
z3F`F1b)}2~rXdaM%GUBtNt8P?q6b;s`q4|aL<P_=Y{48F!woDcbLZlPp(6BOv=L1m
ztzX+z<BKM71-<`%wh|~xGg$WaB9Zl@Ts+~z6U-D^54Svr98qCE=uN{dpH~ANIDkm?
zRzBiqGPubB_;k?;=rhRWXOXwr=ot=x)8YWF{Tx8BHW5u_hiuYGEW10%k&EaYhEZ&R
z?K)1SDnCiH(@ZBnNgXJ|Ajq$7zdTqDdWNapHC+O2n8&ky)ceOQ+)h@A!L8kuwQo3l
z<PQx)niJY^%dVm$lH6m3nC}mpL<{%q#FhtNO*#NiK2@aX?L^*`bh|9C`~E?KT!?Ds
zYH-Ii-YG>xqQor!!<I}ThJ-o`GL}g#=Uqm@OE$Fod2hS3Cw~pY$BMG6Gb4-~B*<OL
zHM$S_#b3O+cEK_0@iLW(1u-;j!j*>d<)C{t#wNeSGlD!Lj$p6Z`DfESUr3Lov}Wp@
z$7l~@FW&lrdA_E!?2Jh@uId=tXnT>r0QDzoE}GJ9l<c2}xhN`dcYQhQ7C~QbVVZV7
zr?5n`{N-fNNxy2_@M<|m@(yUHf-zwnT@+QQ`PgBT^fN6!XZLi*tzhJBmgLH_2^^l3
zJPxO2Co0x150OswFXaw~qz<1Ma$Q&$Igh(FAmR5KSwAqGxWA&h;SkN5l9S51D3znQ
zE3LW4;LfqK(4hq{>i+2sb6=*d?`_nAbKxh&Yu-*Fl`^~sD2&q#w$K`Fk*^EPBya$r
zfCC5x$8iIj0nVc=z4l=DR%RNhp6g&bOx%xxK}|QsE$yK_DvCaNYdE?FM&7&fmi=#-
z);8eWrulXG2!;*09xbLnpZ+DtYzSkPIs1j_s;6A#0LvPDo9O}Y^_65g%L-Rck{%-D
zQ2Ml-Hc7t?-v|0BiuiNr%GpAjxRvQ|xN?t-{dYaed-d_myvXj@03U?jl-s)iLW3Pe
z>qc*ryHex8f|H-VV1ey07QcV#NB;F|Av)%}H9Mcm7=kJx&l*_o0<s3N$0C1?G)Kfw
zyl5e5<&G-9-~1w9Khmk&PW1RX9m%S7*Ksq*8N;^~BVASIqJqA6g9<e2<k_?a$3Rmq
z3o{;*{S}*Dud=O3;lc33ahS2HGnt8F88w#$5Qn7~BPexg?PW@C<|U&ppz54mb$Pa7
zUetSdW3K0;3OZbacH~*E=Behp^*iRLpUUdz<*}S;L&Y@VliwB_#BPqMIOLv>xHZs#
z^Gev8kuD*n%}lov2?gLgsWZ+`LO%90tEC*=qvrUe9FFtFMsrh38;<UsgIOIRaRBQ#
zvG*=f%UF9ni0G@&dN&q=5p+*YLI+~XH<1JEL9e`yGFoFjD&g)s<YR<LgJ`s3N>R(r
zq3qgsaq$*65()x~-H-2`@>O{$AdM@$4!ttuRr!q&n6?Xndm(Of;UMX7a~%EoH3mNX
zN?H7Bw8?JJojJCob;)GH29+HvAQ!mDBmItIR^N4p+6QF?)ya17XRew%RQ&`l_`ubt
z$On2~?OH&7KOB}6-dIJ-WA!*bnbwyoyIn!r@G6b4jX7XS@s%EHuH2a;q{x$SnqB}4
zg^PtZN%zc#qT9}2MbFl80OO&Lgwnu}i%VKP3s}NViEdAL);{}r#YC7KRc@`+Om!96
zc1uZz1GwY9R<zOSoy5X*4uI4vgzg$YfUS?1-O{>qb8btf#kXi2b+j+X&RNkrRd*uf
z*q0}Vbr1&lUU*pCSCPolCGaH6P752`|E{&WG*rLpVCfA6m9!_+I*@i3raidg8sj@b
zy4Qoh@7hZ8&fQfY2oJ;NwhM}l7W<rUu2+@RKKUB33JCao!&<tvza=lg<;o2n7u#Wr
z`|2m+*yUgCFHeP@n0jf2&Q>Ykg0CqQMjl(7QD4+vweuODzzta_Og02`bih114Cnqh
zewE*_^%2=dHh3($6>`ale?nw_Bl9VRDBb5^PmU3^l)5DT>-T;@(YPm6aO?33iKsMz
zV=2p55e%3|A#lH-VW*SV(v2yhD(}csih4*3LKiogUPg-qV70d5u_}J!yDJ9ucV3;d
zP4KMwMv2l^b%+p8*C^~J)r+PZe+VcLHnOVnhWX@H&M)CQsBI_o3e<bt^xrK_p<=lM
z1*7BO8t93=H03P0b?><F^}WUK(d01_->~hB#bla{wHiWq?BwffVo`!WPq6|R$QE>^
zY%+gpXDLb-Y#@w>>vsC)k7`6kUO6BtPBmFylOBlu$^j~otqXe0yk+U3XJn;^*#<*w
z_{S$_!wbf&`d-zYaDKk`BE$$z-XZz9>|@jipDb+kp}83phUs)=1bqof=-8wq!K0d=
zE4G#-BDwb$&sA==*057!@9YNAZ~ceXtlep*7~hO*Bf<H*Kbqr5%Le>4J98vw-a8X=
z#_t@S=&la3LWH%<B1J!}q!^4384|wKCR^bQfAVYKS^L&Vj2^^Nxm$wt1f!C`JVoIE
z6QbN-s+ZgZ8<T|iANIU@;n$X7l|J?Sq|ft0>iK^NQDQYCd)eZm`v@(B5k}n>(W#~E
z7%SGNUIR~)WyPp%V!nT~Z|!uu%#e#UZdj;78PbgDvCG1vsZ^{Um^9i5CMsgQs7eCA
za_nB@o1C9HdQqvZc5`^8851}N#?eG5O(WH%Vjt3!yPpjQFTrckjj0B$6zB(gW2K@m
zO7c^(5}KA1-&5=t@Rw2R9_e4LGn(XP=cDBGqvw;?16R>;uVQuD)lw1QCHBFssdkBR
z$DlL5R5kRN;hyBxUBJ}N5Ru4nB{5swqX`ji`guZUiN}tw&%d#Srh*?%P$=JXBO1`x
z6U`Y<lj`uroz<awO>|xR(>#B5bedA6-qX5%S$ZcCTkMVmU{A__Pl>B4SCLsqXp0^{
ztCD;Td+EoK#XD-m1>8?b4v^u>Qs0cJ-Qq#hHPH!CJ$O8&a8zSVEz$GBqizga^|7oy
z>(KB<5LHd_&!T6{hqf_2p(qm}Vt4r&`+{SkH>~=C+Gm=}KlhH!*=Ae%jjrHoiReBx
z4xn5MIxsgwHh4L}loL0*G4!|cFOr>Q+2S?lex!2%|1<Sgx~I5zDz!iq6m<`k=w)Ws
zeqU0N!7Zna5<7I?YFXXR06Uu>1xKxzCU}jcIt$xV8~QD!pB6b-N&!xY2RO<sVwC+h
zNgYb%03(&Hb=h$xu3L%cuoYv0c?}OoOsTzJZ)Fgmbj2*ZAJ&Y3Z2Pi1z@^eE$f0ZZ
zCxdMIv{Cz=DUp~2DW}FA<5TWtwDC_O)uF|uzq-onf_N5>%dVx17_A|mu9j|{#c!;p
z-K(mJcNxs{+vjv6C-Z<;ZE@2~(gA$lp`vVrILdr~V}U_^sh$}{Q!-kuo2TuM*pTq`
z+}a7W(i}lPhGFyGe?UyDLn~_E+}_^U6^FA0>f<!o<cR2yUDreL@BAHFl;46w)6F%(
t3iei^kw6UJO*)u%ZdhWgj^USUo@P}32fqn3KgrQF3U#4Tb|#H8{15fFyn_G$

literal 0
HcmV?d00001

diff --git a/www/protected/controllers/HighscoresController.php b/www/protected/controllers/HighscoresController.php
index 186d5f4..681e759 100644
--- a/www/protected/controllers/HighscoresController.php
+++ b/www/protected/controllers/HighscoresController.php
@@ -75,7 +75,7 @@ class HighscoresController extends MSController //TODO-MS Test online if it all
 		}
 		else
 		{
-			$this->actionListEntries(intval(mysql_real_escape_string($_GET["gameid"])));
+			$this->actionListEntries(intval(htmlspecialchars($_GET["gameid"])));
 			return;
 		}
 	}
@@ -91,7 +91,7 @@ class HighscoresController extends MSController //TODO-MS Test online if it all
 		}
 		else
 		{
-			$start = intval(mysql_real_escape_string($_GET["start"])) - 1;
+			$start = intval(htmlspecialchars($_GET["start"])) - 1;
 			if ($start < 0)
 			{
 				$start = 0;
@@ -100,7 +100,7 @@ class HighscoresController extends MSController //TODO-MS Test online if it all
 
 		if (isset($_GET["highlight"]))
 		{
-			$highlight= intval(mysql_real_escape_string($_GET["highlight"]));
+			$highlight= intval(htmlspecialchars($_GET["highlight"]));
 		}
 		else
 			$highlight = 0;
diff --git a/www/protected/yiic.php b/www/protected/yiic.php
index 8dfd10a..e9be4c7 100644
--- a/www/protected/yiic.php
+++ b/www/protected/yiic.php
@@ -9,4 +9,5 @@ require_once($yiic);
 // TODO-MS SharkSim  (OLD DATE !)  -> MS.de
 // TODO-MS BefunGen                -> MS.de
 // TODO-MS jClipCorn               -> MS.de
-// TODO-MS jQCCounter (OLD DATE !) -> MS.de
\ No newline at end of file
+// TODO-MS jQCCounter (OLD DATE !) -> MS.de
+// TODO-MS ExtendedGitGraph		   -> MS.de
\ No newline at end of file